Profile Of An Ethical Bug Hunter

Uploaded on 2018-06-18 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Ethical hacking was once the pursuit of security researchers who wanted something to present at their next conference, or lone wolves who enjoyed the thrill of the chase - but not the threat of prison.

Today, ethical hacking has become big business in the form of bug hunting. More and more companies, from the likes of Microsoft and Google, industries giants such as GM and Uber, and even US government agencies such as the Army and Air Force, now run bug-bounty programs and competitions.

Startups such as Bugcrowd and HackerOne that facilitate bug-bounty programs claim hundreds of thousands of ethical hackers on their platform between them, all ready to help check the security posture of an organization and make a buck or two in the progress.

So, who are these Ethical Hackers?
Both HackerOne and Bugcrowd have released demographic reports outlining who their hackers are. Bugcrowd claims 80,000 researchers on its platform, HackerOne just over 160,000.

“In general, members of our community are young males, ages 17 to 25,” says David Baker, CSO of Bugcrowd. “A lot of them have college degrees and work in security industry. A gaming background is huge draw because, once people realise this game model to engage in where they can hack companies and get paid for, it is fun for them.”

“A lot of them are doing this as a spare-time thing to augment cash or doing it as a context to learn more and for the challenge and to increase of skills. 

“The exception to that, and it’s a growing exception, participants from countries with lower purchase power. The lower the purchase power parity rate of the researchers, the less likely they are to jump into this full-time. There’s also a small group we refer to as super-hunters, people who make $250,000 annually or more. There are probably around 20 to 25 of these people.”

While the companies launching bug bounty programs seem to be mostly based in the US and Europe with a growing uptake in the Asia-Pacific region, and the hackers themselves have a similar geographic spread. 
The US, India, and UK are Bugcrowd’s largest geographies, while the US, India, and Russia represent HackerOne’s biggest communities.

The majority of hackers on both platforms are young: 71 percent of bug hunters on Bugcrowd are between 18 and 29 years old, while more than 90 percent of bug-bounty hackers on HackerOne are under the age of 35 (45 percent are ages 18-24, and 37 percent ages 25-34), and the majority on both started hacking in the last few years. More than half have studied computer science at some level.

Nearly half of HackerOne’s audience has a tech-related job (in IT, software, or hardware), a quarter are currently at study, and about 12 percent class themselves as consultants. Bugcrowd’s audience is largely made of penetration testers (22 percent) consultants (18 percent), and students (15 percent). Hackers on both platforms have similar reasons for doing what they do: Learning/professional development, the challenge, and money were listed at the three main drivers for hacking on both platforms, with money coming third on both.

How much do Ethical Hackers Earn? 
How much a hacker can earn obviously depends on a variety of factors.
According to HackerOne’s yearly report, hackers in India can earn an average of 16 times the median salary of a software engineer in the country, while the rest of the world can earn more than 2.5 times the median salary of a software engineer in their home country.

Infoworld:        Image: Nick Youngson

You Might Also Read: 

Ethical Hacking Is A Great Career Option:

Ethical Hackers: We Want You For A New Recruit:
 

 

« Israeli Cybersecurity Company Beats All Hackers
Cryptocurrency Malware Theft Is Worth Millions »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Scale Computing

Scale Computing

Scale Computing is an industry leading application platform for EDGE computing environments covering retail, manufacturing, financial services and government.

TestFort

TestFort

TestFort QA Lab is a specialized software testing company offering independent quality assurance and software testing services.

GuidePoint Security

GuidePoint Security

GuidePoint Security provide information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals.

Hacker House

Hacker House

Hacker House teaches you what hackers can learn about your business and systems so that preventative solutions to protect your assets can be applied through active measures.

Wotan Monitoring

Wotan Monitoring

Wotan Monitoring is the software solution for fully automatic process monitoring, infrastructure monitoring and end-to-end monitoring.

NGS (UK)

NGS (UK)

NGS (UK) Ltd are independent, vendor agnostic, next generation security trusted advisors, providing all-encompassing solutions from the perimeter to the endpoint.

Proton Data Security

Proton Data Security

Proton Data Security is a certified small business specializing in the design, manufacturing and sales of data security products for permanent erasure of hard drives, tapes and optical media.

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

CSRI solves the cyber security threats of tomorrow, today. We work with industry and government leaders on innovative research that has real-world impact.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

Gulf Business Machines (GBM)

Gulf Business Machines (GBM)

GBM is a leading end-to-end digital solutions provider, offering the broadest portfolio, including industry-leading digital infrastructure, digital business solutions, security and services.

KYND

KYND

KYND has created pioneering cyber risk technology that makes assessing, understanding, and managing business cyber risks easier and quicker than ever before.

Nclose

Nclose

Nclose is a proudly South African cyber security specialist that has been securing leading enterprises and building our security portfolio since 2006.

Indevtech

Indevtech

Indevtech has been serving Hawaii since 2001, providing end-to-end managed IT services to small- and medium-businesses.

SydeLabs

SydeLabs

At SydeLabs, our mission is to ensure the comprehensive security of your AI systems.

CertX

CertX

CertX is a Swiss functional safety, cybersecurity and artificial intelligence certification body.

Motive Managed Services

Motive Managed Services

Motive Managed Services take the complexity out of IT, Cybersecurity, and Network Operations, so you can focus on growing your business.