Cool Job: I Recruit Pentesters for HackerOne

5 minutes

Witnessing a live HackerOne hacking event for the first time was “mind-blowing,” according to Ariel Garcia, who is now the Senior Manager of Technical Community Programs at HackerOne. At the time, he was working as a Senior Cybersecurity Analyst for an Argentinian financial company, but being in Las Vegas, surrounded by talented ethical hackers who were hacking for three days straight energized Ariel.

HackerOne is a platform that connects businesses to penetration testers and cybersecurity professionals who can help find potential vulnerabilities and flaws by hacking their systems. Put another way: “We help companies avoid being hacked — by hacking them,” Ariel says. Some organizations that use HackerOne include tech giants like Uber, Twitter, PayPal, and Zoom.

A big part of Ariel’s role is recruiting hackers for HackerOne’s prestigious pentesting community and setting them up with pentesting projects. But the most rewarding part is bringing hackers together through live community events and introducing people to hacking as a career, he says.

“What I love the most about my job is that we are changing people’s lives, which sounds corny, but is true,” Ariel says. “I talk to hackers from our community every single day from different countries — India, Argentina, Romania, Pakistan, you name it — that may not have the same opportunities as everyone else. As long as you can hack and find a vulnerability, we pay everyone the same, and that’s life-changing money and opportunities right there.”

Here’s how Ariel learned how to ethically hack, got involved in HackerOne events, and landed a job working for HackerOne.

What got me interested in the job

“In Argentina, you start working much younger than in the United States, usually while going to college at the same time. A lot of companies hire you without a degree, kind of betting on your future.

In my case, I studied information engineering — or IT — and I started working at 18 years old at a call center, then I got a job at a telecommunication company. I always liked computers and I’m kind of a geek. I started learning about a lot of technical concepts that gave me networking knowledge, like the IP and HTTP protocol there, routers, and VPNs.

There was a cybersecurity position open at Deloitte, one of the ‘Big Four’ accounting firms, and I got it. My main source of knowledge came from people teaching me on-the-go at the job. What helped me learn was hands-on hacking, seeing it in real time, and people explaining, ‘Oh, we found this vulnerability. This is how it works.’ The hands-on experience was extremely important, thanks to my colleagues.”  

How I got in the door

“In 2017, I was working for an Argentinian financial company and I went to DEF CON, the biggest hacking and InfoSec conference of the year, in Vegas. HackerOne was doing a live hacking event there, and someone invited me because my friend was participating as a hacker. I went, and instead of just drinking, having food, and getting free swag, I started connecting with people. I talked to a lot of people and I made friends that night — it was amazing.

If you go to a HackerOne event, you kind of get mind-blown, because there are hackers hacking and swag everywhere. I thought, Hey, I want these in Argentina, because we have a huge community of hackers, and I know a lot of them. I started working with someone on the HackerOne community team to plan a live hacking event in Buenos Aires, even though I had never done that before.

The event was a success: I got close to 35 local hackers to participate, and a lot of hackers made thousands of dollars in that hacking event, which spoke to the level of talent we have here in South America. Folks were happy with the results, and HackerOne’s VP of Marketing at the time said, ‘I love this. Do you want to come work with us?’ I thought it was too good to be true, but to my surprise, they hired me.”  

What I actually do every day

“I’m a Senior Manager for Technical Community Programs, which is a wide umbrella of things. We basically recruit, onboard, and assist the pentest community at HackerOne. While our bug bounty program is open to anyone, the pentest community requires specific skills, certifications, and experience, so we target a niche area within our own community.

We source every hacker that needs to be on a pentest, and we specifically farm things based on languages, geolocation, and skills — it’s a bit of a puzzle. We also do a bunch of recruiting as a whole, for example, if we need more hackers in iOS, how do we recruit more hackers with that skill? We just came back from a live hacking event in Barcelona, where we’re basically putting a bunch of hackers from the community together in the same physical place, and they hack a customer non-stop for like 15 days.”

Here’s what you need to get started

“You don’t need to get a degree or spend 10 years in college for somebody to start hacking,” Ariel says. “It’s never too late to learn.” Ariel’s advice is to approach hacking from an area of development that you’re already interested in. For example, if you’re an iOS Developer, maybe it would make sense to learn iOS hacking?

With so many free online resources available to learn how to hack, there are tons of ways to jump right in, learn at your own pace, and get hands-on hacking practice. HackerOne is a great place for hackers who want to learn how to hack and start earning money from bug bounty programs, meeting other hackers, and participating in Capture the Flag events.

Inspired by Ariel’s cool job? This is just a taste of the exciting careers you can land in cybersecurity. Start developing the skills you need for this industry with these courses:

  • Introduction to Cybersecurity: Cybersecurity is one of the fastest-growing fields today. In this course, you’ll learn the basic concepts that are used to identify and protect against common cyber threats and attacks.
  • Fundamentals of Cybersecurity: Learn how to identify cyber attacks and other skills that cybersecurity pros use to stay ahead of attacks, like pen testing and intelligence-gathering strategies.
  • Introduction to Ethical Hacking: In this free, beginner-friendly course, you can learn the skills that hackers use, like evading firewalls and network scanning. You’ll also walk away understanding the major differences between ethical and unethical hacking.
  • Scan Systems with Nmap: Nmap is used by ethical hackers to perform network discovery and security auditing, and it’s an important tool to have in your cybersecurity toolbelt.
  • Cybersecurity Analyst Interview Prep: Ready to apply for cybersecurity jobs? Practice answering entry-level interview questions with this skill path, and review key topics.

Ready to get started? Sign up for a course today!

Related articles

7 articles

What Is Social Engineering?

8 minutes
By Codecademy Team

What is social engineering? If you want to know how to spot and avoid online scammers, hackers, and anyone out for your password, then be sure to check out this article.