I would agree its a mindset.......most security researchers in my domain are very curious people. They are always wanting to know what makes things 'Tick'. How and Why does infrastructure work in the way it does? Can I alter a course of design to fashion its operation to my advantage? Can I protect it from other outside influences. Where are the weak points and how can I find them? etc
What has changed since yesterday, and how can I keep abreast of ever increasing developments & shifts in the pattern of sand?
One thing that amazes me today within the security industry is with the huge rise of Mobile Devices, their implementations and therefore impact on existing infrastructure........ This is a hot topic today because of the simple fact that virtually NO consideration is given towards the security of these devices. We protect our PC's, laptops and the networks they connect to with multiple layers of security yet, most users don't even run a simple antivirus on their smartphones or tablets.
Many hackers now are switching to expose vulnerabilities in Android/iOS, especially as a means to further 'privilege escalation' among the networks these devices connect to (ie BYOD policy in the corporate world etc).
Why? ......Because they are easy targets today!
In todays online world we crave more functionality, we demand that our data is served in highly dynamic fashion compared to yesterday. We want an application for everything. This is great news for us as users, but with this comes the price of exponentially increasing the size of our attack surface and its many weaknesses just waiting to be exposed.