College student here, Need advice or a roadmap from seniors. Do i need pen testing, bug bounty prerequisites in order to get a job? I'm currently Learning web app vulnerabilities through Portswigger, YouTube content, and hackerone reports. is it possible if i take CRTO1 and build stuff my self?