While many companies still stay away from offensive security experts and advanced DevSecOps experts — often due to a lack of knowledge and budget cuts — bug bounty programs, live hacking, and hackathons are gaining ground and value.
These are where the elite operates — penetration testers, offensive hackers, ethical hackers, curious developers, and bug and threat hunters.
As the era of generative AI drives another deep integration shift and the global threat landscape becomes more active and dangerous, Tehcopedia sat with experts from DevPost and HackerOne to talk about hackathons, live hacking, the coolest tech in use, and how the movement can help young and old generations seize opportunities and build a career.
Key Takeaways
- While hackathons originated at universities, they are now popular among professionals and companies too.
- DevPost and HackerOne are two industry giants, and we spoke to their teams about the rise of hackathons and how they are embraced by enterprises and Fortune 500 companies.
- Meanwhile, internal hackathons foster employee innovation and teamwork, while ethical hackers play a crucial role in cybersecurity.
- Bug bounty programs and live hacking events continue to grow in scale, with large bounties available as companies recognize the value of ethical hackers in improving their cybersecurity posture.
Hackathons: Innovation Grounds
Brandon Kessler used to work in the rock industry. Today, he is rolling around as founder of the leading company in the hackathon space, Devpost, which powers the majority of public and private hackathons (software competitions) around the globe.
Kessler is on the Devpost mission: To inspire the world’s developers to build great software.
Techopedia sat Kessler to understand how he shifted from rock to leading one of the biggest Hackathon platforms online today.
“The throughline across both roles is: I support makers and their creations.”
“As a record label founder, I was always most excited to find great artists and get the word out about their music,” Kessler said. “At Devpost, I get to support the creation and promotion of new software projects.”
Kessler — like many others in the field — explained that “hackathons are NOT related to hackers who break into things.”
“The name leverages the term hack as in, ‘those who hack things together creatively to solve a problem.’ Hackathons are competitions where participants are asked to build projects with a specific goal or problem in mind; those projects are reviewed by judges; and winners are chosen.”
Devpost′s hackathon lists include big names such as Microsoft, Google, Meta, Amazon Web Services, Atlassian, Okta, and many other leading tech companies.
Each project has thousands of participants, and prizes range from $10,000 to $540,000 — sometimes more.
“Within hackathons, there’s a misconception among some that they’re only for college students, and you don’t sleep for 3 days, so they’re not for professionals. While hackathons are big on campus, they’re huge in the enterprise and across the Fortune 500.”
Kessler explained that companies run internal hackathons to drive innovation and collaboration. Employees who are told what to work on each day get to set that aside for a few days and come up with new ideas to help their business and be more productive.
“Among the wider industry, the biggest pain point is making engineering accessible to all, no matter where you come from.”
“Fortunately, I see it improving with better educational courses, programs for the underserved to learn to code, hackathons, and new tools, and AI,” Kessler added.
Live-Hacking with HackerOne
The global demand for hackathons, penetration testing, ethical hackers, and programmers who work side by side with security experts is on the rise. From government agencies to tech companies, organizations are setting up platforms where ethical hackers can report vulnerabilities and engage.
Additionally, driven by this demand, new platforms such as Zerod give ethical hackers a place to connect with clients and collaborate.
But when talking about ethical hackers′ community, no organization hits home like HackerOne — the biggest ethical hacker organization in the world.
Techopedia talked to Ariel García, Technical Community Programs at HackerOne, about modern live hacking events.
“They’re only getting better! Hackathons, or what we call live hacking events, help our hackers make a greater impact on an organization’s security posture because they allow hackers to engage in real-time collaboration not only with other great hackers but also with the program staff, resulting in the most impactful vulnerabilities we have ever seen,” Garcia said.
“In our Live Hacking Event in Las Vegas last year hackers got paid $2.8 million in bounties. As organizations continue to build trust and recognize the benefits of working with hackers, I see the impact, collaboration, and scope of engagements growing.”
Keeping true to its origins of innovation and ethical values, HackerOne continues to venture into new territories.
“We’ve also seen the value of new formats for these kinds of engagements benefit hackers and our customers,” Garcia said.
Late last year, HackerOne completed the second annual iteration of our Ambassador World Cup. The event is an eight-month-long competition that unites hackers representing their countries to become world champions while hacking leading organizations like Adobe, Zoom, TikTok, and Mercado Libre.
“The engagement resulted in 799 valid submissions and more than $1.7 million in rewards paid to hackers. This year we are coming back with a new edition with even more teams and hackers participating.”
Beyond Rewards: A Way of Life and Culture
The ethical hacker movement which has its origins in the days before computers became the norm in every home, is today a strong subculture movement. In this movement, hacking is not just about rewards, or recognition. It’s a way of life.
From the iconic Kevin Mitnick — whose early career was defined by hacking into high-profile systems like North American Aerospace Defense Command (NORAD) to Robert Tappan Morris, the Cornell graduate student who unleashed the Morris worm in 1988, numerous innovating black hat hackers engaged in illegal hacking activities before moving to the other side and becoming well-respected security and white hat leaders.
Techopedia asked Garcia from HackerOne if increased awareness and education about ethical hacking, coupled with programs that incentivize new generations and old ones, potentially have an impact on the global state of cybersecurity and cyberwarfare.
“Certainly. Many of our ethical hacking community are Gen Z — they’re young.
“Offering access to constructive and lucrative outlets to better the world can deter people from going down a path they will regret later in life.”
“Hacking (whether you’re black hat or white hat) can be motivated by making money — but ethical hacking means you can do something that makes the world a better place while making money and building a legitimate career path,” Garcia said.
HackerOne’s research has shown that many in our community are not just motivated by money with over 75% of hackers stating they do it to learn.
“And hackers coming together, like at live hacking events or less formal community meet-ups, builds communities that benefit the entire ecosystem.”
“Many of our hackers talk about how learning from each other is just as invaluable to them as it is to us because it strengthens the collective knowledge of the community, which benefits our customers and the broader internet,” Garcia added.
The HackerOne Brand Ambassador program — which now has more than 65 ambassadors around the world, organizes hacking meetups and grows within their local communities.
‘AI is the Coolest Technology’
Kessler from DevPost told Techopedia that “without a question” the coolest technology today is generative AI.
“That means either open source or proprietary AI models. We’re in such early days. But what’s coming fast is an application layer built on top of these artificial brains, beyond the chat box we’re used to.”
Kessler said that the best tools and applications are being created right right now, for specific purposes and industries, to drive security and reliability. “And each year it’s going to be better and better,” Kessler added.
Nothing like the Human Touch
Techopedia also asked Garcia from HackerOne what was the coolest technology he was being used on the ground by ethical hackers.
“The most impressive thing about them is the mindset they possess; hackers are an incredibly creative and diverse group of people.”
“Ethical hackers, often young and without formal cybersecurity education, are self-taught enthusiasts driven by innate curiosity,” Garcia said. “In other words, the individuals who succeed in this profession are not only technically savvy but determined — they don’t mind finding their own way to success when a career path isn’t clear-cut.”
“That tenacity is essential when bug hunting. Their unconventional backgrounds drive self-learning, experimentation, and a deep passion for their work.”
Open-source AI or Proprietary?
One of the biggest debates in the software developer and tech industry is open-source and accessibility, especially with AI models that are mostly offered as products by big tech companies. We asked Garcia from HackerOne which type of tech ethical hackers prefer.
“Preference depends on the motives and expertise of the hacker. Proprietary technology may lead to larger or more reliable payouts from a bigger organization. It can be more lucrative, and you can build great connections with internal company teams based on the value of the work you’re doing for an organization.”
“Open-source projects, on the other hand, are less likely to have as many resources dedicated to managing vulnerabilities and paying out hackers, so they may not get rewarded or be rewarded as quickly,” Garcia said.
“That does not mean their research is not critical, though. Most organizations use some form of open-source software, so any hacking on open-source programs can still make a large impact on the safety of the broader internet.”
“Many of the learnings a hacker may have from hacking on open-source AI could also be applied to pressure testing systems in scope for programs run by private companies. They’re also helping the collective security of anyone using that open-source AI model.”
What Do Hackathons Bring to the Table?
Working with ethical hackers, participating in hackathons, and engaging with penetration testers provides an invaluable opportunity for companies to tap into a diverse pool of talent and expertise outside of their organization. Garica spoke about the value the movement brings to the table.
“Imagine getting some of the best hackers in the world, all together in the same room, dedicating all their time to hacking your company assets and reporting the vulnerabilities in real-time. That’s what a live hacking event is.”
Ethical hackers often possess specialized skills and knowledge in cybersecurity and technology, offering fresh perspectives and solutions to address security challenges, and collaboration between these hackers is a key element of a live hacking event.
Kessler from Devpost added that hackathons allow companies to unlock innovation from their employees, and to bring them together to collaborate. “This gets better solutions into their R&D pipeline, drives learning, and creates bonds between employees so they perform better and don’t quit,” Kessler said.
“When well-structured, hackathons deliver on business goals. And these days, it’s all about learning and driving AI in the workplace.”
As Garcia explains, hackathons foster collaboration and knowledge sharing between external participants and internal teams, facilitating cross-pollination of ideas and best practices. Companies can leverage the creativity and ingenuity of ethical hackers to identify and address potential vulnerabilities in their systems.
“Participating in external hackathons demonstrates a company’s commitment to fostering innovation and engaging with the broader Hacking community,” Garcia said.
“This is the future of offensive security, and you should be part of it.”
References
- Brandon Kessler (LinkedIn)
- Devpost Official Website (Devpost)
- Zerod Official Website (Zerod)
- Ariel Walter García (LinkedIn)
- HackerOne Official Website (HackerOne)
- The 2023 Ambassador World Cup Final: Results, Impact, and Looking Ahead (HackerOne)
- Hacker-Powered Security Report 2023 (HackerOne)
- Connect With HackerOne Brand Ambassadors From Around the Globe (HackerOne)
- HackerOne Live Hacking Event Recap: Las Vegas w/ Amazon (YouTube)