Ethical hackers play a crucial role in preventing the theft and misuse of data by malicious attackers who often exploit vulnerabilities within an organization. These vulnerabilities can either be pre-existing or may have emerged over time. Bug Bounty Programs act as intermediaries between ethical hackers and organizations seeking external assistance. They delineate the scope of hacking permissible by the organizations and acknowledge and reward individuals who report bugs, particularly those related to security exploits and vulnerabilities.
While many individuals express interest in participating in Bug Bounty Programs, they often struggle to know where to begin. Educators who wish to harness this enthusiasm and facilitate learning encounter similar challenges. However, there is good news. Between November 30th and December 2nd, the Zurich-based startup GObugfree, in collaboration with FFHS, welcomed individuals interested in the topic. This initiative not only provided aspiring ethical hackers with the opportunity to hone their skills but also offered educators a chance to delve into this captivating field.
The event facilitated networking, allowing participants to connect, share experiences, and explore potential collaborations. Leyla and Melanie actively engaged in these opportunities to explore how CYRENzh and academia can contribute to and support these efforts. Lessons that we learned:
- Education: There is more than one way to a cybersecurity career, but additional training opportunities are crucial, particularly beyond conventional university routes. Given Switzerland’s cybersecurity skills shortage, we need to rethink the way we are providing, or even gatekeeping, education.
- Legislation: Ethical hacking is still a legal grey zone. Establishing legal safe havens for ethical hackers is essential to encourage participation to increased cyber resilience.
- Mentorship: Doing bug bounties in a group has many advantages for learners. Beginners, especially ethical hackers new to the field, can acquire valuable insights by teaming up with experienced Bug Bounty veterans. Offering learning opportunities in group settings, in addition to individual hunting, can add significant value to the learning experience of novices.