Look for areas that are less likely to have been looked at already. This might mean jumping on a program as soon as it comes out, digging deep into an application to find panels or other areas that aren’t easily found at the surface level, or using/creating tools that monitor for changes in applications.
For the last one, here’s what I mean: organizations deploy changes at different paces, but many strive to deploy frequently. Each deployment brings opportunity since things (endpoints, JS files, libraries, etc) change, sometimes things break, and new code/libraries/endpoints/etc means more things to test. By having a tool that monitors for those changes, you can get alerted and jump on it as soon as it happens – again, before others have a chance to do so.