Todayisnew Crosses $1M in Bounties at h1-415 in San Francisco
This past Friday at h1-415 — HackerOne’s first live hacking event of the year — todayisnew (known offline as Eric) became the eighth hacker to join the ranks of seven-figure-earning hackers. Ever wonder what that looks like?
Hackers represent a global force for good, coming together to help address the growing security needs of our increasingly interconnected society, and Eric’s radiant positivity and relentless creativity exemplifies this. While most hackers are still concentrated in the U.S., the million-dollar hackers are emblematic of the truly global scale of the community. Eric and the other seven million-dollar hackers are each from different countries. Hacking is democratizing online safety and making it possible for people around the world to make a living. Read more on this global community in The 2020 Hacker Report, launched yesterday!
We sat down with Eric to learn what hacking means to him, his motivations, his advice for aspiring hackers, and more. Congratulations, Eric!
Q: Tell us a little about yourself! What’s your handle? Where are you from/living?
A: Good day, my name is todayisnew and it's always a great reminder to focus on the gift we are given with each new day. I am grateful to live near Toronto in Canada :)
Q: How did you first get into hacking?
A: I’ve always been interested in how things work and checking what would happen if you tried using them in unique or different way. My daughter was born almost 5 years ago. (She has an earth day birthday — April 22nd! It's fun to say, well fun for me.) Before my daughter was born, I had some health issues, which left me unable to walk, unemployed and about 40k in debt with a newborn. Hacking platforms like HackerOne let me be at home and enjoy the loving connection with my family and use my unique skill set to earn the income needed to support us and improve our lives :)
Q: How can organizations attract top talent to their bug bounty programs?
A: Treat them how you would like to be treated. Value the time and effort of those that are putting in the effort to help secure your users and company :)
Q: Some of the most competitive programs on HackerOne offer the best rewards. What do you look for on these programs to stand out from the pack (i.e. specific vulnerabilities or specific assets)?
A: I think more assets in scope and rewards that line up with the time invested really help to motivate hackers to look deeper into specific programs.
Q: What motivates you to hack?
A: I get to work from home and be with my family. It also allows for creativity. Securing the users who use the programs I hack on and have financial involvement with them is empowering and, more recently, connecting with other hackers to collaborate has been such a joy :)
Q: Have you seen a difference in the bug bounty industry since you’ve joined? If so, what are these changes?
A: The industry is really finding its groove; structures and supports are in place to make the process of finding -> submitting -> rewarding more seamless.
Q: What has been your proudest bug bounty moment to date?
A: Hmm I’m not sure. Every bug is new for me and every new find has the same wonderful feeling. Continuing to learn and make new connections makes me proud I get to take part and see bug bounties grow :)
Q: What advice would you give to aspiring ethical hackers?
A: It likely won’t be easy; the first few months were 7 days a week, 12 hour days for me. Skill with effort, creativity and luck give you a good chance. If you are thinking of bug hunting full time, I would encourage you to have some savings in place and some bugs submitted in queue to help average the rewards.
Take care of your mental and physical well being. If you burn out or injure your body, you will be off to the emergency room for a different type of triage. I’ve found meditation provides that support for me. Please find a support that works for you.
Wish you well on your side of the screen :)
- Eric
The 8th Annual Hacker-Powered Security Report