In this talk, I share how an open, curious mindset paired with clever, enjoyable exploration can turn you into a sharper vulnerability researcher. I walk through three cloud-security stories (Bad.Build, Sys:All, LeakyCLI) to show how curiosity, flexibility, and a playful spirit often outpace brute technical force.

Talk Abstract

Becoming a standout vulnerability researcher isn’t just about mastering the latest tools or tricks it’s about staying curious. In “When Bugs Find YOU,” I explains how hard work naturally evolves into smarter, more fun work when you follow your questions. Using real examples from Google Cloud Build, GKE’s OIDC setup, and CSP command-line tools, you’ll see how to spot odd privilege escalations and credential leaks that most people miss. Expect to leave with new ways to question assumptions, iterate quickly, and keep your work both effective and enjoyable.

Key Takeaways

• Chase your questions. Whenever something feels off, pause and ask “why?”
• Work smarter, not harder. Creative angles beat brute force every time.
• Iterate fast. Small, playful experiments often spark the biggest breakthroughs.
• Keep it fun. Enjoying the process leads to deeper insights and lasting motivation.
• Mindset matters most. An open, curious outlook amplifies your technical skills.