Bugcrowd: Young cybersecurity professionals are turning to bug hunting

Hackers are getting an earlier start when it comes to bug hunting careers, according to a new report. Bugcrowd has released its second annual report, Inside the Mind of a Hacker 2.0, which details the demographics and motivations of the bug hunting community.

The report found that bug bounty programs are up more than 77 percent from 2016, and that this increase provides opportunities for professions to actually earn a living from bug hunting. In fact, 27 percent of bug hunters aim to do this full-time.

According to the report, 71 percent of bug hunters are 18-29 years old, compared to 11 percent last year. This indicates that there is more of an interest in bug hunting with young professionals. Eighty two percent have completed some form of higher education and 16 percent have a master’s degree or higher.

The report also notes that more than half of the hunters have full time jobs and 19 percent a full-time bug hunter, an increase of 26 percent from last year. In addition, it shows that 62 percent of bug hunters invest what they earn back into tools and training that will help them be more efficient bug hunters. Other findings include 26 percent are driven by professional development and 44 percent ranked the challenge as their top motivator, wanting to put themselves ahead of their peers.

“The pace of innovation has exponentially grown the attack surfaces beyond the availability of capable cybersecurity professionals which has left organizations open to destructive cyberattacks,” said Ashish Gupta, CEO of Bugcrowd. “The best defense is a good offense. The Crowd fights fire with fire. Committed to helping global organizations identify vulnerabilities, this diverse community of talented security researchers identifies vulnerabilities before adversaries can, expanding security coverage for organizations and ultimately ensuring the safety of the Internet.”

This report was based on trends of more than 65,000 researchers in the Bugcrowd community. The company says it describes five different types of security researchers: knowledge seekers, hobbyists, full-timers, virtuosos and protectors.

Related Post