My issue with canvas fingerprinting and, well, any other fingerprinting is that it makes the situation even worse. It plays right into the hands of data brokers, and is something I've been heavily fighting against, and simply don't visit any website that doesn't work in my browser that's trying hard not to be fingerprintable.
Just now there is an article on the front page of programming.net about how are data brokers boasting to have extreme amounts of data on almost every user of the internet. If the defense against bot will be based on fingerprinting, it will heavily discourage use of anti-fingerprinting methods, which in turn makes them way less effective - if you're one of the few people who isn't fingerprintable, then it doesn't matter that you have no fingeprint, because it makes it a fingerprint in itself.
So, please no. Eat away on my CPU however you want, but don't help the data brokers.
I started as part time without any experience durring my college. I was studying gamedev software engineering, but we had one voluntary class about Ethical Hacking.
I just asked my professor if he can reffer me to someone in the field, followed OWASP Web App Testing guide to the letter when testing the interview homework website, and landed the job without much prior experience (I did attend a few CTF competitions, though).
Just following the checklist in OWASP testing guide made my results comparable to, or even better to some of my colleagues, and I've slowly learned the rest (especially internal domain pentesting) from our internal documentation or shadowing seniors during pentests, and simply being interrested in the field, having initiative and looking up new tools and exploits eventually got me to a Red Team Lead role (not a very good RT, though, but it did improve eventually).
The pay was pretty good compared to what's usuall here in Czech, too. I could comfortably pay rent and get by even with part-time, during college.