Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecurityCybersecurity News

Education & Training

Compelling insights into career hackers

In 39 seconds, there will be another web application attack.

By Ashish Gupta
SEC1020-Edu-Feat-slide1_900px
October 14, 2020

It is well known that today we live in an unprecedented time with rampant cybercrime. And now that the COVID-19 pandemic has created unparalleled challenges including worldwide unemployment and a massive financial crisis, ironically one of the industries that has flourished is the $5.2 trillion economy of cybercrime. As the rise of commercial cybercrime has outpaced the traditional security team, we have put out a 2020 report called “Inside the Mind of a Hacker 2020,” which casts new light on the next generation of hackers utilizing  human ingenuity to solve difficult cybersecurity problems. This report also presents a timely overview of career hackers amid a growing digital crisis, highlighting how they are working together to help organizations defend their attack surface.

We discovered that globally distributed good-faith hackers are increasing in number and offering organizations the power to proactively prevent a malicious cyberattack — which can cost companies nearly $3.92 million dollars if gone unchecked, according to a recent report. While artificial intelligence (AI) has a role to play in reducing cyber risk, companies also need to integrate crowd-sourced security if they hope to outmaneuver cybercriminals.

The ITMOAH report analyzes 3,493 survey responses from working hackers between May 1, 2019 and April 30, 2020. In addition, the report incorporates data from 1,549 programs and 7.7 million platform interactions to provide an in-depth view of emerging trends among bug bounty, penetration testing, attack surface management and vulnerability disclosure programs.

The word “hacker” conjures up some negative stereotypes, but this could not be farther from the truth. The report’s findings break down these negative images and present a truer picture of these career hackers, with new data about where they come from, what motivates them, which skills they have and how they see themselves.

Here are some key highlights from the report:

 

COVID-19 is Increasing Demand for Career Hackers

The FBI reported a 400% rise in cybercrime after COVID-19 was declared a pandemic. As such, organizations are investing more in bug bounty programs. More than half of hackers (61%) have noticed an increase in available bug bounty programs to participate in due to widespread remote working conditions related to COVID-19.

Like the larger security industry, career hackers also noted concerns about COVID-related fraud. Forty-eight percent of the hackers believe the healthcare industry is the most vulnerable to cybercrime during the unfolding crisis, followed by education and community support (17%) and government and military (16%).

Additionally, as the government faces the potential impact of COVID-19 on the upcoming 2020 U.S. Presidential election, 72% of hackers independently reported that they do not trust alternative polling methods, such as electronic polling or mail-in ballots.

 

AI-Powered Cybersecurity Solutions Are not Enough to Outmaneuver Sophisticated Cyberattacks

The report found that 78% of career hackers surveyed said AI-powered cybersecurity solutions alone are not enough to outmaneuver cyberattacks over the next decade. In addition, nearly nine out of 10 hackers, 87%, reported that scanners cannot find as many critical or unknown assets as humans.

The case for adding human ingenuity to a security program is telling. For instance, while 2019 was a record year for data breaches, the report found that hackers working on the Bugcrowd platform prevented $8.9 billion of cybercrime in 2019 and earned 38% more than they did in the previous period. In the next five years, hackers on the Bugcrowd platform are projected to prevent more than $55 billion in cybercrime for organizations worldwide.

 

Career Hackers Live on Six Continents and Reside in More Than 100 Countries Worldwide

The report found that career hackers reside in more than 100 countries worldwide, including emerging markets; however, research shows they still possess the same quality of education that organizations have come to expect in developed countries like Australia and the U.S. For example, universities in India, such as the Indian Institute of Science, are internationally recognized for providing some of the highest standards of engineering education.

As such, the report also observed an 83% increase in the number of respondents who report living in India. This uptick has caused a thought-provoking shift in the average geographic distribution of security researchers, with further expansion also seen in Australia and the U.K.

Most security researchers reside in metropolitan areas, but 11% report living outside of built-up areas in villages, farms and other isolated dwellings.

 

Hackers Speak Multiple Languages, Enhancing Cognitive Abilities

Studies show that speaking more than one language enhances cognitive abilities such as memory, concentration, problem-solving and critical-thinking skills. Unsurprisingly, these cognitive strengths make multilingual people uniquely suited to work as career hackers because they generally possess superior creativity and logical flexibility. Data also suggests that decisions made by security researchers in their auxiliary language are more likely to be reason driven.

Many career hackers reported that they attribute their “computer skills” to multilingualism. One of the hackers even mentioned that learning new languages felt the same as learning a new syntax, as it is the same thought process.

 

The Next Generation of Hackers Are Younger and Neurologically Diverse

The report found that 53% of hackers are under the age of 24; and 13% are neurodiverse. It stands to reason that hacking as a profession is lucrative and highly attractive to young people.

When people think about diversity, things like race and gender typically come to mind, but another quality also diversifies ethical hackers: neurodiversity. The attribute is worth considering given that 13% of security researchers report experiencing distinct neurodevelopmental conditions that include dyspraxia, dyslexia, attention deficit/hyperactivity disorder (AD/HD), dyscalculia, autistic spectrum and Tourette syndrome. According to Dr. Devon MacEachron, a psychologist specializing in twice-exceptional and gifted learners, neurodiversity is a genetic property related to the evolution of humans as a species. Consequently, these differences are not flaws, but instead natural variations in the human genome that can provide unique advantages in contexts like hacking.

For example, experts say individuals with AD/HD thrive in environments of rapid change and variety that reward creativity and out-of-the-box thinking. These qualities underpin ethical hacking, making them highly suited to work as a security researcher.

 

Hacking for the Social Good and for Personal Development

Sixty-one percent of security researchers say they hack for reasons of personal development, such as realizing new talents, facilitating employability and enhancing their quality of life.

On a related topic, the report uncovered a growing social responsibility trend among hackers, with 93% of security researchers hacking out of care for the well-being of organizations. In terms of how these career hackers learned their trade, we found that most learned using online resources, while 36% report being entirely self-taught. Only 13% completed academic or professional coursework related to cybersecurity, highlighting their preference for online resources and community support.

Likewise, 70% of career hackers are highly skilled in web application testing. According to a report from Avast, the attack surface is growing faster than it has at any other time; despite web applications being at an increased risk, organizations still find themselves needing to secure more than 400 of them. Fortunately, 70% of security researchers are highly skilled in web application testing and can unburden internal teams so that they can remediate risk earlier in the development lifecycle.

The report findings showed that human ingenuity and creativity still remain the most powerful tools in cybersecurity. While AI and machine learning serve as useful levers, they will not replace humans for a long time to come. This gap between automation and human adversarial creativity suggests organizations will increasingly seek to augment their security strategy with crowdsourcing, the most efficient and practical approach to finding the right talent for the right problem.

The only limits for how organizations can leverage hackers are the limits of their imagination. Accordingly, we predict that organizations will leverage hackers in never-before-seen ways in the year ahead.

KEYWORDS: cyber security endpoint security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ashish Gupta is the CEO of Bugcrowd and has more than 25 years of general management experience, with leadership roles in marketing, sales and business development.  Prior to Bugcrowd, Ashish was InfoBlox’s EVP and Chief Marketing Officer responsible for worldwide strategy and operations for global corporate and product marketing, including brand awareness and go-to-market strategy.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Keyboard

    Marks & Spencer Hackers Tricked IT Workers Into Resetting Passwords

    See More
  • hacker

    Computer Scientists’ New Tool Fools Hackers into Sharing Keys for Better Cybersecurity

    See More
  • How Continous Is Continous Monitoring?

    Top three ways hackers get around authentication

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing