Right, I think the industry is too self-critical at times.
I onboarded a new client recently, and within five minutes of guessing a Wi-Fi password I had sensitive financial data using stock tools. Anyone with physical access to the office could do the same. Contrast an existing client, after a month of trying and writing custom shellcode loaders, spear phishing campaigns, my entire team had... some graduate CVs.
Really, you're saying that because the NSA could probably do a better job with the latter than us by intercepting and hardware-hacking networking gear, that no value has been provided?
I onboarded a new client recently, and within five minutes of guessing a Wi-Fi password I had sensitive financial data using stock tools. Anyone with physical access to the office could do the same. Contrast an existing client, after a month of trying and writing custom shellcode loaders, spear phishing campaigns, my entire team had... some graduate CVs.
Really, you're saying that because the NSA could probably do a better job with the latter than us by intercepting and hardware-hacking networking gear, that no value has been provided?