Or maybe snake oil is the wrong term. I don’t know if there’s a term for someone who warns others and they never listen, because it seems no matter how much you break into buildings and expose the flaws, hack a bank’s transaction, or infiltrate a database, the company will thank you, pay you a few hundred thousand dollars, then do nothing to change.

Essentially it just seems like I’m helping big companies bypass regulations by rubber stamping their pinky promises to change. I guess internal security auditing might be a little better, but I don’t know

  • mayo_cider [he/him]
    ·
    edit-2
    a year ago

    There's plenty of snake oil, it's not really that hard to break into an average office, especially compared to corporate espionage in the form of breaking and entering

    On the other hand, it's a grift I can respect

    • mayo_cider [he/him]
      ·
      a year ago

      Oops, I was high and thought you were talking just about physical penetration testing

      Software side is even worse, most of them just run a generic test sweep and catch a 15 year old vulnerability because you didn't think about security before the cool hacker guy showed you his terminal

      Still a cool grift though