This week we’re putting the Spotlight on Tony, a Bugcrowd Ambassador.

Feel free to follow  on Twitter @TJ_Null

Tony was a Sophomore in High School when he decided to start taking computer classes. Through the classes, one of his teachers, Rob, introduced him to cybersecurity and gave him a pen testing operating system called Backtrack. Rob is one of his major influencers in his life and continues to be a mentor to Tony.

His other influencer was his grandfather. His grandfather was involved with X-Ray technology and had his own computer company. Tony would occasionally come across some of his scripts that contained his own exploit code that was written in his grandfather’s alias name. It peaked his curiosity to look for exploit scripts that exploited systems.

While searching for scripts, he also became curious about how people find vulnerabilities, and how hackers created exploits to find vulnerabilities. Paired with his high school education, finding vulnerabilities became an addictive hobby. There were even days that he remained on his computer wanting to learn about specific tools to find more vulns.

He then proceeded to continue his education by attending a community college, Frederick Community College (FCC). During his time there, he also looked into organizations and meetups to enhance his skills.

Once he graduated from the local community college, he was asked to help build out their cybersecurity program by putting together classes and curriculum. As well as, building the lab from the ground up. Still today, he is involved with the college as a professor by teaching classes such as ethical hacking, Linux, while coaching the FCC Cyber Team.

Tony continued his education by transferring to the University of Maryland – University College (UMUC). Graduating with a major in Cybersecurity. During his time at UMUC he became a member and captain for the Cyber Padawan Team. Through them, he trained ever further by competing in cyber competitions and attending local meetups. Tony continues to be part of the Cyber Padawan team and is part of their board.

After receiving his Bachelor’s degree, he came across Hack the Pentagon via news, which was the first time he heard about bug bounties. Since FCC was very interested in Hack the Pentagon, his group submitted vulnerabilities. Unfortunately, they were previously found by another team. Afterward, he attended Hack the Airforce. After bug bounties, Tony took a break and went towards smaller companies to find vulnerabilities, as well as, participating in many CTFs such as SANS Netwars and SANS Tournament of Champions. Tony is also a founding member and moderator for an infosec community called NetsecFocus that aims to help members get into cybersecurity as well.

It didn’t last too long. He found out about Bugcrowd through a friend when attending Hack Fest in Canada. His friend, Rey Bango, one of Bugcrowd’s Ambassadors recommended him to give Bugcrowd a shot. And now, Tony is an ambassador as well.

How did you get into Cybersecurity?

 

  • “As a senior in high school. One of my teachers taught a security+ course and also gave me my first backtrack cd to practicing hacking. I was in love with cybersecurity and also into hacking that it became my passion. I started getting into bug bounties when I was a junior in college. My first bug bounty was Hack the Pentagon and Hack the Air force. I enjoyed them a lot and It was a great way for me to improve my skills while making a profit.”

 

How do you manage your personal life, work, and bug bounties?

 

  • “Time management is one of the main things I prioritize. I usually schedule the important things in chronological order like family, work, training, CTFs, then bug bounties. My free time is usually for CTF’s and Bug Bounties and if I am stuck or tired I will usually take a break and spend time with family and friends. “

 

What are a few of your favorite hacking/security tools? Why should others use those?

 

  • “This is a tough decision. I have a huge list of tools that I really love to use and there are so many good ones out there created by so many good people. Recently I started using the red team toolkit because it has most of the tools I usually use to conduct red team engagements and there are some tools packed in it that I want to spend more time to learn about. If you want to become a red teamer or a  pentester and you want to learn more about the red team tools that are out there then the red team toolkit would be a great choice for someone to use!”

 

What is a quick hacking tip or technique that you recommend?

 

  • “Have patience. Take the time to understand your tools, techniques, and the challenges you will face. Not everything is going to work successfully the first time. You will have to go through some trial and error for things you find. “

 

What advice would you give to someone who is starting out as a beginner in bug bounties?

 

  • “Read peoples reports! There are a lot of good reports that get good bounty rewards and there are other reports that may not even get a bounty reward. I always like to read other people reports on what they find because it gives me an idea if I can identify the bug on another vendors bounty and recreate those steps. Reviewing peoples reports have also helped me improve my writing skills as well when vendors read my reports.”

 

How have bug bounties impacted your life?

 

  • “A lot of the bounties online have given me a good mindset of what to look for and also to understand what vendors are requesting from other people who participate in these bug bounties. I enjoy doing them on my spare time and also helping vendors improve their security as well.”

 

What do you like to do in your free time, when you’re not doing bug bounties or working?

 

  • “Hiking, Traveling, and I enjoy craft beer for sure! Also a big gamer too when I have the chance to play some games!”

 

Thank you so much to Tj null for his time and for his great contributions to the bug bounty community!

Interested in becoming an ambassador? Apply to become a Bugcrowd Ambassador today!  If you have any questions, please Twitter direct message @ChloeMessdaghi