HackerOne Blog

Built, Not Born: From Curiosity to Cybersecurity

Maggie Miller
Senior Director, Corporate Marketing
Digital Chart

Itumeleng Lesley Ditlhotlhole grew up in Botswana, in a home without a computer, like most of his peers. The internet existed, but only in moments. Cybersecurity wasn’t a career path. Ethical research—reporting security vulnerabilities to protect people and systems—wasn’t something anyone talked about. If hacking came up at all, it was in action movies, not in classrooms or career fairs.

 

But books were constant.

 

“I read quite a lot,” Lesley says. “Literature, mostly. I liked how people thought. I liked how arguments were made.”

 

He thought he’d become a lawyer. The idea made sense: he was vocal, curious, clear in his thinking. “I felt like, okay—with my personality, and my interest in literature—I could make a decent lawyer.”

 

It wasn’t just about prestige. It was about range. “Law touches everything,” he says. “You’re not stuck in one box. You could deal with a different kind of problem every day.”

 

So when he signed up for a university course including a Cyber Law module, he expected debate, case studies, maybe court procedure.

 

What he got was TCP/IP and firewall logs.

 

“It was all about computers,” he says, smiling. “But I was already in. So I stayed.”

 

That’s how most of Lesley’s story goes. The thing isn’t what he expected, but he stays with it. He learns it. And, eventually, he falls in love with it.

“I Didn’t Know I’d Love It This Much”

Over time, the concepts that initially felt foreign began to make sense. He got better. Then he got hooked.

 

 

“I didn’t know I’d love it this much. I enjoy learning how systems work. I enjoy breaking them... ethically. And I enjoy helping people fix them."

 

—Itumeleng Lesley Ditlhotlhole

 

That unexpected passion kept him going. Even when the path forward was unclear, the work itself gave him something to hold onto: progress, puzzle-solving, purpose.

 

It turns out, ethical research isn’t so different from law. Both are about systems. Both require logic, creativity, and attention to loopholes. And both are adversarial in structure: you’re constantly thinking from the other side’s perspective.

 

“Legal work gives you a framework,” he says. “You study how people can go around the system, and how to defend against that. Cybersecurity is the same.”

 

But in research, the systems are digital. The arguments unfold in code. And the courtroom is often invisible, hidden behind a report, a fix, or a silently patched vulnerability.

Built Slowly, Brick by Brick

After university, Lesley didn’t have a job lined up. He didn’t have industry connections or insider advice. But he had something else: time, and an unusual level of patience.

 

He earned his CEH certification. He practiced for hours on Hack The Box. He studied publicly disclosed vulnerabilities and taught himself how exploits actually worked.

 

“It’s not talent,” he says. “It’s time.”

 

Eventually, he found HackerOne. His first vulnerability report—submitted to OneWeb’s public program—was valid. It got fixed. That was all the encouragement he needed. More submissions followed. Then an invite to their private program. Then, two years later, a full-time job offer.

 

Even now, people back home don’t always know what to make of his work.

 

“But they can see I’m doing something serious,” he says. “That I’m progressing. That it matters.”

The Most Dangerous Kind of Hesitation

Lesley meets a lot of people who say they want to get into ethical research. Some reach out for advice. Others simply watch from a distance.

 

But most of them never start.

 

“They think it’s too much,” he says. “Too complicated, too technical. And that hesitation? It kills the motivation. They don’t realize that you only learn by doing.”

 

He’s seen it happen often. People confuse complexity with impossibility. They assume if they don’t understand everything at the start, they’ll never catch up.

 

“I feel like if I had hesitated to start this, I wouldn’t have this kind of story to tell.”

What It Means to Begin

Lesley’s story isn’t built on natural aptitude or access to early tech. It’s built on deliberate choices—day after day—to keep moving forward.

 

“You can hesitate in the middle,” he says. “That’s okay. That happens to everyone. But at the beginning? If you hesitate there, you don’t get started at all.”

 

What makes a good security researcher, in his view, isn’t genius. It’s persistence. Willingness to sit with the hard parts. Confidence that even if you don’t understand something today, you will eventually.

 

Lesley didn’t grow up in tech. But he built a life inside it, one report, one lesson, one solved problem at a time.

 

He didn’t wait to feel ready. He made the unfamiliar familiar. He moved forward, even when the map didn’t make sense yet, not because it came naturally, because he believed he could learn. 

 

“Just start,” he says. “Even if it seems impossible. You’ll figure it out along the way.”

 

He did. And along the way, he found not just success—but joy.

See how more than 2 million researchers help protect the world’s most trusted organization

Culture & Talent
Bug Bounty

About the Author

Maggie Miller Headshot
Maggie Miller
Senior Director, Corporate Marketing

Maggie Miller is the Senior Director of Corporate Marketing at HackerOne, where she turns complex cybersecurity stories into clear, compelling narratives.