White Hat Hackers Turning Security Bug Bounty Hunters
White hat hackers have a new way to earn a living outside of being a 9-to-5 employee in an enterprise or data center, and that is becoming a security bug bounty hunter. Being ‘your own boss’ is a very enticing possibility regardless of industry, and cybersecurity professionals are no different. Many are now migrating and transitioning become a bug hunter, effectively leaving the life of an employee who is obligated to spend 8 hours a day in the office for the same repetitive IT job.
Security flaws are becoming like the gold rush for decades ago, as companies are willing to pay $500,000 a year to white hat hackers just to keep their systems as bug free as possible. “Companies are increasingly looking for alternatives for cybersecurity testing as millions of jobs in the field go vacant. They found a particular vulnerability class and they go after that over and over again at different companies. They will go all around cyberspace and try to find as many opportunities to exploit that vulnerability as they can,” explained Casey Ellis, Chief Executive Officer of Bugcrowd, an emerging security bug bounty company.
Cybersecurity jobs are highly specialized job that only a few possess the necessary skills to perform it well. In one study, around 3.5 million cybersecurity-related jobs will never be filled by 2021, a proof of the migration of cybersecurity professionals from big enterprises to freelance white hat hacking/bounty hunting job. “Last year, the company saw it’s largest payout for a single exploit — $113,000 for a bug found at a large tech hardware company. They also have good reconnaissance skills and are able to operate on an understanding of what might cause the most damage to an organization. A good sense of how businesses work, or how their infrastructure is built, is really helpful,” added Ellis. This increases the interest of ethical hackers to just leave their corporate jobs, as bug hunting pays a lot for less efforts on their part, like traveling to a physical office.
Aside from regular bug hunting, white hat hackers can also earn popularity for themselves like any celebrity, by participating in the bi-yearly Pwn2Own contest. We have reported about the winners of the competition last Nov 16, 2018 here in hackercombat.com. Ethical hackers that are pushing the industry of white hat hacking forward are not middle-aged men, but rather very young IT professionals with ages ranging from 18 to 44 years old. Many of whom do not have Bachelors degree or even units in a University, exposing the fact that the most skilled hackers today are self-taught.
For those interested of joining bounty programs, below are some links for more information: