[CyberBank]

I know a few folks who do full time between things like SynAck and BugCrowd. SynAck is the ideal model in my opinion for pivoting to full time vs part time as a professional bug bounty individual, although it takes a ton of skill and hardwork. I'd say it's the exception moreso than the norm.

If you are interested in learning more about SynAck and it's model shoot me an email: i@willcode.it I can try and setup some contacts from their side that are working full time on platforms like it

[jcims]

Do the folks you know that are doing this full time actually depend on that income for their livelihood? I was on the receiving end of a large program for a short stint and have been watching it casually over the past few years. It's very much a feast and famine way to live, and you need to not only be very skilled, you also need to be dedicated to the effort and be very disciplined with your money. A $20K chained RCE looks great on paper until you're trying to live on a constant diet of clickjacking and IDOR bugs for two months straight.

I would caution anyone thinking about this to do it as a side hustle for at least six months if not a year to test the waters, understand the subculture a bit, and take a few rounds on the roller coaster.

[CyberBank]

Yes the ones I know do it full time as their only income AFAIK. Most do live in low cost of living areas, none of them that I know are living in places like San Fran :)

[jcims]

Ah, indeed low CoL helps a ton.

I would say only 10-15% of our reports were from folks in the USA and I don't recall any being full time. The dedicated folks were mostly from eastern europe and middle east...i'm guessing that has changed a bit over the past few years.

[CyberBank]

Precisely :) definitely nailed the locations of the people I know

[croh]

hmm. u got there a fancy email.