Nessus is just a tool. But in the hands of an expert, it’s not a vulnerability scanner. It’s a .
If they say, “Oh yeah, Plugin 12345 flagged a kernel vulnerability that was actually backported by Red Hat, so I had to write a custom suppression filter,” — hire them. nessus expert
If they say, “Nessus is never wrong,” run away. Nessus is just a tool
I’ve watched seasoned pentesters miss critical SQL injection vectors because they left the "Safe Checks" box unchecked. I’ve also watched junior admins discover Log4j in a legacy system that "enterprise tools" missed. “Nessus is never wrong