I am a part-time/hobbyist web security researcher, simply because I find the process of finding bugs fascinating. The modern web is riddled by complexity, making the scope of potential vulnerabilities very wide, from (for example) performing an account takeover via an XSS cookie theft to simply not validating passwords correctly. I have primarily been focusing my efforts on the new Apple Security Bounty program. Since this program's inception, I have submitted almost a dozen vulnerability reports, and I have been credited by Apple on their web security page.