Last week’s Black Hat USA 2018 conference in Las Vegas was the place to be for all things cybersecurity.
Among the topics explored were the need for more collaboration among cybersecurity providers and more information sharing in the industry to battle the ever-increasing volume of cyberthreats. Other individual topics included securing IoT and stopping election hacking.
HackerOne was on hand for five days of live hacking events. Marten Mickos, HackerOne’s CEO, tells us the event is a good way to get people interested in “white hat” hacking.
“We have 100 hackers that we’ve flown in at our expense; they come here and it’s like an athletic tournament for them,” he said. “They compete against each other, but they also have this enormous professional respect for each other, so they share all of the information. But the customers sign up and say ‘We want to be the next one, we want to be hacked,’ because they see so much value in one day. It’s a fantastic offering for our customers.”
HackerOne paid anywhere from $100,000 to $450,000 in bounties in a single day during the event.
“There’s enormous growth, every kid wants to be a white hat hacker,” Mickos said. “But it is tough. Think about sports. Every kid will do sports after school and not all of them will become professionals or even strong amateurs. It’s the same here. Everybody wants to do it, not everyone will make it all the way, but it is fun even on the most beginner-amateur level. Even when you start, it’s exciting. Even if you don’t find anything, it’s exciting and you learn. So it is rewarding to them even before they find something.”
And hacking builds their professional skills and strengths, and give them a competitive edge when job hunting, he said. There’s no better way to land a security job with a company than saying “‘I found all these valid vulnerability reports for all these companies, here’s my track record,'” he said.
HackerOne also tries to steer hackers away from becoming black hats, which can be more of a challenge when they’re younger and don’t necessarily have a “moral compass” yet, Mickos said.
“We give them a very positive experience with that,” he said. “We show them that when they file a bug report, they get the bounty, the credit and the appreciation for it, they get the respect of the others and they say ‘Wow, I like this,'” he said. “It’s not that they ever were on a path to becoming black hats, but it very clearly shows them the path to a white…