This is probably a question from a troll, but inspiration comes from strange places, so hey, here's a thread about security research and getting paid! 🧵 1/
Bug bounty programs, on the whole, actually pay really badly for most people! There are exceptions to this, some of whom I am friends with, but if you look at the numbers, there are a few people getting paid a lot, and a lot of people getting paid very little or nothing. 2/
If you are interested in doing security research and getting paid for it, that's awesome! There are many ways to do that. Some of them pay off better shorter-term, and some of them pay off longer term. What are your goals? I can't answer that for you. It's worth thinking on. 3/
There's a flavor of bug bounties that involves throwing a lot of automation at stuff and hoping you catch something. This doesn't necessarily require a lot of skill, beyond automation itself. But it might require luck, because a lot of others are trying to do the same thing. 4/
For most people, if you want to make real money doing security research, it helps to get really good at knowing something. This often involves a lot of learning and a lot of work. There are no shortcuts for this. There are no cheat codes. You have to put in the work. 5/
Some people might do security research for the joy of learning itself. Not everyone is money-motivated! It can be fun to do weird things to weird machines, just because. A nice side effect of doing this is that you can get good at things, which can get you paid if you want. 6/
If you get good at stuff, and you share your knowledge with others, you can get known as someone who is good at stuff. You can go places with that! Like getting hired for consulting, or getting full-time job offers that are steadier and less precarious than gig work. 7/
If you get really good at finding bugs, you can sell them to oppressive governments who will use them to oppress their local dissidents. Yay? This pays very well and I don't recommend it for ethical reasons, which are not the same as legal ones. 8/
Pretty much regardless of which path you choose, you're going to have to put in work, and not all of that work is going to be paid all the time. Investing more time on the front end can often pay off later on. Set goals, make a plan for yourself.

Have fun! Hack the planet! /🧵
P.S. I am just a person who likes to throw things at clouds. If you're interested in bug bounty labor markets, go follow @k8em0 and check out her ground-breaking work!
You can follow @IanColdwater.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more