meet the hackers powering the world's best bug bounty programs
TRANSCRIPT
MEET THE HACKERS POWERING THE WORLD’S BEST BUG BOUNTY PROGRAMSAdam Bacchus, Chief Bounty OfficerLauren Koszarek, Dir. of Communications
Adam Bacchus serves as Chief Bounty Officer at HackerOne. Previously Adam was a member of Snapchat’s security team. Before Snapchat, Adam was on Google’s security team where he helped run Google’s penetration testing and bug bounty programs. Adam’s previous experience includes four years of security consulting, primarily in application and network pentesting.
@sushihack
Lauren Koszarek is the Director of Communication at HackerOne. Previously Lauren was a Security Communications Strategist for Blackberry. Lauren has experience driving proactive and reactive communications for brands including, Microsoft Trustworthy Computing, T-Mobile and HTC, among other.
@LKozz
Adam Bacchus
Lauren Koszarek
● Hacking scalability● Hacker survey data● Hacker profiles● 4 Reasons to work with
hackers● Q&A
Today’s Agenda
Bug Bounty 101
HackerOne is the world’s #1 bug bounty platform
Strength in Numbers
Not even the strongest or most skilled organizations have the headcount and capacity
to avert system vulnerabilities on their own.
Strength in Numbers
Security experts
in your
organization
Strength in Numbers
Security experts
in your
organization
Security experts among
all your vendors and
contractors
Strength in Numbers
Security experts
in your
organization
Security experts among
all your vendors and
contractors
80,000+ white hat hackers
on HackerOne
Strength in Numbers
80,000 hackers strong
$10,000,000+ earned in bounties
32,000+ vulnerabilities resolved
600+ customers
Who Are These Hackers?
/ha–ker/: One who enjoys the intellectual challenge of creatively overcoming
limitations. - MIT
Hackers ARE: Problem-solvers, Curious, Technically skilled, Diverse in background and education
Hackers are NOT: Criminals. Using their skills for a malicious purpose
11
Where in the world?
13
Not all hackers are created equal
Hacker Profiles
Hacker Profile : meals
Sean Melia | 26 years old | U.S.A.● Pentesting 4+ years● Bug bounties 2+ years ● Found 570+ bugs
“Bug bounties have changed my life significantly. I've been able to purchase a house as well as go on trips and purchase nice gifts for my family and girlfriend.”
Hacker Profile : nnwakelam
Nathaniel Wakelam | 21 years old | Australia● Self-taught bug hunter● Bug bounties 3+ years ● Helped GM, Snapchat, Yahoo,
Uber and Adobe find 372+ bugs● Uses bounties to fund his charity
Hackers helping hackers‘Bug bounties have given me cash money, skills, sent me around the world, and I've forged some lifelong friendships due to taking part in them’
Hacker Profile : mlitchfield
Mark Litchfield | U.S.A.● Hacking since ‘99● 1st hacker to earn $500k+ on H1● Helped Dropbox, Uber, Shopify and
many more resolve 450+ bugs
Mark chooses which bug bounty programs to work on based on “How well do they respond, how quick do they fix / pay.”
4 reasons to work with hackers
1. Hackers Gonna Hack
2. Enhanced Public Image
3. “Always On” vs. “Point in Time”
4. Find and Improve Gaps in SDLC
Thank [email protected]