Too Long; Didn't Read
Bug bounty programs have been around for over two decades, but it's only a couple of years since organizations started adopting this on a large scale. The concept of crowd sourcing talent and test security to assess the flaws kicked off well. Once mastered, you'd be able to do much more than finding vulnerabilities: you would develop cool security apps or do lots of hunting on your own and write a research paper. Read other established bounty hunters, books you can take reference from or stories how someone got a breakthrough.