Or maybe snake oil is the wrong term. I don’t know if there’s a term for someone who warns others and they never listen, because it seems no matter how much you break into buildings and expose the flaws, hack a bank’s transaction, or infiltrate a database, the company will thank you, pay you a few hundred thousand dollars, then do nothing to change.
Essentially it just seems like I’m helping big companies bypass regulations by rubber stamping their pinky promises to change. I guess internal security auditing might be a little better, but I don’t know
There's plenty of snake oil, it's not really that hard to break into an average office, especially compared to corporate espionage in the form of breaking and entering
On the other hand, it's a grift I can respect
Oops, I was high and thought you were talking just about physical penetration testing
Software side is even worse, most of them just run a generic test sweep and catch a 15 year old vulnerability because you didn't think about security before the cool hacker guy showed you his terminal
Still a cool grift though