With the help of my mentor, I’ve decided an idea for my original work - albeit a very amorphous and perhaps daunting one. It’s less of a tangible product than it is a demonstration of the skills I have acquired thus far into my studies.

I am trying to find and report bugs on various web applications submitted to “bug bounty” websites. This comes with a number of obstacles that I need to seriously consider. First of all, these bug bounty websites are, more often than not, used by real security professionals who have much more time to spend on each of these bounties than I do. This puts me at a huge disadvantage because these bounties are truly first come, first serve. Secondly, even if I do manage to claim one of these bounties, sharing what exactly I’ve done in my original work assessment comes with a a caveat - I will (likely) be under a non-disclosure agreement with the company in question to not share the bug I found for anywhere between 90 days to a couple of years after I report it. Thus, the only thing I will have to show as proof of my efforts will be whatever payout I receive for finding the bug. I will have to discuss this with my Coach soon.