According to PC Mag, today’s hackers are getting younger and richer, like Argentina native Santiago Lopez.
A member of HackerOne, a platform that hires digital bug catchers to find security vulnerabilities in IT systems for certain companies, Lopez has found over 1,600 security flaws, and earned over $1 million doing it. He’s scanned security risks for companies like Verizon, Twitter, WordPress and government offices.
The largest sum of money Santiago has ever earned conducting this sort of bug-hunting is $9,000 “for a server-related vulnerability that could allow remote takeover.” PC Mag says he also specializes in “finding software bugs that can let hackers bypass normal application processes to access protected resources, such as files and database records.”
Santiago told PC Mag that he’s a “self-taught hacker” who learned by watching YouTube videos and reading blogs, and gathering some inspiration from the 90s film, Hackers. “As I learned more, I realized that I was naturally drawn to the types of challenges and problem-solving opportunities associated with hacking,” he said in a previous interview.
Takeaways for decision makers:
While the term “hacker” generally comes with a negative connotation, PC Mag shows how Santiago, and other bug-hunters from HackerOne, are actually good guys – their goal is to catch security risks for participating companies before a breach occurs. Santiago told PC Mag that his own family had a tough time digesting his job title: “The first time I told them, they could not believe it. They viewed the hacker as a bad person who robbed people. They did not think it was possible that a hacker could be good and make money legally.”
Plus, working for companies like HackerOne is a good gig for computer science folks – for example, HackerOne has awarded $45 million in “bug bounties” since its inception.
As a result, having a “good guy hacker” on a tech team, or investing in “good guy hacking” offers companies and decision makers another layer of security, especially as traditional hackers gain more experience and find new ways to wreak havoc on their sensitive data.