This is the fifth post in our series: “Bug Bounty Hunter Methodology”. Read on to learn how you can use bug bounties to build and grow a successful penetration testing or bug hunting career. If you have any feedback, please tweet us at @Bugcrowd.
As the bug bounty market continues to grow and the adoption of bug bounties increases across industries, it has become more and more common for researchers to use their bug bounty experience to grow their career. Bug bounties offer the opportunity for researchers to gain and exhibit real world security experience. Several successful bug bounty hunters have parlayed their experience into security jobs at major companies. To do this successfully, here are some pro-tips:
The security community is global and very interconnected. Meeting fellow researchers and learning from one another is a great way to increase your skills, grow your professional network, and open yourself up to potential job opportunities. Here are some suggestions for where to meet security researchers:
Twitter List of Bug Bounty Hunters: https://twitter.com/Bugcrowd/lists/security-researchers
Much of the bug bounty community is active on twitter. After you’ve followed @Bugcrowd on Twitter, check out our twitter list to find researchers that are worth following. IRC: #Bugcrowd on Freenode
Join Bugcrowd’s IRC chat to chat with other researchers in real-time. Reddit.com/r/netsec: https://reddit.com/r/netsec
The /r/Netsec community on Reddit is one of the best collections of technical security write-ups on the internet. Netsec is constantly updated with new blog posts, presentations and discoveries that have been shared with the security community.
Security Conferences & Meetups: There are hundreds of security conferences all over the world. Most major cities hold a BSides event, and DEFCON is one of the biggest security events in the world. You may also find a local security meetup on Meetup.com or on OWASP’s website. Bugcrowd Forum: https://forum.bugcrowd.com