Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

This article is the start of a four part series about the process of being a security researcher in web3. This first part is Setting Sail — The Intro & Foundation. It starts with defining what "success" is. They mention doing well in contests, earning large bounties, working for a big security firm and doing private audits.

They go into age old ideas around motivations, and goals. You need to know your "why" to do well. Having goals for your why is helpful for making it to the next step. They have three core pillars: relationships, skill set and social media presence.

For social media presence, the claim is around it opening doors that other things cannot. Building influence, either by sharing knowledge, lessons or big wins, gives you opportunities. From there, it's about building the relationships; it's not what you know it's who you know. With a combination of meeting people and being on social media, you will start to get job offers, opportunities to collaborate and other types of opportunities. They claim to go to discord channels, DMs with good questions, conferences and other things.

The most important thing is competence. Being able to find bugs and exploit vulnerabilities should be valued above all else. Read articles, do contests... hone your skills and keep improving. If you don't have skills then the relationships don't matter.

About the skills... the author says to focus on niche things above breadth. "The more you niche, the less you compete, and the more you earn." The next thing is around staying active. This is a marathon, not a sprint. Still, it's a race though; the faster you run compared to others, the better you will do. Just don't burn out. "Discipline sustains motivation when it fades." The next tip is around collaboration. Working in teams can expand your thinking. It can help you find things that you missed as well. I enjoy working at a company to learn from others.

The final section is around traps and what to avoid. I personally find this section to be the most valuable. First, they mention not being kept up by pride. As you grow stronger, it's easy to feel like you've made it and loss your edge. Enjoy your winds, set new goals and repeat the same success as before.

Another big one is around consistency. The turtle wins the race because it goes the whole time. If you're inconsistent, you will never get good. Keep up to date on the opportunities. This could be learning new languages, new bug bounties and many other things. It's a fast paced game!

The final one is not taking chances, which is summed up with a good quote: "“A ship in harbor is safe, but that is not what ships are built for." Whether it's pride, time issues, being scared of failure... take changes that make sense. It won't always work out but fortune favors the bold! Overall, a good post on breaking into the security space for Web3.