The security service provider world changed dramatically since 2002. The industry did not hold professional service offerings in the same value as they did in the good old days of the late 1990s. Penetration testing services were severely challenged by boutique security firms that crawled out of the woodwork offering radically cheaper and fully automated services (see Chapter 5). Many firms stepped back from professional services (consulting/manual penetration testing) altogether. As I have stated previously, the penetration testing space became a compliance-only show in that the only penetration testing engagements sold were for organizations that needed to show auditors that an independent third party had assessed their perimeter security.