Andrew Hay, CISO at DataGravity, spoke at the MISC security conference. Hay said that anyone can perform security research and its often not the technical details of the research itself that is the challenge for would-be researchers. Hay cited six types of questions security researchers can use to approach their subject:Descriptive, Exploratory and Predictive. Where to research ideas are practicalities when choosing an area of tech, Hay listed five areas in tech: circuitry, hardware, software, the platform (the combined operating system and compute platform of the device and its hosting provider)”]
Source: https://www.csoonline.com/article/3091847/so-you-want-to-be-a-security-researcher.html