There are very few technology careers that offer the chance to demonstrate ones skills in exclusive venues worldwide, from luxury hotels to Las Vegas e-sports arenas, peers cheering you on as your name moves up the leaderboard and your earnings rack up.
But that's what Brandyn Murtagh experienced within his first year as a bug bounty hunter.
Murtagh got into gaming and building computers at 10 or 11-years-old and always knew "I wanted to be a hacker or work in security".
He began working in a security operations centre at 16, and moved into penetration testing at 20, a job that also involved testing the security of clients' physical and computer security: "I had to forge false identities and break into places and then hack. Quite fun."
But in the past year he has became a full-time bug hunter and independent security researcher, meaning he scours organizations' computer infrastructure for security vulnerabilities. And he hasn't looked back.
Internet browser pioneer Netscape is regarded as the first technology company to offer a cash "bounty" to security researchers or hackers for uncovering flaws or vulnerabilities in its products, back in the 1990s.
Eventually platforms like Bugcrowd and HackerOne in the US, and Intigriti in Europe, emerged to connect hackers and organizations that wanted their software and systems tested for security vulnerabilities.
As Bugcrowd founder Casey Ellis explains, while hacking is a "morally agnostic skill set", bug hunters do have to operate within the law.
Platforms like Bugcrowd bring more discipline to the bug-hunting process, allowing companies to set the "scope" of what systems they want hackers to target. And they operate those live hackathons where top bug hunters compete and collaborate "hammering" systems, showing off their skills and potentially earning big money.
The payoff for companies using platforms like Bugcrowd is also clear. Andre Bastert, global product manager AXIS OS, at Swedish network camera and surveillance equipment firm Axis Communications, said that with 24 million lines of code in its device operating system, vulnerabilities are inevitable. "We realized it's always good to have a second set of eyes."
Platforms like Bugcrowd mean "you can use hackers as a force for good," he says. Since opening its bug bounty programme, Axis has uncovered – and patched - as many as 30 vulnerabilities, says Bastert, including one "we deem very severe". The hacker responsible received a US$ 25,000 (£19,300) reward.
No comments:
Post a Comment