In this article, we are going to discuss 3 important traits of any ethical hacker, bug bounty hunter, or penetration tester.
#1 — You are passionate about it
Passion is what brought us all to the places where we are right now. You can’t do a big deal if you are not passionate about it, because passion is what will make you push your limits, to work even in your “low” or tired days.
Passion is what will make us rise, learn, and move on after we fell down, which can be for example a disappointment.
Some long ago I’ve saved a really nice quote which says the following:
“Allow your passion to become your purpose, and it will one day become your profession.” — Unknown
In our case, hacking comes first as a hobby and later will become a career.
In conclusion, passion is the best ingredient for the long-term game. A passionate ethical hacker, bug bounty hunter, or penetration tester will always be in advantage in comparison with one that is driven by money or entitlement.
#2 — Creativity
You should always think outside the box because most critical vulnerabilities are not found by automated and common checks, but rather by manual exploitation, which will be done by yourself.
“You can’t use up creativity, the more you use, the more you have.” — Maya Angelou
Creativity is what will make your results (“findings”) stand out from the rest.
As said in the above quote, you can train and improve your creativity by using it more often. That’s also a benefit of doing daily Pentests, your brain will never get old!
To summarize this section, creativity will help you in two big ways during a security engagement:
- Finding complex and critical vulnerabilities
- Linking found issues to discover impactful exploitation chains
Experience + Creativity = Good Quality
#3 — Try Harder! Mentality
Your mindset will reflect into your work, so that’s why you should be on point with it. No system is secure, unless it is disconnected.
Remember very well: Devices and applications are made and configured by humans, which are prone to making mistakes. Is our job, as Pentesters, Ethical Hackers, or Bug Bounty Hunters, to find out their mistakes, and teach them how to not repeat those.
So, anytime you see some environment very “secure”, do not discourage yourself and definitely don’t say “ah, that vulnerability can’t be found here”.
Also, when you find out a vulnerability, do not stop there, try to exploit it and see how far you can go with it.
Try harder! Try more! Try smarter!