After 8 weeks as a professional penetration tester, I finally achieved my first finding - a high severity vulnerability that led to an escalated incident. While I have found a few vulnerabilities in the past via responsible disclosure programs before getting a penetration testing job, it feels incredibly validating to succeed in a professional context! I want to discuss my thought process, so I can teach other people what works and for personal reference in the future.