A good way to build wealth is to prepare instead of react. First mover advantage is real. Those who learn today what will be necessary tomorrow will be positioned to be rewarded. Think about what will be inevitable, where do you need to be in 2 years to take advantage of future

You’d be surprised what you can achieve with limited knowledge. You don’t need to be a Solidity expert to place top 3 in contests or find critical bugs. When I first decided to bounty hunt around two years ago, my understanding of Solidity syntax wasn’t even close to complete.

The types of goals you set determine how likely you are to succeed. We are emotional creatures. Setting goals that can hurt your ego is risky, your mind will subconsciously try to protect your identity. If your goal is to win an audit contest, losing can damage motivation and

ROAD TO LSR: Week 2 Starting this week, i will split these posts into 2 parts. The first part details what i plan to do and weekly objectives/goals. While the part 2 is the recap of what was done and if the goal/objective was met. Part 1 will be posted on Mondays and part 2 on

Bear markets don’t hit everyone equally. They hit the replaceable first. Become so valuable the market has no choice but to keep you.

Reentrancy as a major exploit class emerged with smart contracts. It came from a new execution model: state + value + callbacks. AI will introduce its own “reentrancy class” bugs, we just don’t have names for them yet.

My life before security research was one of no structure and doom scrolling. I have done some serious reflecting this past year, on the past, and how i got to this point. I realized that if it wasn't for an algorithm, i would have never been a security researcher, let me

AI is very smart but its lacking something that we humans have. I tested how well AI generated content would perform, and as expected, it has no idea what humans want to see and are likely to engage with. Every single tweet that i made that was guided or aided by AI was of the

ROAD TO LSR: Week 2 Update Finished a diff audit this week, even with not many major changes, I still managed to find 5 H/M and meet my goals for the week.(>= 80% coverage and daily math and ai learning) Insight: I have been trying to make my auditing process more efficient

ROAD TO LSR: Week 3 This week will be exactly the same as basically every past week. Mainly doing private audits and 1 hour of AI and math learning each daily. The first few weeks of this series may be uneventful, but thats the key to success. Boring repetitive work compounds

Whether or not AI replaces auditors doesn’t matter. The truth is, AI is already augmenting auditors. That’s why I see learning AI deeply as crucial for staying competent in security research going forward. You either adapt or fall behind. Someone who has a deep understanding of

Many researchers, including myself, who discovered Ethereum and truly understood smart contracts had the same reaction. We felt that this was the most important thing we could possibly work on. The realization that code could secure and move real value without intermediaries.

The most profound realization that changed my life was this: You can just do things. You can just start. You can just decide. You can wake up tomorrow and begin moving in a completely different direction. Most people live as if there’s some invisible authority that has to

If its not out of reach, then what is the point of all the AI products that firms are selling? The next major upgrade to a frontier model would make them all obsolete, since me typing "find all draining bugs" would provide the same result as all the firms AI products. If you

ROAD TO LSR: Week 3 Update This week i continued an audit which is nearly complete, and also finished a diff audit. For the diff audit, i found 4/5 H/M issues found in total, with 3 unique. This means that without my work, the report would have been missing 3 important issues.

ROAD TO LSR: Week 4 Again, the same objectives this week. I am reverting the format to 1 large single post on this per week as I don’t want to spam the feed with these posts too much. I have been using AI and integrating heavily, I will make some posts about my process this

For a long time, contests sat at the top as the primary metric for gauging a researcher’s skill when deciding who to hire. But contests are actually a poor predictor of ability for a large subset of security researchers. Their structure favors a specific motivational profile,

Audit contests dying doesn’t mean new researchers won’t get onboarded. It changes the selection pressure. Contests were a clean signal amplifier, a structured scoreboard. A technically strong individual could win once and instantly gain attention, status, and credibility. One

One thing I’ve noticed after 3 years of being a security researcher is how much the skill transfers into almost everything else. Math feels more intuitive and easier to understand than it used to, and I was always good at it. The difference now is structural. I don’t approach

The arrogance I’m seeing on here is concerning. People are so excited to not pay for security. You always pay for security, the question is whether you pay before or after deployment.