Comment by normie3000
8 months ago
> Top infosec talent doesn't want to do it (and there's not enough of it).
What is the top talent spending its time on?
8 months ago
> Top infosec talent doesn't want to do it (and there's not enough of it).
What is the top talent spending its time on?
Vulnerability researchers? For public projects, there's a strong preference for prestige stuff: ecosystem-wide vulnerabilities, new attack techniques, attacking cool new tech (e.g., self-driving cars).
To pay bills: often working for tier A tech companies on intellectually-stimulating projects, such as novel mitigations, proprietary automation, etc. Or doing lucrative consulting / freelance work. Generally not triaging Nessus results 9-to-5.
Working from 9 to 5 for a guaranteed salary that is not dependent on how many bugs you find before anybody else, and not having to argue your case or negotiate the bounty.
From my experience they work on random person projects 90% of their time
Specialized bug-hunting.
The best paying bug bounties.
"A bolt cutter pays for itself starting from the second bike"