Humanbeing

FAQ #1: "I’ve been doing audits for a long time but don’t see any progress. What am I doing wrong?" I often get asked the same questions about auditing and security in private. While I want to help, my time is limited, and repeating myself isn’t practical. That’s why I created this FAQ series—to share detailed answers to the most common questions I receive. For the first installment, I’m tackling the question I hear the most: "I’ve been auditing for X amount of time but still can’t compete. What am I doing wrong?" Let’s start with a truth: auditing and security is hard. There’s a reason people in this field earn millions—it’s a tough, ever-changing discipline. Let’s be real—I can’t tell you exactly what you’re doing wrong because I don’t know you as well as you know yourself. But what I can do is point out some classic traps that kill growth. If you’re stuck and not seeing progress, odds are you’ve fallen into one of these. Read them carefully, and for the love of everything, be honest with yourself. 1. Unrealistic Expectations + Low Effort This is the ultimate career killer. Unrealistic expectations combined with low effort? You’re done. I’ve gotten messages like: “I spent 8 hours on this codebase and found nothing.” What the hell did you expect?! Mastery takes time, focus, and serious work. If you’re not tracking your actual hours and think you’ve been “auditing for weeks,” chances are your focused time is way lower than you think. Stop lying to yourself. 2. Jumping Ahead Without Mastering the Basics This is a trap I’ve fallen into myself: chasing the next shiny object instead of doubling down and mastering something. If you’re new, you need to stop jumping around and stick to a plan. Once you’ve built a solid foundation, learning other skills and technologies becomes way easier. Until then, stop skipping steps and focus. 3. Pattern Matching Without Understanding Humans love taking the easy way out. Instead of spending days or weeks understanding a codebase (which, by the way, is one of the most valuable skills you can develop as an auditor), people look for shortcuts. They copy issues from other reports or find basic patterns, like “no partial liquidation allowed” or “Chainlink-redstone oracle blah blah.” Sure, with enough luck and repetition, you might stumble into a payout. But here’s the problem: you’re not improving. You’re just stuck in a loop, waiting to get lucky. 4. "I’ll Do 8–10 Contests a Month and Get Rich" Let me be blunt: if you’re broke and think you’ll gain experience and make bank by speed-running contests, you’re setting yourself up for failure. Early on, your goal shouldn’t be money—it should be improvement. When I started, I didn’t even track my earnings. I tracked lines of code I read daily. I focused on large codebases, spent ridiculous amounts of time testing attack vectors, and built a solid methodology. You can’t rush this. Put in the work. 5. "I’m Not Ready Yet" "I need to do five more shadow audits and watch three more YouTube tutorials before I’m ready." No, you don’t. Stop procrastinating. Passive learning (where nothing is at stake) won’t get you anywhere. You have to learn by doing and failing. My approach when starting out? “I’m going to do 10 competitions, give it everything, fail hard, and learn faster.” The sooner you embrace failure, the faster you’ll grow. Fail fast, fail early. 6. Blaming Everything But Yourself "I didn’t win because platform X sucks, judge Y is biased, or auditor Z showed up." Let me tell you something: that mindset is trash. Excuses won’t change your reality. If you’ve ever done anything competitive—sports, online games, whatever—you know this: you suck right now, and that’s okay. What’s not okay is blaming everyone else. Embrace it, own it, and push harder.