This is all cool and all, but I’ve found bug bounties to be very unreliable. Nobody talks about the sheer number of people hacking on the same bug you found—the competition is actually insane. Nearly all of my submissions have been marked as duplicates. It probably works for some people, especially once they get invited to private programs, but really—you’re better off landing a stable job as a security analyst/engineer instead.
Author of the blog post here. I barely encountered duplicates in my journey and I also held multiple full time security jobs that paid well while participating in bug bounties. Most of my bugs are actually in Uber’s program which is completely public, so that kind of debunks your private invite theory too.
Hey, thank you for replying. My comment was purely based off my personal experience. If it works for you, great—more power to you! I suppose it all boils down to skill and experience in the field.