Or maybe snake oil is the wrong term. I don’t know if there’s a term for someone who warns others and they never listen, because it seems no matter how much you break into buildings and expose the flaws, hack a bank’s transaction, or infiltrate a database, the company will thank you, pay you a few hundred thousand dollars, then do nothing to change.
Essentially it just seems like I’m helping big companies bypass regulations by rubber stamping their pinky promises to change. I guess internal security auditing might be a little better, but I don’t know
Oops, I was high and thought you were talking just about physical penetration testing
Software side is even worse, most of them just run a generic test sweep and catch a 15 year old vulnerability because you didn't think about security before the cool hacker guy showed you his terminal
Still a cool grift though