I'd say it's safe to call me a "Security Researcher". -- I've definitely found more than TWO major vulnerabilities.
Can't always cash out on them. You have to keep them in your chest.
First I found 13,000 Names. Got an article wrote about. Actually MORE than one now. For the FIRST EXPLOIT of HealthStream.com -- And they never gave me money.
The past few nights I found a few others. Trying to speak with a COLLEGE, civilly. (I know you're about to read this).\\
I don't go public. Unless/Until I have to. Healthstream.com -- Didn't care about their end user data. -- They didn't pay for their mistake. AND IT ISN'T MY MISTAKE I FOUND THIS DATA. DON'T PUT THIS ON ME.
I spoke with many of their CEO's -- They had NOTHING to respond with. And they even asked what I wanted for a reward or recognition. THEY ACKNOWLEDGED ME... and then tucked their tail inbetween their legs.