I disagree. InfoSec has these companies who hire #3, thinking they can underpay, and it's given the whole industry a bad name because of the shoddy work and dubious claims they make. They go in and play pass the hash, charge a lot, and the company is really no better off.
No offense, but do you think the fact that you have made multiple attempts and not yet created a company that has become a prominent name in the industry means that your approach may not be working?
I entirely agree on the large number of companies who do crappy work in the infosec industry... there's a lot of them, especially in the penetration testing realm.
We're not one of them. Nor were any of my previous teams whether they were at my companies or at companies I worked for (whose names you definitely know).
"Prominent name" is a marketing thing as much as anything... I'd be willing to put the accomplishments of our teams up against most. Hitting $10M in revenue in under 3 years building a security firm with no investment and no debt isn't something I'm going to feel too bad about, even if we don't spend a lot of time making a big deal about that.
You're making the classic mistake of thinking that a company that makes a lot of noise is the same as a company that does great work.... those venn diagrams sometimes overlap. And sometimes they don't.
No offense, but do you think the fact that you have made multiple attempts and not yet created a company that has become a prominent name in the industry means that your approach may not be working?