(no title)

After setting up a profile on sites like Xing (works best for Germany) or Linkedin and adding some relevant buzzwords, you get basically swarmed by recruiters. The offers from recruiters might not be the most interesting, but you still can use them to get some information and feedback.

Just show that you have a personal interest in security. For Example I have myself participated in a bunch of bug bounties, hitting most of the big ones (Dropbox, Facebook, Google, Microsoft, Mozilla, Paypal, Twitter, ...). While finding big problems in the higher payed ones might be trickier, there are always companies that just offer a thanks or some swag. An alternative would be to look at open source projects and try to get some CVEs. Of course this depends on what field of security you want to end up in.