Post by Chinedu Nkem
My name is Chinedu Nkem, and I am currently studying cybersecurity at the Technological University of Dublin. For me, cybersecurity is not just a career choice—it’s a very personal decision. I fell prey to a predatory online scam and felt firsthand how helpless and lost being a victim of such a situation can be. The aftermath opened my eyes to how dangerous and vulnerable the online landscape is and how easily hackers can exploit those who are unprotected. This pushed me to study cybersecurity and hacking for good. My goal is to make a realistic difference in securing the internet and to understand how cyberattacks happen to protect others from suffering a similar fate.
My cybersecurity journey is my way of taking back control and turning my unfortunate experience into something that can help many down the road.
I recently had the chance to attend a guest lecture given by Ciarán “monke” Cotter, an ethical hacker who works with Bugcrowd. Ciarán isn’t just any speaker—he’s one of Ireland’s top bug bounty hunters.
Ciarán started by introducing us to the world of bug bounty programs, a way companies reward hackers for finding security flaws in their systems. I was amazed to learn that hacking can be done legally and even become a lucrative career. Companies that crowdsource their security invite ethical hackers to test their websites and apps. Those who report a valid bug earn a monetary reward for that finding. In other words, these companies offer cash or even status points to encourage good hackers to find bugs and vulnerabilities before the bad guys do and exploit them. Who knew hacking could pay my bills?
What struck me was how accessible Ciarán made ethical hacking sound. You don’t have to be some senior cybersecurity expert to get started. Even beginners and students like me can try out open programs on platforms like Bugcrowd.
A major focus of the talk was web application vulnerabilities, the weaknesses that can lurk in the websites and apps we use every day. Ciarán walked us through some common vulnerability types and why they matter. For example, we learned about something called template injection. Normally, when you type data into a website (say, a search box or login form), the website should treat it as plaintext input. However, if the site isn’t coded securely, an attacker could input specially crafted code (a payload) that tricks the server into treating it like a real command. This means a simple text field can turn into a doorway for malicious commands—a pretty scary reality! This made me realize how even seemingly harmless features on a site could hide serious risks.
Ciarán also touched on other vulnerabilities like broken access control, misconfigurations, and data exposure—many of which are far more common than people realize. The takeaway for me was that the internet has a lot of cracks and crevices, and it often takes skilled hackers to find and patch them. One thing he said has lingered on my mind to this day: “There’s truly no 100% safe system.” Even big companies with lots of security measures can overlook something small that a clever hacker might catch. It was a bit unsettling to realize how much we take security for granted. At the same time, the lecture highlighted why bug bounty hunters like him are so important.
One of the most memorable parts of the session was the live hacking demos. Rather than just talking about theory, Ciarán actually showed us, in real time, how a hacker approaches a target. It felt like watching a magician reveal his tricks. He projected his laptop screen for us to see and walked through the basic steps of a bug bounty hunt. This included things like scanning a website for its sub-domains, filtering them with the use of httpx, and intercepting the traffic with Caido. He shared with us tools that make it easier to keep track of vulnerabilities found and to tamper with HTTP request manipulation.
In one of the live demos, Ciarán explored a subdomain and, within minutes, managed to uncover someone’s email address via a subtle vulnerability. It wasn’t anything flashy or high-tech—just careful observation, a browser, and some smart digging. When the email popped up on screen, everyone laughed—but it was the kind of laugh that came with an undercurrent of unease. It hit us how easily personal information can become known to the world. This only reinforced my desire to run full speed down the path to cybersecurity.
Ciarán’s demos felt unscripted and genuine—like he was executing on the fly (although I’m sure he prepared a scenario beforehand). His laughter was contagious, and you could really tell he loves what he does. Another thing I noted was his intelligence and vast knowledge of web app penetration (honestly, it was hard keeping up sometimes, but he took time explaining whenever help was needed). Instead of a formal lecture, it felt like we were hanging out with an expert gamer who was streaming a walkthrough of a game. I found myself on the edge of my seat, following each step and trying to guess what would happen next.
Toward the end of the lecture, I was buzzing with new information and inspiration. Here are a few key takeaways I left with:
Writing this report reconfirmed just how special the day was. Getting to learn from Ciarán was such an amazing experience and definitely helped me narrow my cybersecurity focus. Ciarán showed me the mindset of a hacker, how hackers view systems, and how they implement findings, methods, and learnings. I plan to follow this blueprint and see where the road takes me in my journey into bug bounty.
After doing my own research on him, I became inspired to explore the bug bounty field more. As a result, I started my own GitHub project on web vulnerability immediately after the lecture concluded.
As the only student chosen to write about this experience, I tried to capture not just what we learned but how it felt to be there. In truth, it’s hard to put into words how motivating Ciarán’s lecture was. I walked out of that classroom seeing the internet not just as a user but as a budding security analyst taught to question how things work and how they can be broken with just a simple line of code.
Ultimately, I am very grateful for the opportunity to meet and learn from Ciarán. Not only does he use his skills to find bugs, he also shares the fun and positive side of hacking. I know many of us walked out of that classroom aspiring to be someone like him—someone who hunts bugs and makes the internet safer.
To learn more about lecture opportunities or events, follow Bugcrowd on X, Instagram or visit their website.