At Bugcrowd we’ve heard from many researchers that they would love to do bug hunting full-time. Many researchers have used bug bounties as way to supplement their income, build up their skills, increase the size of their professional network and the number of work opportunities available to them.
As the bug bounty market continues to grow and expand, we’re seeing the bug hunting dream become a reality, with many researchers using their entrepreneurial skills to build their own business by harnessing the earning potential of bug bounty hunting.
Today I’d like to put the spotlight on Ciaran “Mak” McNally, one of Bugcrowd’s top performing researchers who has used bug bounties to build his career as a security consultant. Find Ciaran on Bugcrowd and follow him on Twitter.
Here is Mak’s story, in his own words:
There was a buzz on twitter of security folks that were taking part in this new #bugcrowd managed bounty platform. I immediately took interest to some of the research and blog posts people were making. I joined bugcrowd in my 3rd year of university. The first app I tested, I found 4 XSS issues and made $400 from a single evening’s work. I gradually spent more time doing bounties and started to build up connections and a more steady income.
I moved in with my girlfriend for my final year and used bug bounties to pay a significant portion of my rent and college fees. When I graduated, the reputation I had build up doing bounties greatly helped pad out my CV. I got a job as a security consultant and had lots of interesting stuff to talk about in the interview. To me this platform offered me real practical and demonstrable experience in the world of information security before I had left college. I was only spending about 6-12 hours a week doing them at this stage.
Bugcrowd put a lot of effort into building a community and it really paid off, there are forums and a pretty active IRC channel in which you can bounce ideas around or share techniques. My skills over time started improving and for a while I was earning as much from bounties as I was in my full-time job. I decided I’d start saving and aimed to go freelance after a year of working. This has worked wonderfully so far, I’ve been using bug bounties to keep myself earning while I’ve downtime between contracts and so far it has worked! I’m working as a sole trader for now but I do plan on setting up a consulting company in the future. Bugcrowd greatly helped making this possible!
Earlier this month Ciaran presented at Daggercon and gave a fantastic presentation on bug bounties where he shares his successful techniques and approaches to bug hunting. Check out his slides below: