My Story of Building a Profitable Cybersecurity Blog: How Much Do I Earn?

With the rise in cyberattacks, the demand for cybersecurity specialists is increasing. As this role requires significant knowledge and proficiency in various tools, there’s also a growing need for high-quality cybersecurity content.

One way to address this need for high quality technical content is through informative blogs. Recognizing this, I decided to start my own cybersecurity blog.

So, in this article, I will share my experience of building a cybersecurity blog and how much money I earned from it.

I started the blog 2.5 years ago. Today, it remains a popular website, even though I stopped writing for it a year ago. Here are the visitor numbers from this year:

These numbers are from Google Search Console, which only counts visitors from Google. The real visitor count will be a little be higher if we include data from Google Analytics.

Why I Started the Blog?

I enjoyed blogging and started writing about cybersecurity as a hobby. Four years ago, I came across Spencer Haw’s website, Nichepursuits.com, which talks about building niche websites. I decided to target keywords that had little competition and were easy to rank for.

However, this approach proved difficult in the long run. Writing about topics you don’t enjoy can become tiresome.

Eventually you will start hating to write about removing black mold even though it pays your bills.

After initiating several blogs that I ultimately chose to discontinue, I decided to focus on a subject that genuinely interested me — cybersecurity.

I was starting my career as a penetration tester and learning new things all the time. I found many topics in cybersecurity that I could write about. I knew there was a demand for this content.

There are still many topics to write about in the field of cybersecurity. It’s not saturated, and if you create high-quality content, you’ll definitely find your place.

I also wanted my blog to earn money.

In the best-case scenario, you’d want to get compensated for something you love doing. If you can make a full-time living from it, then it’s a dream come true.

While the chance of making a full-time income from it was small, I hoped to earn a little extra money. I also had more reasons to start a cybersecurity blog:

• Building my own brand. This could help me get better jobs or start a security consulting services.
• Growing as a specialist. Writing about something helps me understand it better.
• Creating value. One of the best feelings is seeing the project you’re working on start to get traffic. Watching the number of visitors increase each month motivates you to write more. Understanding that you’re educating people is also satisfying. While I have had thoughts that malicious individuals might also read the same content, I choose to believe that such individuals represent only a small fraction of all visitors. I deliberately avoid any blackhat techniques in my blog.

Even if you are not in cybersecurity, I recommend writing a blog. It can be helpful in many ways.

I would also encourage you to do the same — no matter what niche you are in — be it cybersecurity or not, writing a blog will be beneficial for you in many ways.

Topics I Decided to Cover in My Blog

These were the initial categories I decided to focus my blog on:

• Bug Bounty Tips: This includes everything related to bug bounties, such as security issues found, bug bounty platform reviews, vulnerability program reviews, etc.
• My Journey: For example, the process of learning something new or discovering a bug.
• Course and Book Reviews: Since I am constantly learning, I often review educational materials.
• Tool Tutorials: Tools are crucial for a security researcher. That’s why I dedicated a separate category to them.
• Defensive Security Tips: This is a category for everything that doesn’t fit into the previous ones. I publish articles about general security topics under this category.

Initial Costs

I didn’t wanted to invest too much into a WordPress blog. After all, the content is what matters, not some fancy design. So, the initial costs were not big. First of them was the domain registration fee.

2021 03 -14 was the date I purchased a domain bughacking.com. This is officially the birthday of my blog.

I spend 27.18$ for 3 years registration fee.

I also wanted the website to look clean and simple. That’s why I bought a premium WordPress theme.

The premium GeneratePress theme costed me 59$ usd for a year.

The great thing about the licensing of GP, is that after an year you still can use the theme, but you don’t get the premium plugin and you can’t perform customizations with it. However, my plan was to create a simple, good looking website and focus on creating content, not on tweaking the design, so this was not a problem for me.

I am really bad with design, so I decided to buy a simple logo for my website from a designer on Fiverr.

I spend around 12 USD for the following logo:

When I asked my friends what do they think about it, some of them saw an alien in the logo, and some managed to see a frog.

But hey, it is still better than with anything I would draw myself. And for the price I paid, I am happy with the result.

So, this is how the initial version of a website looked liked:

And the article pages look like this:

And of course, I had to buy a hosting to host my website. In the past I had good experience with Hostinger, so I decided to buy a dedicated VPS for my website for them. It costed me about 50 USD for a year.

So, in total:

• 27 USD for domain registration
• 59 USD for WordPress theme
• 12 USD for logo
• 50 USD for VPS

I spend almost 150 USD to start my blog.

Note: I calculated only approximate amount spend, as for some of the services I paid in USD, and for some in EUR.

Creating the Content

As I mentioned earlier, I chose to write about various topics, including bug bounty tips, write-ups of my journey, reviews of courses and books, tool tutorials, and defensive security tips.

The first and longest article is the DVWA Ultimate Guide — First Steps and Walkthrough. For those who don’t know, DVWA is a deliberately insecure web application that allows security specialists to practice their hacking skills.

I spent over a month creating it. It required a lot of effort to learn all the different aspects and then write about them. I did this in my free time, and it didn’t feel like work at all. I enjoyed doing it.

To date, this is the longest piece I’ve written, with over 12,000 words. It’s also one of my best-performing articles in terms of search volume. One reason for this is that it covers many keywords.

Other articles you can find on my blog include:

• Product reviews — ethical hacking book, gadgets, laptop reviews
• How-to articles — explaining how to install a subdomain enumeration tool, directory bruteforcing tool, how to encrypt the Kali Linux disk, etc.
• Informative articles — secure email providers, how to monetize cybersecurity skills, how safe is it to use public WiFi, etc.
• Bug bounty and learning articles — I have several articles reviewing learning resources or offering bug bounty tips.

To this day, my blog consists of 62 articles.

Some of them are outsourced, but I will discuss this later.

Over the last 16 months, I have received 165k organic visitors, primarily from Google.

Feel free to explore my website to better understand my blog and the variety of articles I have published.

The Ups and Downs of Outsourcing Content Writing

And at some point I decided to hire some writters…

That was a mistake.

At some point, I thought I could accelerate my site’s growth by hiring external writers. At this point, I was hoping I would get accepted by Google Adsense. Even though the guidelines are strict about hacking content, in each of the articles, I emphasized the ethical aspect of using the techniques and tools I wrote about. I also avoided topics on cracking, malware, spying, or any other shady activities on my blog.

To earn decent money from ads, you need a lot of visitors. So, besides writing my own articles, I thought hiring freelancers would create a snowball effect for my website. Therefore, I came up with a list of easy-to-write topics that a cybersecurity non-expert could write. Then, I found writers on Fiverr who specialized in cybersecurity or technology writing.

From my experience, freelancers who market themselves as “cybersecurity writers” are not cybersecurity specialists. They have simply chosen this niche to increase their chances of attracting customers.

I couldn’t afford to hire freelancers who might provide the best quality articles, which might explain my experience. However, I sought a balance between price and quality.

There’s a different story about how I chose the writers, but I ended up working with five writers. Some of them only received one order for a 2k article, and with others, I made a few orders.

In total, I ordered 16 articles from Fiverr and spent approximately 475 USD.

Talking about content, they vary in length and topics. Some of them are product reviews; some are informative articles. But I focused on outsourcing the writing of simple topics only. I knew the writers would not be able to generate the same insights about cybersecurity topics that I could.

Was I happy with the results?

Kind of. It wasn’t too bad for the price I paid. But in some cases, it was just a wall of text, and with other articles, it looked like the text was copied from somewhere. However, I checked them with Copyscape, and it didn’t show any plagiarism.

Do the articles bring the most traffic to my website right now?

Unfortunately, no. While there are a few articles that are popular, most of them aren’t. I get the most traffic from my own articles.

From this experience I’ve made the following conclusions:

• It requires a lot of my own time to research a topic and provide guidelines. Different writers have different concepts of how the end result should look like. The risk of getting a writing piece that doesn’t fit the reader’s voice is even higher when dealing with writers on the lower end of the pricing. So, even though my plan was to save my own time to focus on more complex topics, I ended up spending too much time delegating tasks.
• There’s always a risk of plagiarism. Of course, there are services that help with plagiarism. But now, with the rise of ChatGPT, the risk of getting an article written by AI is even higher. You can get your site penalized for such content, so you must be careful. And of course, paying a decent amount of money for content generated by AI, without much effort, doesn’t make business sense.

I would take this experience as a good lesson for my future projects.

How Much Did I Earn From the Blog

Now comes the interesting part of the article — I will reveal how much I earned from my cybersecurity blog, bughacking.com.

As I’ve explained, I wanted to increase bughacking.com’s traffic to serve ads on my blog. Unfortunately, my site was not approved by Adsense.

The reason I can’t monetize my blog with ads is that the content I created is considered as “any form of hacking” by Google Adsense guidelines.

This means I can’t get my site approved by Adsense, and most ad networks require the site to be “Adsense compliant.”

Even though I know sites that serve ads on their cybersecurity content-based websites, my application was rejected.

Therefore, I had to try different monetization methods. One of them was advertising a VPN. This was not very effective, and I only got a few sales. I had the VPN ad banners for almost half a year, and I earned only 100.67 USD.

As I had poor results with it, I decided to remove the banners.

The other monetization method I used for the blog, which was the most profitable, is Amazon Associates.

Amazon Associates is an affiliate program that allows website owners, bloggers, and content creators to earn commissions by promoting Amazon products on their platforms. When a visitor clicks on an affiliate link on the associate’s website and makes a purchase on Amazon, the associate earns a percentage of the sale as a referral fee.

I didn’t monetize all of my articles because it isn’t always appropriate (for example, you can’t write an article about how to install DirBuster and end the article with “here is a great laptop for hacking, if you want a machine to run DirBuster on”). However, some product review articles were perfect for inserting Amazon affiliate links.

And the interesting part — how much did I earn? Considering I spent almost 500 USD on articles, and around 150 USD for initial blog costs, let’s see if this was even profitable.

I monetized my blog at the beginning of 2022.

In 2022, I earned a total of 354.54 USD from my blog.

This isn’t a niche with many buyers. For example, the conversion rate in 2022 was only 2.86%, meaning that less than 3 percent of people who clicked on the links bought something.

When it comes to 2023, these are the results:

And if I add VPN earnings, Amazon Associate earnings in 2022 and 2023, I end up with 536.43 USD earned.

Am I happy with the results?

From a financial perspective, I am not. I still had to pay taxes from the amount that I earned, so the income is even lower. This barely covers my initial investment. Also, let’s not forget the many hours I spent writing the articles. I consider this time even more valuable than the time I spend at work, as this is my “rest time” when I’m already a little tired from doing something else. If I had spent that time freelancing, I could have earned a good amount of money.

However, not everything is about money. I benefited in different ways.

How Blogging Enhanced My Career and Skills

Writing a blog has provided me with several benefits:

• Career Opportunities: There were several cases during job interviews where I received compliments for my blog. I also received an offer to write for a cybersecurity training company’s blog. Moreover, there’s a chance that I wouldn’t be at my current company if I hadn’t been writing a blog. This is something that definitely helps me stand out from other security professionals who aren’t actively building their brand.
• Improved Writing Skills: This is something that continues to benefit me in many areas. I am not only able to write higher-quality articles, but this skill is also handy in day-to-day activities. As a security engineer, I have to write documentation from time to time and consult mycolleagues who are not security-savvy. Being able to write informative yet succinct technical pieces is crucial.
• A New Hobby: Although it’s easy to feel overwhelmed by the task of growing your blog (especially at the beginning), it is an enjoyable endeavor. Combining two things that I love — cybersecurity and blogging — and seeing my content attract more readers while realizing I am helping people is rewarding.

There were also some proud moments when I benefited from my own posts. One of the cases was when I was lecturing in penetration testing courses. I gave my students a task of solving some of the DVWA challenges. As I had written a comprehensive guide to it for my blog, I was able to use it as a reference to prepare the exercise.

Another instance was when I was doing a pentest, and I forgot how to install Searchsploit on a fresh Linux distribution. I Googled to find an answer and, to my surprise, my own article was in the top position. When you have 50+ articles, you tend to forget what smaller topics you’ve covered. It’s a small detail, but it feels gratifying.

Transitioning to Medium: A New Chapter in My Writing Journey

I’ve decided to start writing on Medium and create my brand there, instead of writing under the Bughacking.com name.

One of the reasons for this shift is that Medium allows me to write shorter articles, and for some topics, a shorter post is better. It alleviates the need to worry much about SEO.

When you are writing on your own blog, you always have to think about keywords, text length, and all other SEO-related factors. With Medium, traffic is already there. You can post under a publication, and users will see your writing. I understand that SEO also plays a role there, but when writing on Medium, I feel more relaxed and can focus more on the content itself without worrying about SEO as much.

I’ve always appreciated Medium as a platform.

So, I have decided I won’t be focusing on Bughacking.com at this time.

Of course, from time to time, I will review and update my articles as needed. However, I am not planning to create new content at the moment.

I hope my story was useful.

Enjoy unlimited access for every story on Medium for just $5/month by signing up through the link provided.