Meet Rami Tawil—a talented hacker born with an incredible curiosity, a deep-seated desire to understand how systems work, and a willingness to break rules. His journey from childhood “menace” (his words) to technological genius and professional security expert offers profound insights into one of the many different pathways hackers take.
It started at a young age
“If you ask my mum about me as a kid, she’ll tell you I always liked pressing buttons,” he says, reflecting on the early signs of his technological inquisitiveness. Growing up between Oman, Dubai, and eventually Perth, Australia, his environment was rich with technological opportunities and parental encouragement.
His father, an engineer, played a pivotal role in nurturing this curiosity. “He would come home almost every day to the family computer riddled with malware, but he only kept encouraging me to explore despite how frustrating it would have been,” he recalls. This family support transformed what might have been seen as destructive behavior into a pathway of learning and discovery.
(Source: Rami’s mum)
A transformative conference
A defining moment in Rami’s journey happened at WAHCkon, a computing and security conference that cost merely $30. “It was the first time I was properly introduced to information security,” he explains. The conference was revelatory, showing him that his natural instinct to explore technological boundaries could not only be acceptable, but celebrated. He says, “It was the most hackercon a hackercon could be.”
During the same conference, a talk by Shubs titled “Find all the bugs: win all the bounties” introduced him to crowdsourced security and Bugcrowd. Suddenly, the activities that might have previously gotten Rami into trouble became a potential career path. “What I used to get in trouble for could actually be something I’d be rewarded for… without going to jail,” he joked.
Building a professional security career
Today, he operates as a Security Solutions Architect at Bugcrowd, a part-time hacker, and conference volunteer. His specializations are diverse: “I’m usually your go-to person for most things Microsoft, especially Active Directory, mobile technologies, networking and infrastructure, and AI.” He’s also a speaker, village organizer, and photographer for both local BSides conferences and future DEFCON (fingers crossed) events.
(BSides Melbourne)
His approach to hacking is deeply philosophical. “I’m fascinated by how far I can bend the rules without breaking them,” Rami explains. “I’ve always been someone who wants to learn why something works the way it does, which leads me to ‘how can I make it do something it shouldn’t?'”
Rami’s ecosystem
Working part-time in crowdsource security, he dedicates significant energy to continuous learning. “I’m regularly learning multiple new technologies on a weekly basis,” he states. Currently, his interests are expanding into AI decision-making and bias, with plans to enhance his iOS hacking skills. When he’s not learning new hacking techniques, you can find him in a good book or with friends. “I spend a lot of time reading/listening to non-fiction books. I think it’s often forgotten that you can buy someone’s life work/expertise for $20. If I’m not reading a book, I’m probably learning something on YouTube.” He says about his friends, “I’m very fortunate to have met a lot of amazing people throughout my life with such incredible backgrounds. I’m a very curious person that wants to learn everything and they’re always happy to help me.”
The bug bounty community holds a special place in Rami’s professional journey. “Everybody is so welcoming and friendly, as well as generous,” he says. “Someone outside of the community would think it’s gatekept, but it’s in fact quite the opposite.”
When commenting on his day-to-day life as a Bugcrowd Security Solutions Architect, he says, “Simply put, it’s super rewarding. I’ve always been a very community oriented person. Having the perspective and insight of a hacker allows me to create the change my peers and myself want to see in the industry. My daily responsibilities include educating customers, optimizing briefs, helping put together bonuses, increasing rewards and scope, and so much more!”
Wisdom for new hackers
His advice for newcomers is both practical and simple:
- Public Over private: “Public programs have more frequent code base changes, more scope, and higher rewards.”
- Tool mastery: “Using publicly available tools won’t really get you anywhere unless you learn to customize them.”
- Patience and focus: “Be patient! Keep moving forward. Put time into specific targets to gain contextual knowledge.”
- Relevance: Keep your Bugcrowd profile up to date!
He emphasizes that exceptional hacking transcends pure technical ability. “Learn to write good notes, understand how to build things, communicate value, master technical writing, and importantly, spend time learning outside of infosec,” he advises.
A critical lesson he wishes he’d learned earlier? “Consume less, practice more. There are no shortcuts, and everyone has their own workflow.”
His personal story includes, “When I was a pentester I had to do extremely manual testing with pretty much no tools allowed. It forced me to click on every link and review every single function. While it might sound painful, it really allowed me to gain a deeper understanding.”
Rami’s perspective on AI and new technologies is nuanced. Particularly AI, his views are thoughtful and measured. “AI is still in its worst state that we know of,” he believes. “We have GPT4 now but what does GPT40 look like? Like most technologies in the past, I think it will help us in tasks where we can better dedicate our time elsewhere. Outside of that, I think it’s a great tool that helps with my cybersecurity tasks. My favorite use for AI is explaining something to me i.e. a piece of code I don’t understand.” While acknowledging AI’s potential as an assistive tool, he remains firm on the value of human creativity. “When it comes to testing, bug hunting etc. I don’t think you can replace human ingenuity.”
That being said, Rami admits, “I definitely see my interest in AI growing beyond security and gaining a deeper understanding of how it continues to affect society.” Check out some of Rami’s work here.
Untapped potential in mobile and 3D printing
When it comes to overlooked opportunities in the field, he sees mobile security as a particularly fertile ground. “Most mobile related vulnerabilities aren’t talked about enough,” he says, noting a common misconception in the field. While many hackers approach mobile platforms merely as alternative paths to web endpoints, he sees much deeper potential.
“iOS and Android hacking are in high demand, have a higher barrier to entry, and a large appetite to be found,” he explains. His enthusiasm for mobile security is evident when he adds, “There are some really cool exploits you can pull off! If you take the time to learn mobile hacking and how the application actually interacts with the operating system, you’ll have a lot of fun and probably score some cool bounties along the journey!”
Rami also says about 3D printing, “More people in infosec are picking up on 3D printing and how to integrate it.” Because you can cheaply make anything you want—models, cases, prototyping, etc—industries are rapidly including 3D printers in their day-to-day manufacturing, but Rami has thoughts on how this can be dangerous and what companies can do to protect themselves, “
The broader impact
What makes Rami’s journey remarkable is not just technical skill, but a holistic approach to cybersecurity. He sees beyond the code, understanding that security is fundamentally about human curiosity, continuous learning, and ethical rule-breaking.
“Over the years, bug bounties have driven my interest in many different directions,” he reflects. “I’ve discovered so many new interests and been part of a community that continuously pushes technological boundaries.” Looking forward, his goals are both ambitious and health-focused: presenting at DEFCON in 2025 and prioritizing personal health and well-being. “I prioritize spending time away from technology, proactively engage with family and friends, and have learned to recognize and navigate potential burnout,” he explains.
In a world where hackers are perceived as cold or mechanical, Rami’s journey reminds us that hacking is ultimately a profoundly human endeavor—powered by creativity, community, and an unending desire to understand, improve, and protect complex systems, all while being a silly goose.
(Source: Rami’s imagination and 3D printer)