The Year I become a Bug Hunter
﷽
Background
I got started in cyber security around 2022, when I came across Operation Aurora HACKING GOOGLE documentary on Youtube. Also, I watched Mr. Robot about that time. It is profound to wield the power to breach networks and the responsibility of securing network infrastructures from breaches is equally admirable.
Early on, I experienced choice overload. There were too many “how to get started” guides and I was overwhelmed by this. Maria Azeria cover the choice overload topic in detail here.
I changed directions multiple times whenever I hit roadblock mastering difficult topics. My learning goal was mainly to get a job offer, not mastery which I should have prioritized.
Last year, I shared an update about learning backend developement and web security. I made up my mind to focus on application security.
Job Hunting
I’ve had my fair share of the mental tolls of job rejections. In fact it became the reason I decided to start bug bounty hunting. The job market is influenced by external factors such as: market conditions, luck, bias, timing etc. Oftentimes those factors hold more weight than your competence, which is the sole factor you control. You cannot upskill yourself to get an offer in a company that prefers candidates from certain schools, backgrounds, nationality, or geographical location.
The baseline to winning in the harsh job market is to harness your resources and time on the competence factor that you can control.
Bug Bounty Hunting
There is what bug bounty is and what it’s not. Understanding this early on separates successful hunters from the less successful ones. It has its flaws and there are external factors that determine success.
What I consider the perfect explanation of what bug bounty is this quotes from zseano
Sit back and think about this: Companies around the globe are inviting hackers like yourself to legally poke at their systems. You can sit at comfort of your own home hacking at your own pace. And get paid big bucks for it.
The internet is your oyster, let’s hack the planet.
I came across this interesting tweet by h0rus3c that asserts the notion that bug bounty is a true test of meritocracy even with its flaws.
"On top of that, the competition is global. You’re searching for vulnerabilities in systems where thousands of skilled researchers have already looked before you."
— Qawam Musiliu (@cqawam) March 3, 2026
Bug bounty is a true test of meritocracy. https://t.co/TcZBG62NXb
My Progress
I keep notes of my hunting process in order to organize my thoughts and have a reference for my hunting activities. I created my first notion page for bug bounty on July 5, 2025 exactly at 10:28AM UTC+3.
I started active hunting this year (late December 2025 to be precise). My first Caido project was dated to January 5, 2026. Before then, I was using the community editon of Burp Suite which does not allow saving projects on disk.
Between January 5, 2025 and the moment I am writing this blog (March 4, 2026), I have found and reported 3 bugs so far. The first was marked as duplicate and the remaining are under assesment evaluation.
I choose to hunt on a self-hosted bug bounty program because I love the company. That is one of the advantage of bug bounty, you are at liberty to choose your targets and how much time you want to dedicate to the programs of your choice.
My Endgame
I saw a really profound tweet on X (Twitter) some days ago. It resonated deeply with me.
You can’t be bigger than your dreams are.
There is an incredible level of fast-paced innovations across industries as new frontiers are unlocked with AI. Agentic applications are able to solve CTF challenges, reverse engineer binaries, fuzz for zero-days, review large codebase for security bugs.
My goal is to not be in the race by building career moats. What that means for me, is discovering what I am most passionate about: web security, binary exploitation, cryptography, mobile security, AI and ML security, etc., and being in the top 1% by mastering the field. With Allah all things are possible.
وَمَا تَوْفِيقِىٓ إِلَّا بِٱللَّهِ ۚ عَلَيْهِ تَوَكَّلْتُ وَإِلَيْهِ أُنِيبُ
My success comes only through Allah. In Him I trust and to Him I turn.
TL;DR
I discuss how I got started in cyber security and my initial struggles as well as my motivation to become a bug bounty hunter and my goal to ultimately become an offensive security researcher.