Again, like in the last period, on my blog, at conferences etc I try to tell testers about security bug bounties. Now, for tips you can start for example with my presentation in Prague, just to get an idea:
I think this is very good for testers that are dissatisfied at a job and never see something good related to income, tasks and different perks. It’s intended for those that are not using their full potential at work and have the feeling nothing will become better.
Instead of switching from job to job I have this option: security bug bounties. I don’t even have a full year as serious bug hunter, but I am close to
⅕ millions USD in rewards. True, I got some nice intervals when some bug bounty programs didn’t have that much competition, the companies were trying to promote itself and they were more “loose” in giving validations. But it’s still something interesting for people out there.
Compared to a normal tester job, this is better at any level. No stupid bosses, racism backdraws, bad interactions etc. You work from home and, if you don’t lie to yourself, you know that this is the best way to work. Things are not always constant, you will have “bad months”, but you need to organise and be responsible. And when you get “good months”, it can be the equivalent of what you could have normally won in one year.
Security should not be some term that scares testers. After all, every tester does a little bit of security anyway. And it’s just like another set of skills, close and related to functional testing. You need to learn a lot with every new projects anyway, so consider security just a new project.
I am fully for security testing, normal job experience is overrated and you will not get more money if you had “4 years” of that type of testing anyway. Actually I am not good at security, but I try to be good at security bug bounties which, sounds crazy, has little to do with security in my opinion.
It’s best for people who are not very happy at a company where are not respected, can’t get promoted for various reasons, but CAN take some minimum risks.
For more information:
Eusebiu Blindu. firstname.lastname@example.org