zlacker

[parent] [thread] 6 comments
1. normie+(OP)[view] [source] 2025-06-24 22:01:12
> Top infosec talent doesn't want to do it (and there's not enough of it).

What is the top talent spending its time on?

replies(6): >>hinter+z4 >>tptace+E4 >>UltraS+Lr >>atemer+jz >>mr_mit+X41 >>kalium+Md1
2. hinter+z4[view] [source] 2025-06-24 22:40:27
>>normie+(OP)
Vulnerability researchers? For public projects, there's a strong preference for prestige stuff: ecosystem-wide vulnerabilities, new attack techniques, attacking cool new tech (e.g., self-driving cars).

To pay bills: often working for tier A tech companies on intellectually-stimulating projects, such as novel mitigations, proprietary automation, etc. Or doing lucrative consulting / freelance work. Generally not triaging Nessus results 9-to-5.

3. tptace+E4[view] [source] 2025-06-24 22:40:56
>>normie+(OP)
Specialized bug-hunting.
4. UltraS+Lr[view] [source] 2025-06-25 02:49:32
>>normie+(OP)
The best paying bug bounties.
5. atemer+jz[view] [source] 2025-06-25 04:51:05
>>normie+(OP)
"A bolt cutter pays for itself starting from the second bike"
6. mr_mit+X41[view] [source] 2025-06-25 10:32:37
>>normie+(OP)
Working from 9 to 5 for a guaranteed salary that is not dependent on how many bugs you find before anybody else, and not having to argue your case or negotiate the bounty.
7. kalium+Md1[view] [source] 2025-06-25 11:53:58
>>normie+(OP)
From my experience they work on random person projects 90% of their time
[go to top]