One of the paramount contributors to our success in our Connected Car Division at my firm, Brier & Thorn, has been our willingness to travel anywhere in the world to the client's location to perform the testing.
I have seen many firms, both small and large, unwilling to perform testing on-site at the client's facility that resulted in a contract award to us as an alternative to a much more established, recognized firm -- simply because they were unwilling to put assets on-site at the client's facility. This is most likely attributed to the fact that most firms utilize contractors who are typically unwilling to be on-site at a client for long periods of time. Penetration tests in connected car are certainly much longer (3-6 months) than your traditional network penetration test.
This is a very big challenge for an industry just now working quickly to adjust to modern-day consumer requirements for more connectivity and technology inside their vehicles, let alone adapting to a changing workforce of Millennials wanting to work remotely rather than come into an office from 9-5.
Therefore, your willingness to travel on-site (most likely to Europe and Asia) for the major OEMs and automakers is going to determine your success in this field. Rarely will an OEM drop ship an entire microbench to your house because you want to work from home. Remote access into their network, which is usually very closed off, is few and far between and have rarely seen it approved (trust me, we've tried).