If I had to start again

This is a roadmap I would follow if I had to start my journey as a security research from scratch today with 0$ and no prior experience in blockchain or tech whatsoever:

• If you're new in the tech field I would advise to take this course: https://pll.harvard.edu/course/cs50-introduction-computer-science
• Complete https://updraft.cyfrin.io/ beginner and intermediate courses
  It's a tutorial, try to pause the video sometimes and think what would patrick do next, that way you learn actively, copying what he's doing mindlessly will not benefit you a lot
• Complete the solidity quests from https://nodeguardians.io/ that cover a lot of advanced topics such as the diamond pattern
• Complete the challenges from https://speedrunethereum.com/ for more solidity dev experience
• Participate in a hackathon AS A SMART CONTRACT DEV, let somebody else take care of front-end, UX/UI and try to win a prize
• Contribute to some opensource projects while getting rewarded: https://app.onlydust.com/projects
• Complete https://updraft.cyfrin.io/ advanced course
• Complete the challenges from https://ethernaut.openzeppelin.com/ try not to look for the writeups
• Complete the challenges from https://www.damnvulnerabledefi.xyz/ try not to look for the writeups
• Complete the challenges from https://onlypwner.xyz/ don't bother looking for the writeups
• Once a month, participate in secureum races and try to aim for a top spot to be selected for the CARE-X, it might be a cool workshop where you can learn about some new topics or tools you have never used before with job opportunities if you rank well(sometimes)
• To get deeper knowledge about the Ethereum blockchain I advise you to read the book: Mastering Ethereum(new edition)
• Enough with the tutorials, CTFs and quests, time to develop that competitve side of yours and hop on the first flights(projects that contain bugs left intentionally for beginner security researchers) on codehawks, participate in around 5 FFs where you'll aim for a top ranking at least top5, after each FF's judging check which of your issues were invalidated, try to understand why, usually they're rightfully invalidated, especially when you're starting off so be humble try to understand why, if you're convinced about your finding you can appeal the judge's decision, after the appealing period, check the final report, see what you have missed and try to understand why to avoid missing such issues the next time: https://codehawks.cyfrin.io/first-flights
• When you start finding all the issues in the FF, it's time for the real deal, what you've been training this whole time for, actual audit contests, where you can make some money. Start off with contests with SLOC < 2000 on the following platforms:
  • https://codehawks.cyfrin.io/contests?contestType=all
  • https://audits.sherlock.xyz/contests
  • https://code4rena.com/audits#active-audits
  • https://app.hats.finance/audit-competitions
  • https://cantina.xyz/competitions
  • https://app.secure3.io/
  • https://hackenproof.com/audit-programs
    Here's a contest aggregator that can be useful with the increasing number of competitive audit platforms https://www.dailywarden.com/
• To stay ahead of the curve read https://www.rareskills.io/blog and enroll in bootcamps to learn about new topics, languages and ecosystems, for that I advise you to check the free encode club bootcamps: https://www.encode.club/
• keep on practicing by doing CTFs from time to time, hackathons, secureum races
• Do not forget to rest for 1 or 2 days between contests
• When you start doing well in contests, aim at some of the following:
  • Joining a web3 sec firm like https://www.nethermind.io/
  • Joining an All-star team like https://www.trust-security.xyz/team
  • Starting your own firm like https://x.com/A2Security
  • Switching to bug bounties:
    • https://immunefi.com/bug-bounty/
    • https://hackenproof.com/programs
    • https://cantina.xyz/bounties
    • https://bugrap.io/bounties
    • https://code4rena.com/bounties
    • https://audits.sherlock.xyz/bug-bounties
• When you perform well on the contest platform that belongs to a firm you often get hired by that firm:
  • Cantina <-> Spearbit
  • Codehawks <-> Cyfrin
  • HackenProof <-> Hacken
• You'll never be 100% prepared to do an audit, you will very often have to do some research while auditing, if the project is an AAVE fork and you don't know much about AAVE, you learn about it during the audit, you gotta start somewhere, you'll get better along the way, don't be stuck in tutorial hell
• Don't hesitate to combine forces with other auditors in audit contests, you can learn a lot from them and it may be the start of something great