Wish to start a CEH company

Ok so I am looking to start a security penetration company. Now I am not the CEH for this company so I am a little in the dark. I am finding it hard to find info on what legal steps I need to take for getting this company started. Now in time I can find the info I need for this but I was hoping that I could get some help from here, to speed the process along.

Also any thoughts on this idea would be welcome.

P.S. Sorry if this is in the wrong place this seemed the best place for it.

I wouldn't imagine the process for registering the company be any different than registering any other company. It would vary from state to state but basically fill out paperwork, pay fees, wait for docs to get processed.

AFAIK IT security companies do not get any special privileges or exemptions from the law anyway so no particular or extra registrations would be required. This is assuming you are talking about the United States of course. Any other country may / will vary. The US does have control legislation / regulation for the export of sensitive materials which include encryption software / hardware but if you are a consultant within the USA for US companies, I don't see what else they would require of you.

Thank you for the reply, I was starting to think no one would. But that info helps I already have the company made, just was checking to get an idea for legal stuff.

Honestly, I would find a damn fine lawyer to draw up some employment contracts as well as contracts for your clients to help get rid of any liability. They may also be able to provide you with the relevant code sections and caselaw for your jurisdictions.

This is one of those fields where you may find a lot of laws banning innocuous tasks that are rarely enforced. That to me is the scary part as all it takes is some random DA with a pole up his .... that decides he wants to enforce it that day.

That is what I will do just the safer option all around.

1 Like

If you don't have a clear understanding of the law you will need to get someone who does and who is able to write up clear scoping contracts for working with clients so that you are always on the right aide of the law.

In the UK pen testing work is regarded as legal if you have permission from the owner of the systems you are testing you'll see that in the working of the law 'unauthorised access' . that's why clear scoping and permission is a must.

As for laws in regards to this type of work there are none specifically in the EU although you would find that if you don't have the right accreditation you will not get work from certain types of companies, especially government organisations.

It will also be helpful if you've already worked in this area in the past and are known as it would make it easier to get off the ground.

@DeusQain might have some input..