License to Hack

This tip is a peek into the world of security research and bounty programs.

There are many ways to apply cybersecurity skills and knowledge, from defending an enterprise network, to setting up a secure ecommerce site, to offering penetration test services to companies.

One of the lesser known ways of making a living in the cybersecurity world is through bug bounty programs.  Many companies (usually those who are fairly mature in their security—which is to say they believe they are already reasonably secure, and can quickly fix any problems that are revealed) offer these programs to anyone who reports a previously undisclosed issue to the company, such as a vulnerability.

Even the United States Air Force is looking for and hoping to attract some of the best white hat hackers to hack into some of their public facing websites. This follows in the steps of Hack the Army from November and Hack the Pentagon from March of 2016. As with the previous two military hacks, this one is by invitation only.

There are security experts from the US but also from many other countries to take part for the first time, unlike the previous two exercises. This is a way to strengthen defenses and have friendly hackers form all over the globe demonstrate weaknesses as these military sites are attacked my malicious people on a daily basis.

No rewards have been announced, but the Hack the Pentagon event paid out $75,000 in bounties to an unknown number of participants. Bravo to the government for simultaneously improving their security, and for encouraging bright minds to use their skills constructively.