Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Episode 29 - j4x
147 Plays5 days ago
riptide & j4x discuss coming from cybersec and web2 CTFs to web3, a deep dive on rust, the contest game before and now, focusing on less popular languages, nomad bug hunting, why failing high school french and working at a call center helped him as a bug hunter, and much, much, more ...
Recommended![Episode 19 - 0xe4669da [SPECIAL n00b EDITION] image](https://media.zencastr.com/cdn-cgi/image/width=112,quality=85/image-files/677fcded3f04b4e1c3f96cfc/1b4f61b7-5c8c-48b2-9d61-66ec9549c632.png)
Transcript
Introduction and Sponsors
00:00:06
riptide
Welcome back to Bounty Hunters Life on the Blockchain. We are here episode 29. Oh yeah. and we are sponsored by ImmuneFi, the top place to find some bugs.
00:00:20
riptide
What else can I say about ImmuneFi? Other than let's like the most popular place for a bounty hunter because they have, I think, the ah most protocols listed and the biggest bounties on there.
00:00:32
riptide
And it's a really good experience. I've been hunting there since I started and I've submitted my most ah the most amount of bugs on there out of all bugs possibly submitted. So if you're just starting, if you're already hunting, go to Immunify, let the hunt choose you.
00:00:49
riptide
But ah it's great. You got to check it out. Also sponsored by Rare Skills. Rareskills.io forward slash Riptide will get you 10% off a boot camp if you want to level up your Uniswap V3 knowledge or maybe some ZK Moon Math.
00:01:06
riptide
They got it all for you.
Guest Introduction and Singapore Experience
00:01:08
riptide
Anyway, today, episode 29, we have J4X on the podcast. Welcome, sir.
00:01:15
J4X
Welcome, how are you?
00:01:17
riptide
I am fantastic, man. We're both early in the morning here. I got some coffee, a morning podcast. How are you doing?
00:01:25
J4X
I'm doing great, thank you.
00:01:28
riptide
Excellent. Excellent. I have this pregnant cat right now that woke me up, woke me up three times last night to eat food.
00:01:34
J4X
Oh wow.
00:01:38
riptide
Like it's crazy how much this stupid cat would eat food. So, I'm a little rough, man, but I'm good. So Mr. J4X, we met in Singapore at the amazing Crab Fest.
00:01:49
J4X
Yes.
00:01:50
riptide
Do you want to brag about how amazing that Crab Fest was to everyone?
00:01:54
J4X
The crab fest was awesome. So the crab fest is always one of my favorites when coming to Singapore and I'm a huge sucker for seafood. And, uh, as you might know, I'm based in central Europe, so there's not too much seafood around and
Networking and Industry Culture
00:02:09
J4X
especially not too much good seafood around.
00:02:09
riptide
Okay.
00:02:12
J4X
So every time I come to Asia and I get something like this, I'm just in heaven.
00:02:15
riptide
Oh man, get that MSG crab. Oh, that was good. And then we had, we had like every popular security researcher was there but that you'd, that you'd ever see. Like everybody was there.
00:02:28
J4X
Yeah, it was like a crossover, like kind of like the Avengers crossover, which happens from time to time. So I feel like at every of the big conferences, so either ECC or DEFCON, you have at least like one event where suddenly like everyone shows up.
00:02:44
J4X
And it's awesome. So I love going to the conferences for those just because like at the start you get to meet everyone. And then as soon as you know, everyone, it's just like meeting up with like your old friends or old school class or whatever. And like everyone is around, everyone is having fun and it's awesome.
00:03:01
riptide
Yeah. and And I noticed that when you meet these people in person, obviously their personalities are are all unique, but everyone's really cool. No one's...
00:03:09
J4X
Yeah, for sure.
00:03:10
riptide
I mean, there's some, maybe I'll say one or two outliers where you know they they have they have some some ah strange qualities about them, but but where where it's kind of like a...
00:03:23
riptide
I don't know. It was a weird meeting, but everyone else was... 99% of people are are really cool and and just just really cool people. And everyone's on their own, basically, which I think is another benefit of this. And a lot of people are ah independently, not say wealthy, but ah rich enough to kind of just do what they want to do. And they're really good at what they do. So I think you get...
00:03:48
riptide
You get that honesty, at least from my perspective, that it's hard to get. Like if you imagine go to a networking meetup, which I've been to back in the day when people had all these jobs and you don't get any honesty. It's just fake, fake, fake.
00:04:01
J4X
Yeah, I used to compare it to like, before I started auditing, I was working in like a very traditional, big German tech company know and like trips there for work.
00:04:12
J4X
You go there, you have to take care of what you're saying. You don't want to say offend anyone by accident.
00:04:17
riptide
Mm-hmm.
00:04:18
J4X
You
Corporate vs. Auditing Community
00:04:19
J4X
have to be nice to everyone. You shouldn't drink more than two beers because otherwise you would say something dumb. And here it's just like, you're hanging out with friends. Everyone's liking each other. like It's just such a chill experience and that makes it so much more fun. Although the people, if you would compare it to like a traditional company, yeah a lot more further along their career or more successful, but they care even less, which is kind of funny because that's what you wouldn't think when you're coming from like a traditional.
00:04:46
riptide
yeah
00:04:50
J4X
Background where you would think like, oh these people are so successful, so important. Like I have to wear a suit and a tie and like not say a single word that's wrong. And in actually like the people just show up in jogging pants and no one cares and you're just joking around having fun.
00:05:05
riptide
Yeah. the the The more popular and more richer any bug hunter gets, like the humbler they become until
00:05:05
J4X
And that makes it so, so much more enjoyable.
00:05:14
J4X
Yeah.
00:05:15
riptide
You're at max humbleness. ah The number one guy.
00:05:18
J4X
Yeah. 100%. hundred percent
00:05:19
riptide
Yeah. I don't know any other place like this. How cool. We're so lucky.
00:05:24
J4X
for For sure, man, for sure, man. Like I love this space and the people I've met through it. So even if I would earn like 10% of what I make right now, I probably still wouldn't leave just because I enjoy working with the people so much because just everyone seems to have kind of a similar point of view than me and like c plans as me. So it's just like you meet a lot of friends through this, not even just colleagues, but people that have the same way of thinking.
00:05:53
J4X
And this just makes it even more valuable.
00:05:55
riptide
That's a good point because we all realize that we all have the same interests. Like, like, because we're we're all focused on this for a lot of hours during the day. and And money is secondary or else you wouldn't be here. You wouldn't be this good.
00:06:09
riptide
And so everyone's like really geeking out about the same stuff and do try to find a place other than like a hobby club where like, i don't know maybe you're all into like RC cars or something. You're all playing with that. But this like combines a lot of technical know-how plus, um,
00:06:28
riptide
you know all the other aspects, negotiation, everything that comes with winning these bounties, picking it. And then on top of that, um you know you're also making some good money too. So like you have this weird combination of like, hey, fuck you, do whatever I want. And then this guy's really cool to talk to you.
00:06:44
riptide
ah We're all interested in the same thing. And you end up with this group of people and these conversations that I haven't really found replicated elsewhere.
00:06:54
J4X
No, same for me. So especially if you compare it to a traditional job, you would say probably 80% of people in a traditional job actually hate their job and just do it for the money.
00:07:04
J4X
And you don't really have that here. So I think that's also because for most of us, I think there's probably still like 5% who don't like it and just do it for the money.
00:07:06
riptide
Yeah.
00:07:13
J4X
But most of the people just really enjoy the job. So it's something you can connect in your free time about. And like both people are enjoying talking about it compared to someone, I don't know, like shifting around Excel sheets and like being happy to get home after that.
00:07:25
riptide
ah fuck
00:07:27
J4X
He definitely won't go for beers with his friends after and be geeking out about Excel sheets.
00:07:34
riptide
Yeah, don't don't give me flashbacks about Excel. My God, I was a banker in the past, I know. ah Hey, so interesting kind of background you have. So i I did some due diligence, as they would say, back in the banking days.
00:07:47
J4X
Awesome.
00:07:48
riptide
And it looks like you you knew your shit. You've competed, i' would say you're more you're more a contest guy, contest audit guy rather than bug hunting. Am I right?
Career Path and Auditing Focus
00:07:59
J4X
Yes. Yes. So I started out with contests, went like really hard on that for like, I would say about a year, a bit more than a year.
00:08:00
riptide
Yeah.
00:08:07
J4X
And already at the end of that, I started working a lot more with agencies. So that kind of shifted my focus away. And like for the last one year to one and a half years, I've been mostly working with agencies, like jumping into a contest somewhere in between. I think I only did like one this year so far.
00:08:27
J4X
But yeah, mostly agency work now.
00:08:31
riptide
So, and by agencies, you mean just dealing directly with protocols or you like doing subcontracting through other audit firms?
00:08:39
J4X
um For me, it's mostly working with the teams at Spearbit or Senef, Sherlock.
00:08:44
riptide
Okay.
00:08:46
J4X
So all the, I just call them agencies. I don't know if that's the correct term for them or not. They, that kind of played a middleman for you and connect you to the protocols, set up teams and do the private audits.
00:09:00
J4X
Because I have to be honest, I'm a really... techie guy. So I genuinely enjoy looking at code, finding bugs. ah What I don't enjoy that much is marketing and like going out, having to sell myself to people, which is definitely something I can put more effort in in the next year and learn more about.
00:09:11
riptide
Mm-hmm.
00:09:20
J4X
But for me, like the the fun part is the sitting in front of code for 10 hours a day. And when working with these teams, you can kind of just focus on that. They take care of everything else besides that, which makes it a pretty good synergy for me.
00:09:34
riptide
That's a very good point. And you're not the only one I've heard of plenty of guys that just don't like to do anything but that. And, and there's options just like that. I mean, you could do exactly what you're doing. You could just look at code, get paid for it.
00:09:47
riptide
And guys love that, man, because the marketing, You know, staying in touch with the clients, following up this and that is a different skill set that some people just don't like doing.
00:09:57
riptide
And, and if you don't like doing it, you treat that as like laborious work that you detest.
00:09:58
J4X
Yeah.
00:10:03
riptide
Hey, you know, stick with what you're doing. And it's so cool that you can, you can pick and choose kind of which path you want to take.
00:10:10
J4X
Yes, for sure. I think that's also like deciding between like super specializing on one topic or becoming kind of a multitask guy that knows everything good, but nothing perfectly.
00:10:23
J4X
And I think both strategies are valid. So you can be a seven out of 10 auditor and also be a seven out of 10 marketer and live really good over that because you kind of cut out the middleman and Like even if you charge lower rates, you still get more because you're not paying percentages to an agency or you go like full in on the auditing thing, say, okay, I give that percentage off.
00:10:41
riptide
Mm-hmm.
00:10:46
J4X
And like, I think both of those strategies work. I think it really just depends on what's your interest. And for me, for example, i love going to these, conferences, meeting people, but I love just hanging out with them, not having to sell anyone, like just making friends for making friends, not making friends for later on selling them like some service or making that because then I think it definitely works, but it's a bit harder for me because then I always have to kind of have this in the back of my mind. And like this, like it's currently, it's just like I get the weekend in, I don't know, Singapore, for example, i hang out with my friends, go to Universal Studios, get good food, go out.
00:11:27
J4X
And there's no second thought I have to have about who I'm selling stuff to and which leads I have to follow up on, et cetera.
00:11:33
riptide
Exactly.
00:11:33
J4X
Which is funny because I was working in this kind of direction before. So...
00:11:38
riptide
Yeah. And and you realize you didn't prefer it.
00:11:41
J4X
Yes.
00:11:41
riptide
Definitely.
00:11:42
J4X
Yes.
00:11:42
riptide
I think the best ones are really the clients that you don't have to sell to. So if you place first in a competition ah over and over again, well, you basically sell yourself.
00:11:54
riptide
You don't have to say, Hey, can I get clients? People reach out and say, Hey, wow, you know, you're great.
00:11:58
J4X
Yes.
00:11:59
riptide
Will you be on like leads? Will just come to you as long as you show that you can do something like people have, It was mocked, what, a year ago having DM for audits in your Twitter bio and and everyone was doing it.
00:12:10
J4X
Yeah.
00:12:13
riptide
But if you're good, people just find you and you shouldn't have to do any marketing. And if you amp up your marketing, you know it'll take more work and you can probably get more clients. But yeah as much money as you want to make in this industry can find you is if you are provably good at what you do.
00:12:30
J4X
Yeah, 100%. hundred percent
00:12:32
riptide
Yeah. um So youre you were previously doing cybersecurity pen testing.
Education and Cybersecurity Journey
00:12:39
riptide
Was that in kind of the Web2 space before you decided ah to jump ship?
00:12:44
J4X
Yeah, so for me, I had a pretty weird ah trajectory. So I ah failed high school, like my eighth grade.
00:12:52
riptide
Hell yeah, I dropped out too.
00:12:53
J4X
Then I was ah like getting that back in like evening high school. So there was something in my country where you can do like a few hours in the evening to get your degree in the end.
00:13:03
J4X
And I was working in a call center for about a year. um Then after I had finished it, I started studying, went into mechanical engineering and ah started working in a mechanical engineering corporation.
00:13:18
J4X
Then did that for like one or two years, realized like, Hey, mechanical engineering is really not what interests me. But like I did a few like programming classes there and I was like, Hey, this is kind of fun. This is kind of interesting.
00:13:29
J4X
And then I switched to computer science, started working in like sales or startup. in cooperation in the same company. So I was kind of their salesperson, like trying to find startups they can buy and invest in, which was like a super interesting, but super unrelated job to what I currently did.
00:13:52
J4X
And then like, as I advanced further in my studies, I started getting into cybersecurity, started to get really deep into CTFing. And then I also started working in like ah pen testing at a ah separate, more,
00:14:06
J4X
Also more traditional mechanical engineering company. So I was more helping them like pen testing ECUs and like looking just at C code of like these kinds of programs, which was also super interesting.
00:14:15
riptide
Mm-hmm.
00:14:23
J4X
um But yeah, then I finished that. And after I was doing that, I was like already deep into the whole CTF game, started learning about Web3 there. So I was just in playing CTFs every weekend with my friends at university, spend all weekend at the university, sometimes through the night, ah got super competitive into that.
00:14:45
J4X
And then I realized like, hey, did these like Web3 crypto ah challenges in CTF start popping up and like no one of us knows how to do those. And also most other teams don't know how to do those because there's like no courses at university and like almost no one is doing them.
00:15:00
J4X
And then I was just like, hey, I need to carry my team up. And then I just started learning EVM and Solidity. And I think there was also already like a few Solana challenges because um I think OtterSec and Selic both are ah very related to CTFing.
00:15:16
J4X
So they were already sponsoring CTFs and providing challenges there. So I just learned through those. I just looked at them, started ah finding finding them. And then after like half a year, I got pretty good at it. And then I stumbled across the legendaries, see Michael post and yeah, everything from that on is history. Yeah.
00:15:39
riptide
So you were doing Web 2 CTFs before Web 3?
00:15:42
J4X
um
00:15:42
riptide
Hmm.
00:15:43
J4X
All of it. So so most CTFs I was playing is like just standard university CTFs and they have different categories. So they have like pawning, which is mostly focused on C stuff. Then they have reverse engineering, web, crypto, then traditional cryptos or cryptography, which is very math heavy.
00:16:02
J4X
And at the beginning, I was just doing a bit of everything, but I was not really good at any of it. So at some point I thought like, Hey, I need to specialize in some field. And there was this one field, which my team didn't have like a good guy in, which was web free.
00:16:16
J4X
So I was like, I, I have to try this because then I can become the specialist for this. And yeah, that's, that's how I got into it at the end.
00:16:25
riptide
and Let me ask you, so I also dropped out of high school, and I i think back to why I did, and really it it was a few factors, but one of them was I was bored.
00:16:28
J4X
Yeah.
00:16:35
riptide
and I didn't think anything that I was learning was applicable to what I wanted to do, which was work with computers, like computer programming. And um so I dropped out at 16 and then went to college early at a technical school to pursue that path.
00:16:50
riptide
So I'm curious, when you were in eighth grade, you weren't doing well and you decided to quit. Like, what was the what was going on there?
00:16:57
J4X
For me, I didn't quit willingly. So for me, the problem was I just failed French. I was pretty good in most other courses. So I was usually like one of those kids. Like I had like the lowest attendance of my whole class. I was there for maybe 40, 50% of the year. Rest, I was like just chilling out at home doing other stuff.
00:17:18
J4X
Then like the day before the exam, I just learned all of it in one day. got usually like a a or a B on the exam and then they had to let me pass. But the only way it didn't work was for French because I, I don't know, like French has been my Achilles, uh, what's it called?
00:17:35
J4X
Tendon, uh,
00:17:36
riptide
Achilles heel.
00:17:37
J4X
Achilles heel. Yeah, exactly. So yeah, that just failed me hard. And then I had to like redo it. I was doing like a lot of tutoring and I somehow passed with a D in the end.
00:17:49
J4X
Since then, it has been really fun every time I go to France because it's like the trauma is opening up again. But no, like, For me, it was just like getting stuck there, ah finding some other way to wiggle around it because I knew I wouldn't need it afterwards.
00:18:06
J4X
And I was like always super interested in math and history and also doing pretty decent in the other courses, just being lazy as fuck, but learning it all very quickly because I was always a very quick learner.
00:18:20
J4X
And yeah, that that caught me there. I had to like kind of lose a year, but also in that year, just working like a very shitty job in ah ah call center was a huge lesson for me. So I think that got me into the the work drive that I have now because I knew I would, I'd never want to end up like this and do this for all my life.
00:18:40
riptide
Oh, yeah.
00:18:40
J4X
So it was definitely worth it. Like i'm I'm happy everything went the way it is because I don't know if it would be the same now if I would have passed, for example, and would have never had to like work a really shitty job to to get over.
Character Building and Overcoming Challenges
00:18:54
J4X
So I'm happy about it.
00:18:54
riptide
Yeah.
00:18:55
J4X
In retrospect, back then I was i was saddened to the bone.
00:19:00
riptide
Of course, of course. No, this is really funny because your path, yeah guys like that that show up just for the exam and then ace it, these are high performing individuals.
00:19:11
riptide
So you're speed running these classes, right? you' just showing up. You say, no problem. like this i'm I'm far ahead of you guys on IQ. But then you made a big mistake trying to do that with a language, which I could see not working correctly as my challenge is learning a second language.
00:19:22
J4X
Yeah.
00:19:28
riptide
I i understand that. You just showed up trying to ace a French test. Oh, man.
00:19:34
J4X
the The crazy thing is it worked for three years.
00:19:34
riptide
Well.
00:19:36
J4X
It only didn't work in the final year. that's that That's the crazy part it.
00:19:41
riptide
Oh, man.
00:19:41
J4X
But also, I don't know. I think like just French is a very hard language to learn. So for example, my my native language is German. So for English, it was way easier for me to learn. So I also got into it very young because I lived in the US for some time.
00:19:55
J4X
So I just had to learn it being thrown into the individual water and learning to swim. But French was a whole different beast for me.
00:20:03
riptide
Right, right. That's interesting, man. That's pretty cool. So, well, you never know, man. I mean, in ah and the biggest part I'm hearing there is like having a shit job.
00:20:15
riptide
And just having to deal with that and having to go through it. You're right, man. you I think any adversity, and this is what try think about, like if you have or when you look at the youth and life is so easy, especially if you're in America, life is as easy as possible as you want it.
00:20:32
riptide
But you have to find a way to introduce that adversity to the youth and and on yourself when you're growing up.
00:20:32
J4X
Yeah.
00:20:38
riptide
And you hate it when you're doing it. But then you get to reflect on it later and you're like, oh, well, I could do this because I used to do this shitty call center job for two years. And so this is nothing. mean, it's mandatory, but it's like it's a challenge now because life is so, so easy, especially when you work behind a keyboard doing what you love.
00:20:59
riptide
ah You have to kind of seek those those challenges out on your own.
00:21:03
J4X
I think it also grows you a lot as a human, like character wise.
00:21:07
riptide
Absolutely.
00:21:07
J4X
So every person I encountered that had it always easy in their life, like rich parents, just finished high school, went to good university, got normal office job.
00:21:18
J4X
Like there was never a big adversity. They they also seem to... grow a lot less characterized than people that like have some adversities. And that doesn't just have to be like dropping out of high school. That could be sicknesses.
00:21:30
J4X
That could be, I don't know, someone dying close to them, some other struggles that they get into. But I think every struggle that we get into and kind of grow out of,
00:21:36
riptide
Mm-hmm.
00:21:41
J4X
grows us a lot as a human being and like the people I like the most and that I usually can connect very well to also had some struggles in their life where they went down a bad path for whatever reason and dug themselves out again.
00:21:55
riptide
Absolutely. I've seen guys on here, and I remember this one guy in DeFi summer. He was in his early 20s, and this guy's background was you know just grew up kind of easy.
00:22:07
riptide
And then he was making money on DeFi, trading this and that. And he'd post photos of him just ordering out every night. like That was his... That was his achievement. Like, hey, look, I made it. I don't even need to cook. I could or i could afford food to be delivered to my house every night.
00:22:24
riptide
And you have this, it looked like slop. was in the UK. But he's getting this food every night delivered. And, you know, there's this perception that this is, you've won life. If you can never leave your apartment and just...
00:22:40
riptide
Don't have to go to a job because you make money online and you you're chasing this opulence, this kind of hedonism and pleasure.
00:22:48
J4X
Yeah.
00:22:49
riptide
And that ends up that ends up snorting coke, hookers, going down into just a path of despair and suicide, to be honest, because you hit the dopamine over and over and over again until it doesn't work anymore because you don't do anything else.
00:23:04
J4X
yeah
00:23:05
riptide
And it's a sad story. You see it all the time. So I completely agree. got to have adversity ah just just to prolong in this industry and in life and and continue to chase happiness effectively instead of the wrong way.
00:23:22
J4X
I think also you need to hardly differentiate between easy and hard dopamine because we're now in in a time where dopamine is just always available.
00:23:28
riptide
Oh, yeah.
00:23:32
J4X
If you just think about social media, like the unhealthiest, most dopamine-raising food is the cheapest one. You can get just the shittiest fast food and pure sugar and it won't cost you anything.
00:23:40
riptide
Mm-hmm.
00:23:44
J4X
And you can be on like government assistance and you can still afford that. And you can still get a phone and hang on TikTok all day. so There is no, I think before that it was always hard to get dopamine or it was at least a lot harder. And the longer you go back in history, the harder it got to get dopamine. Because if you're like a cave dwelling person, like you could get a wife, you could eat food, you could hunt something.
00:24:10
J4X
And I think that's pretty much all the choices you had. And all of those were probably pretty hard to get back then.
00:24:16
riptide
Mm-hmm. Mm-hmm.
00:24:16
J4X
But now you can just fry yourself with dopamine constantly. So if you don't have discipline, which unfortunately a lot of people lack, you can just continuously keep frying your brain with dopamine. And then you need to go like to the next hardest thing. And then to the next hardest thing, as you said before, with like Coke and hookers and whatever. And at some point you reached a pinnacle where you can't like push yourself higher. And then those people crash and burn very fast.
Burnout Prevention and Work Strategies
00:24:42
riptide
So let me ask you this. How do you avoid burnout? Like for me, yeah ah we're both in the same industry. I mean, the stream is constant.
00:24:49
J4X
Thank you.
00:24:50
riptide
You can literally never log off. And so I deleted the X app from my phone. i don't really use the phone and I try to keep everything on the computer. So when I close the computer, that's it. Like I'm not doing anything. Do you have any tactics or strategies you use to kind of balance this?
00:25:08
J4X
For me, I think the private audits have helped it a lot, to be honest. So when I started out and I was doing contests mainly, I probably spent my like my first three or four months just working nonstop.
00:25:21
J4X
Every weekend, every day from like the morning I woke up till the evening. And then usually i woke up at night, checked like my escalations. on Back then everything was still on GitHub for Coderino.
00:25:32
J4X
And like it worked for some time because I was 22, 23 at that point. So I think you can still take a lot of shit to your body then.
00:25:43
J4X
like You can still not sleep much, just work every day.
00:25:43
riptide
Mm-hmm.
00:25:45
J4X
And like it takes its time. But then after the four months, I was just done. So I had just started, was outing for four months, had some small... ah success stories and then i was like just like sick I was for a month I couldn't really do anything I was just lying around in my apartment kind of cathartic doing nothing but watching TV all day.
00:26:09
J4X
Like every time I tried to look at my PC after like 20 minutes, my head started hurting and it was the first time I encountered burnout.
00:26:14
riptide
Oh man.
00:26:17
J4X
And from that point on, I already started like squeezing in small breaks, like taking the weekends off, maybe taking a week off in between. And as I started going more into like private audits, I was able to say like, okay, I'm going to work a normal five day week.
00:26:33
J4X
I'm going to work Monday to Friday, going to give my all then. And then Saturday and Sunday, I'm going to chill out at home. I'm going to hang out with friends. I'm going to go to the gym, going to do whatever I want. And that has also helped me a lot.
00:26:45
J4X
Besides that on like the topic of X, you mentioned, for example, I'm trying to like restrict all like the social media stuff. So i have, as like, for example, the reels is super scary and you can't really block them.
00:26:58
riptide
Mm-hmm.
00:27:00
J4X
Like they are everywhere. They're on YouTube, they're on Instagram, they're on X. I removed all of them and only have them in my browser. And there is an extension you can add in your browser that kind of filters out all those short videos.
00:27:12
J4X
So, and for example, for X, I have it. So it also filters out everything that is not from anyone I follow. So I just see the posts from people i I want to see. And that's not that many that I follow. So like if I check in there once a day, I see all the posts and that's it.
00:27:26
J4X
But I think you need to have a lot of discipline and build like your own systems. If you don't do that, especially like I encountered at the start, you just instantly hit the wall. So even if you're like a hardworking person, you're not lazy, this can also go into overdrive and kill you in the end.
00:27:44
riptide
Yeah. Great description of burnout too. And people try to combat that instead of resting down some more coffee or take God forbid, like Adderall or any of these drugs and man, your body's got to, it needs a rest.
00:27:57
riptide
That's all it's telling you. So a very true man. Yeah. What's what's the name of that extension? Because I use something before to kind of like filter out some of the, some of the screen on Twitter.
00:28:08
riptide
um It's it, it rewrites the HTML or something like that. Do you remember what you use?
00:28:13
J4X
It's called social focus.
00:28:15
riptide
Okay, that's a different one. Cool. Social focus. Interesting.
00:28:18
J4X
Yes.
00:28:19
riptide
Have check it out.
00:28:19
J4X
So it's just like one extension for YouTube, Instagram X, whatever you use, and you can just like set the bars, what you want in there, what you don't want in there. You can also just like gray out the whole site, remove all pictures and videos to make it even less interesting.
00:28:34
J4X
And that way, like for me, at least I don't really have the urge to look at it too much anymore because it just made it very unattractive and that's good.
00:28:40
riptide
All right.
00:28:44
riptide
Cool. I forgot this is a security podcast. We should talk about some security.
Contest Landscape and Business Models
00:28:50
riptide
ah So, all right, like we have to touch on the contest arc right now.
00:28:54
J4X
Yeah, for sure.
00:28:55
riptide
You've been doing the contest long time and I'm sure you're aware of a certain incident with a platform that won't be named.
00:28:57
J4X
Mm-hmm.
00:29:02
riptide
But tell us where we're at now. We we know how it was in the past. What do you think about the contest landscape? Now there's, it looks like we have players changing ranks as far as who's getting more clients, where SRs are going.
00:29:17
riptide
you kind of have an overview or anything you'd relevant you'd like to to talk about with the contest game?
00:29:23
J4X
I think it has changed a lot since I started. So back when I started, it was pretty much Code Arena and Sherlock. So Code Arena in the original version and Sherlock also in, I think back then they were also doing a bit more of insurance stuff than they are doing now, but I'm not too much.
00:29:41
J4X
I don't have too much information on that. um So Cantina, for example, was not even around then. Immunify was not even around. I think Cyphering just started. um And since then it has rapidly shifted. For example, like scaled pots were not a thing back then.
00:29:57
J4X
ah Custom rule sets were very few times. Also, it felt like pots were a lot bigger for smaller code bases. um So it has shifted a lot also with the current push from some ah platforms to just charge 0% fees.
00:30:14
J4X
I think it also has changed ah a thing because it's now kind of a race to the bottom. And at the end, everyone's going to charge 0%, I assume, because how else can you compete with them?
00:30:25
riptide
Mm-hmm.
00:30:25
J4X
And I think that also is going to reduce the amount of contests in the long term because there's no real incentive for me as a platform. to host contests, I mean, for sure as a funnel to private audits, but there is not that much of a like monetary incentive anymore to host the contest than before where you could probably charge like, I'm just assuming, I don't know how much any platform actually charges, but I would assume they charge like 20, 30% probably for doing the contest. So if you're hosting like a two, 300 K contest and you can make like 90 K for just throwing the files on your platform,
00:31:03
J4X
and letting the judge do the work, then that's a perfect business opportunity. But now that you're not making that anymore and you have to handle all the overhead, I think it's definitely going to get less.
00:31:15
J4X
i don't The weird thing is I'm not seeing it right now, but logically, at least from my point of view, it should get less.
00:31:23
riptide
Yeah, it seems like something that can be honestly disrupted very easily because the platforms are kind of basic. the whole middleman idea of this. And I think what you're saying, you know, they, they did the race to zero allegedly.
00:31:38
riptide
um I don't know if there's backroom dealings going on with like, we'll host you. And then here's the pot. And then if we get these findings, we'll do some sneaky behavior. You kick us something on the backend.
00:31:51
riptide
Honestly, I'm not accusing any protocol of doing that, but This could it be happening. I don't know. Or they're just doing these competitions as a gateway to their audit product where they're going to make revenue there.
00:32:02
J4X
I think that's mostly the case. So that would, at least for me, make the most sense because then you can just upsell based on that.
00:32:04
riptide
Most likely.
00:32:10
J4X
So you have your free offering and on top of the free offering, you're upselling other stuff.
00:32:10
riptide
Yeah.
00:32:16
riptide
Yeah.
00:32:16
J4X
So that would be the most logical business explanation for me. I mean, for the other topics, I cannot really comment on that because I don't know anything.
00:32:25
riptide
It's a wild guess.
00:32:25
J4X
And I also, yeah.
00:32:25
riptide
I have no idea.
00:32:27
J4X
Yeah.
00:32:27
riptide
Yeah. Okay. Well, you know, we'll see where it evolves. I think they're really good for guys to get started. and it's And it doesn't even matter what the pot is. Like if you're a new guy, it could be five grand, you know, but as long as it's a fair payout.
00:32:41
J4X
Yeah.
00:32:42
riptide
And if you could walk away with 500 bucks as a new guy for a finding, it's pretty cool. Like that's ah that's a really good incentive to get you started.
00:32:51
J4X
Yeah, especially if you compare it to traditional like Web2 audit or bounties, like the prices here are so much higher. So you could probably like cut them down to 10% of what they are and people would still compete to just use it as a launch pad to get into private audits.
00:33:01
riptide
Mm-hmm.
00:33:11
riptide
Yeah. Yeah, I agree. So, you know, it's also kind of interesting, like I looked up your background and you're like a lot of guys just do solidity and then they'll expand out from there to rust or something like that.
00:33:26
riptide
And you're kind of, you're all over the place. So,
Programming Language Learning
00:33:29
J4X
Yeah.
00:33:29
riptide
I mean, you're like, how many languages do you feel you're kind of proficient in auditing?
00:33:38
J4X
So for me, I also actually started with Solidity just because back then there was nothing else on the contest platforms. And I also started by doing Cypher and Updraft was not around back then.
00:33:50
J4X
um So I had to learn by doing these like small CTFs, like Damn Vulnerable DeFi, there was Quill CTF and I think Mr.
00:33:58
riptide
I remember that. Yeah.
00:34:00
J4X
Steelio Crypto or something like that. And I was just playing through all of these, trying to learn stuff. And then like after half a year of audits or so, I stumbled across my first Rust contest and I had never written anything in Rust before.
00:34:15
J4X
I was just like, this is like a decent sized pot. I think it was like 100K or 150K. And I'm just going to try it for four weeks. I'm just going to try it for four weeks and I'll just try to find the logic box and learn it along the way.
00:34:30
J4X
And then I was just went really deep on that for four weeks. And in the end, I think, yeah, I won the contest. And i was like, hey, this is this is pretty interesting. And it also seems to be a pretty good strategy because there's not so many people doing this right now, especially back then, because like no one had an idea about Rust.
00:34:48
J4X
By now, I would say probably 20 or 30% of contests are Rust. So everyone has at least dabbled their feet into it. And now they they would try But back then, everyone was kind of scared of the Rust contest.
00:35:00
J4X
So i was like, hey, this is a pretty good strategy because if I'm competing on EVM contests, I'm competing with people that have been doing this for five years, but so they have a huge gap on me that I have to close up on them.
00:35:13
J4X
But if I do the same thing on Rust contests, everyone is starting from scratch and I know I'm pretty good at quickly learning stuff.
00:35:18
riptide
Mm-hmm.
00:35:21
J4X
So if I just set myself on things, I can very quickly learn the basics of them and get into the flow. So there I can. use this skill of mine ah to outpace the other people that are also starting from zero.
00:35:34
J4X
And that was my strategy for the rest of the year. And I think, I don't know like how many contests I won or placed top three in, but a lot of them. And I just really focused on that. I just really focused on just going everywhere where no one is going or where everyone is starting from scratch.
00:35:50
J4X
So starting new languages, starting new frameworks. And it was a pretty good strategy because in the contest at the end, you're splitting the pot with the other people participating.
00:36:01
J4X
So the fewer people that are participating, the better it is for you. And then if you have like a big difference to the others, you can get even more. But sorry, I i kind of yapped away here. ah You asked about languages actually.
00:36:13
J4X
So I've been mostly doing Rust. So my key thing currently Solana, would say, doing anchor audits or also a traditional Solana.
00:36:20
riptide
Mm-hmm.
00:36:23
J4X
So without a framework. I'm also dabbling more into Cairo currently, ah which is also pretty interesting. Also did an audit there at the start of the year. um Besides that, I also work with Substrate.
00:36:36
J4X
So it's also Rust based for Polkadot. Unfortunately, there is not that much traffic there, but it's pretty interesting to audit because it's just ah not to be in there, but it feels to be kind of built to fail.
00:36:50
J4X
So you can just mess up at so many edges there. And it's super interesting to audit. And I think like the last contest I did on Substrate was like 20 plus HM findings. Also on that one, by the way, there was,
00:37:02
riptide
Hmm, nice.
00:37:04
J4X
ah and yeah, then besides that classic EVM, I also messed around with Cosmos a bit, also very interesting. And the next thing on my checklist is currently learning move.
00:37:16
J4X
So move is super interesting.
00:37:17
riptide
Move, nice.
00:37:19
J4X
um ah There seems to be also more traction coming up there. And it's also very rust-like, rust-based. I think I did it once, like two or three years ago on some CTF challenges. So it should be quick to get into.
00:37:32
J4X
And yeah, I just like doing weird... ah language is because the most fun part to me is learning the new language. So I love being just thrown into the water and learning to swim while doing it.
00:37:44
J4X
So just make up some weird language, throw me in there, and I'll be good after a few weeks.
00:37:50
riptide
make it up yeah i don' i know
00:37:51
J4X
Yeah, just just not, I think brain fuck is the one that's just like dots and brackets and stuff. Maybe not brain fuck, but pretty much every other language you can you can throw me into.
00:38:01
riptide
There's a language called brain fuck.
00:38:03
J4X
I think it's called brain fuck. Yeah. And it's just like a special character. So it's just like thoughts, brackets, exclamation marks, and has like four, ah you can read it's what's called lecturing compatible.
00:38:07
riptide
Oh my God.
00:38:15
J4X
So you can really write code in that
00:38:16
riptide
Uh-huh. This sounds like Pearl.
00:38:20
J4X
kind of, yeah, but even worse.
00:38:23
riptide
Uh, see, I see a trend though, is that you're not like, oh, the move competitions out there. I got to make some money on it. You're just like, Hey, this looks really interesting, which is the key, right?
00:38:32
J4X
Yeah.
00:38:33
riptide
You have to be interested in it to really want to do that. Some people, they get really good at solidity or rust, whatever. they're just like, this is it, man. I'm staying in my lane. I want to become an expert at it. And you're like, I want to speed run this, become an expert. And then I got to move on to the next one and then learn this too. But you're like, you have that interest driving you.
00:38:51
riptide
And guys always ask me, like, well, what should i learn? with you know Actually, we had a Q&A, man, from this guy called China. And he's like, this is out for you. So he see he says, more material out there for solidity versus rust.
00:39:03
riptide
Would you recommend sticking with rust or switching to solidity for more contests or learning both? So while we're on this topic, what would you say to him?
00:39:12
J4X
um I think you can definitely use the Solidity resources to learn a lot about ah higher level stuff. So how DeFi types work, how does an AMM work, how does a lending protocol work, ah how does a prediction market work?
00:39:24
riptide
Mm-hmm.
00:39:27
J4X
I think there's a lot of courses out there. So for example, I've also been mentoring a bit in the last year.
Blockchain Concepts and Error Identification
00:39:34
J4X
And I recommend everyone to go to Cypher and Updraft first. Even if you want to go for Rust, learn the basics of a blockchain, use learn how an AMM works, how you exploit stuff there.
00:39:44
J4X
And then when you have this basic knowledge, which is the best prepared for EVM currently, you can go over to Rust. It's not that hard. like I think a lot of people are scared of the jump, but it's not that hard if you have done some coding before.
00:39:59
J4X
In the end, it's all code. The syntax might be a bit weird and it might take you a few weeks to get used to it. But when you understand how a blockchain works and how an AMM works and what you should check for on an AMM, you can do the exact same things in the Rust.
00:40:13
J4X
You might miss some very weird Rust specific bug, but 95% of bugs are not language specific. So even if you're not an expert yet, you can catch 95% usually.
00:40:25
J4X
So my a recommendation would be just like Rust contests when they come along. That's the best way. Just learn on the thing. But if you get stuck in between, either do EVM contests or use some of the courses to to get better in your skills.
00:40:41
J4X
So there's always shit to do. I think you would even if you want to focus on Rust, there should never be a day where you're like, oh, I don't have anything to do right now.
00:40:49
riptide
I'm going to qualify that as an alpha drop right there. What you just said about, can you say it again? 95% of bugs are not language specific.
00:40:59
J4X
Yes, I would 100%.
00:40:59
riptide
How true is that?
00:41:00
J4X
Yeah.
00:41:01
riptide
Right? You look through, because if I pick up move, right, which I've never looked at. And from what you're saying, you can just read through it and kind of identify because it's all a human readable.
00:41:14
riptide
They're high level.
00:41:14
J4X
yeah
00:41:15
riptide
they're They're basically high level languages. And you could say, well, this logic doesn't like this. If then this loop, like you could just see a logic error. Is that what you're referring to?
00:41:26
J4X
Exactly. So you recognize, okay, this is an AMM.
00:41:27
riptide
Yeah.
00:41:30
J4X
Oh, they are not they are checking their slippage, but they're checking their slippage, I don't know before they ah withdraw the fees. And this just like a random standard AMM bug that happens in every second contest.
00:41:43
riptide
Mm hmm.
00:41:43
J4X
And you can also see that in Rust, you don't need to understand what type of struct they are using here or what type of integer they're passing. You're just reading through the code, understanding like the flow of what happens and you see like, oh, they are checking the slippage too early.
00:41:58
J4X
So just like very basic example.
00:41:58
riptide
Yeah, very, very good tip. Very good tip. Yeah, you don't have to know all the specifics of the language, but just a basic high level logic error can get missed, can get missed a lot of the time that you could you could pick out.
00:42:09
J4X
Yeah.
00:42:11
riptide
Now, that's very good, man. I love that. because And ah yeah I've started looking at Rust recently. We have our AI tool. ah that we use.
00:42:19
J4X
I saw that. That's really cool.
00:42:20
riptide
It is cool, man. I should show you some findings, but we're running it on Rust. and And I'm like, okay, I need to kind of look through these findings to make sure they're legit.
00:42:29
J4X
Mm-hmm.
00:42:29
riptide
And so I start reading Rust and everything. And the cool thing I've noticed about it, like dealing with Solana, is there's another interesting vector that you think about, and that's compute. So normally in Solidity, you don't think about that. You just, oh, it's EVM, it's on the blockchain.
00:42:43
riptide
Yeah. pay for gas, everything. But with Solana and Rust, it's like, oh, you can kind of exhaust the compute. You can crash these things. you like this This kind of like traditional ah program running on your computer, that aspect comes back into mind. You're like, oh, this is a whole new level of things that can kind of go wrong.
00:43:04
J4X
Yes, for sure. So you have different attack vectors for each of these things, which makes it very interesting. So also to circle a bit back to the polka dot substrate, for example, they have a very weird system.
00:43:15
riptide
Mm-hmm.
00:43:17
J4X
That's also just instant way to farm mats on any contest is they don't, kind so the contracts are run on your own chain. So you have to maintain this and for example, the storage and the compute also.
00:43:32
J4X
And when you're running a function, you're not having it broken down into assembly commands and giving like a gas value to each of them. you yourself as the developer have to figure out how much this ah function will use in the worst case, and then just write like a thing above the function, like this uses 40,000 gas.
00:43:51
J4X
But if you mess up there, and for example, there's a way to like, I don't know, let a for loop run forever, and just then break out at the end, it will burn like 100 times that gas, but it will only charge the user that amount.
00:43:52
riptide
Mm-hmm.
00:44:02
J4X
So he will be able to like mess with your compute units. And like there's like these specifics for each of these languages and they're super interesting because they are all usually a cool way to farm bugs or for Substrate 2, you have to maintain the storage yourself.
00:44:18
J4X
So if you're not charging the user per like storage write, he writes to correctly. Like he can just fill up your storage, force you to maintain like 2000 terabytes, I don't know, 2 million terabytes, whatever, and just completely crash your chain.
00:44:34
J4X
So there's so many interesting ways to to mess around in these different languages, which makes it more fun to me because EVM is already very secure in most ways.
00:44:41
riptide
Oh, absolutely.
00:44:45
J4X
So yeah there's not as much to find and not as much cool, like new ways to find stuff.
00:44:45
riptide
Yeah.
00:44:48
riptide
Mm-hmm.
00:44:52
riptide
Yeah, so my alpha drop here is is based on that. So if you are are been focusing on Solidity Viper and you're kind of getting bored because you eventually see almost everything, right? There's only so much you could do.
00:45:06
riptide
And I would say you have to look at cross-chain composability and backends. and And then it it just, there's so many more different problems to solve. And there's bugs that go with those problems, but you get to introduce yourself to a whole new host of ah different things to look at, which will really kind of keep you interested in the security space.
00:45:27
riptide
I know that happened for me. i Just kind of, you look at Solidity, you're like, oh there's, and like you said, it's it's pretty secure. Like we know the behaviors, the bugs that we find,
00:45:38
riptide
mostly are are obvious in hindsight, right? But ah there there's more unique, interesting bugs to me when I look at the cross-chain composability stuff than than just looking at smart contracts right now.
00:45:55
J4X
Yes, for sure. It also just opens up new and and new venues of attack.
00:45:56
riptide
Yeah.
00:45:59
J4X
And that's what keeps it interesting. Because if you're doing contests and you're looking at the 20th ERC for 626 vault, and you at some point it just gets boring.
00:46:07
riptide
Mm-hmm.
00:46:10
J4X
And for me, I'm a person I hate doing the same thing all the time.
00:46:10
riptide
Yeah.
00:46:13
J4X
So I just love constantly being in a new field. So that's like already what contests kind of do for you.
Exploring New Languages and Chains
00:46:20
J4X
But if you need even more edge there, it makes it even more interesting if you're just jumping between languages and jumping between different chains.
00:46:27
J4X
So you never get bored. And that's what makes it so much fun to me that I'm constantly in a process of like, hey, I need to learn this. I need to understand this. It's something new. I never get to a point where I'm complacent and and I'm like, oh, I know all of this. I'm going to go over my checklist and now I'm done.
00:46:44
riptide
ah Would you, since you're, I think you're, you're very, ah very good on rust. Is there anything you could share, like, like a ah ah certain thing that you would check on all rust based projects, like ah one thing that you, you always look into that maybe you've seen ah commonly when reviewing?
00:47:02
J4X
For Rust specific, I wouldn't say, i mean, each of the like changes, their own like classical box. So if you would say, i don't know for it Solana, for example, or for Substrate, they definitely have their average box, but most of the frameworks really cushion out Rust for you.
00:47:19
J4X
So you can not really mess up that much in Rust itself. You usually mess up within the framework.
00:47:26
riptide
Can you expand on that a bit, like for for a non-RUST expert?
00:47:30
J4X
So for example, for Rust, ah one thing would be the ownership. So for us, you're you're transferring ownership between um between different entities of the struct or object or integer, whatever, ah which you can mess up a lot in traditional Rust programs.
00:47:48
J4X
So I also haven't audited that much traditional Rust programs, so I'm not an expert on that topic.
00:47:48
riptide
Mm-hmm.
00:47:54
J4X
But ah for for example, if you look at the Solana frameworks, they already manage all that for you. So if you use Solana, ah the ownership or the lifeness of the values just stays mostly during the ah during the whole call and you're the compiler is already warning you if you're doing something wrong.
00:48:13
J4X
So there is not that many ways to fuck up like the traditional Rust bugs. But in return for that, you get a lot of new bugs from the framework where you can misuse the framework, where you can do something wrong in the framework.
00:48:26
J4X
And yeah, so I would say more that there's like very traditional bugs. And those those, for example, would be for substrate, the ones I explained before with like the gas or the storage.
00:48:34
riptide
Okay. Mm-hmm.
00:48:35
J4X
And for Solana, a big thing is just ah account passing.
00:48:35
riptide
okay
00:48:38
J4X
So as you've already looked at the RAS code now, I think you know kind of how Solana and Anchor work. ah You have this very cool system, which allows for multi-threading where you pass the accounts that you will write to you or read.
00:48:51
J4X
at the start of the transaction. So the nodes can know which ones they can execute in parallel. Super cool idea in my opinion, at the beginning, I didn't really get it. And I was like, why the hell are they doing this? EVM is so much nicer and cleaner.
00:49:04
J4X
And then I realized like, hey, this makes it possible to run, I don't know, 50,000 in parallel if it works well, which is super cool.
00:49:09
riptide
and
00:49:11
J4X
um But you the problem is you yourself has to restrict what the user is giving you there. So the user can pretty much provide any address he wants. And let's say you have lending protocol and then you get like a separate account, which tracks how much your balance currently is in the lending protocol and how much you have lent out.
00:49:31
J4X
So you would, for example, pass the account and ah for the lending protocol program, and then you're your card, you can imagine it like that, which says how much you currently have in that protocol.
00:49:44
J4X
But you could pass anything there. So you could pass, you could just make up your own account somewhere else that looks the same, throw it in there and let it pass. So you have to do all these checks yourself to ensure that this is the right card that was created by your program and is for you because otherwise you could pass someone else's card.
00:50:03
J4X
And so you you do a lot of the Solana code is just restricting these accounts and checking that the correct accounts are passed. that they have the correct type, the correct structure, they they were created by the correct person.
00:50:16
J4X
And this adds a lot of overhead and it's very easy to miss something there.
00:50:16
riptide
Mm-hmm.
00:50:21
J4X
So whenever I review something in Solana, I spend a lot of time looking at these constraints, checking if they missed any small one, because they need to do it on every function for every account.
00:50:32
J4X
And sometimes they have 10 whatever constraints. for one single account. And if they just miss one on one of the versions, then they are already in a problem again. So this is just like an infinite pool of findings if usually.
00:50:46
riptide
it sounds interesting. And there's no, so I'm just using, try to use as a proxy, like where OpenZeppelin is standardized, a lot of things where people roll in their own crypto for repeatable tasks.
00:50:57
riptide
But this sounds like this has to be custom for each for each protocol, for each Rust program, because it's a unique use case. Is that right?
00:51:06
J4X
ah Yes, so Anchor takes a bit of the work away from you. If you look at traditional Solana before Anchor was around, you really at the start of every function, you have like, if you have many accounts, you have 50 if clauses, which check each of these single requirements and revert if one of them is not met, which is super ugly and also very annoying to write.
00:51:25
J4X
Now anchor added this framework where you can kind of customly define these in the header of the file, which makes it a bit cleaner.
00:51:31
riptide
Hmm.
00:51:32
J4X
And also does some of like the basic checks already for you to checks that these accounts were created by your program. If you said that, that these accounts have signed the transaction, whatever, you can just very easily verify it there, but you still need to write a lot of these.
00:51:47
J4X
So it takes away probably like 50% of the clauses you have, but everything else you still need to define yourself. so And it's also very hard to completely automate that like an open Zeppelin would do because it's just very dependent on the case.
00:52:03
J4X
So I don't think there is much more than like the anchor stuff already does that you could standardize. So this is definitely going to stay a big, big area for for finding bugs in the future.
00:52:15
riptide
Very cool. That's interesting to know. Well, take that to heart. Everyone who's listening, check it out. ah Hey, I wanted to ask you one other thing, actually a couple more things before we wrap.
00:52:26
J4X
Mm-hmm.
00:52:26
riptide
um We have another question from K42 and he says, what actionable tips can you give to acquire more private clients? And kind of touched on this, like, you know, using your, your results from contests, stuff like that. Do you have anything specific you'd like to share?
00:52:44
J4X
I think it really depends which area you want to go into. If you want to work with the agencies, I think so both ah if you want to work with the agencies or if you want to have private, private clients.
00:52:55
J4X
So I think in both cases, winning contests is the best thing you can do. Getting good results, showing them publicly and doing this continuously is the best thing you can do. for On top of that, for getting into the agencies, I think it's definitely helpful to just get to know the people that work in them.
00:53:12
J4X
Just get to know them, show yourself as a person at like a conference or a event.
00:53:13
riptide
Mm-hmm.
00:53:17
J4X
Um, that definitely helps you there. And for private clients, I can't give that much advice because I didn't. Don't do it as much as we talked about before, but I think also just like in person things will definitely be helpful. So I know that a lot of the salespeople just go to a lot of these events, like talk to the projects there, get to meet the people.
00:53:40
J4X
Um, so. Pretty classic. I think also one person that we know that is really, really good at that is Pashoff. He was really good at marketing himself on Twitter.
00:53:48
riptide
ah Shout out to Pashoff.
00:53:51
J4X
Yeah. So I think you can definitely learn a lot from like his strategy, especially if you look back, he started also ah just doing audits and
00:53:52
riptide
Great guy.
00:54:01
J4X
was just very good at marketing himself, showing his skills, showing what he's doing. And now he's running a very successful agency from what I'm seeing. So I think that's definitely where you you can learn a lot from.
00:54:15
riptide
Yeah, no, definitely. that's That's good points. um ah So the last thing I want to ask you is because I also did this for one year and I found that doing it for a year, um ah was actually finding lots of bugs and it was on a little 13 inch Dell XPS traveling across the world as kind of the the nomad, except I was i was doing it with my family.
Digital Nomad Lifestyle
00:54:39
riptide
But having that little laptop, I found so many bugs and I was just like locked in at a cafe in Japan or wherever I was. You did this for a year as well. I'm curious how that went as far as productivity. Is that better than a multi-monitor home setup?
00:54:56
riptide
Like, how did you find
00:54:59
J4X
Definitely. So I think both have their benefits. um But I also was just traveling with a small laptop. And it gives you a different kind of focus. It gives you a different kind of focus.
00:55:10
riptide
Mm-hmm.
00:55:10
J4X
And also you can cut out a lot of the noise if you're traveling. You don't have to, I don't know, take care of your apartment, ah go to these events, go, I don't know, shopping, whatever. You're just somewhere in the middle of nowhere. You're traveling. You don't really know anyone.
00:55:28
J4X
So you can really lock in. And for me, that was really great because it was pretty much at the start of my journey in auditing. Like, as I told you, it was pretty much exactly after the month where I kind of burned out. I took like one month more in Europe and then I flew away to just get into something new.
00:55:44
J4X
And it was the definitely the time where my career kind of took off. So I had some smaller results before that, but then I went just like on a winning streak, getting top three on pretty much every contest. I think i was I was like on a four or five contest winning streak, getting good results every single time.
00:56:03
J4X
And I attribute a lot of that to being able to focus so much. while being on my own and it was just an awesome experience so i was i think 23 at that time i had never really been to asia for example i only went to the yes once and otherwise i was only in europe and also that was usually with my parents So at that time I was just out on my own in a random new country. I don't speak the language. I don't know anyone.
00:56:31
J4X
And I think I grew a lot through that mentally just by once again, throwing myself kind of into the water and learning to swim, but it was such an awesome experience. And I think after some time, you also kind of burn out from the lifestyle just because you're jumping from Airbnb to Airbnb and never having a place to like settle down.
00:56:47
riptide
Mm-hmm.
00:56:53
J4X
But it's an awesome experience that I would recommend to everyone that has the financial means or for example, is starting out auditing gets their first, I don't know, five, 10 K win. Like Southeast Asia is so cheap. You can live for two, 300 bucks a month in a nice apartment. You pay like one, one USD for a good meal.
00:57:12
J4X
You have a very good arbitrage there. So just go there, log for a year, save all the money that's left over and you'll be in a whole different place a year later.
00:57:22
riptide
Oh my God, this great tips, man. I would i would completely second this, is especially as a young guy because get your first cash and roll out and just just do it, man. I mean, this is great life experience and it's not the digital nomad thing where you're...
00:57:40
riptide
Like, okay, back in the day, it was a bit more of a negative to this because you, if you worked for a company and you worked remotely, then you don't have this FaceTime at the office or something that you may need to move up in your organization. But with doing what we do, doesn't matter where you are as you could reduce your costs to nothing.
00:57:58
riptide
And I would just maybe change this a bit to how I did it. You know you can do it with the family too, but stay pick like one month and stick to one place for a month and then move. That way you don't get burnout too much with you know constantly moving and changing places, but just say, I'm going to Kyoto for one month. All right, now I'm going to wherever. and and It kind of makes it more doable. You may eventually get burnout and want to go home, but...
00:58:24
riptide
I think the biggest source of burnout when doing that nomad stuff is the constant checking in, checking out and and travel associated with it.
00:58:31
J4X
Yeah.
00:58:34
J4X
I think also but mate um of what makes it so enjoyable to me is so I'm not a big standard tourist guy. So going to a place for five days, checking out all the sightseeing and going home again.
00:58:46
J4X
What I really like is going to a different place and like living a normal life there. Sitting in my apartment, going to the cafe, going to the supermarket, maybe not doing a single sightseeing thing, but just like living life like someone there would live it.
00:58:52
riptide
Mm-hmm.
00:59:01
J4X
That's such a... unique experience and that makes it possible with digital nomading. I don't like the term of digital nomading too much because usually if someone tells you they're a digital nomad, it's like some cringe guy selling courses, how to become a course seller and you you You usually don't want to be associated with those, but the idea by itself is awesome in my opinion, especially if you don't have much holding you.
00:59:27
J4X
And in your case, you even did it with family. So it's even still possible if you have kids, if you have a wife. So I think it's an experience. Definitely everyone should make, I don't know if it needs to be for a year, but even if you do it for three months, just spend a month in Thailand, spend a month in, I don't know, Brazil or Argentina, spend a month, maybe somewhere in Eastern Europe and then go back home. It will be such a crazy experience if you only lived in U S or Germany before.
00:59:57
riptide
Absolutely.
00:59:57
J4X
So
Closing Remarks
00:59:58
J4X
yeah, high recommendation.
00:59:58
riptide
i'll i'll end I'll end with with anything is possible.
00:59:59
J4X
Yeah.
01:00:02
riptide
Every day you wake up, you could choose any path you want and you can do it. It's really, it's up to you.
01:00:08
J4X
Yes.
01:00:10
riptide
So thank you, J4X, for coming on. it was pleasure having you. We will see everyone next time on the blockchain.
01:00:14
J4X
Thank you very much.