Say hello to 20-year old Akhil George who operates his home in Bangalore, India and spends few hours every day trying to hack companies. He is also paid for his efforts. Yes, you heard it right! Ethical Hacking has truly arrived and there is a huge demand for such “white hat” hackers who are the need of the hour when it comes to cybersecurity concerns.
Making the most of the bug bounty programs being offered by companies, George has over the years privately submitted 70 software-related bugs in return of cash rewards.
Today, there are a growing number of Indian self-taught hackers who are making a beeline for profits and earning thousands of dollars by making the most of such bug bounty programs being run by companies the world over. That’s more money that they could make a typical 9-5 work environment.
Cybersecurity concerns are a big concern for companies who are looking to guard their systems, devices, and networks unauthorized intrusions. In fact, these companies are expected to spend somewhere around $96 billion on digital security in 2018, as per a report by Gartner. Individuals working on such bug detection programs also known as vulnerability rewards programs end up not just honing their coding/programming skills but also make money in the process.
There are many leading tech companies which run bug bounty programs and handsomely reward such ethical hackers. Recently, a 17-year old Uruguayan received a sum of Rs. 24 lakhs Google for finding a critical security flaw.
Hackers can operate anywhere in the world, with a majority of payouts being made in the U.S., according to a new report Bugcrowd, a bug bounty platform used by MasterCard, Western, Twilio and dozens of other companies.
Hackers in India submitted the most security vulnerabilities i.e. as many as 30 percent on Bugcrowd, a bug bounty platform.
“India is a country that is full of very smart, driven people,” said Casey Ellis, chief technology officer and founder of Bugcrowd. “There’s an opportunity to make money, and for the folks who are there and thinkhackers, they can engage pretty quickly and see a reward.”
This growing interest amongst Indians on how to become an ethical hacker is largely driven through a security-focused approach instead of an actual criminal intent. Ellis adds, these are people who “thinka criminal, but have no desire to be one.”
Another success story in the field of bug hunting is that of Pranav Hivarekar who isof 24 years of age. Pranav lives in the western state of Maharashtra and hunts bugs on a full-time basis.
“I tried for eight months without any bugs,” Hivarekar said. “Then I read ‘Web App Hacker’s Handbook,’ then made my way into bug bounties.”
Pranav has scored it big companies such as Facebook and Snapchat.
Bugcrowd’s report also points to how the payouts have increased as well 36 percent over the past year, largely because of the criticality of such bugs.
Serious vulnerabilities, often classified as P1, now pay more than $1,200 which is up $926 last year. A payday as big as $250,000, based on a review of bug bounty programs is also possible in today’s times.
The grim reality is that there will be an estimated 1.5 million unfilled security-related positions by 2022, as per a report released last year by Global Information security Workforce Study.
Ellis said he “looks at the bug bounty model as a way to bridge that gap.” He adds, “We need to build out an army of folks prepared to step up and act as defenders of the internet.”