I have grown increasingly disillusioned with the information security industry and especially disillusioned with the application security industry (whatever that really is). Why? I will get onto the information security part where fluffy compliance and best practice culture seems to be gaining acceptance in future posts (probably after a few glasses of wine) but if we take the application security industry specifically then I personally find it is disappointing that after a decade of it being considered a discipline in it’s own right, it is still predominantly made up of breakers and not builders.
I, too, have had anxiety about much vuln work and that is why I'm not in the product/application security bidness anymore. And there is much in Linus's monkey comments that I found hard to disagree with. And bonus points for going after the OpenBSD crowd.
Finding your first vuln, crashing a PIX (or 7200 in IOS) is fun the first time, but bug hunting is ultimately a cheap thrill. And educating product teams to find their own bugs, change their processes, document and design products better is ultimately more rewarding.