The qualities that make a great developer and a great professional security researcher are about the same.
Both involve taking hardware, a programming language, an API, an application or something else that someone in the computing industry had one purpose for, and bending it in a way to produce a rather unexpected, very unique result.
A great developer builds Web 2.0 with something as novel and limited as JavaScript and HTML.
A great security researcher made your toaster catch fire from a different continent (didn't they always say our toasters would be internet connected?).
I, personally, think the latter is more fun provided it doesn't cause any actual damage (and I think that was demonstrated ... a whitehat makes his own toaster catch fire and sometimes tells everyone who has that model of toaster how to fix it).
Security guys know how things are made thus how to break them. Thinking as a security guy can help developers to make things that are difficult to break.
Both involve taking hardware, a programming language, an API, an application or something else that someone in the computing industry had one purpose for, and bending it in a way to produce a rather unexpected, very unique result.
A great developer builds Web 2.0 with something as novel and limited as JavaScript and HTML.
A great security researcher made your toaster catch fire from a different continent (didn't they always say our toasters would be internet connected?).
I, personally, think the latter is more fun provided it doesn't cause any actual damage (and I think that was demonstrated ... a whitehat makes his own toaster catch fire and sometimes tells everyone who has that model of toaster how to fix it).
Nicely done.