Dissipation of Hackers in the Enterprise

Presented at ShmooCon X (2014), Jan. 17, 2014, 6 p.m. (30 minutes)

From the early days of the InfoSec industry to today there has been a constant seeping of deep-knowledge technologists into a slew of disciplines that are not primarily focused on the protection of enterprise assets.

This dialog will explore and question the contributors to the diminishing attractiveness of the enterprise as a logical career path for hackers. We will go over data that shows that shift from enterprises being a primary employer for hackers to being, at best, an early-career training ground. With things like specialized training, bug bounties, independent research, and certifications; it's feasible to develop a long InfoSec career that is funded by enterprise by-product without ever having ever held a security role in an enterprise.

We will go over some data that questions the benefits and validity of this model. There will be lots of audience interaction and the end result should be informative to all.


  • Weasel
    Weasel is a long-time hacker who has spent the past 15 years of his professional career focusing on security-centric topics; bouncing between large enterprises and small startups. Weasel has worn many hats in the industry including pen tester, reverse engineer, vulnerability researcher, as well various levels of InfoSec management. Weasel is a long-standing member of the Nomad Mobile Research Centre hacking group.