I was recently speaking with @Anon_Hunter at Nullcon in India and he made great point to me: as a bug bounty hunter, it can be really tough when you’re hacking alone. When you’ve not found a bug or you’re going through a time where you haven’t had a breakthrough yet…it can be hard.
How do you overcome these moments as a hacker? How do you push forward?
I’d love to hear what you do to help keep yourself motivated and pushing forward 
I will try to kick things off with some of the things I do when I’m feeling defeated or having self-doubt:
Take a break from whatever it is that you’re doing that is causing frustration. Taking a break gives your brain some time to switch contexts, to think about other things. It gives you time to rest, so that when you come back, you may have a different way to approach the problem.
Listen to some music that pumps you up. Listen to a podcast or watch a YouTube video that inspires you. I like to listen to podcasts about community, security, or other things I care about. It helps me to hear other people’s ideas, to hear their stories. Not just because it helps me come up with new solutions and to find inspiration, but it also reminds me that I’m Not Alone.
Connect with others in the hacking community. Join a Facebook group or start some private direct message conversations with some other bug bounty hunters. Talk to them about your struggles and have them talk to you about theirs. Use this as a time to remind yourself that You Are Not Alone. Everyone goes through these times when they aren’t sure what to do next.
Everyone goes through times when they don’t think they can do this - I’ve been doing community management for 11 years and I still feel sometimes that I’m not capable of being a community manager. But that’s not true, I am capable. Just like you are capable of being a great hacker.
This is part of why I believe so wholeheartedly in the value of community. Build a community of friends and peers that understand your hacking struggle. Create a support group of folks that know this struggle and can help you through these frustrating times.
Keep pushing forward 
I have a much easier time saying this than following through with it.
The thing about self-doubt is that your actual real capabilities have not changed. You are as experienced as you were before you were doubting yourself, you are just perceiving this temporarily. It’s not to say that perception is reality, but you have the ability (with practice) to choose how you perceive yourself and others. I find that feelings ebb and flow like tides, and these waves can and will overtake if given enough power. I try to keep a journal, or a notebook of feedback I’ve gotten from superiors, or times when I was victorious at something, so I can always have this raft of facts behind me. I’m still riding the waves, those won’t stop because I’m human, however I’m not drowning, I’m above water, and alive. You can know that you have the same (likely even more) capabilities as you did when you received that positive feedback.
When it comes to bug hunting, were there any kind of compliments you’ve received from program owners or triagers? Even if it’s small, save them! What was your first P1 or most severe submission? How far have you come from that spot? Do you keep notes somewhere? When I found my old notebook where I had literally written out URL encodes for various special characters for quick reference, it gave me a real sense of where I had come from.
I wouldn’t be anywhere without trusted friends and mentors, people I can complain to and share some of the same insights I do. For me this is my buddy Dan and my wife. I talk with them about my frustrations and doubts, and like good humans they remind me that I’ve conquered a lot of adversity to get where I am. They point out challenges I’ve faced in the past and all the people in my life who care about me for more than my technical ability.
I also have been known to take long breaks, travel, go to a concert, and disconnect from security to game with my non-sec buddies. Exersize also helps quite often.
I also learn (and get hyped) a tremendous amount from the students i teach in public and private classes. When i’m in a slump, helping someone else can be extremely motivating. In the same vein creating or releasing a tool for the community makes me feel like i’m giving back and can help motivate me.
I think it’s really important to notice when I should take a break from something. The amount of times I’ve spent hours and hours bashing my head against a problem, feeling progressively worse about myself/my skills/etc; to then go to sleep and solve the problem within like 5min of looking at it the next morning. Just because I take my direct attention/focus/conscious brain away from the problem doesn’t mean my subconscious doesn’t keep processing away. And sometimes that little bit of distance is exactly what you need for things to fall into place in a way that I just never would have even dreamed possible prior.
Paying attention to my own internal self talk, and what I am saying to/about myself. Sometimes little ‘negatives’ can inspire me to push that little bit further, that little bit harder. But once they start to become a repeating downward spiral… time to stop them in their tracks. Noticing the pattern starting is the first step, then being able to ‘step back’ from that and really dig into it, get curious, ask what the real underlying fear/concern/insecurity/etc is. Oftentimes what we think we are feeling on the surface is a high level ‘meta label’ for some more intricately detailed feeling deeper down. And I suppose… that isn’t just relevant to when i’m building/breaking things… but just to life in general. Self reflection, introspection, healing past traumas/insecurities, overcoming limiting beliefs; they may not be easy, they may take time, they may take me working with professionals to help me in areas my own skills fall short (be that a psychologist, mentor, coach, etc). But putting in the hard yards on that self development pays off many-fold over in the long run.
As others have mentioned, having a good set of friends/peers either that you can bounce ideas off and help figure out the harder problems with; or just to disconnect from the problem and go and have some fun. In our ever-connected digital world, why is it that we feel more isolated and disconnected than ever before? Hacking is fun, interesting, challenging… but don’t forget that there is this whole beautiful intricate interesting world unfolding in each and ever moment outside the confines of our screen. Whether bounty hunting is some play $$ or a full time job, I see it kind of the same. Life is about more than just work and achievement, and we absolutely need that balance between push/strive/achieve, and relax/recover/play/fun. Push too hard, and life will push back and make sure you get the other… but burnout and depression is a far less fun way to ‘slow down’ than making conscious choices towards allowing your body the rest it needs.
Also, know that what you see of others isn’t necessarily their reality. It’s easy to hold up these perfect idols/heroes of our peers, other researchers, etc; but just like on social media/instagram/etc, a lot of the time what you see of someones life is a finely crafted vision of what they want you to see. They may seem like they go from success to success and never slow down or feel bad. But how about all those parts you don’t see? If you could peer behind that curtain, you would often find just as many little setbacks, critical self thoughts, etc. It’s kind of a problem with our world in general, but in a lot of ways in our industry too; for whatever reason, a lot of the time people feel like it’s ‘bad’ to talk about these feelings, these struggles, these thoughts. Like by admitting and naming them we’re somehow ‘weaker’ or ‘lesser’; that by sharing our vulnerabilities it will harm us. This is my personal opinion, but I see more strength and power and feel way more ability to connect with/trust someone who is able to share their vulnerabilities; rather than someone who presents themselves as ‘perfect’ and ‘unwavering’. Life isn’t perfect, we all have our weird intricacies and imperfections. That’s what makes us real. And that realness is what I put value in.
I could probably ramble on about all sorts of things here… it’s an area of such rich potential not just in the hacking game, but in life. We’re always going to run up against challenges, times where we feel we may not be enough… but each time we stand up against that, work our way through, and then notice that we made it through fine; it gets easier. It’s kind of just like another skill/muscle, if we keep training it, it gets stronger, and easier.
/2c <3
This is a really overlooked point in bug bounty hunting. Having done this pretty much alone since Bugcrowd’s inception many many years ago you’re constantly battling two things:
This has given me success, especially the 1st factor. I can’t tell you the amount of times I’ve been thinking ’ SURELY someone must have checked this site for ’ to actually end up finding the vulnerability I ASSUMED was already found. However philosophical it sounds the battle with yourself is as important as the technical battle with the application you’re facing.
I just take a break from bug bounty and go outside and think for the things that I wanted to for the future. (that’s what motivate me to hunt and think more positive on bug bounty.) sometimes I just go for a long drive and listen to some good music to think more positive vibes.
What works for me may or may not work for someone else, but self-motivation is good. Such as reflecting on what “achievements” you have unlocked. Those could be anything from your first bug, maybe you’re in school, and you got a good grade, or figuring out how to use a new tool(this is me) as long as it gives you that positive mindset. So for me, personally here are my go-to’s
Family: Disneyland trips with my family is something that allows me to leave it all at home and go on vacation and be a kid again with no “adult” problems.
Music: A long time ago in another lifetime lol I was a DJ, so music for me in my life has been significant. Just listening to some good music can also put you in the right place to continue to produce.
Exercise: working out is a good stress reliever. Throw around some weights and come back later on feeling relieved.
The “grind” is real, and something we all face in every aspect of life so ultimately, remember hard work will always pay off, but you also have to enjoy yourself.
Which podcasts do you recommend listening to? I listen to several that aren’t InfoSec/Bug Bounty related, but I wouldn’t mind listening to some that are.