█ Bug Bounty Programs
Find vulnerabilities. Report them responsibly. Get paid. These are the three major platforms where companies pay researchers to break their systems legally.
HACKERONE
The largest bug bounty platform. $350M+ paid to researchers. Programs from Microsoft, Google, the US Department of Defense, and thousands more. Free to join.
BUGCROWD
Second largest platform. Strong on web application testing. Good community and learning resources. Programs across fintech, healthcare, and government sectors.
INTIGRITI
Europe's leading bug bounty platform. Strong on GDPR-sensitive programs. Good entry point for researchers outside the US. Growing fast.
█ Capture the Flag — Practice Legally
CTF competitions are the ethical hacker's training ground. Legal, structured hacking challenges that build every skill you need for a real career.
CTFTIME.ORG
The definitive CTF competition calendar. Every upcoming competition, team rankings, and write-ups from past events. Start here to find your first competition.
HACK THE BOX
Gamified penetration testing labs. Real machines to hack legally. Used by GCHQ, NSA, and major security firms for recruitment. Free tier available.
TRYHACKME
Best beginner platform. Guided learning paths, browser-based labs, no setup required. Start here if you're new. Goes from zero to job-ready.
█ Certification Roadmap
Certifications are the industry's way of validating your skills. Here's the recommended path from beginner to elite.
ENTRY
CompTIA Security+
The industry standard entry-level cert. Recognized everywhere. Required for many government security positions. Start here. Exam cost ~$370. Study time: 3-6 months.
INTERMEDIATE
CEH — Certified Ethical Hacker
EC-Council's flagship cert. Covers hacking methodology, tools, and countermeasures. More employer-recognized than technically rigorous, but opens doors. Study time: 4-6 months.
ADVANCED
OSCP — Offensive Security Certified Professional
The gold standard for penetration testers. 24-hour hands-on exam — you actually hack real machines to pass. Brutal. Respected everywhere. If you have OSCP, you get hired. Study time: 6-12 months.
█ Essential YouTube Channels
THE CYBER MENTOR
Heath Adams. Best all-round ethical hacking channel. Beginner to advanced. Web app testing, OSCP prep, career advice. 1M+ subscribers.
JOHN HAMMOND
CTF walkthroughs, malware analysis, real-world hacking. Former DoD Cyber Training Academy instructor. Incredible depth. 600K+ subscribers.
LIVEOVERFLOW
Reverse engineering, binary exploitation, bug bounty deep dives. Technical. Essential. 500K+ subscribers. The channel that takes you from good to great.
IPPSEC
Methodical Hack The Box walkthroughs. Best for learning recon-to-root methodology. Every video teaches you how to think like a penetration tester.
HAK5
The OG security YouTube channel since 2005. Hardware hacking, pentest gear, security news. 1M+ subscribers. The culture channel of ethical hacking.
DEF CON
Full recordings of the world's most important hacker conference going back years. Free archive of elite research. If you only watch one channel, make it this one.
█ Essential Podcasts
DARKNET DIARIES
Jack Rhysider. True crime-style hacking stories. The New York Times called it gripping. Monthly. 150+ episodes. The single most important podcast in this space.
MALICIOUS LIFE
Ran Levi. Cybersecurity history — LulzSec, Stuxnet, nation-state attacks. 200K monthly listeners. Covers LulzSec directly in multiple episodes.
RISKY BUSINESS
Patrick Gray. Industry standard infosec news and interviews. Sharp editorial voice. Australian. Slightly less US-centric than most. Weekly.