Advice - Career Path for bug bounty hunter

I’m 19 years old, and currently working as a bug bounty hunter. I’m going to start university next year, so what Degree/Course should I choose to get in cybersecurity? should I just go for BCompSc or is there another course/Degree for cybersecurity?

1 Like

Hi. Here’s my 2 cents on your great question after close to 30 years in the business. Back when I was a kid, it was clear computers, networks and the Internet was going to be my thing. As I was preparing to go to University in Computer Science (for what it was back then) my dad told me that maybe I should go into business instead. And here’s what it did for me. I was already way strong in computers and had a gang of friends doing the same. So ultimately my knowledge was way ahead of what school could give me… So instead of sitting down in computer courses I could essentially teach (with all due respect), I decided to get a business degree to teach me about running a business, finances and human ressources. Computers would anyways be a part of my day to day (reverse engineer, security, etc.). Now years later, I really get the business side of the deal as much as security and the rest. So all and all, if you think your skills are good, keep working on them, but go to university to learn something that could really give you an edge. Again, with all due respect and to not disrespect anyone, great computer geeks very rarely teach in schools… If these teachers would be really great, there’s a fat chance they would work in companies or simply run their own businesses. And the greatest weakness I see in the business are geeks that have close to zero knowledge about actually running a business, teams, etc. Cheers.


This is pretty much the same comment I made to a co-worker whose son was about to start university. The young man had a passion for music and planned to major in it. The same university had a well-known business school, and I suggest he consider a business major. He could still do music, but would have a better base for earning a living, especially if being a musician flopped. Personally, I have a BA in economics and an MBA.


I graduated with a software engineering degree in 2011. I’ve been developing on the current platform I use now for more than 6 years. I’ve done iPhone, Android, C#, Java, Java server pages, lots and lots of SQL, but the one thing I’ve basically never done is engineer any software.

They’ll trust you to make the code, but they won’t trust you to make any decisions about what SHOULD be made, only how to make it. I’ve seen folks say “We have a HARD requirement that this button has to be green.” That’s your life if you go computers. You’ll know better, say you know better, and they won’t listen to you.

Now, if you get a Masters of CS or a PhD, then you can go into computing research. Then you can try building Skynet or something that passes the Turing Test, or whatever, but with just a BS in any computing field you are a code monkey, until you are an Advanced code monkey. If you get an MBA you can be a Scrum Master and eventually a Product Owner. We all have Scrum Master Certifications too, but no one will let us be Scrum Masters. (Incidentally, I’m not too hurt by that when I learn that Scrum Masters make a lot less money than I do.)

The other way to be in charge and finally make a quality product, because the developer is making the decisions, is to homebrew something that never existed before. Like Facebook. I don’t know if Zuckerberg bothered to finish his degree. He doesn’t need it. My Databases professor said, “If you invent Facebook, don’t turn it in.” Though if you have the skills to invent something now, you could do it while you’re in school learning how to market it and run the company you’ll make. However, you can get whatever degree you want including none, and you can do this whenever you want, if you’re able. Even after you retire from your first career.

If you want to make a security company, an advanced CS degree or specialization in Cybersecurity will add a lot of clout to your business. A company that just had a major incident might hire your team because they see your PhD, or even just because they see your Masters. Security might be the one place were folks actually say of a developer, “Why didn’t we listen?”