At a tender age of 19, Santiago Lopez is earning a handsome sum of money via bug bounty program HackerOne and discovering security flaws through vulnerability coordination. He is said to be the first one to make more than USD 1 million through the aforementioned channels and he ranks second on HackerOne.
Lopez is self-taught on how to quash layers of security protections as he resorted to tutorial videos and content on the internet for his hacking and information security classes which he started taking in 2015 at the age of 16.
He has worked and reported vulnerabilities for renowned organizations such as Twitter, Automattic, Verizon, HackerOne among others. As of now, he has successfully reported 1676 different vulnerabilities for online assets. Additionally, he has worked for the US government and other private organizations.
It was a year later when he was awarded a $50 pay for a CSRF vulnerability, the inflow of rewards began; the largest bounty being $9,000, which he received for a SSRF.
Santiago invested his initial bug bounty earnings on a brand new PC and as the money multiplied, the young IT enthusiast considered buying cars.
At HackerOne, the goal of their program is to touch the mark of $100 million by the end of 2020 and on the way of realizing this goal, in 2018, the security researchers at HackerOne have made more than $19 million in bounties which is significantly larger than over $24 million paid in the past five years.
It has been reported that the majority of the hackers dedicate around 10 hours per week searching for bugs, while one-fourth of them are found to be working 10-20 hours every week.
Referencing from a survey, the security researchers with extensive experience in the corresponding field forms the smallest percentage, whereas the majority which is 72.3% carries experiences ranging from one to five years.
It is the joys of accumulating money and dealing with challenges which are among the top driving factors for the researchers to submit bugs through HackerOne.