That's just to say I always had the mindset of breaking stuff. However, lack of resources and guidance, and just life in general, led to a different career path for me as an adult.
About 10 years later now, I have had a relatively successful career in software development – though I feel I have so so much to learn yet. I still don't feel like a "senior" dev, even though some would say I am.
My desire to "break" things has never diminished, however. I have fun doing various exploitation CTF challenges, (e.g. exploit.education), but that's where my hacking skills stop.
I would like to start working on "real" exploitation, like browser or kernel exploitation, but at this point I'm wondering whether that's the right thing to do. I know it's not too late to get started in the literal sense, but I feel like perhaps focusing on improving myself on the development side of things is a better use of my time.
Heck, maybe I've already made my decision subconsciously, and I'm hoping a bunch of internet strangers will approve that decision. Time is a finite resource, and I don't know what the best decision would be for me. I'm sure there's a lot of people who've been on the same situation before, so I'd appreciate your thoughts and experiences.
Yea, there are minor Internet celebs in the security industry that seem like gods to most of us, but most of the ones I've spoken to also struggle with imposter syndrome. At the very least they are usually humble.
However, I think there is a small percentage of very vocal people in the community that engage in an eternal dick measuring competition on twitter and elsewhere. They take up enough of the attention to make a lot of us anxious about our own accomplishments.
Passion is the greatest indicator of success in most endeavors, security research included. You seem to have it. I'd say you are likely far more skilled than you give yourself credit for. Perhaps what you really need help with is figuring out a strategy that helps you pivot into a role where you can spend more time on what you love.
Something that helped me early on was actually a comment on HN. tptacek responded to a comment of mine and said something along the lines of "There is probably less that separates the two of us than you think there is." Instead of thinking that I wasn't good enough it got me thinking of how to close the gap between where I was and where I wanted to be. I'm still no industry celeb, I haven't published any white papers, and I haven't discovered any zero days, but I do get to work on cool stuff on a regular basis that actually helps people.
It sounds like you still enjoy the subject matter and it sounds like you know a lot more about this than the average developer. I've considered a senior developer and I've never done what you were describing.
I've suffered from impostor syndrome in the past - and I still do to an extent - but I've never found another hobbyist to be hostile about my knowledge or lack thereof.
What do you hope to achieve by turning your "hobby" into your full-time job?
Do you feel like you will only achieve the level you want if you do not have other things in the middle, such as a SWE job?