My journey
This is the story of how cybersecurity was an obvious match for me and how I couldn’t see it, even if it was right in front of my eyes.
My teenage years
Since when I was a kid at the overly asked question “What do you want to become when you grow up?” I would always answer “I want to be an entrepreneur and create a huge company”. Having grown up in the countryside of a small village, adults would often laugh at me. But I’m stubborn. Incredibly stubborn. I made it a point to prove everybody wrong, I was 7.
At the age of 12 I got my first computer with internet access, by the time I was 13 I was disassembling videogames to find out the memory address where the amount of coins I had was stored, to make me in-game filthy rich. After a while I started coding cheats and publishing them online. By the time I was 15 I was hacking my friends ps2 and wii consoles. At 17 I was hacking my school website and network, unfortunately marks where not stored online yet. I remember finding a XSS vulnerability that could allow me to get the principal password, I never did.
I was already working in cybersecurity and I didn’t even know, to me it was just a fun hobby. My goal was to become an entrepreneur and prove the adults wrong. Fuck the adults, they think they know everything but they know nothing, like everybody else.
Building companies
As soon as I was 20 I flew to england with my savings to create my huge company. It was a saas connecting venues with artists, I worked on it relentlessly while working as a dishwasher for 3 years. Then the company was declared bankrupt. But I’m stubborn. Incredibly stubborn. So I started another one.
This one, a streetwear fashion brand, succeded. Unfortunately, I found out pretty quickly that the fashion world is completely fucked up. So I quit it and left it to my co-founders.
A Break from life
It’s now summer 2021 and I’m completely done with building companies. I took a break from everything and backpacked the south of spain. I had the time of my life, made unforgettable memories and met incredible people.
Teaching myself web3
By the time I’m back it’s early 2022. I decided to self-fund myself to learn how to become a web3 dev. I’ve been around the crypto world since 2015, and I liked it.
Fast forward a couple of months and it’s September 2022. No company wants to hire me. I have no references and no experience. I also have no money left.
Intro to web3 security
I sat down in quiet desperation, the english way. I tought deeply about what would be a way that could allow me to earn some money while doing something I enjoy and without having the need to sell myself to anybody.
The answer was obvious: bug bounties.
I quickly discovered codearena and sherlock, much easier environments than pure bug bounties. I made it a goal to earn at least 20.000$ by the end of 2022. It was impossible. But I’m stubborn. Incredibly stubborn. I worked really hard, and by the end of the year I earned almost 40.000$, double my goal, and got in 45th position on the codearena 2022 leaderboard, despite starting mid September.
The aftermath
After receiving the results I decided to drop codearena and sherlock audits to go full time on immunefi bug bounties, under the leadership of Trust90. Given that I did quite good on codearena, dropping it was a very difficult choice. But I aim to be the best at whatever I do. To be the best you have to compete with the best. And the best are bug bounty hunting.
I will keep focusing on immunefi up until at least until the end of February.
Reflections on my journey
Cybersecurity, given my teenage years hobby choices, was the obvious field to play in. It took me 10 years to see it, and I only saw it when I had my back against the wall. Life gave me extremely clear signals, but I decided to ignore them. I was blinded by my childhood dreams and by proving the adults wrong. It was hands down my biggest mistake, but the path of life is never straight.