I keep getting interviews for security roles but can’t pass them since they are at competitive companies. How do I stand out for product security roles? Right now I understand buffer overflow, ASLR, PIE, NX/DEP, ROP, fromat string and some heap. I think heap, kernel, and race conditions are areas I need to learn next. Should I learn CodeQL and start fuzzing(I have found some minor vulns but never in very large widely used code) or learn more security first? I am a sophmore in college and will be interning as a software engineer at Amazon this summer. My dream is to work for Google Project Zero or some other security research team.