It's so much worse on the professional side of things. The number of glamorous security jobs is extremely tiny compared to all of the "SOC2 Compliance" checklist jobs out there. They've created the same kind of status economy that plagues academia to the point where you're on the "publish or die"/"be somebody on twitter or die" treadmill.

As a result, I've seen so much recycled research trying to be passed around as new work by people trying to make a name for themselves it's unbearable.

This especially happens in the crypto space, where you can take any basic concept like "Basic XSS Vulnerabilities", but applied to popular crypto exchanges and conferences will book your talk.

The number of people out there doing genuine cool shit (the kinda stuff you see in PoC||GTFO) are few and far between these days.

Yep, as someone that first attended Defcon 6 (at the Plaza), things have gone from keeping it quiet and underground to blast it on twitter for cred. Crazy thing is there are a lot of these Twit-iots that barely work in the industry and as you said, repeat others work.

I know a large number of them personally, some of them are nice people, but most of them are pretty insecure and constantly looking for acknowledgement. To a degree I guess we all are.

The number of people that want to skip working in IT / understanding other parts of business and go directly to their Offensive Security Cert and be called a hacker is numbing. Theres a reason most of the training programs within the leading firms / govt agencies, require following the apprentice / journeyman process much like other trades. It takes time and a deep understanding.

But nah.. i'll skip all that because check out mah tweeets.