MARISE ALPHONSO
TECHNICAL SECURITY RESEARCH – A REWARDING PROFESSION by Marise Alphonso, Information Security Professional
Cybersecurity incidents and data breaches typically
encourage security researchers to find vulnerabilities
result in bad actors getting rich—or aiming to do
in their products.
so—by requesting ransomware payments, conducting scams or selling data on the Dark Web. For the good
Bugcrowd and HackerOne are platforms that pool
people working to stop them getting rich a number
the skills of the world’s ethical hackers and security
of—rather more modest—rewards are available,
researchers to enable organisations and governments
particularly in technical security research.
around the world to benefit from their skills in finding software vulnerabilities. According to the June 2022
134
Software development is an expensive exercise and,
Australian Cyber Security Centre (ACSC) Cyber
despite rigorous and agile approaches to software
Threat Report, rapid exploitation of critical security
development, security vulnerabilities are frequently
vulnerabilities was widespread in the 2022 financial
uncovered. Security researchers play a pivotal
year with attackers targeting various technical
role in discovering zero-day vulnerabilities in the
systems. These findings highlight the need for more
infrastructure, technology and applications that power
cybersecurity professionals skilled in identifying
systems around the world.
vulnerabilities.
Google’s Project Zero is an example of a security
IMPROVING SECURITY RESEARCH SKILLS
research program that provides details on
Numerous resources can be used to improve
vulnerabilities discovered in proprietary or open-
knowledge and skills in security research. HackerOne
source software. It gives developers 90 days to
offers Hacker101, a free educational resource
address an issue before making the vulnerability
to empower the hacker community. While some
public. Many software companies run bug bounty
knowledge of programming or networking may be
programs offering a reward or recognition to
useful, Hacker101 caters for the beginner, introducing
W O M E N I N S E C U R I T Y M A G A Z I N E
J A N U A RY • F E B R U A RY 2023
