My mind is scattered. I shift between what I want to focus on on a monthly, sometimes even weekly, basis. It's a problem that I struggle with and it is not ideal.
I can pretty much forecast how my focus will shift at this point. At the very leas, every few months, and definitely just before Defcon each year, I get interested in doing bug bounties (BugCrowd, HackerOne). I will get interested in security and appsec, and let it the obsession take over my responsibilities and life.
There is usually a desire for the large bug payouts and the fame that can come with this. I find the hacker culture, in general, very enticing.
I don't actually have enough skills to properly bug hunt, yet I never make time to study and practice. Because of this, I just spin my wheels (usually while neglecting my job or my family), then come out of it in an exhausted daze. There is a specific way I feel after trying to make something work over and over only to not succeed, and I don't like it. That is what bug hunting would always be like, even if I got good enough to do it properly.
I realized yesterday (after doing this) that something I like about bug hunting, aside from the possibility of getting paid or recognition, is that it's basically a puzzle to solve. The problem is, most of the time there is no way to solve the puzzle. Often there are no bugs where you are searching. That can be very frustrating.
Whenever I think about why I am interested in doing this, these are usually my reasons:
- Hacking is fun/interesting
- Potential to make a lot of money
- Potential to reach a certain level of fame
The problem with these reasons, is I don't need the money because I have a decent paying job, and I definitely don't need the fame. This reminds me of Marcus Aurelius' view of fame - we will all be dead and forgotten soon, so why strive for fame?
That leaves the fact that I find hacking fun/interesting. I think the challenge/puzzle of it is what I really enjoy, which leads me to believe that I would feel just as happy working on a challenging puzzle (like the Gold Bug puzzle from the Crypto & Privacy village at Defcon). It has a solution, so I wouldn't feel I was just spinning my wheels, and at the same time it has nothing to do with money or fame - it's just something I want to do because I enjoy it.
Another thought I had on this was giving myself a question to answer - Would I want to do this if I were retired? The answer to that is no. If I was retired and didn't have to worry about money or really computers at all anymore, I would not be interested in this. I would be spending time with my family, painting, and reading. That answer tells me exactly where I should direct my focus.
A note to my future self if I go down this rabbit hole again:
It isn't worth it. There are not enough benefits to outweigh how it makes you feel, and it isn't where your priorities should lie. If you must do something, find a puzzle/challenge with a real solution and solve that. Even write up how you got there if you want to share it with others.
You should focus on the things that matter:
Don't do this to yourself again.