|
|
|
|
|
|
by eof
4835 days ago
|
|
|
The great thing about this industry is that you can build things on your own. It's tough if you are already having to put in 40+ hours a week just to get by; but if you have real skills you should be able to turn them into something profitable. Perhaps doing penn-testing if you're still into it, or building an income generating product. It's probably also possible to get hired by a startup or through a personal connection.. but my general recommendation would be to create value directly.. since customers aren't going to even know who you are in most cases if you are selling them SaaS |
|
|
Penn-testing today is growing into something it wasn't when I was having fun. The community consists of mixed talent and a trend is growing as more ease-of-use [e.g: nessus, metasploit] tools become available to infosec "pros". That emergent trend (SaaS?) disgusts and repels me because it eliminates one of the more captivating and rewarding elements of vulnerability hunting (the delicious, delicious, research experience). Reverse engineers, devs who are able create on-the-fly solutions, and vx community notwithstanding.
Also, as said in a previous post: my experiences with independent private disclosure is most often a futile waste of time - 'thanks' || ignored || threatened with LE.
WRT building an income generating product: I don't have many unique ideas or any marketing experience. I'm currently working with a friend exploring android os internals and platform development. We're going to throw our project into that market and see how it pans out.
I generally only create things I need to try out an idea or get something done. This project strays away from that principle so it will be interesting to see whether or not the venture is fruitful.