Cybersecurity career advice

Continuous learning

“The ever-shifting landscape of cybersecurity demands a growth mindset! Cultivate an insatiable curiosity to stay ahead of the curve. Don’t be intimidated by the vastness of the field—there’s a niche waiting for you, whether it’s the thrill of penetration testing or the meticulous world of digital forensics. Immerse yourself in the vibrant cybersecurity community! Sharpen your skills through capture-the-flag competitions and virtual labs. Network with passionate professionals at industry events and online forums. Not only will you gain invaluable knowledge from their experiences, but you’ll forge connections that will propel you throughout your cybersecurity journey. After all, the best defense is a well-connected one!” – Debasish Maharana

“Learn something new every day.” – Iveta Pavlova

“Continuous learning is the cornerstone of success in cybersecurity. Start by mastering foundational concepts such as web vulnerabilities like XSS and IDOR, while also diversifying your skill set to include Active Directory pentesting, malware analysis, and more. Remember, cybersecurity is a dynamic field, so stay updated on the latest trends and technologies through certifications, conferences, and engaging with the community. With dedication and a holistic approach to learning, you’ll be well-equipped to navigate the ever-evolving landscape of cybersecurity. Stay curious, stay vigilant, and keep hacking!” – Naveen Kumawat

“Always be opportunistic and actively seek constant learning. One common trait that I see great people have is the ability, and need, to always be learning.” – Paul McCarty

Build a solid foundation

“Never skip the basics.” – Nayeem Islam

“For newcomers in cybersecurity, mastering vulnerabilities like XSS is essential. Begin by grasping the theory from sources like PortSwigger, then practice on platforms like PortSwigger, PentesterLab, and TryHackMe. Build your own vulnerable environment, perhaps using PHP, to deepen [your] understanding while learning the technology behind it. Keep practicing, explore continuously, and ensure you understand the patching steps for mitigation. This holistic approach ensures a thorough understanding and practical skill development in cybersecurity, crucial for newcomers entering the field. These steps apply to learning various web vulnerabilities, forming a solid foundation in web security.” – Abdelkarim Mouchquelita

“Constantly update your skills, stay curious about emerging threats, and seek hands-on experience through internships, certifications, and practical projects. Building a strong foundation in networking, programming, and system administration will provide a solid base for success in this dynamic field. and in cybersecurity, if you want to do Bug Bounty then go to Bugcrowd.com. Always Bugcrowd ” – Prasad Panchal

“First learn some basics (os, architecture and networking), then code (api projects, server configurations, client side scripting), then come and hack. Remember the quote, ‘learn the rules like a pro, so you can break them like an artist.’ Happy hacking!” – Aayush Kumar Gupta

“You have no idea how important your notes are, keep them detailed and revert to them. If you keep good enough notes, you’ll never have to visit the same problem more than once.” – Barry Mitchell

Breaking into the industry

“The place you start might not be the place you want to end up…. but no matter what cybersecurity role you land to get started, it will help feed your end goals. Keep learning and get that foot in a door somewhere!” – Nicholas Aures

“Just do things and get comfy in the gray. There is nothing stopping you from taking your current tech role or passion and turning it into a security role. It isn’t easy to get into cyber at the beginning, but it’s easier to do it if you switch from a tech role.” – Ben Gittins

“Make sure you explore the various categories in cybersecurity before getting into a specific niche and always be curious!” –Ameen Uddin Shaikh

“Entering the cybersecurity realm is like stepping into a maze with countless doors. Always carry the key of curiosity—it’ll unlock the most fascinating paths and opportunities in this field!” –Adam Naborczyk

“Just start it, don’t just think. It will be hard, but in the end, if you are consistent with the approach and have a “never stop learning” attitude, you can easily grow in this field.” – Daksh Bhagwani 

Think like a hacker

“Think like a hacker. The best way to protect something is to understand how someone could break into it. So, dig into how systems and software are put together, and then try to poke holes in them (don’t worry, you don’t have to break anything important!). Figure out how websites act weird when you give them unexpected info, or mess around in a safe practice environment. Do some research on how attackers operate—look up things like malware, phishing scams, and all the other nasty tricks attackers use. Use this knowledge for good, not evil! Remember, you’re learning how to build stronger defenses.” – Mayur Parmar

“My advice for those eyeing a cybersecurity career—Dive deep, stay curious, and embrace the thrill of the hunt. Let’s secure the digital world together!” –Nitin Yadav

“Patience is essential. Try to think outside the box. You will achieve your goals.” – Abdallah Mohammed

“Never use abc123 as a password.” – Parth Prajapati

The post Advice for pursuing a cybersecurity career appeared first on Bugcrowd.

Highlights from last year’s Meme Madness

Nothing helps inspire ideas like a stroll through memory lane. Check out last year’s Meme Madness entries here. No plagiarism allowed! 

The competition was tight last year. It came down to two hilarious memes…

Final Round!
Which meme is your favorite?
1 or 2?
#MemeMadness
#Winner pic.twitter.com/u6RVyaY9IM

— bugcrowd (@Bugcrowd) March 19, 2022

Last challenge, we saw some seriously top-notch creations that set a high bar, but hey, we know you have what it takes to one-up them. Take a peek at the top pick’s from previous years here and get ready to top them! 

How Meme Madness works

Just like the name says, it’s a mad world of meme competition. Similar to the thrilling March Madness season of basketball, we’re bringing the same level of excitement and competition to the world of memes. Starting now, you can head to our social media platforms–LinkedIn and X–to submit YOUR best memes.You bring your best meme, and we’ll decide if it’s truly the best or if you’ll get kicked out of the bracket in round one. We know, it’s harsh, so keep them original and cybersecurity focused. 

Prize Details: The creator of the winning meme will not only see their creation immortalized on a t-shirt but will also receive a shoutout on our company’s social media channels and their very own “bugmoji.” 

Judging Criteria: Our expert meme panel will evaluate memes based on humor, creativity, and relevance to cybersecurity.

Submission Guidelines: To enter the competition, ensure your meme is in image format (jpeg, png), is appropriate, and uses the designated hashtag: #MemeMadness.

Once the clock runs out and you’ve submitted your art, our team will hit the locker room to select the top 16 memes. Then, it’s tip-off time–voting for the top 16 begins on March 27. Head to our social media platforms and make your picks to determine which memes advance to the next round. You will determine the winning meme! The winner will have a brand new t-shirt to wear around town (or just when they hack, either way!). 

Mark your calendars, sharpen your wit, and join us for the ultimate meme showdown. Don’t forget to stay tuned to our social channels for all the latest updates, sneak peeks, and other challenges! 

The post Score big in Meme Madness appeared first on Bugcrowd.

To celebrate the holiday, we talked to a handful of women at Bugcrowd (who we affectionately refer to as “the ladybugs”) about their career journeys. In this blog, we’ve compiled career advice from 11 different women in cybersecurity, whose roles span across different areas from engineering to marketing to pentesting.

Career advice

Sara Travise, Manager of Support Never stop learning—Identify what you enjoy doing at work and build on that. Better yet, identify what has a need and work to build and expand that. Be someone who can get things done.  Invest in relationships—If you make the promise to yourself to never stop learning, meeting people will naturally occur. Invest in these relationships as they can easily develop into strong professional relationships that can last throughout your career.

Athena Peterson, Director of Customer Marketing Be your best advocate—Make sure to be your own cheerleader! Promote the wonderful work you do, share your voice and create a brand for yourself. Don’t be your own best kept secret.  Strive for the ‘challenge’—Experiencing challenges both personally and professionally is when transformation happens. Look for the challenges, push yourself to learn and grow so that you can continue to build the best version of yourself. And be confident in your knowledge and skills.

Jill San Antonio, Technical Customer Success Manager Invest in yourself—It is never too late to invest in yourself. Whether it be time, energy, money, or any resource to help fill your tank—do it.

Jordyn Jones, Global Social Media Manager Embrace the unknown—Yep, it’s scary! But it’s also incredibly exciting. Embrace the uncertainty and see it as an opportunity to learn and grow. Who knows, you might discover a hidden talent or passion along the way.  Confidence is key—When you believe in yourself, others believe in you too. It’s that unwavering self-assurance that propels you forward, even when faced with challenges or doubts. It’s not about being perfect or having all the answers. It’s about embracing your strengths, acknowledging your worth, and having the courage to take risks. Believe in yourself, and watch as the world opens its doors to endless possibilities.

Elle Green, Team Lead, Customer Success Grow from your mistakes—Getting into cybersecurity is not an easy task. Breaking into and staying in this field requires hard work, persistence, and determination. Roadblocks will occur, but what matters most is that you identify your mistakes and grow from them. Always remember, if it was easy…everyone would be doing it.

Ashley Schreiber, Field Marketing Specialist Make connections—Every person you meet is a potential door to a new opportunity. Work hard, make connections, and build good bridges now—because you never know how they may contribute to the bigger picture.

Swati Jalandra, Director of Engineering Foster a culture of innovation—Prioritize fostering a culture of innovation and collaboration within your team by encouraging open communication, idea sharing, and cross-functional cooperation to drive creativity and problem solving. Inspire and motivate your team as a leader—Focus on developing strong leadership skills to inspire and motivate your team toward achieving ambitious goals while providing mentorship and support for their professional growth. Remember, success as a director lies not only in technical proficiency, but also cultivating a cohesive and empowered community.

Emily Ferdinando, Chief Marketing Officer Say yes—Richard Branson once said, “if somebody offers you an amazing opportunity but you are not sure you can do it, say yes—then learn how to do it later.”  Surround yourself with people you can learn from—if you’re the smartest person in the room, you’re in the wrong room!

Danisa M. Baker, MIS. PMP, Technical Customer Success Manager Prioritize balance and energy—Make balance a requirement. Your tank should not be empty at the end of the workday. You should still have the energy, motivation, and desire to participate in the things that bring you personal joy. Your peace and mental health should never be sacrificed.  Focus on your goals—Don’t focus on the little things. Focus on what leads you to your ultimate goal. When you find that things are beginning to interfere with your ability to focus on that ultimate goal, make a plan to either be flexible, resolve and keep going, leave, or all of the above.

Samantha Andersson, Senior Director of Corporate Marketing ‘No’ doesn’t have to be definitive—Every ‘no’ is an opportunity to try again and again, because each ‘no’ offers a new perspective for learning and growth. No matter how many ‘nos’ you encounter in your career, embracing them leads to improvement. It’s only when you stop trying that a ‘no’ becomes definitive.

Aireal Liddle, Lead Technical Pentest Manager Shoot your shot—You miss 100% of the shots you don’t take. Women are less likely to apply for a role if there is a single skill on the job listing that they don’t fit, even if they have all of the other skills. As a result, we see more men in leadership roles because women doubt themselves and don’t take the shot. Don’t let a single skill that you can easily learn prevent you from applying to a role that you would otherwise be perfect for.

The post Career advice from women in cybersecurity for International Women’s Day appeared first on Bugcrowd.

Choluj is a seasoned security professional with an impressive 15-year track record in the field. He is currently VP of Security at ClickHouse, a company renowned for its efficient open-source database solutions. 

Before stepping into this role, Choluj spent nearly six years as CISO at Campaign Monitor and has held various security leadership roles in international financial institutions. Alongside his practical experience, he holds a Master’s Degree in Security and Forensic Computing and a Bachelor’s Degree in Information Technology.

At its core, ClickHouse champions the principles of trust and risk reduction, and it’s this ethos that led them to explore a bug bounty program. Choluj highlights that the company’s aim is not simply compliance but to foster innovation in security and build constructive relationships with the hacker community.

Choluj’s partnership with Bugcrowd started in 2016 at a previous role, which led ClickHouse to choose our platform over others. With Bugcrowd, ClickHouse was able to tap into a global community of hackers to identify and address hidden, high-impact vulnerabilities. 

According to Choluj, a proactive approach is essential for any large-scale assurance program. He underscores the importance of crowdsourced security by saying, “Interacting with the hacker community is vital for our assurance program to operate on a large scale effectively.” 

He praises Bugcrowd’s triage response time and commitment to long-term customer success, both underpinned by a solid track record of experience. The primary challenge for ClickHouse was anticipating attack vectors and attacker ingenuity—an area where Bugcrowd’s expertise has proven invaluable.

Choluj also acknowledges a skills gap in cybersecurity, particularly when bridging the divide between security and engineering. He sees the Bugcrowd platform as a viable solution to this challenge, enabling organizations to augment their internal teams by tapping into the collective creativity of hackers. This approach effectively bridges the workforce gap, fostering a stronger synergy between different domains of expertise.

A wave of digital revolution has prompted organizations to rethink their security strategies. Old-school methods, centered on safeguarding known environments and networks, no longer suffice. Choluj asserts that the shift to remote work, amplified by the pandemic, requires a new focus on securing systems and users, regardless of location.

Choluj’s experience highlights the importance of treating cybersecurity as an ongoing strategic endeavor rather than a one-off project. His partnership with Bugcrowd exemplifies how a platform-driven approach to crowdsourced security can strengthen an organization’s defenses, turning potential vulnerabilities into fortified security measures.

Embracing crowdsourced security is more than a wise business decision in today’s intricate digital landscape; it’s a necessary step towards a secure digital tomorrow.

The post Customer Spotlight: Martin Choluj, VP of Security at ClickHouse appeared first on Bugcrowd.

Tell us a little bit about yourself and Netskope.

I have over 20 years of security experience in a range of disciplines from fraud and financial crime to business continuity to operational risk. I’ve worked for, and consulted to, several large financial institutions and Fortune 500 companies across the globe, been recognized as one of the top CISOs to know, am a published author, an adjunct professor, and was involved in founding several industry alliances with the aim of making it safer to do business in the digital world. 

For the past three years, I’ve been Chief Information Officer and Chief Security Officer for the Asia Pacific region at Netskope. Netskope is a global SASE leader helping organizations apply zero trust principles to protect data and modernize their security and network infrastructure. Netskope has been a Bugcrowd customer for over a year. 

How are generative AI applications revolutionizing the way organizations operate, and what are the potential cybersecurity risks associated with their use?

AI has been around for many years, so there are a number of risks associated with AI. AI is transforming business through hyper-automation, identifying new business models and trends, speeding up decision making, and increasing customer satisfaction.

Prior to late 2022, AI required specialized skill sets and vast amounts of training data; consequently, it was not used in the mainstream. The launch of ChatGPT made generative AI accessible to the masses. The barrier to entry has lowered, which means the adoption and use of this powerful technology is being taken up at a rapid pace. This means the risks that are associated with AI can have a large impact, more so than ever before. 

There are a number of risks that need to be considered, including data poisoning, prompt injection, and model inference—and these are just a few of the technical risks.  There are also responsible AI elements that need to be considered, such as bias and fairness, security and privacy, robustness and traceability.

What are the possible ways sensitive data can be inadvertently exposed through generative AI applications, and how can organizations mitigate these risks? 

Generative AI uses prompts to take inputs from a user and produce an output based on its logic and learning. Users can input sensitive data, such as personal information and proprietary source code into the large language model (LLM). This information could then be accessed or produced as output for other uses of the LLM. Users should be cognizant of the fact that any data they input into an LLM will be treated as public data.

Many organizations are asking—should we permit our employees to use generative AI applications like ChatGPT or Bard? The answer is yes, but only with the right modern data protection controls in place. 

What impact does the use of generative AI have on threat attribution, and could it blur the lines between adversaries, making it challenging for organizations or governments to respond effectively? 

There are two sides to this question. On one hand, defenders will be able to use AI to perform threat attribution (and threat intelligence more broadly) to speed up the process, better defend their organizations, and respond more effectively than ever before. 

Conversely, threat actors will be using this to their advantage to increase their capability to attack—at a scale and velocity never seen before. We, the defenders, need to lean into how we can leverage this to transform our defensive capabilities. 

Could generative AI applications lead to the development of “self-healing systems,” and if so, how might this change the way organizations approach cybersecurity? 

I think this has to be the case. I’ve said this for a long time—we need to find ways to operate at machine speed. When we talk about ‘mean time-to-detect’ and ‘mean  time-to-contain,’we’re reliant on human beings in the process, which can slow it down significantly. We know that time is critical when it comes to defending an organization—the faster, more efficiently we do this, the better we will protect our companies and customers.  Self-healing systems will be one piece in this jigsaw puzzle.

As generative AI becomes more prevalent in cybersecurity, how do you think the role of security professionals will evolve, and what implications does a future with more human-machine collaboration have for informed decision making in cybersecurity?

I think cyber practitioners increasingly become the ‘trainers’ of AI—using their cyber expertise to train models to perform cyber analysis at pace and at scale. There will always be a need to have a human in the loop in some respect, whether that be in the training of the model, the monitoring and supervision of the model (to ensure that it is behaving the way it is expected and is not being manipulated), or in the generation of new models.

The post Cybersecurity and Generative AI Predictions with David Fairman, CIO and CSO of Netskope appeared first on Bugcrowd.

Tell us what you do for a living!

“I try to hack things and, when successful, I get paid for it. Sometimes that works, often it doesn’t…but, failure is part of the process, right? I also enjoy writing security-related tools, and have a few public ones on my GitHub profile.”

There’s no success without failure. 

What sparked your interest in hacking?

“I have always been fascinated by computers and software in general. When I was younger I wanted to become a developer, but over time I realized I was more attracted by the security implications of writing code in certain ways. From there, hacking software made by some of the largest companies in the world felt like a great challenge, so I did just that.”

Way to step up to the challenge!

How did you get into Cybersecurity? How long have you been hunting?

“I got seriously into cybersecurity when I realized bug bounty platforms were a thing, around 3 years ago: I wish I had started earlier! It felt great to figure out I could make money doing the things I loved.”

It’s never too late to start. If you’re thinking about getting into Bug Bounty, go for it! 

How have bug bounties impacted your life?

“Quite frankly, bug bounties made my life a lot better on multiple levels. The most important thing is that they allowed me to get in touch and collaborate with many of the best hackers in the world. This was (and it still is!) a great opportunity to make new friends and learn new things, some of which you can’t just grasp by reading books or blog posts.”

Making us emotional over here.

Are you a part-time or full-time hacker? How much time do you spend hacking?

“I’m a full-time hacker thus I spend most of my work time hacking. However, “hacking” doesn’t only mean directly attacking a target. It also means reading books, learning new things, writing code, and even randomly chatting with other hunters on Slack. Doing many different things helps not to get bored, and in this field, there are many options available!”

What has been your biggest challenge while hacking? How did you overcome it?

“There are many tough challenges to overcome when doing bug bounties, but one of the hardest ones for me is staying focused. That’s easy when you have a super cool bug you’re working on, but it becomes harder when it has been a while since the last time you had found something interesting. When that happens, I try to hack something else or, if needed, take a small break and come back at it later.”

See… Breaks are important. Make sure you give yourself time to rest and recharge. 

Do you have any favorite tools or resources to learn? Why?

“I really like uncommon bugs. Bugs that you know the other side (triage) will enjoy reading and likely won’t be duplicates. Weird edge cases that nobody had deeply studied before. Any resource from people like James Kettle (@albinowax) or Frans Rosen is good material on that front.”

Save these #BugBountyTips.

Do you have any advice for new hackers or people transitioning into bug bounty?

“Read a lot, be curious, and don’t forget to network with the right people! Also, when making the jump, don’t expect to make money from day one (or month one). Always have a backup plan during the transition.”

What’s an important lesson that you wish you learned early on in your hacking career?

“Quick dirty scripts can sometimes work just as well as well-written software. And often, that means saving a lot of time, which is a scarce resource. This has been difficult to accept but it’s one of these things that separates software engineering from bug bounty hunting: breaking stuff doesn’t have to be elegant!”

How do you avoid burnout? How do you take care of yourself and your mental health?

“Thankfully, I’m not one of those people that regularly suffer from burnout: in fact, I don’t think I can say I ever experienced a serious one. However, as I said before, I do lose focus and interest in hacking from time to time. I think the best way to overcome these challenges is to leverage the freedom that bug bounties give us and take breaks when needed: this is why it’s crucial to have some spare money to make that possible.”

Where do you see your journey going from here? What are some goals you have for this year?

“Finding more bugs is always the goal, but more specifically, I want to focus on my automation so that it can find unique behaviors that normal scanners miss. Time will tell if that works or not!”

Why do you hunt with Bugcrowd?

“Like most full-time hackers, I hunt on all major bug bounties platforms as a way to maximize the scope I’m legally allowed to hack. However, Bugcrowd is certainly the platform I enjoy most and where things go very smoothly most of the time. I love the crazy fast triage times for critical bugs, all the good things Bugcrowd does for researchers, and interacting with the people working there.”

We feel the same about you, sw33tLie, you’re awesome! 

What does your life look like outside of hacking (family/hobbies)?

“I’m 21 and, apart from spending too many hours in front of a computer, I am not very different from my peers. In my free time, I enjoy playing the piano and hanging out with friends. Life outside hacking can often be interesting, especially when you get asked what you do for a living. Career advice: it seems there are many people out there that would love to hack somebody else’s Instagram account. Instead of the word “hacker”, use “security engineer”…it will help!”

Who is your hero? (hacking and/or life)

“Hero is a big word, but if there’s a person I truly admire in the field it has to be Guillermo Gregorio (@bsysop). I collaborate with him most of the time because it just works well for us, and trust my words, he’s crazy, in a good way. I sometimes ping him at the weirdest times, and he always replies quickly: I’m not sure if he even sleeps! bsysop always has your back. He truly is a good vibes guy and I’m sure everyone in the community agrees on this. Super recommended, but please, don’t steal my collab buddy too much! I feel I will regret these words…”

Bsysop, if you’re reading this, we also think you’re pretty cool. We love to see all of you researchers collaborating, as it will always improve your skills and possibly create long-lasting friendships.

Want to stay caught up with all things Bugcrowd? Follow our Twitter and join our Discord! Ready to join sw33tLie as a bug hunter? Sign up for a researcher account today and start hacking!

The post Researcher Spotlight: Paolo Arnolfo (sw33tLie) appeared first on Bugcrowd.

Farah started sharing hacking resources she’s used through her Twitter and LinkedIn back in May of 2020. Since then, she’s begun a full-time Pentesting job with Inspira and started a new YouTube channel to document her Bug Bounty Journey. 

Although she’s a self-proclaimed n00b, we think her content is a fantastic resource for anyone looking to work on new targets or just learn something new. We appreciate the contributions she’s already made to the community and look forward to seeing what she comes out with next!

Check out Farah’s channel, including a great video on GraphQL here! 

How did you get into Cybersecurity? How long have you been hunting?

I was pursuing a Bachelor’s degree in Mass Media and when I was in the second year of my course, I attended a workshop about Ethical Hacking. The concepts that were talked about in the workshop were pretty basic but they really caught my interest and since I had a lot of free time on my hands, I decided to dig deeper into Cybersecurity. I slowly learnt about the various domains in InfoSec and realized that finding bugs in applications was an area that I wanted to tap into. After completing 2 internships where I got the opportunity to pentest web apps and learnt a lot along the way, I finally started hunting on VDPs and then bug bounty programs around 4 months ago.

Why did you choose you Bugcrowd handle? Does it have any specific meaning?

My Bugcrowd handle is simple. It’s my name.

How have bug bounties impacted your life?

Bug bounties have made me more independent than I could have ever imagined. When I first started posting about my bounties on LinkedIn, I received a crazy huge amount of messages from people asking me how they could get started and what resources I had used to get started in bug bounties.

I couldn’t possibly answer all of them so I decided to start a YouTube channel to share my knowledge and answer those questions on a much wider platform. Since then, my life has done a full 180 and the exposure I got enabled me to meet some wonderful people across the globe, work with some great companies and get a full-time job as a pentester. All of this would have never happened if I hadn’t started bug bounties.

Do you hunt full time? If not, why?

I don’t hunt full time as of now. My time is divided between my full-time job as a pentester, working on videos for my YouTube channel and hunting on bug bounty programs. For me, bug bounties are an additional source of income and a way to make my free time a little more productive.

What do you do for work outside of bug hunting? 

I am currently working full time as a pentester. Apart from that, I spend most of my time working on my YouTube videos.

How much time do you spend hunting bugs?

This keeps fluctuating but the time I give to hunting bugs has definitely reduced since I started my job. So on an average, I’d say I spend about 1-2 hours every day hunting.

Do you have any favorite tools or resources to learn? Why?

There are a bunch of resources that I keep going back to. One of them has to be the Web Application Hacker’s Handbook. Even though it’s an old book, it gives me an extremely fresh perspective to look for bugs and sparks ideas in my mind that I can use while hunting.

Another one is PentesterLab– it’s great to learn new concepts and attack techniques and the course videos along with the hands-on labs make it very easy to follow.

Do you have any simple tips that you use when you are hunting?

I make sure to test each and every functionality thoroughly, especially all input fields including cookies, headers, parameters etc. If there’s any interesting or weird behavior, I refer to some bookmarked resources to help me proceed further with an attack.

Do you have any advice for new hackers or people transitioning into bug bounty?

Don’t restrict yourself to learning from only one resource at a time. Read books, blogs and writeups, watch videos, practice what you’ve learnt on labs, learn how to code and integrate a little bit of everything in your day. At first, start with VDP’s or points-only programs since it’s easier to find bugs on those. Once you find your first bug and get some motivation, transition into bug bounty programs. This worked for me when I started and it might work for you too.

When you aren’t hunting bugs, what do you do for hobbies/fun?

When I’m not hunting or working, I swim, spend time with friends, watch Netflix, listen to music and treat myself to some great food.

Why do you hunt with Bugcrowd?

Bugcrowd is a very beginner-friendly platform. Apart from that, their support team is great and very responsive to researchers which I think is a huge benefit in today’s bug bounty scene

Follow Farah on Twitter @farah_hawa01 to keep up with her bug bounty journey!

Stay tuned for more Community Spotlights. Want to join Farah and be part of the Crowd? Join our Discord and sign up for a Researcher Account!

The post Community Spotlight: Farah Hawa appeared first on Bugcrowd.