Sam Curry, an 18-year-old student in Omaha, Neb., has been obsessed with computers from a young age, but his hobby (hacking) wasn’t always a constructive one.
As a sophomore in high school, he got in trouble for hacking into his school’s computers. He found a way into the system that allowed him to pose as an administrator. He could have changed student grades or done real damage, he said, but he just wanted to enter the network as a prank. School administrators were not amused and suspended him for two weeks.
The next time he found a security vulnerability, rather than exploiting it, he reported it to the high school administration. They gave him a $50 gift card to fast-food restaurant Subway as a reward. “That is the first time I realized there is a positive outlet for this work, and maybe I could get paid for it,” he said. He turned his coding skills into “white-hat” hacking. That is, hacking systems to protect companies, not expose them.
Since then, Curry has made more than $100,000 from legally hacking high-profile institutions including the U.S. Department of Defense, video game company Valve, and Yahoo. He is one of a growing number of hackers cashing in on “bug bounties” — monetary rewards that organizations pay hackers to expose vulnerabilities in their systems.
This kind of crowdsourced security testing is “rapidly approaching critical mass” according to a June 2018 report from industry research firm Gartner. It’s become so popular that it’s almost standard for companies to participate in these programs, and it’s only expected.
You may also check: