Stuck choosing a cybersecurity specialization — especially with a local market context (Senegal). Need honest advice.
Hi everyone,
I’ve been deep into cybersecurity for a while now and the problem is… I love all of it. Red team, blue team, web pentesting, network pentesting, malware analysis — I’ve touched everything and genuinely enjoyed it all. And now that’s actually my biggest problem.
I want to pick ONE thing and go hard on it for the next 3–4 months. Build real depth, not just breadth.
Here’s my dilemma:
Web pentesting feels like the obvious choice skill-wise. I enjoy it, there’s a clear learning path, and bug bounty is a real income stream. But:
• Bug bounty is insanely competitive globally
• In Senegal (where I’m based), web pentesting isn’t really an established local market yet
• Companies here are more likely to ask for network pentesting if they want any freelance security work done
Network pentesting is less exciting to me personally, but it seems more aligned with what local businesses actually need and pay for.
So I’m torn between:
1. Following what I’m better at / enjoy more (web) and betting on bug bounty + remote work
2. Specializing in what the local market actually wants (network) and building a freelance client base in Senegal
For those of you who’ve been through this — did you follow the market or follow your interest? And did it pay off?
Also curious if anyone here has navigated cybersecurity freelancing in an emerging/developing market. The dynamic is very different from Europe or the US and I rarely see it discussed.
Thanks