| There are a few paths forward for you, and a lot hinge upon your skills outside of security (somewhat your morality). Computer security is a lucrative field, and a broad one. You could continue the bug bounty approach, which leads into vuln selling (with the attendant morality questions). You could go into systems security research, a long term project but worthwhile intellectually. You could contract (needs networking and business), you could FAANG (needs patience and soft skills), you could government (needs patience and more patience). My advice: don’t rush. You have at least 50 years of career ahead of you. The decisions you make now will influence your direction for years, but there’s very little you can do to completely derail your future. Try some things, see what resonates and clashes and learn more about you. Context: 25 years in computer security in a variety of roles, currently FAANG, currently management. My 17 year old self would likely be somewhat surprised at my circumstances, but hopefully not upset :) |
"You could contract (needs networking and business), you could FAANG (needs patience and soft skills), you could government (needs patience and more patience)" That sounds like a insanely hard approach. I don't really have anything to show, only really got my HackerOne profile to show. Most projects I do is related to it, which I don't really publish or just not allowed to publish.