Dailydave mailing list archives
Re: [Fwd: Re: 0x43434343 - talking of money...]
From: <arlen () hushmail com>
Date: Tue, 25 Nov 2003 03:25:59 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I feel compelled to delurk for this thread - sorry for the lengthy anecdote but I do get to the point eventually ;) Unlike most of you shellcode gurus here, I fell into making a living from computers in the mid 90s, in the least credible way possible - I talked my way into a job converting Lotus 123 macros into VisualBasic for EnormoCorp, Inc. Some kind soul lent me 'Learning Perl', & before long I was trying to run web servers on my Windows 3.1 desktop. Fast forward a couple of years and I was astonished to find myself earning GBP30K, supposedly to do more MS Office automation crap but, in fact, I was secretly switching IIS v4 for Apache and wondering about this mod_perl thing. About this time (1998) I also started reading everything about security I could get my hands on, downloading trials of the It's-Still-Shit scanner, tinkering with Linux and so on. As I moved jobs (too often, what with getting sacked for having a 'bad attitude', dotcoms going bust & so on) I kept edging a little bit closer to full-time infosec work. Fast forward to today. I'm sleeping on an inflatable mattress in a room with no furniture, driving a 14 year old car, and earning less than I did in 1998. (To be fair my standard of living could be better if I weren't spending 30% of my income in repaying debt, but that's another story.) I'm now employed as a penetration tester in a security company that's small enough that I get to do lab testing on Checkpoint and Netscreen firewalls, admin some of the production servers, do 3rd line support for our (*nix clue-free) tech support people, and generally enjoy learning stuff. As a pen-tester, I'm very much at the script-kiddie level - I can find running services, research the vulnerabilities others have found in them and am (very slowly) accumulating a little stash of malware, PoC code etc with which I will one day actually 0wn a customer machine :) On one hand I'm doing very badly. However my quality of life is actually very good. I'm lucky enough to know that I'm fortunate to be paid to do this stuff (and to read the lists and Slashdot...) Eventually, perhaps, I'll accumulate enough clue and experience that I can increase my earnings enough to, say, buy a stereo and a replacement for my 6 year old PII PC. Oh, and I'm in my mid 30s. Now there are 23 year-old sales droids working nearby me who take home my annual salary every month (if it's a good month for them =) Naturally they're driving high end luxury cars, own their own homes, you know the score, "fine wines, Belgian chocolates" :) Of course they know jack shit about infosec, apart from the firewall-products - -by-rote stuff they need to know to be able to rake in fat commissions selling over-priced commerical products to equally clueless middle-management at companies very much like the EnormoCorp I started at back in '95. There was a time when this really bugged me. It seems manifestly unfair that the economy and society should be set up to reward these high school dropout types so much better than me, with my 1337 Linux setup, my packet sniffers and my oh-so-deep understanding of IP networking. In fact the unfairness of it all made me pretty unhappy. Eventually I realised (yes! The point! Finally!) that the pleasure I get from, say, looking at how the Checkpoint packet- mangling functionality changes the output of Nmap / Nessus, was worth much more to me than driving a huge SUV, holding down a mortgage and trying to keep up with the Joneses. \arlen Footnote: ...and anyway, if I /really/ wanted to get rich quick I'd do what most startup infosec product vendors seem to do - hacking up some shell scripts & a web front end for some Free software, compiling a custom Linux distro, throwing it onto a 1U intel rackmount, spraying it a funny colour, adding a cool curvy plastic front & selling it for $30,000. -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj/DPFoACgkQtd50JL6MBE8KjgCghhCdFr97XAsjYzFcyRzXAdK/f9YA n1cMkiTjw9fvLoqeAhwozp2162vi =cGHw -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- [Fwd: Re: 0x43434343 - talking of money...] Daniele Muscetta (Nov 24)
- Re: Re: 0x43434343 - talking of money...] Nexus (Nov 24)
- Re: [Fwd: Re: 0x43434343 - talking of money...] David Maynor (Nov 24)
- <Possible follow-ups>
- Re: [Fwd: Re: 0x43434343 - talking of money...] arlen (Nov 25)