How HackerOne's famous new CEO is helping teen hackers become agents of good, not evil
HackerOne
And along the way, its famous new CEO, Marten Mickos, has become a sort of a fatherly pied-piper figure to a generation of socially awkward teen hackers, many of them living in developing countries. He's guiding them to the light of hacking for good, and earning some money, instead of causing mischief.
Bug bounty programs are when companies invite hackers to break into their software, then pay prizes for the bugs they find. The scarier the bug, the bigger the prize. It's a way of finding out how bad-guy hackers would break your software using real-world conditions in a controlled setting.
On Friday, HackerOne launched a bunch of new products that makes bug bounty programs more accessible for everyday companies. This includes a new subscription business model for software that helps customers with a bunch of related tasks, such as running small bug-bounty pilot programs and tracking the bugs through the process of fixing them.
Since it launched in 2012, the company has landed 550 customers, all without a sales force. With the new software, the 50-employee company just changed that, too. It hired its first sales person, Marjorie Janiewicz, previously from MongDB, and she's in the process of hiring more.
Humans are the problem and the solution
HackerOne is a hot Valley startup that's raised $34 million from VC backers like Benchmark and NEA and individual "angel" investors like Marc Benioff, David Sacks, Drew Houston, and Jeremy Stoppelman.
Trep Life
Mickos wasn't at first interested in HackerOne, he told us.
He barely agreed to meet with the founders, Jobert Abma and Michiel Prins, two twenty-something best friends, who have been hacking into computers since their high school days.
"I was asked to take a look at this company, and I was thinking to myself, 'Oh no, a security company. Who the heck could get excited about security?' I sort of dragged my feet to the meeting," Mikos told us.
Obviously, he changed his mind.
"I realized that this company is turning security inside out. You used to do all the security on the inside, now we realized the rescue is on the outside. You used to buy more and more [security] tech. Now we realize that tech is not the solution, tech is the problem. Humans are the solution," he says.
Today HackerOne has a network of "tens of thousands" of hackers in its system, he says, many of them are teens that he's befriended over Facebook and Twitter.
A better outlet for 'misfit' teens
Mickos said he feels a bit "emotional" about this company's mission.
"There are all these young, capable people who are a bit lost and may feel like they are misfits in society and if you give them a good task and ask them to do a good deed, they will," he says.
HackerOne
Mickos says that he's gotten to know similar teens in the Philippines, Morocco, Saudi Arabia, the UK, Russia, and Scandinavia.
"You find them all over the place. And they are so full of energy and hope. It's exactly like Brexit. The old guys are disenfranchised and ready to leave. But the young kids, they are ready to build a great digital society for us."
In fact, the founders were the same sort of teen hackers in the Netherlands. They launched a company when their parents insisted they put their talents to good use instead of mischief and sentences of community service.
All told, HackerOne has paid out $8.5 million in bug bounties since it was founded in 2012, Mickos says.
Not all the hackers are teens. Many of them are software and security pros earning extra money moonlighting as bug hunters. Some of them will earn an $100,000+ a year, including founder Abma himself, he recently told us.
Even the Pentagon is asking these folks to hack it
HackerOne isn't the only company out there running bug bounty programs. Bugcrowd, CrowdSecurity, and Synack are some others.
But it does have an impressive gaggle of customers including Uber, Dropbox, Airbnb, GitHub, GM, and Twitter.
Probably its most impressive feat was a program put on by the Department of the Defense called Hack the Pentagon, which concluded in May. Over 1,400 hackers participated. They found 138 bugs and the DOD paid out $71,200 in bounties. The Pentagon was so happy with the program, it sent every participant a specially made commemorative coin.
That's a far cry from the Pentagon's previous relationship with hackers, which might have involved jail.
If the Pentagon can do a bug bounty, than any company can.
Got my #hackthepentagon coin today. So cool! Thanks @Hacker0x01 pic.twitter.com/aGgx6A4BNN
- Travis Lee (@eelsivart) June 25, 2016
- A couple accidentally shipped their cat in an Amazon return package. It arrived safely 6 days later, hundreds of miles away.
- A centenarian who starts her day with gentle exercise and loves walks shares 5 longevity tips, including staying single
- 2 states where home prices are falling because there are too many houses and not enough buyers
- "To sit and talk in the box...!" Kohli's message to critics as RCB wrecks GT in IPL Match 45
- 7 Nutritious and flavourful tiffin ideas to pack for school
- India's e-commerce market set to skyrocket as the country's digital economy surges to USD 1 Trillion by 2030
- Top 5 places to visit near Rishikesh
- Indian economy remains in bright spot: Ministry of Finance