This is a pretty great post. One of its subtexts is the cliche of people taking jobs in offensive security and complaining that all they get to work on are web apps --- web apps are where all the money is, and where most new software is built. Another interesting subtext: there's a whole variety of low-level targets where modern exploit development techniques would come into play, but since there's no market for those vulnerabilities, there aren't many opportunities to get paid to develop the exploits; all the action is in browsers and mobile operating systems, where competition is incredibly fierce.