Security is a fast-moving field, and you have to research and practice to stay on top of your game.
However, there is so much to learn that you can easily get stuck just researching all the time! On the other hand, you want to avoid falling behind because you spend all your time hunting for bugs!
This tradeoff is the explore-exploit problem. It's the challenge of finding a perfect balance; Here is how I like to approach it:
30% Explore ( Learn )
Roughly a third of my time goes into general research.
This ranges from reading write-ups to building tools, reading books, etc. Having a diversity of topics is fantastic to keep things interesting and engaging. A diverse skillset can also come in handy to find those unique bugs!
Spend enough time to make sure you're keeping up, but don't wait too long before you go out to put your skills to use.
70% Exploit ( Hack )
Most of my time goes into the actual bug hunting activity.
After all, bug hunting is what makes you find all the bugs! Don't forget that besides finding bugs, you'll also be building experience and learning new things all the time.
Reap the benefits of your study time by actually hunting for bugs.
Being in security is like being a shark; you can never stop moving.
Keep repeating this process. You will find yourself building knowledge and experience over time. Besides, learning about cool new stuff is probably one of the most fun aspects of being a bounty hunter.
Keep repeating the explore-exploit loop for fun and profit!