Whether or not it is from live hacking events or informative Twitter threadsthe deal with cdl (Corben Leo) most likely sounds acquainted to a lot of you. Corben has been hacking with H1 since 2016. His prolific work is understood all through our group. As a hacker, he constantly finds spots on our leaderboards and snipes unimaginable bugs on the applications he chooses to have interaction. So, it begs the question– what extra can we do to help such a profitable hacker?
In late October, we launched a blog a few new program at HackerOne, the Hacker Success Program. Hacker Success Managers have been actively supporting hackers inside their cohorts and proceed to supply help on a wide-range of hacker associated wants. This program is offering us alternatives to have interaction hackers in a extra personalised means. By establishing these one-to-one connections, we are able to guarantee that quite a lot of pursuits particular to people may be met with a consequence. We interviewed cdl at H1-407 about his time spent along with his HSM, Steve Hernandez. Let’s go over what he needed to say.
Connecting With Our Hackers 🤝
The purpose of the Hacker Success Program is an effort to drive hacker engagement and help on our platform. We’re doing this by treating our hackers as we deal with our clients– with consideration, element and 1:1 relationships. There was meticulous planning and designing to seek out profitable alternatives and areas of potential progress we may use to reinforce a hacker’s journey. So, it was nice to know the way cdl felt about assembly somebody totally new who had their progress and a plan in thoughts:
Properly, at first– I used to be shocked and confused at what it actually was. Like, what does HSM “Mean.” At first, I believed it was simply one other advertising and marketing buzzword– if I am being trustworthy. However then, as I met Steve and dug into it, I discovered, “Wow, they’re here to advocate for hackers.” Like, that is superior that there is somebody we are able to attain out to if now we have issues.
Earlier than, it felt like should you weren’t already related with somebody or had a earlier relationship, you had been simply out of luck. Making an attempt to get one thing resolved meant you’d have to leap by plenty of little hoops.
So, it turned thrilling after I heard what it was and the way it labored. Since we had somebody who cared about us, as an alternative of feeling like, “Oh, HackerOne only cares about their customers.” It is simply actually exhausting when hackers have been accomplished mistaken beforehand.
It’s nice having this advocacy and somebody who needs to work with you– and even push again in case you are mistaken about one thing. HSMs work with you to grasp completely different factors of view.
Yeah, I consider it is nice. There have been many instances when there could be miscommunications or misunderstandings between groups and hackers. So, having somebody who can step in and say, “You should take a look at this again and make sure you’re right about it.” Since I’ve made assumptions about one thing I’ve reported earlier than, and I believed it was accomplished mistaken, having another person look over it with me allowed me to make extra sense of it.
And even the other, the place the group will get a bug of mine, they usually do not perceive its impression, it’s good to have somebody assist mediate with me. I do consider that it is indispensable.
Hacker Impression 🔥
The center of the Hacker Success Program is specializing in the hacker’s distinctive and private journey. Each hacker has particular pursuits, objectives, experience and talent units which might be distinctive to them. Our need is to assist every hacker uncover and handle their subsequent alternative, as a result of the complexity of navigating these varied alternatives may be tough. No matter your tenure in consulting or entrepreneurship, even veterans of the sector can use path. Normally, at larger ranges, that is simply with the ability to have extra eyes over the panorama you already stand on and provides encouragement.
What’s the impression our hackers inside the program have been experiencing and seeing? Right here’s a fast listing:
Hackers have been onboarded for a chance to hitch our pentest group
A considerable enhance in earnings year-over-year, and a considerable enhance in excessive and significant submissions
These in this system have been chosen for talking alternatives at a number of occasions (Safety@, H@cktivityCon, webinars, and so forth.)
That is solely the start for this program. It is vital that hackers know they’ve somebody to show to for these enhancements. This comes from a layered strategy that defines focus areas that may assist construct new momentum. Hacker Success Managers are right here to stroll by every layer and be a robust advocate for these adjustments.
Steve and I had a name, and he requested me about subsequent 12 months’s objectives. It wasn’t even essentially simply objectives for bug bounty, however typically. I began speaking about issues that weren’t bounty associated.
Finally, he did ask me, “So, you don’t have any bounty goals or bug goals?”
And I used to be like, “Yeah, I guess I’ve seen the program OpenSea- they pay a lot, and I think it would be really cool to find a crit.”
Steve supported me by saying, “Yeah, you should totally move into it and find a crit. I think you should definitely do it. I think you should set some time and actually set that as a goal for yourself.”
So, he form of pushed me in that direction- and inside 24 hours I ended up discovering a crit, then ended up discovering 3 extra. I ended up making 320k within the subsequent three weeks, because of him. If it wasn’t for an HSM I most likely would not have discovered it in any respect, taken the time to look, or set that purpose.
So, even past the advocacy and help their encouragement actually helps push us to go exterior our consolation zone.
Finest Foot Ahead 👟
A key element to the Hacker Success Program is knowing vital points our hackers are dealing with that we’d not be fully conscious of. It is as much as us at HackerOne to make sure hackers can hack and will not be impeded by roadblocks, making certain they will have success and progress.
Diving into particular person hacker’s tales permits us to see areas that require extra consideration. We requested cdl if he believed this program is an instance of HackerOne doing its greatest to empower him as a hacker.
Oh yeah, completely! And I believe that it isn’t solely simply good for safety researchers but additionally serving to develop the PERCEPTION of safety researchers. As a result of plenty of the time individuals expertise with safety researchers is, “Oh, they’ve received an email from a security researcher who’s submitted a vulnerability to them and the receiver can be haphazard about it, or they might feel threatened.” So, having somebody in your aspect that explains who you’re helps you get on-boarded to a brand new program and cultivates a greater relationship with their group.
As a result of, what is not seen is that individuals receiving stories can generally be hesitant to the perceptions of hackers- however having somebody in your ballpark to say “Hey, here are all these HackOne researchers who do have something to say in good faith.” They assist us align so it is not this “Us v.s. Them” mentality.
HSMs are right here to truly work with you and have another person clarify our aspect. Having one thing like that is simply actually good for the entire safety analysis area.
Since starting the Hacker Success Program, now we have recognized new and thrilling alternatives for hackers, gained vital suggestions on how we are able to enhance our platform and gleaned methods through which we are able to join with our hacking group in a greater means. As this system continues to develop and develop, we’ll iterate on our processes to make sure hackers proceed to learn from having an HSM.
So, what’s the way forward for this program and the way does it apply to you? This program began with hackers who’re championing program success, platform exercise, and who’ve been striving to see HackerOne develop. Our learnings from this preliminary group will present the groundwork for continued constructive outcomes in later cohorts.
We perceive that not each particular person is on the similar place of their journey. As an example, you could be on the level the place you’re simply hitting your stride in bug bounty. Or perhaps you’re nonetheless studying the in-and-outs of what it means to be in bug bounty. Wherever it’s possible you’ll be, we really feel hackers deserve advocacy and the chance to have steering in these pivotal moments. We wish to develop this program. We see a future the place we are able to impression individuals throughout the board at HackerOne. From those that simply signed up for an account, to these gunning to be the following million dollar hacker.
Merely put, the way forward for this program is to develop this function additional out into our Neighborhood. Our Hacker Success Managers are right here to assist make breakthroughs in hacker’s careers.
Date: 2023-04-06 10:12:05