One person's boring is another's career culmination. Breaking system security often consists of dead end after dead end, and even if you get a lucky break, you may hit another dead end after that. Finding an exploit often isn't enough these days, they need to be chained together to actually get somewhere interesting. Personally, it's very unrewarding (aka boring, imho) work most of the time because you don't find anything a lot of the time. (The high off of finding something is something else tho, lemme tell you.) If you're interested in the sort of work involved, http://microcorruption.com is a good CTF to start out on.