Building a security scanner for non-technical business owners (medical/dental practices) — looking for honest criticism before I go further

Hi everyone,

I'm building SecureWatch, a domain scanning/monitoring tool, and before I put more time into it I want criticism from people who actually work in this space.

The scanning itself (subdomain enumeration, SSL/TLS config checks, header analysis, email spoofing/DMARC checks, tech fingerprinting) isn't new — Nuclei, testssl.sh, and a dozen other tools already do this well, mostly free. I know that. What I'm trying to solve is different: my target users are small compliance-bound businesses (independent medical and dental practices, small law firms) whose owners aren't going to read a Nuclei JSON dump or a Nessus report. So SecureWatch generates two outputs from the same scan — a technical report for whoever handles their IT, and a plain-English report meant for the practice owner or office manager, explaining what's exposed and why it matters in terms they'll act on.

Questions I actually want pushback on:

Is "translate findings for non-technical decision-makers" a real gap, or does this already exist in some form I'm not aware of (compliance platforms, MSP tooling, etc.)?

For SMBs like dental/medical practices — who's currently doing this for them, if anyone? Local MSPs? Nobody?

If you sell or evaluate security tools professionally, what would make you dismiss this outright versus take it seriously?

Underlying scan engine aside, what would you need to see (accuracy, false-positive rate, methodology transparency) before trusting a report enough to hand it to a client?

Not fishing for encouragement — if the differentiation is too thin or the market's a dead end, I'd rather know now.

Thanks for reading.

reddit.com
u/abhikarthik — 4 days ago

Best Practices for Authorized Web Security Scanners Behind Cloudflare WAF

Hi everyone,

I'm building a SaaS security scanner that performs authorized security assessments for customer-owned websites. One challenge I'm facing is that many customers use Cloudflare or other WAFs, which can rate-limit or block automated scanning traffic.

I'm not looking for ways to bypass security controls on unauthorized targets. Instead, I want to understand the industry best practices for making an authorized scanner reliable while working with WAFs.

Some questions I have:

How do commercial scanners handle Cloudflare and similar WAFs during authorized assessments?

Is IP allowlisting the standard approach, or are there better alternatives?

Are there vendor-supported mechanisms (such as scan verification, authenticated tokens, or APIs) that I should implement?

How do you balance scan speed with avoiding false positives and rate limiting?

If you've built or operated a security scanning platform, what lessons or design decisions would you recommend?

I'm particularly interested in hearing from anyone who has experience building commercial vulnerability scanners or security assessment platforms.

Thanks in advance for sharing your insights.

reddit.com
u/abhikarthik — 6 days ago

I'm starting to believe referrals matter more than skill

I graduated with a Computer Science degree.

Over the past several months, I've worked on projects, earned certifications, improved my resume multiple times, optimized my LinkedIn profile, and applied to countless jobs.

The result?

Rejection. Ghosting. Automated rejection emails. More rejection.

​

The most frustrating part isn't even the rejection itself. It's feeling like you never get a real chance to compete.

One incident really stuck with me.

I was shortlisted for an interview with IBM. I prepared seriously, attended the interview, and felt it went well. In the end, I wasn't selected.

Later, I found out that another candidate who got selected had an internal referral.

Do I know for a fact that the referral was the reason they got the job?

No.

​

But experiences like that make it hard not to wonder how much referrals influence hiring decisions before skills are even fully evaluated.

Since then, I've continued applying everywhere—cloud roles, security roles, support roles, internships, entry-level positions, startups, service companies, product companies.

The outcome has mostly been the same.

At this point, I'm honestly exhausted.

I'm not looking for sympathy. I'm looking for honest answers.

For recruiters, hiring managers, and people who have successfully landed jobs recently:

  1. How important are referrals really?

  2. If two candidates have similar qualifications, how much advantage does a referral provide?

  3. Is the job market actually this difficult right now, or am I doing something fundamentally wrong?

I genuinely want to know because after hundreds of applications, it's becoming difficult to tell whether the problem is my profile, the market, or the hiring process itself.

I'd appreciate honest feedback, even if it's harsh.

reddit.com
u/abhikarthik — 24 days ago

I'm starting to believe referrals matter more than skill

I graduated with a Computer Science degree.

Over the past several months, I've worked on projects, earned certifications, improved my resume multiple times, optimized my LinkedIn profile, and applied to countless jobs.

The result?

Rejection. Ghosting. Automated rejection emails. More rejection.

​

The most frustrating part isn't even the rejection itself. It's feeling like you never get a real chance to compete.

One incident really stuck with me.

I was shortlisted for an interview with IBM. I prepared seriously, attended the interview, and felt it went well. In the end, I wasn't selected.

Later, I found out that another candidate who got selected had an internal referral.

Do I know for a fact that the referral was the reason they got the job?

No.

​

But experiences like that make it hard not to wonder how much referrals influence hiring decisions before skills are even fully evaluated.

Since then, I've continued applying everywhere—cloud roles, security roles, support roles, internships, entry-level positions, startups, service companies, product companies.

The outcome has mostly been the same.

At this point, I'm honestly exhausted.

I'm not looking for sympathy. I'm looking for honest answers.

For recruiters, hiring managers, and people who have successfully landed jobs recently:

  1. How important are referrals really?

  2. If two candidates have similar qualifications, how much advantage does a referral provide?

  3. Is the job market actually this difficult right now, or am I doing something fundamentally wrong?

I genuinely want to know because after hundreds of applications, it's becoming difficult to tell whether the problem is my profile, the market, or the hiring process itself.

I'd appreciate honest feedback, even if it's harsh.

reddit.com
u/abhikarthik — 24 days ago