author photo
By Bruce Sussman
Fri | Mar 1, 2019 | 9:59 AM PST

InfoSec salaries and workforce demand are strong.

But regardless of your role in IT security, have you earned a cool $1,000,000 over the last three years?

White hat hacker Santiago Lopez of Argentina has done exactly that. And by the way, he is just 19 years old.

Lopez was one of two white hat hackers with earnings of more than $1 million highlighted in a new report by bug bounty program HackerOne.

“He was first inspired to get started after seeing the movie Hackers and learned to hack by watching free online tutorials and reading popular blogs. In 2015, at 16-years-old, he signed up for HackerOne and earned his first bounty of $50 months later. He chose his alias ‘try_to_hack’ to keep himself motivated—he was determined to try to hack companies regardless of whether he knew he could succeed.” 

The report also says during 2018 alone, the 300,000 hackers who are part of the bug bounty program earned a combined $19 million in bounties—nearly as much as the platform has awarded in all of the company's previous years combined.

Security research, white hat hacker market is growing

Those kind of statistics point to a growth in ethical hacking and an increasing number of companies joining bug bounty platforms or launching their own programs.

We interviewed Brian Gorenc at SecureWorld about this trend.

gorenc-downsizedGorenc runs the Zero Day Initiative, which is the world’s largest vendor agnostic bug bounty program. It is part of Trend Micro. 

Clearly, money is a motivation for hackers. But Gorenc tells us it is not the only thing motivating those who hack to make organizations more secure.

"They’re going to take the research they are doing and put it on their resume and hopefully get a better job. So part of it is driven by the visibility you’re going to get and the money you’re going to make.

There’s a group that is only focused on the visibility. There’s a group that’s only focused on the money. And there’s a group in the middle that focuses on both, so that’s what really driving them."

And Gorenc says what's most exciting for him is that this constant stream of bug bounties being paid out leads to constant patching.

"As long as there are bug submissions coming in at the volume that they are, I feel good about the industry. We’re pushing things forward, we’re making it harder and eventually you’re going to drive the cost of exploitation up enough that you’re going to force people to do something else, to go after another angle to make money. "

Comments