In hacking, knowledge transfer between professionals and emerging talent is essential. This principle was on full display when hacker and bug bounty hunter Andrew Pratt recently shared his expertise with the students of the University of Arizona’s cybersecurity chapter.
Andrew serves as the core documentation author for Caido, an HTTP interception proxy tool used by security professionals. He delivered a thorough presentation on web security testing techniques. His session highlighted not just technical skills but also emphasized the importance of community building in cybersecurity. “Through my role as the core documentation author for the Caido team, I’ve become very familiar with the tool and am eager to talk about it with anyone who will listen,” he explains, demonstrating his passion for the tool.
“As a Tucson native, the chance to present to the cybersecurity chapter at the University of Arizona was an opportunity I had to take,” says Andrew. “In preparation, I created nearly 70 slides, 11 pages of detailed speaker notes, and even designed Caido t-shirts to hand out. I hope the presentation was engaging and memorable for the students,” Andrew explains.
He started his presentation by introducing foundational concepts before progressing to more advanced techniques. “I began by delving into the inner workings of an HTTP proxy, explaining how it establishes encrypted connections between a client and a server and the crucial role of CA certificates in this process,” he notes. “From there, we explored Caido’s suite of features, highlighting their real-world use cases.”
Andrew continued by emphasizing the practical applications that students can implement immediately: “We then progressed to more advanced concepts, such as leveraging Caido Workflows to customize testing strategies and automate processes.”
For Andrew, sharing the technical content was only part of his goal. The broader mission centered on welcoming newcomers to the cybersecurity field. “As cliché as it may sound, these students will be the next generation safeguarding the world from cyberattacks,” he shares. “It’s crucial that knowledge is passed down without any sense of ‘gatekeeping’ and that they feel welcome to the community.”
This perspective stems from his own journey. “Throughout my career, I’ve been incredibly fortunate to be surrounded by knowledgeable mentors who have patiently answered my questions and taken time to educate me,” Andrew reflects. “Now, it’s my turn to pay it forward, and it’s really rewarding to be in a position to do so.”
His presentation represents a continuation of his community contributions. His fun and humorous work can be found on Bugcrowd’s blog, where he shares technical insights gained from his experience as a part-time bug bounty hunter.
When asked about his hopes for the event’s impact, Andrew’s response centered on providing inspiration rather than just information. “I sincerely hope that the cybersecurity chapter at the University of Arizona found the presentation both engaging and enjoyable,” he says. “More importantly, I hope it ignited a spark within them, motivating them to continue their educational pursuits and reassuring them that their hard work will be rewarded in the end.”
This student session represents an important bridge between generations of cybersecurity professionals—something increasingly vital as technology and threats evolve and the demand for skilled hackers grows.
“It’s about creating pathways into the field,” says Andrew. “The technical skills are important, but equally crucial is fostering a sense of belonging and mutual support. When students feel welcome and supported, they’re more likely to persist through challenges and ultimately contribute their unique perspectives to solving the complex security problems we all face.”
As universities continue to expand their cybersecurity programs, hackers like Andrew who dedicate time to mentorship play a crucial role in supplementing academic education with real-world insights. Community building and knowledge sharing aren’t just nice-to-have extras—they’re essential components to a well-rounded cybersecurity industry.
