With the launch of the Bugcrowd Ambassador program, we will share stories from our global hacker community. This week we’re putting the Spotlight on Rey, a Bugcrowd Ambassador.
Feel free to follow Rey Bango on Twitter @reybango
Rey never saw cybersecurity as a career path but a couple of key things changed that. WannaCry happened, leaving him concerned about the human impact of malware and attending DEF CON for the first time helped him better understand how passionate the community is about solving the tough challenges of security.
Back in 2017, Rey read about the effects of Wannacry on the healthcare sector in the U.K, such as turning away patients from receiving cancer treatments and urgent surgery. Upset by the ransomware attack, he didn’t want to see such an unjust occurrence happen again. So he rolled up his sleeves and became curious to learn how to prevent such cases.
Prior to entering security, he had seen a lot as a software developer and figured that there must be something to contribute. So, he started to look at resources and reached out to various people in the industry. Curiosity led to opportunity and with the help of Ann Johnson, CVP at Microsoft, he attended BlackHat and DEF CON to better understand how the security industry worked and learn new application security skill that he could share with his fellow web developers.
Intimidated by the DEF CON and BlackHat rumors, he did what many n00bs do; he took a spare laptop and burner phone (sigh!). He worked the Microsoft booth at BlackHat and on his breaks visited other booths to learn the various aspects of cybersecurity, Bugcrowd. However, everything changed a few days later when he attended DEF CON. His eyes widened with a greater appreciation of the ethical hacking community. After attending, he was sold on entering the security industry.
He started to build a research lab, and learned how to attack systems. He read nonstop on penetration testing and attended a training course taught by @hackerfantastic of Hacker House to get a better understanding of the foundational aspects of pentesting. Since then he’s attended more conferences, including a second round of BlackHat and DEF CON and continues to work on developing his skills through eLearnSecurity’s Penetration Testing Professional course.
His passion for finding vulnerabilities to keep family and friends safe convinced him that becoming a cybersecurity professional is where he saw the future of his career. Now, he is an Ambassador for Bugcrowd and a Security Advocate at Microsoft.
How did you get into Cybersecurity?
“I got into security because of WannaCry. I saw the impact it had on human life and I questioned how I could contribute to improving the state of apps and systems. This lead me down a path of learning about the security space, the culture of the community, the tools of the trade and how to effectively contribute in a legal and safe fashion. I have a virtual lab setup at home to let me practice and bug bounty programs are the logical next step in helping companies identify critical issues that could impact web users.”
How do you manage your personal life, work, and bug bounties?
“I’m a big believer in work/life balance. I want to ensure that I can have quality time with my family while blocking off time to continuously learn and sharpen my security skills. I try to follow Keith Hoodlet’s strategy of allocating a set amount of time for specific thinks I want to accomplish whether it’s learning a new technique, reading a book or coaching soccer. It’s all about time management. I won’t say it’s easy because life will throw you a curve ball but at least it helps me mentally get some sense of order. When I jump into bug bounties, it’ll just be another item to add in.”
What are a few of your favorite hacking/security tools? Why should others use those?
“That’s a tough question but if I had to choose a couple, I would go with SQLMap, Nmap, enum4linux and fping. Of course, tools like MetaSploit, Buscador, and Empire are amazing but I’m a big fan of scanning and enumeration so I can get a comprehensive picture of my targets.”
What is a quick hacking tip or technique that you recommend?
“Scan and enumerate your targets ad nauseum. The more info you get, the wider the attack surface you’ll have.”
What advice would you give to someone who is starting out as a beginner in bug bounties?
“Go into them with the thought of helping build a more secure web. It’s great to be paid for your hard work but if you go into it with the mindset that you may help someone avoid being a victim, you’ll have a much greater impact than just earning a few dollars.”
How have bug bounties impacted your life?
“I’m just starting out so I’m hoping that I contribute to making a safer community.”
What do you like to do in your free time, when you’re not doing bug bounties or working?
“Free time?!? What’s that?! When I’m not working, I’m either coaching a sport for my children or doing stuff around the house. Always something to be done. “
Thank you so much to Rey for his time and for his great contributions to the bug bounty community!
Interested in becoming an ambassador? Apply to become a Bugcrowd Ambassador today! If you have any questions, please Twitter direct message @ChloeMessdaghi or @SamHouston