"I'm quite lucky in that the work I have done for the last year. Some of the people I speak to in the community are incredibly intelligent, and I still feel intimidated by them. I feel lucky," Adkins said.
Before finding Bugcrowd, Adkins recalled working for three months trying to get a hold of the right people with one vendor. He said, "I looked around for a couple of security response groups to help me engage with the vendor. In the end after three months of no successful contact, I ended up disclosing the vulnerability publicly."
In the past year, he has discovered some high impact vulnerabilities. "I've found misconfigurations of a service or a device. One of them gave me remote access to their servers login and run, which I could then use to attempt to get further access into the network," Adkins said..
Adkins, who has never himself looked into the CEH certification, recommended, "If you're not sure whether you would be a good ethical hacker, I encourage people to give it a try. There is nothing stopping you from attempting to work with bug bounty companies and their clients. For Adkins, a hobby turned into a new career path, so it might be worth it for you to have a look at the programs that are out there.
Sign up for Computerworld eNewsletters.