that is fake maybe u are very atractive and u start modeling very young maybe u have natural talent in finance live is unjust by nature and talent is totaly not equal distributed
newbies see numbers($) and think its easy money . Reality: You Need To Master Everything (work for it)+ late nights + passion + coffee + stare at a screen until a (.) looks like a (,) Period
What about realisticly how much money can we earn? I know its changes month to month and depend on a person... but can you says that an "avarage" person can earn 6000$ in a year, which is something like 500$ in a month. The number can change I dont care whether is 600$ in year or 60000$. I just like to know the "avarage amound"
@@Miracle-uc6es lol no way. First off it takes years to master this “craft”. I have been practicing hacking for about 7 years. I even do ctfs and htb. I just started trying out bug bounty and can’t even find one single bug
@@Miracle-uc6es I’m not really trying to be mean or anything. I’m actually devastated that this is the reality. But that doesn’t mean that I’ll stop bug bounty. I’ll keep doing it
@@younesmohssen8158 literally the same thing is happening with me but i think the way to succed in bug bounty is to think outside the box and try things people haven't tried before and craft your own tools to do the things you want them to do (especially fuzzing) or logical vulnerabilities.
@ed win vai depender muito cara... depende da vulnerabilidade encontrada.... o Facebook tem no programa deles um sistema bem bacana que se eles analisarem a falha que vc encontrou e essa falha pode evoluir eles te pagam pelo que ela pode evoluir... Tem um video no canal do Gabriel Pato entrevistando um carinha de 14 anos que pegou um de 25k recentemente... Então como disse pode variar o bug... a claro como disse o Heath tem a questão do tempo que vc leva para achar o bug alem de competir com milhares de pessoas... O bacana é quando vc pega private programs que no caso as empresas te convidam para participar... ja recebi convites assim de empresas vindas da HackerOne... Good Luck ! Happy hacking
So true. I've come across a lot of people who are doing it solely for monetary purposes and not learn anything or upgrade their skills. Rightfully said.
Well said! I’ve had tons of jobs in my life from cleaning floors to teaching screaming kids English but the money I’ve made from bug bounty was definitely the hardest to earn and on a per hour basis certainly not worth it. But, I do it to learn, improve and gain experience not for the money.
there is also the fact that as a pentester, depending on terms of your contract, you could do freelances that could give you a side income of 2k dollars for one project alone for a one ~ 2 weeks web application pentest, way less effort, money granted and more realistic as well, I would recommend people to just start looking for freelances if you want a side income. (again pay close attention to the terms you are bound to because of your current job)
I would be super stoked just to complete my first bug bounty and have it noted somewhere. I would consider it a major accomplishment and huge stepping stone. Every step in the right direction is an achievement.
Videos like this are the ones that make my admiration for you grow every day. There are not only speeches of technical content but rational thoughts with lessons for our daily lives as professionals and, mainly, as better people. Congratulations on the excellent work you've been building! Very grateful for all this!
This brings the big difference between reality and imagination . In the real world, things suck and getting through is not as easy as one might think. You have to work and know what you are working at , there is no secret.
Yes we need more honesty in this field i started in May 2020 i have not earned a bounty yet submitted a few reports and they all FAILED. So i took a step back to learn and do more on the bug i am focusing on XSS. I am no hurry but i know one day it will pay off.
solid points and i couldn't agree more. the money is a perk and an incentive to hack *legally* and report vulns. for 99% of people, bug bounty isn't going to be their main source of income
Im just a newbie and the idea of making side money from these are cool, but the feeling of having the skill and being able to accomplish these hacks is what really makes it awsome!
i watched this video with the hope you that you would explain bug bounties. Good luck telling people not to do anything in cyber for money. So now that you got that off your chest, can you make a video about how to start with bug bounties?
Must be a very good deal for large companies. For the work that gets done, and the number of eyeballs, they pay out much less than they would have hiring people.
100% agree with every rambling point you had here. ;-) But truth be told, bug bounties are not going to bring home enough money to support yourself or your family unless you are incredibly skilled and can get in on some "private" bug bounty programs, but even then I wouldn't count on it. As a learning tool they are invaluable, if only to get you to work on your writing skills and being able to describe a vulnerability and provide steps on how to exploit it.
The honest video I ever saw. I felt the same. it couldn't be that easy, you probably going to be in the mark of 50 to 1000 dollars if you get there. the biggest problem is time and you say it right. Very good viewpoint on this subject. Cheers from Azores. Love your channel. ✌️
Great advice TCM! I’m thinking about switching from Desktop support to cyber security and I keep hearing how great bug bounties are. Btw you remind me Paul “Snakebite” Duarte, he’s a Halo pro player lol
Now it surely begs the question the amount of realistic effort required to become the 1% out of the 1%. I truly envy the knowledge and abilities of the black hat hackers(from a positive perspective). Great video btw
,@@faboxbkn Later I applied for a job and currently working as a security consultant with 1 yr of experience the knowledge I gained while hunting became beneficial.
@@thinkboi2712 that's nice!! Congrats man. Can you elaborate more on this please? You are my hero now. Did you get any certs? How did you show your employees your knowledge?
If the bug bounty programs are actually joined to make the cyber landscape more secure and the money perspective with it as the thanks for the job you did would actually make it bug-bounty and it sounds better.
Something that is absolutely CRITICAL but frighteningly doesnt get discussed is the legal risks in bug bounties. Please can you make a video addressing this. It is incredibly important issue to understand before doing bug bounty.
10:12 - Is there such thing? I did not know that? I'm SUPER interested now. Would the government be registered in the same platforms as the private companies or do they have their own Bug Bounty platform?
Thanks for the advice. I won't be lying if l said those tweets about the $$$$ earned are what pulled me to learn more on bug bounties and what it's all about. I guess l need to change my mindset .
You have been a great mentor sure your approach is realistic and all the peeps out there do not get discourage even if you earn 100$ or just Kudos surely you are going to step up your game so keep your head up and keep hacking.
there are no exception , those who says they started 2 month ago and made 5 digit bounty are lying, they cant do without any spoonfeeding , there is someone more experienced than them guiding every single path for them
As an employer. If you had someone applying that listed they had participated in Bug Bounties and were successful would you use that as consideration for employment or would it matter?
You said it's difficult to digest the concept of not paying attention to money but only learning. Say you are really want to learn but at the same time you are being bugged by the thought of earning. How do you handle it ?
Hey TCM, thank you for the amazing content you put out. Truly greatful to have a mentor like you on the scene. I have a question, do you think PEH course is enough to pass a cert exam like eJPT? Sorry in advance if this is a bad question.
Yes it is, just took the exam, got the complete course and get bored. Then used TCM course and was more interesting by far. The exam was pretty straight forward, just a bit tricky the routing part.
Have to understand the reality for sure, it's not a platform for money motivator instead reinforce your skills by continuos learning.... Honestly speaking I feel great when I replied back with kudos msg for reported vulnerabilities in early days... It drives me to become a better version of myself than yesterday....... Eventually the thing that matters the most is updating ur skills on a regular basis... Awesome stuff bruh👌.. True words!!!
What about realisticly how much money can we earn? I know its changes month to month but can anyone says that an avarage person can earn 6000$ in a year, which is something like 500$ in a month.
Thanks alot.. This is the best video I have seen.. I have not been getting bugs lately and i have been feeling down,,,, this has helped me alot with my mindset.... ❤️❤️
Bro, this is what I've thinking about the last month about BB, and it's completely legit, if your only keep your mind in the results you'll loose the way to it.
While I do not expect to get rich off bug bounties, I would like to be able to pay my bills while trying to get my foot in this industry (job hunting is tough right now).
I do want to make money in security. However, its stupid to expect any job to make you rich by simply doing it. I just want to make a decent amount money doing something that I look forward to doing everyday. When you do what you love then is it really a job? I think of bug hunting as a means of showing experience and learning while making some play money along the way. Hoping that learning to do it will help me transition to pentester one day.
@The Cyber Mentor i use vertical mouse and even in games is very good and healthy for your wrist. what you say about the bug bounty is the true try getting better rather than expect something big, you might get lucky and get a big reward.
I’m not sure what to do...😒 I wanted to work freelance in a year. Doing bounty hunting, or web design.. Such one will be more lucrative? In terms of freelance work...🤔
Thank you! This was so insightful! I am considering Bug Bounty since I am studying for Network+ & at home doing virtual school with my kids. Was thinking it was a valuable way to gain experience, test out some of my skills, and if it brings money until I find a job in Tech that would be great, but I am looking into other things like User Testing as well.
I hope you enjoyed this video! If so, please consider dropping a like and subscribing.
I guess it boils down to a very basic lesson in life: there is no get rich quick scheme.
unless you solve big problems
that is fake
maybe u are very atractive and u start modeling very young
maybe u have natural talent in finance
live is unjust by nature and talent is totaly not equal distributed
@@sapito169 Yep what you said is right, i just told that in my persepective.
@@CODEBYTE Probably not.
@@sapito169 Right, not everybody is a criminal or a killer.
newbies see numbers($) and think its easy money .
Reality: You Need To Master Everything (work for it)+ late nights + passion + coffee + stare at a screen until a (.) looks like a (,) Period
What about realisticly how much money can we earn? I know its changes month to month and depend on a person... but can you says that an "avarage" person can earn 6000$ in a year, which is something like 500$ in a month. The number can change I dont care whether is 600$ in year or 60000$. I just like to know the "avarage amound"
Love that you didn't miss coffee on your comment!! So true hahahaha
@@Miracle-uc6es lol no way. First off it takes years to master this “craft”. I have been practicing hacking for about 7 years. I even do ctfs and htb. I just started trying out bug bounty and can’t even find one single bug
@@Miracle-uc6es I’m not really trying to be mean or anything. I’m actually devastated that this is the reality. But that doesn’t mean that I’ll stop bug bounty. I’ll keep doing it
@@younesmohssen8158 literally the same thing is happening with me but i think the way to succed in bug bounty is to think outside the box and try things people haven't tried before and craft your own tools to do the things you want them to do (especially fuzzing) or logical vulnerabilities.
This is what the reality is.
Sure, Aim high but consider the reality as well.
This is the clearest and most sincere video I've seen so far on the subject. Thank you, from Brazil.
O mano é foda dms
foi você que fez 700 dolares esses dias?
O mano é brabo kkkk
@ed win Cara, eu não trabalho na área. Mas acredito que não seja irreal.
@ed win vai depender muito cara... depende da vulnerabilidade encontrada.... o Facebook tem no programa deles um sistema bem bacana que se eles analisarem a falha que vc encontrou e essa falha pode evoluir eles te pagam pelo que ela pode evoluir...
Tem um video no canal do Gabriel Pato entrevistando um carinha de 14 anos que pegou um de 25k recentemente...
Então como disse pode variar o bug... a claro como disse o Heath tem a questão do tempo que vc leva para achar o bug alem de competir com milhares de pessoas...
O bacana é quando vc pega private programs que no caso as empresas te convidam para participar... ja recebi convites assim de empresas vindas da HackerOne...
Good Luck ! Happy hacking
So true. I've come across a lot of people who are doing it solely for monetary purposes and not learn anything or upgrade their skills. Rightfully said.
So true. The momentum's gonna fall off at some point! Rightfully said.
Well said! I’ve had tons of jobs in my life from cleaning floors to teaching screaming kids English but the money I’ve made from bug bounty was definitely the hardest to earn and on a per hour basis certainly not worth it. But, I do it to learn, improve and gain experience not for the money.
good approach
Congratulations man!!! for the SQL injection you found few days ago..
there is also the fact that as a pentester, depending on terms of your contract, you could do freelances that could give you a side income of 2k dollars for one project alone for a one ~ 2 weeks web application pentest, way less effort, money granted and more realistic as well, I would recommend people to just start looking for freelances if you want a side income. (again pay close attention to the terms you are bound to because of your current job)
where can I get these freelance jobs
I would be super stoked just to complete my first bug bounty and have it noted somewhere. I would consider it a major accomplishment and huge stepping stone. Every step in the right direction is an achievement.
Hey, 2 years later
Did u do it?
hi. did you do it
Videos like this are the ones that make my admiration for you grow every day. There are not only speeches of technical content but rational thoughts with lessons for our daily lives as professionals and, mainly, as better people. Congratulations on the excellent work you've been building! Very grateful for all this!
Agree
Im living in a country where 10,000$ can last me for a year xD
Im living in a country where 10,000$ can last me for a decade xD
@@mayam6911 where is it?
@@lone.wo1f India
And I live in a country where $10,000 lasts 2 months.
@@mayam6911 A bit of an exaggeration isn' it... Would last an year if you live frugal though...
This guy told me the same words few months ago....and I can tell you from experience, he is being real with you guys.
Repeat huh
I feel like it's over half of the bug bounty programs don't even offer payouts -- just the kudos or swag.
Dude yes. There's plenty of nightmare stories of asshole companies.
This brings the big difference between reality and imagination . In the real world, things suck and getting through is not as easy as one might think. You have to work and know what you are working at , there is no secret.
Yes we need more honesty in this field i started in May 2020 i have not earned a bounty yet submitted a few reports and they all FAILED. So i took a step back to learn and do more on the bug i am focusing on XSS. I am no hurry but i know one day it will pay off.
Definitely agree with you on this video❤❤
Someone told me this about bug bounty.
( Remember it's a marathon not a sprint race )
❤
I think that you should also mention that successfully reporting bugs is really good for your resume. Shows that you can be super descriptive.
solid points and i couldn't agree more. the money is a perk and an incentive to hack *legally* and report vulns. for 99% of people, bug bounty isn't going to be their main source of income
The more hype I saw while researching bounties the more my gut said too good to be true, thanks for the reality!
Im just a newbie and the idea of making side money from these are cool, but the feeling of having the skill and being able to accomplish these hacks is what really makes it awsome!
the cyber mentor: you can't do bug bounties without experience
santiago lopez: hold my beer
😆
i watched this video with the hope you that you would explain bug bounties. Good luck telling people not to do anything in cyber for money. So now that you got that off your chest, can you make a video about how to start with bug bounties?
Must be a very good deal for large companies. For the work that gets done, and the number of eyeballs, they pay out much less than they would have hiring people.
This is the most honest perspective for bug hunting no bullshit
The greatest mentor with the greatest content I’ve ever seen keep it up 🤛
🤛
i started getting into bug bounty to pay for certifications and training. thats how i plan on paying for the PNPT
100% agree with every rambling point you had here. ;-)
But truth be told, bug bounties are not going to bring home enough money to support yourself or your family unless you are incredibly skilled and can get in on some "private" bug bounty programs, but even then I wouldn't count on it. As a learning tool they are invaluable, if only to get you to work on your writing skills and being able to describe a vulnerability and provide steps on how to exploit it.
Only 0.1% of hackers become a millionaire, 1-10% make a decent living, others just strive...
The honest video I ever saw. I felt the same. it couldn't be that easy, you probably going to be in the mark of 50 to 1000 dollars if you get there. the biggest problem is time and you say it right. Very good viewpoint on this subject. Cheers from Azores. Love your channel. ✌️
Facts, bug bounty is not a realistic full time job for MOST people.
Well said ...money shouldn't be motivator ...it disrupts minds and society all together if kept in mind ..
I'm shooting to make $1000/month by the end of the year. I'm in it for the flexibility not the money.
you def can make it
What
I like the Batman and Punisher cups in the shelf
i never understood how people could spend hours on TH-cam, until I started following your channel lol
Easy when you don't watch cable tv
😂
I watch youtube all day lol
Great advice TCM! I’m thinking about switching from Desktop support to cyber security and I keep hearing how great bug bounties are.
Btw you remind me Paul “Snakebite” Duarte, he’s a Halo pro player lol
I'll allow it :)
In my country (in South America) $10,000 is 39 times the minimum wage, so I could live very well with that.
Live in a country with a similar situation. Did bug bounty helped you?
Thanks a lot Heath! Your advice always helps me out, it gives me more clarity and you do it time and time again which is great!
Very good advices. Today we look too much at the money, while in truth we should first love to learn.
Was reassuring to hear this, thanks for taking the time to put this out!
Now it surely begs the question the amount of realistic effort required to become the 1% out of the 1%.
I truly envy the knowledge and abilities of the black hat hackers(from a positive perspective).
Great video btw
An Eye opening Video for new guys going behind the BugBounty.
It's been 8 months I started into it. Only I got hall of fame, not a single bounty. Sometimes I feels demotivated .
Hi there, did you quit? Are you doing it full or part time?
,@@faboxbkn Later I applied for a job and currently working as a security consultant with 1 yr of experience the knowledge I gained while hunting became beneficial.
@@thinkboi2712 that's nice!! Congrats man.
Can you elaborate more on this please? You are my hero now. Did you get any certs? How did you show your employees your knowledge?
@@faboxbkn Thanks, I was able to get into it without a degree or cert.
They asked me about owasp top 10 attacks in an interview. Which I prepared perfectly. And for the resume, I added hall of fame .
Good point mates, love it. It's clear now, thank you.
You're the best mentor! Take a bow everyone!
💛
If the bug bounty programs are actually joined to make the cyber landscape more secure and the money perspective with it as the thanks for the job you did would actually make it bug-bounty and it sounds better.
Something that is absolutely CRITICAL but frighteningly doesnt get discussed is the legal risks in bug bounties. Please can you make a video addressing this. It is incredibly important issue to understand before doing bug bounty.
10:12 - Is there such thing? I did not know that? I'm SUPER interested now. Would the government be registered in the same platforms as the private companies or do they have their own Bug Bounty platform?
Thank you, man!!! I’ve realized i haven’t been thinking realistic about this at all...
Thanks for the advice. I won't be lying if l said those tweets about the $$$$ earned are what pulled me to learn more on bug bounties and what it's all about. I guess l need to change my mindset .
Istg this is the best prof I’ve ever met. I’m not even kidding like... everything that he was&is saying are all with honesty.
i'm an ethical hacker, i will push to the top no matter what hat i have to wear. LOOK, SEARCH, DESTORY
Thanks CyberMentor. This was so insightful. Now I know how to approach the subject better.
Massive respect for you man. Was waiting for someone to do this sort of video
You are teaching better than most of the school teachers.
Very Clear & Precise fact, Hitting the nail on the head. Definitely its not a Lotto :) Thanks TCM
Question for you,
What’s the difference between a bug bounty program like bug crowd and something like SynAck red team?
You have been a great mentor sure your approach is realistic and all the peeps out there do not get discourage even if you earn 100$ or just Kudos surely you are going to step up your game so keep your head up and keep hacking.
I call bug bounty programs UBER for Hackers lol
there are no exception , those who says they started 2 month ago and made 5 digit bounty are lying, they cant do without any spoonfeeding , there is someone more experienced than them guiding every single path for them
i really needed to hear this..Thanks TCM!!
:D
I now have a completely new perspective on bug bounty after watching your video. Thank you for sharing the truth. 🙏
$200 000 is R4 000 000 in South Africa🥺😂
As an employer. If you had someone applying that listed they had participated in Bug Bounties and were successful would you use that as consideration for employment or would it matter?
Every time I loose hope .. I come here for logic and some scene in me ... 🙊 🙉 🙈
Heath, you always say facts 💯💯
You said it's difficult to digest the concept of not paying attention to money but only learning. Say you are really want to learn but at the same time you are being bugged by the thought of earning. How do you handle it ?
Hey TCM, thank you for the amazing content you put out. Truly greatful to have a mentor like you on the scene. I have a question, do you think PEH course is enough to pass a cert exam like eJPT? Sorry in advance if this is a bad question.
Yes it is, just took the exam, got the complete course and get bored. Then used TCM course and was more interesting by far. The exam was pretty straight forward, just a bit tricky the routing part.
For its all about developing skills and become a security researcher
Bro, I'm happy with 10 bucks as long as I get a little of that precious Dopamine and a coke
Have to understand the reality for sure, it's not a platform for money motivator instead reinforce your skills by continuos learning.... Honestly speaking I feel great when I replied back with kudos msg for reported vulnerabilities in early days... It drives me to become a better version of myself than yesterday....... Eventually the thing that matters the most is updating ur skills on a regular basis... Awesome stuff bruh👌.. True words!!!
Your zero to hero course on GitHub was the first thing to get me into hacking and for that I thank you sir from New Mexico 🖤
Loved Ur prospective for Bug Bounty's U exactly said What I am Expecting from an Experienced guy Like You 👍👍
Always giving amazing advice, love the experience and honesty.
Thank$!! You are my first inspiration in the pentesting kingdom;)
Bug bounties are a good way to challenge you legally to learn more, and I agree monetary gain shouldnt be your motivation.
awesome video! it’s true that people has to set proper and realistic expectations when it comes to this stuff.
Its awesome to hear your prespective. Thank you.
What about realisticly how much money can we earn? I know its changes month to month but can anyone says that an avarage person can earn 6000$ in a year, which is something like 500$ in a month.
You are wise beyond your years.
Thanks alot.. This is the best video I have seen.. I have not been getting bugs lately and i have been feeling down,,,, this has helped me alot with my mindset.... ❤️❤️
Thank you for this video. Everyone needs to realize that skills needed take tons of practice.
Do bounties for fun . And always look at the target as if you are first on the program.
True, you basically need a lot of free time for Bug Bounties
Yeah I m learning this stuff and this definitely takes a lot of time!
Bro, this is what I've thinking about the last month about BB, and it's completely legit, if your only keep your mind in the results you'll loose the way to it.
While I do not expect to get rich off bug bounties, I would like to be able to pay my bills while trying to get my foot in this industry (job hunting is tough right now).
I do want to make money in security. However, its stupid to expect any job to make you rich by simply doing it. I just want to make a decent amount money doing something that I look forward to doing everyday. When you do what you love then is it really a job? I think of bug hunting as a means of showing experience and learning while making some play money along the way. Hoping that learning to do it will help me transition to pentester one day.
@The Cyber Mentor i use vertical mouse and even in games is very good and healthy for your wrist.
what you say about the bug bounty is the true try getting better rather than expect something big, you might get lucky and get a big reward.
That's a very clear and practical perspective towards bug bounty. 🙏
I’m not sure what to do...😒
I wanted to work freelance in a year. Doing bounty hunting, or web design..
Such one will be more lucrative? In terms of freelance work...🤔
Thank you! This was so insightful! I am considering Bug Bounty since I am studying for Network+ & at home doing virtual school with my kids. Was thinking it was a valuable way to gain experience, test out some of my skills, and if it brings money until I find a job in Tech that would be great, but I am looking into other things like User Testing as well.
This video motivates me to start bug bounty for fun and learning
The clearest analysis so far
Great perspective here! Thanks!
Are bug bounties good for making a portfolio and find your first job ( no degree )?
This was awesome! Thank you! Subscribed :)
One of the realest videos on bug bounty out there.
I think your argument about money motivation also applies to development.
Thanks for your words... I'm about to start oscp soon urs course n vids helping me lot thanks..... Hope I'll see you with my work in future
No coffee., no workee 😊
You are very realistic, that`s why i love you