Prodigy hackers, and why we need them

Welcome to the new 93 cyber warriors who joined us last week. Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA23 stages.

Keep up with our weekly newsletters on LinkedIn — subscribe here.

This week we’re focused on…

Ethical hackers who start their careers when they’re very young. 

Why?

Because we interviewed Rohit Kumar (Product Security Engineer at Groww), and he told us about his earliest beginnings in the field of cybersecurity – while he was just a teenager.

“In April 2016, I was 14 and freelancing to earn some money. I found a website called HackerOne and thought it was a job site, like for companies. I made my own social media website in 10th grade and thought the ‘researcher’ signup was for super smart people.” 

So Kumar launched a bug bounty program on HackerOne to test his website’s security: “...but I didn’t understand what it meant. I invited lots of talented people, some even famous now, to find weaknesses.” 

“They found them fast – over 30 in five minutes! But I couldn't pay them because I was just a kid. This made them upset, and some even talked about it online. I'm really sorry for that.”

For Kumar, this mistake changed everything. Witnessing hackers break into his site so easily woke him up to the critical importance of security – and “I learned about this cool world of ethical hacking and all the amazing people in it. Even though it wasn't planned, that day started my journey into cybersecurity.” 

Kumar’s experience got us thinking…

Many ethical hackers started down this path at a young age. 

For example…

• 18-year-old Australian Jackson Henry has been in the news lately. At the age of 15, he helped uncover a security misconfiguration for the United Nations which could have exposed 10,000 sensitive data records – and now he works full-time as an ethical hacker.
  
• American Kristoffer Wilhelm von Hassel became the world’s youngest hacker at the age of five (yes, 5!) when he exposed vulnerabilities in Microsoft Live Xbox. Now ten years later, he’s listed as a security researcher by Microsoft.
  
• Hacker CyFi was featured by Wired at the age of 13, because four years earlier, she had co-founded (and continued to run) R00tz Asylum, the children’s version of DefCon. She got into hacking when she discovered a zero-day in a popular mobile game.
  
• At the age of 17, Jack Cable found 30 vulnerabilities in US Air Force websites. And he discovered a critical vulnerability in the Department of Defence’s secure filing system. 

Why do hackers start young?

There’s a dark side to hackers who start when they’re just children. Criminal groups are known to target young people in digital spaces, particularly gaming, and coerce them into carrying out attacks. 

But those who have the knowledge and support, or who just happen to discover the right vulnerability at the right time, often go on to build successful careers in ethical hacking. 

One 2023 study examined the lives of 15 hackers who started ethical hacking before they turned 18 – and found that they shared an early interest in information and communication tech; a sense of motivation to make systems more secure; and a feeling that reporting vulnerabilities was a moral duty. 

Beyond that, social aspects (particularly role models in hacker communities, and the support of parents and peers) helped to drive that motivation and encourage the young hackers to pursue ethical hacking as a job. 

Does this mean starting as an adult puts you at a disadvantage? 

No, not necessarily. 

Young hackers bring immense enthusiasm and fresh minds to the space – and they have the potential to shake up the cybersecurity sector because they’re unmuddled by the pressures that adults face. They look at problems with curiosity, and they’re more likely to try to solve those problems in new, creative ways. 

But starting later brings different advantages. You bring more varied life experiences and an understanding of the world of work and business that can help you provide hacking services that your clients really value. And there’s a good chance you’ve honed your communication skills, too – which is essential for ethical hackers who need to help clients understand what they’ve found, and why it matters. 

In short, we need hackers who start at all stages of life. Everyone brings something different to the field – and it’s all valuable. 

🔗 Read our interview with Rohit Kumar: How one mistake can launch a career

💡 We’d love to know…

How old were you when you started out in cybersecurity?

1. Under 10 vote

2. 10-15 years vote

3. 15-18 years vote

4. 18-25 years vote

5. Over 25 vote

Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 10 April 2024.

Catch you next week,
Steve Durning
Exhibition Director

Join us at Black Hat MEA 2024 to grow your network, expand your knowledge, and build your business.