[eswat]

> I want to work in security but I don't have the credentials.

Well, you got to start somewhere! I burnt out from front-end development last year and decided to pivot into security. There are plenty of entry-level certifications you can start looking at if you want to explore this area more:

- Security+ from CompTIA

- eJPT from eLearnSecurity

- OSCP from Offensive Security

> I reported it, they said it was not an issue but then fixed it a month later and I could only enter in three before getting locked out.

Don't let your past outcomes with vulnerability disclosure dissuade you from continuing if this field really interests you. Many people have received the short end of the stick through public disclosure programs. But it's a drop in the bucket compared to many of the other amazing things you can do here.

[throwaway48491]

Thanks for those resources; I'll check them out.

I've been wary about going into security because I've heard that in order to be moderately successful you have to be naturally paranoid, disable telemetry on everything, lock down your computer and phone with super complicated passwords, never use your name on anything on the internet, etc. How true is that? I try to take precautions but I have a social media account with my real name so am I done for?

[eswat]

It depends on your threat model[0]. Keep in mind that InfoSec people that do the things you mentioned are doing it either out of necessity (see [0]), they see it as a fun hobby or are taking things to an unecessary extreme. There are plenty of nothworty contributors to InfoSec that have relevants things in public and don't go overboard locking down their devices.

[0] https://ssd.eff.org/en/module/your-security-plan

[shyn3]

Half the people at my office in security are on LinkedIn FWIW