| Assuming vulnerability research, you need to be able to recognize bug patterns (buffer overflows, use-after-frees and such), be familiar with fuzzing, code audits, debugging. Of course understanding the code usually in C/C++ and assembly. Assuming you have the technical skills there are companies that hire for such positions ranging at varying degrees in the "ethical" scale. See Google Project Zero and Zerodium for instance. You don't need a PhD, CISSP, a cybersecurity bootcamp, a relevant degree or pretty much anything. You need to understand how the computer actually works. Most of the stuff needed are left out of a typical computer science curriculum. And (most) of the people hiring actually know that. In order to do it you must simply spend so many hours to learn that stuff and then not be disheartened by the work that needs to be done. Example: No one has compiled a binary with ASAN. Do it (by spending an exorbitant amount of time to fix all the linking errors during compilation). Run the binary with literally any input. Boom, you got a bug. Getting the role is pretty much like any other, you pass the interviews. Solving ctf like challenges is common. Finding all the bugs in a toy C program. Elaborating on the exploit ability of a latest CVE, etc. My favorite interview question: 1. Write a hello world in C.
2. Run it
3. Explain how it works You'd be surprised how many people actually have even a vague ideas what happens. |
What helped me is that every layer of the OSI model was something that I dug in to until I understood it well. Nowadays most bounties are happening on the web (layer 7) but you can still find some fun in the other layers too.