I'm just an infrastructure and ops guy, but I find the stories of pen testers on
DarkNet Diaries fascinating. Unfortunately there's not that much work in/demand for pentesters:
https://www.cyberseek.org/heatmap.html but adding Security+ to my resume in the coming days might impress some Feds and some banks?
I do the CTFs and play curious about picking locks and the other nonsense to get along with folks in the club, but my main interest, personally in security is avoiding liability and having lots of availability for the websites I occasionally create for beer money. Since my main interest is staying legal and out of jail, I don't really have the skills and background to do that much pentesting myself, but I do know folks who are available to do some if the cause is right, if its interesting, and/or we could write about it, talk about it for a paper, a poster, a presentation or a podcast.
I am not sure if the pentester in the other thread listed any certs, credentials, or experience, but was vouched for by a payment processor.
So far, I've been able to avoid having to deal with payments myself! My worst cybersecurity incident that I can quickly recall was one of my sites being used in reflection/amplification for a DDoS against a Central Asian news source that apparently had content that was not desirable to some warring party in Nagorno-Karabakh. My solution was easy, hardening Wordpress, updating a firewall rule, and I sort of became obsessed with blocking networks that were never going to make a purchase through one of my affiliate links
I also had pretty restrictive limits on what sorts of ads and links I would host, to protect my various websites' visitors. Now that I've taken some of the foundational cybersecurity courses, I am curious about how much that basic care to avoid incidents is worth, how much cyber insurance costs, which insurers would touch adult, and what sorts of stories and advice might actually be useful/practical for the masses, the porn consumers and the independent content creator.
I'm boring, because I'm pretty risk averse, but I bet some of you have stories and I'd like to find ways to learn from them. I have friends and colleagues who would be interested in much more technical details and malware that you've encountered, and right now I'm just thinking about the best ways to collect stories, data, testimonials at AVN.
For the really brave, I'd love on camera interviews and stories, but I can try to find a way to anonymize a more general survey just to understand, again, if there is a market for InfoSec services that focus on adult (my guess, no), and maybe what the need is whether or not creators and consumers can and will pay for privacy and security.