Re: [Fwd: Re: 0x43434343 - talking of money...]

[<arlen () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi all,

I feel compelled to delurk for this thread - sorry for the lengthy
anecdote but I do get to the point eventually ;)

Unlike most of you shellcode gurus here, I fell into making a living
from computers in the mid 90s, in the least credible way possible - I
talked my way into a job converting Lotus 123 macros into VisualBasic
for EnormoCorp, Inc. Some kind soul lent me 'Learning Perl', & before
long I was trying to run web servers on my Windows 3.1 desktop. Fast
forward a couple of years and I was astonished to find myself earning
GBP30K, supposedly to do more MS Office automation crap but, in fact,

I was secretly switching IIS v4 for Apache and wondering about this
mod_perl thing. About this time (1998) I also started reading
everything about security I could get my hands on, downloading trials
of the It's-Still-Shit scanner, tinkering with Linux and so on. As I
moved jobs (too often, what with getting sacked for having a 'bad
attitude', dotcoms going bust & so on) I kept edging a little bit
closer to full-time infosec work.

Fast forward to today. I'm sleeping on an inflatable mattress in a
room with no furniture, driving a 14 year old car, and earning less
than I did in 1998. (To be fair my standard of living could be better
if I weren't spending 30% of my income in repaying debt, but that's
another story.)

I'm now employed as a penetration tester in a security company that's
small enough that I get to do lab testing on Checkpoint and Netscreen
firewalls, admin some of the production servers, do 3rd line support
for our (*nix clue-free) tech support people, and generally enjoy
learning stuff. As a pen-tester, I'm very much at the script-kiddie
level - I can find running services, research the vulnerabilities
others have found in them and am (very slowly) accumulating a little
stash of malware, PoC code etc with which I will one day actually 0wn
a customer machine :)

On one hand I'm doing very badly. However my quality of life is
actually very good. I'm lucky enough to know that I'm fortunate to be
paid to do this stuff (and to read the lists and Slashdot...) Eventually,
 perhaps, I'll accumulate enough clue and experience that I can increase
my earnings enough to, say, buy a stereo and a replacement for my 6 year
old PII PC.

Oh, and I'm in my mid 30s.

Now there are 23 year-old sales droids working nearby me who take home
my annual salary every month (if it's a good month for them =)
Naturally they're driving high end luxury cars, own their own homes,
you know the score, "fine wines, Belgian chocolates" :) Of course they
know jack shit about infosec, apart from the firewall-products
- -by-rote stuff they need to know to be able to rake in fat commissions
selling over-priced commerical products to equally clueless
middle-management at companies very much like the EnormoCorp I started
at back in '95. There was a time when this really bugged me. It seems
manifestly unfair that the economy and society should be set up to
reward these high school dropout types so much better than me, with my
1337 Linux setup, my packet sniffers and my oh-so-deep understanding
of IP networking. In fact the unfairness of it all made me pretty
unhappy. Eventually I realised (yes! The point! Finally!) that the
pleasure I get from, say, looking at how the Checkpoint packet-
mangling functionality changes the output of Nmap / Nessus, was worth
much more to me than driving a huge SUV, holding down a mortgage and
trying to keep up with the Joneses.


\arlen

Footnote: ...and anyway, if I /really/ wanted to get rich quick I'd do
what most startup infosec product vendors seem to do - hacking up some
shell scripts & a web front end for some Free software, compiling a custom
Linux distro, throwing it onto a 1U intel rackmount, spraying it a funny
colour, adding a cool curvy plastic front & selling it for
$30,000.
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj/DPFoACgkQtd50JL6MBE8KjgCghhCdFr97XAsjYzFcyRzXAdK/f9YA
n1cMkiTjw9fvLoqeAhwozp2162vi
=cGHw
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave