6 Personality Profiles of White-Hat Hackers
From making the Internet safer to promoting their security careers, bug bounty hunters have a broad range of motivators for hacking – most just like the challenge.
When the general public thinks of "hackers," top-of-mind thoughts include cybercriminals breaking into large retail stores like Target or Home Depot or state-sponsored hackers from adversary nations such as China, Russia, Iran, and North Korea. The bug bounty movement has been working hard over the past several years to raise the profile and improve the perception of white-hat hackers. While white-hat hackers have been around for a couple of decades, new bug bounty companies such as Bugcrowd and HackerOne have legitimized the work of white-hat hackers. The US Department of Defense has even bought in during the past year by starting a bug bounty program of its own.
Already, Bugcrowd customers have paid out more than $10 million in bounties and HackerOne has topped $20 million.
“While someone living in New York or San Francisco would have to earn at least $100,000 to do bug hunting full-time, for people in places like the Philippines, something like $300 a month can be enough to survive on,” said Sam Houston, senior community manager at Bugcrowd. “The vast majority of Bugcrowd users are based in the United States and India, but more and more we are getting people from around the world from places like Egypt, Morocco and Turkey.”
According to a recent Bugcrowd report, Inside the Mind of a Hacker 2.0, the company lays out five profiles of white-hat hackers. The categories range from people who are attracted to hunting bug bounties to make the Internet safe to those who do hacking full-time as a vocation. HackerOne, which added a sixth trait, reports in The Hacker-Powered Security Report 2017 that the average bounty paid to hackers for finding a vulnerability reached $1,923 in 2017, up 15% from $1,631 in 2015.
Based on interviews with Bugcrowd’s Houston and Michiel Prins, co-founder of HackerOne, we developed a list of six traits of hackers that we think our readers will find familiar.
The full-timers have advanced to the point where bug hunting has become their primary source of income, with 43% spending more than 21 hours a week hunting bugs. At this point, most full-timers are in it for the money, using the income from bug hunting to pay bills and living expenses. Bugcrowd reports that the full-timers are mostly seasoned security pros with 47% having three or more years working in the security industry. While full-timers like the flexible work hours that bug hunting offers, they also enjoy taking on challenging targets and receiving positive feedback from the research community.
Virtuosos are motivated by a desire to become a part of the security elite. They are the most experienced group, says Bugcrowd, with 55% having been in the security industry for more than three years and 29% for more than five years. When asked about their career aspirations, the vast majority seek to be a high-level security engineer at a top company. For them, bug bounties are a way to sharpen their craft and get a leg up on their competition. Most are motivated by the challenge of the hack, with 52% choosing bug bounties based on the level of difficulty. A full 70% spend the money from bug hunting on security tools and professional development.
When the general public thinks of "hackers," top-of-mind thoughts include cybercriminals breaking into large retail stores like Target or Home Depot or state-sponsored hackers from adversary nations such as China, Russia, Iran, and North Korea. The bug bounty movement has been working hard over the past several years to raise the profile and improve the perception of white-hat hackers. While white-hat hackers have been around for a couple of decades, new bug bounty companies such as Bugcrowd and HackerOne have legitimized the work of white-hat hackers. The US Department of Defense has even bought in during the past year by starting a bug bounty program of its own.
Already, Bugcrowd customers have paid out more than $10 million in bounties and HackerOne has topped $20 million.
“While someone living in New York or San Francisco would have to earn at least $100,000 to do bug hunting full-time, for people in places like the Philippines, something like $300 a month can be enough to survive on,” said Sam Houston, senior community manager at Bugcrowd. “The vast majority of Bugcrowd users are based in the United States and India, but more and more we are getting people from around the world from places like Egypt, Morocco and Turkey.”
According to a recent Bugcrowd report, Inside the Mind of a Hacker 2.0, the company lays out five profiles of white-hat hackers. The categories range from people who are attracted to hunting bug bounties to make the Internet safe to those who do hacking full-time as a vocation. HackerOne, which added a sixth trait, reports in The Hacker-Powered Security Report 2017 that the average bounty paid to hackers for finding a vulnerability reached $1,923 in 2017, up 15% from $1,631 in 2015.
Based on interviews with Bugcrowd’s Houston and Michiel Prins, co-founder of HackerOne, we developed a list of six traits of hackers that we think our readers will find familiar.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024