PoBoyTech

Ohai :3 Join me on my journey into cyber security.

CYBER SECURITY BLOG
DISCORD
ABOUT ME

Locking in

admin

A non-traditional path

🛡️My Infosec Roadmap

Let the grind begin!

🧠 Introduction

Bug bounty hunting has been calling my name for a while now—and I’ve officially locked in on making it my next big step in cybersecurity. I’m currently working toward the HTB Certified Bug Bounty Hunter (CBBH) certification while building a roadmap that sets me up not just to earn a cert, but to hunt smart, build reputation, and grow in the long term.

This post outlines my strategy, motivations, study plan, and how I’ll begin my bug bounty journey through VDPs (Vulnerability Disclosure Programs).

🎯 Why Bug Bounties?

Bug bounty hunting isn’t just an interesting niche—it’s a perfect match for how I learn and operate. Here’s why I’m diving in:

  • 🛠️ Hands-on learning: I don’t just want to study—I want to break things and learn from the process.
  • 🔍 Real-world experience: Bug hunting exposes me to real applications, flaws, and techniques.
  • 💰 Income potential: I like that there’s money to be made, even as I learn.
  • 💼 Career building: This gives me experience that could lead to security roles or freelance opportunities.
  • 🧘 Independence: I thrive when I work on my own terms, at my own pace.

🎓 Why the CBBH?

The HTB Certified Bug Bounty Hunter (CBBH) certification is the launchpad I’ve chosen for this journey. It’s lab-based, practical, and tightly focused on the types of vulnerabilities real-world bug hunters actually find.

The certification path teaches:

  • Linux fundamentals for ethical hacking
  • HTTP, web tech, and how they break
  • The OWASP Top 10 (XSS, SQLi, IDOR, etc.)
  • Tools like Burp Suite for testing and exploitation
  • Scripting and recon workflows

This is exactly the foundation I need to start hunting with purpose.

📅 My Study Plan: 5–8 Months, 20 Hours/Week

I’m committing to daily study sessions, averaging 20 hours per week. Here’s the structure I’m following:

1️⃣ Linux, Net, & Security Foundations (1–2 Months)

Using Hack The Box and TryHackMe fundamental courses as refresher.

2️⃣ HTB Academy: CBBH Path (3–4 Months)

Working through the full HTB CBBH course path—reading, practicing, taking notes, and ensuring I don’t just memorize but internalize.

3️⃣ Practice Labs & HTB Machines (1–2 Months)

Targeted exploitation of vulnerable web apps using HTB boxes tagged with Web, Bug Bounty, and OWASP.

4️⃣ Review & Exam Readiness (2–4 Weeks)

Focused review of weak areas, final lab practice, and mock challenges to prep for the exam environment.

🕵️ What Comes Next: Starting with VDPs

After I earn the CBBH, my first step into the wild will be through VDPs (Vulnerability Disclosure Programs)—programs where you can ethically report bugs even if there’s no cash bounty.

Why start here?

  • 🧱 Real-world experience without pressure
  • 🧰 Practice recon, exploitation, and report writing
  • 📈 Build a clean track record for private invites
  • 🌱 Low risk, high learning

My goal is to consistently submit high-quality reports to build up my presence and reputation in the community.

📚 My Arsenal: Books & References

I’ve put together a serious personal library to supplement my labs and guide my growth beyond certification:

🕸️ Web & Exploitation:

🔧 Scripting & Automation:

📖 Tactical & Field Manuals:

These books serve as both technical deep dives and quick-reference companions during labs and real hunts.

💬 Final Thoughts

I’m not just chasing a cert—I’m building a skillset, a portfolio, and a career pathway. Bug bounty hunting combines the thrill of the hunt with the satisfaction of learning in public, and I’m excited to document every step of this journey.

One mindset shift I’ve been working on lately is breaking away from rote memorization and moving toward deep understanding through hands-on immersion. I’m not interested in memorizing checklists or regurgitating terminology—I want to know why things work, how they break, and how to find the edge cases no one else sees.

I’m also pushing past the idea that everyone needs to “start at help desk” to break into infosec. That path works for many, but it’s not the only one. By fully immersing myself in real-world training platforms like TryHackMe and Hack The Box, I’m proving that there’s a non-traditional, yet extremely effective way to grow. I’m not just reading about vulnerabilities—I’m finding them. I’m not just watching tutorials—I’m solving challenges and breaking into real environments.

This isn’t just studying. It’s living in the lab—and I believe that kind of immersive learning will take me further than any single title or checklist.

If you’re walking a similar path, drop a comment or reach out. Whether you’re just getting started or already knee-deep in bounties, I’d love to connect.

Thanks for reading—and stay tuned for updates from the field.

Tags:

, , , , , , , , , , , , , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Search

Categories

Recent Posts

Tags

Autodidact bug bounty commitment cybersecurity cybersecurity career dns records ethical hacking hacking books hackthebox HTB CBBH Information Technology infosec linux nontraditional learning Note Taking Obsidian php Productivity red team self-taught hacker sql tryhackme Vim vulnerability disclosure web development web security wordpress