This blog is part of a series highlighting top hackers on HackerOne. These hall-of-famers are extremely talented bug hunters and continuously dominate the leaderboards and thanks pages. In this first post, we are thrilled to highlight, nnwakelam!
Nathaniel (Left) at HackerOne’s H1-702 bug bounty event in Las Vegas
Nathaniel Wakelam has found over 343 vulnerabilities, is in the 90th percentile for signal, 89th for impact and ranked 8th overall with over 7,000 reputation! This 21-year-old, Melbourne-based hacker, nicknamed “Naffy” by his friends, filed his first bug report on HackerOne on November 21, 2013. Nathaniel was first introduced to security and bug hunting three years ago by a friend. “I saw what he was doing and said to myself, ‘Hey, I could do that!’” he shared. During that first semester hacking in University he earned more than $60,000 in bounties and decided to do it full-time.
One of the things he appreciates most about bug bounty programs are the relationships you build within the community. “The people in this community I respect and admire are many and numerous. I could go on for hours,” he said. Not only other hackers, but also with organizations running the programs, he shared. These relationships allow him to hack technologies he wouldn't normally have access or permission to test and has helped make him a better hacker. On what Bug bounty programs have awarded him with, Wakelam mentioned “cash money, skills, sent me around the world, and I've forged some lifelong friendships due to taking part in them.”
Wakelam is a proponent of hacking with friends, a recommendation we hear from the best bug hunters in our community. His fierce competition with “notnaffy” on HackerOne, is one of his key motivators he said. “We've forced each other to adapt and grow in new and interesting ways to actually find bugs the other one wouldn't find.” Wakelam recalled a time when notnaffy teased him during a talk they were giving to 200 people about missing a $15,000 bug in an application that he found. Friends are excellent teachers.
Wakelam is also dedicated to using his bounties to give back to newer hackers. He co-founded the organization HackersHelpingHackers (HHH) to help new hackers get started, build their network, and find mentors. “HHH is made by the hacker community, for the hacker community. We want to support young talent and help to steer people in the right direction by putting them in touch with mentors and people who can help in supporting their growth. Starting a career is scary at the best of times, and I know personally that InfoSec is no exception to that,” he said.
In 2015, HackersHelpingHackers was able to send four hackers to KiwiCon (a New Zealand computer security conference), and they expect to do the same this year. “Conferences allow for you to meet people you’ve known online for 5+ years in real life, and that’s really cool,” said Wakelam. Being successful in this industry requires more than just the technical skills; building relationships is really important, shared Wakelam, and that is what they are aiming to help hackers do. The bounties he earned at HackerOne’s H1-702 bug bounty event in Las Vegas alone will allow for him to send a few hackers to New Zealand for the next KiwiCon, he shared. To learn more about HHH or support the cause, visit: http://hackershelpinghackers.com
For companies running bug bounty programs, Wakelam says, “Don't be a stranger… We are all figuring this out too and I find that when you treat people with respect and are open and honest with your communications you'll normally be treated the same way back.” He recommends that teams get to know the hackers working on their program and never hesitate to ask a question or reach out. When he is looking for a program to work on, Wakelam shared he always starts with the low hanging fruit. “Bug bounties are a time investment and if you aren't getting a return on that, reassess your strategy.”
When will you find him hacking? Like most, Wakelam burns the midnight oil and then some. “I'm writing this at 5 AM on a Friday morning. I am up at odd hours and am going to get breakfast and then hack all of Friday quite likely.” Regarding his hacking setup, he relies solely on an internet connection, a terminal and black shades (the sunglasses, not the RAT). What does he listen to? “Halcyon on and on (from the Hackers soundtrack) playing on repeat as the backing track to my life,” he said, “this is super important.”
Lastly, If you ever find yourself in the company of Wakelam, he enjoys a nice red wine occasionally, or a gin and pineapple juice as the situation presents itself.
Stay tuned for our next hacker hall of fame, and let us know if you have a question for our hackers by emailing us at firstname.lastname@example.org!
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.