2025-12-13 –, Rookie Track 2
I’m a Cybersecurity student at MMU, but I didn’t wait for graduation to join the industry. While working part-time as a chef, I blundered into bug bounty hunting, armed with curiosity. The learning curve was brutal, it left me feeling overwhelmed by informatives, duplicates and imposter syndrome. But then, over a flaming hob, I finally got the email "you have been awarded a $400 bounty".
This talk is for anyone curious about bug bounties but unsure where to start. I’ll share how I learned, submitted my first reports, and secured an industry job two weeks after my first bounty. We’ll cover how to move from theory to real-world impact, persist when it feels like you're failing, and why bug bounties are a powerful gateway for underdogs to break into cybersecurity. I’m no expert, just a passionate student who kept going.
Breaking into cybersecurity with little to no prior hacking experience is challenging, and I’m still very much on the learning journey myself. In this talk, I’ll share how I transitioned from university studies and kitchen shifts to finding my first bugs in live applications, and how that experience helped me move toward a role in penetration testing.
I’ll be honest about the hurdles I’ve faced, including imposter syndrome, slow progress, and the pressure to “know everything.” I’ll also share what’s helped me so far, like sticking to consistent practice, focusing on small wins, and leaning on community support.
You’ll hear how I began with bug bounties and how even beginners can spot common vulnerabilities. I’ll talk about reframing duplicate findings as signs of progress and the pros and cons of focusing on one vulnerability type versus exploring broadly.
This session is for anyone new to the field, offering honest insights, practical tips, and encouragement to keep pushing forward, because persistence really does pay off.
Oliver Ellis is a cybersecurity student at Manchester Metropolitan University, diving into ethical hacking with enthusiasm. Previously a chef for four years, he discovered cybersecurity through bug bounty hunting on HackerOne and BugCrowd in April 2025, balancing studies and kitchen shifts. He’s reported vulnerabilities, from low to critical, for companies like Audible and Atlassian, aiding fixes with clear reports. Oliver’s learning tools like BurpSuite and Nmap. Two weeks after his first $400 bounty, he landed a penetration testing job. At BSides 2025, he’s excited to share his beginner’s journey and practical tips.