tl;dr For a young developer interested in switching to security, are infosec certifications worth the paper their printed on in the job search?<p>As a hobbyist, I've just been blogging about security issues and doing my best to collect bug bounties as a freelance pentester, thinking that once I reach a certain dollar amount, I can put it on my resume as $XXXX money made collecting bounties and that'll be a persuasive plank, along with my technical (non-security) dayjob experience, in my argument for that first infosec position. Is this approach mistaken?<p>If certifications would be a good way to go, which ones are worth it? I'd never consider them in the development world (github examples of real projects are so much more persuasive), but I don't know if that approach fits the industry.