[SamHoustonCM]

New programs are launching all the time or the scope of current programs is expanding out to include new products or features. It's never too late to get started, there's actually more work than researchers at the moment and it will be like that for many, many years to come.

In terms of how to get started, I definitely suggest monitoring the various bug bounty sites to see what's new and if a bounty's scope has expanded.

There's also a bunch of guides, tutorials, and tools listed on Bugcrowd's Forum: https://forum.bugcrowd.com/c/security-research