> Already got my foot in some cool groups, not really a work-together thing
Yeah I actually was saying insense of professional work. For Ex: Take assetnote, they do code review,s and such. If you get to work with them that would be really good for professional work. There are several other smaller startups/org with good people in them that are doing security research.
Oh, that is a good thing. I've followed some of their work.
> Joining big organizations like Google Project Zero seems very hard for me in my eyes haha. Would have no idea on how to get into them.
Right now, not sure how it would work. But P0 was just an example, if the idea of working they seem good then the first step would be to professionally become part of a smaller org/group that does security research. And then gain traction from there by doing more public research in whatever field you like. AFAIK P0 prefer people with public research experience and have something decent to show they did publically.
> and will easily land a job when the time will come." Well, that's the thing. I don't want to leave out any opportunities, just because I was lazy in my young years. There are many insanely good people out there and I heard companies more look at years of experience and certifications, instead of public "achievements" like HackerOne, etc.
Just read this in one of your comments (sorry just going through the thread). I actually agree with what @mrg2k8 said you are young and don't forget to enjoy the time you have now.
The thing about certification/Year of Experience is true but only when you actually want to work in an organization that works for itself. Basically, if you want to go in a line where you are working as insert security-related post, in a company. If you want to continue working as a researcher, just exploring applications and finding bugs then you don't have to worry about all that because in that scenario public achievements would rein over certifications or years of experience.
If you are getting bored with research and want to get a job like penetration tester, Product security, etc then I think the majority of my suggestions become irrelevant. And then you should just go for a degree -> certifications -> Apply for jobs -> $$$$
Yeah I actually was saying insense of professional work. For Ex: Take assetnote, they do code review,s and such. If you get to work with them that would be really good for professional work. There are several other smaller startups/org with good people in them that are doing security research.
> like pmnh (https://hackerone.com/pmnh?type=user) and zi
Oh, that is a good thing. I've followed some of their work.
> Joining big organizations like Google Project Zero seems very hard for me in my eyes haha. Would have no idea on how to get into them.
Right now, not sure how it would work. But P0 was just an example, if the idea of working they seem good then the first step would be to professionally become part of a smaller org/group that does security research. And then gain traction from there by doing more public research in whatever field you like. AFAIK P0 prefer people with public research experience and have something decent to show they did publically.
> and will easily land a job when the time will come." Well, that's the thing. I don't want to leave out any opportunities, just because I was lazy in my young years. There are many insanely good people out there and I heard companies more look at years of experience and certifications, instead of public "achievements" like HackerOne, etc.
Just read this in one of your comments (sorry just going through the thread). I actually agree with what @mrg2k8 said you are young and don't forget to enjoy the time you have now.
The thing about certification/Year of Experience is true but only when you actually want to work in an organization that works for itself. Basically, if you want to go in a line where you are working as insert security-related post, in a company. If you want to continue working as a researcher, just exploring applications and finding bugs then you don't have to worry about all that because in that scenario public achievements would rein over certifications or years of experience.
If you are getting bored with research and want to get a job like penetration tester, Product security, etc then I think the majority of my suggestions become irrelevant. And then you should just go for a degree -> certifications -> Apply for jobs -> $$$$