Bounty Hunting: The Job of the Future
Bugcrowd’s latest Inside the Mind of a Hacker Report reveals what motivates bug hunters and how hacking experience closes the massive cybersecurity skills gap
SAN FRANCISCO – December 12, 2018 – Bugcrowd, the #1 crowdsourced security platform, today released its latest Inside the Mind of a Hacker Report, providing insight on the demographics and motivations of the bug hunting community. This third annual report demonstrates that the growing prevalence of bug hunting opportunities has opened new inroads to cybersecurity careers, with 81 percent crediting their experience bug hunting for helping them get a job in cybersecurity.
“Bug bounties have impacted my life by teaching me skills that I didn’t know from doing traditional pentesting,” said Phillip Wylie, a top performing security researcher for Bugcrowd based out of Texas. “I really enjoy being involved in the security and hacking community and I now teach ethical hacking at a community college. It’s important to share knowledge in our community so we can push ourselves to be better.”
According to this year’s report, the Bugcrowd hacker community is a highly motivated group with 50 percent bug hunting on top of a regular nine-to-five job. They are focused on their infosec careers with nearly 32 percent wanting to be full time bug hunters, and more than 20 percent looking to be top security engineers or CISOs at large tech companies. While more than 80 percent have completed some form of higher education, with 25 percent completing or currently working on a graduate degree, nearly half (43 percent) are self-taught bug hunters who learned how to hack via online resources and blogs. The depth and breadth of this community is meaningful for an industry currently facing a massive skills shortage, with Cybersecurity Ventures predicting there will be 3.5 million cybersecurity job openings by 2021.
“Cybersecurity isn’t a technology problem, it’s a people problem – and in the whitehat hacker community there’s an army of allies waiting and ready to join the fight,” said Casey Ellis, founder and CTO at Bugcrowd. “Bug hunting is a perfect entry point for would-be infosecurity professionals to gain real-world experience, as well as for seasoned professionals to hone their skills and supplement their income. With cybercrime expected to more than triple over the next five years, bug hunting addresses the dire need for security skills at scale.”
In this 2019 Edition, Inside the Mind of a Hacker went beyond demographics, skill sets and motivations and for the first time examined gender inequality, security education, and a deep dive into the Bugcrowd Elite, MVP and Top 50 researchers.
Key findings include:
- Hacking 101 – Bug Hunters are Continuous Learners: Professional development continues to be a top motivation for hackers, with security tools for professional development being among the top two items hackers spend their bug hunting earnings on (in addition to living expenses). The three top reasons hackers give for participating in bug bounty programs are the challenge, professional development and education, respectively.
- A Community Driven by the Hacker Hustle: Bug hunters are extremely driven, with 66 percent spending up to 10 hours per week bug hunting. That is significant given more than 50 percent are bug hunting on top of a regular nine to five job. Nearly 72 percent of the hacker community are ages 18-29 – they’re young, ambitious and eager to develop their skills.
- Women in Hacking – a Long Road Ahead: Cybersecurity continues to be a male dominated field, and the numbers show that we haven’t made much progress — a mere 4 percent of the global hacking community are female. Yet 72 percent of women hackers have used their bug hunting experience to get a job in security – helping make a small dent in the security industry’s gender imbalance. The study also includes first-person narratives with some of Bugcrowd’s female and Elite Crowd members.
- Hackers Want to Hack – Full Time Bug Hunters on the Rise: More than 22 percent of hackers consider bug hunting their full-time profession, with 32 percent aspiring to be full-time bug hunters. Bug hunting as a career is an increasingly viable option for top-notch hackers, with the average total payouts for top 50 Bugcrowd researchers coming in at $145,000 and the average submission payout $783. A top 50 hacker has the potential to earn hundreds of thousands of dollars per year in bounties.
For a full copy of the report, please visit: Bugcrowd.com/inside-the-mind-of-a-hacker
The Inside the Mind of a Hacker Report analyzes proprietary survey data, collected from more than 750 Bugcrowd security researchers around the world, segmenting for statistics around demographics, motivations, and hacker economics. In addition, the report analyzes proprietary Bugcrowd Crowdcontrol™ platform data, collected from hundreds of managed crowdsourced security programs, to generate up-to-date statistics around submitted vulnerabilities, bounty payouts, the Crowd performance. The survey data was collected in June 2018.
Bugcrowd is the #1 crowdsourced security platform. More enterprise organizations trust Bugcrowd to manage their bug bounty, vulnerability disclosure, and next gen pen test programs. By combining the largest, most experienced triage team with the most trusted whitehat hackers around the world, Bugcrowd generates better results, reduces risk through remediation advice, and empowers organizations to release secure products to market faster — with no hidden fees. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Bugcrowd. Outhack Them AllTM. Learn more at www.bugcrowd.com.