What made you want to become an ambassador?
I wanted to become an ambassador mainly because I wished to create a community to exchange information to help others enter the bug bounty space. The Chilean community is full of great hackers that could contribute to Bug Bounty. Being an ambassador gives me the opportunity to meet incredible people and help them achieve great things. Also, I like being able to help people who are just starting and seeing when they get their first rewards.
Why do you think people should join this program?
People should join this program because this is an excellent opportunity to find others to teach you how to hack large programs. In addition, it is helpful to be in a program where you can ask or even give advice that will improve your abilities. In turn, we could increase the number of people doing bug bounty in the country.
What is your role as an ambassador?
As an ambassador, I help other hackers to report vulnerabilities in HackerOne. I also guide them and teach them so they can earn bounties. We created a community where we exchange ideas and information with anyone on their journey. This role is essential to me because it also helps my growth as a hacker. The world is closed or complex regarding how much information is out there about security. There needs to be more information out there. In hacking, it is crucial to share things; in the past, this world was very closed, and knowledge was much more challenging to acquire. It's my role to help others find what they need.
What is the hacking scene like in your city/region?
In Chile, there are a lot of hackers, but I noticed few are doing bug bounty. This is an extension of a scene that already exists. We just need to make more people aware. As an ambassador, I am responsible for spreading information about HackerOne and motivating people to learn about this. I would like to see more hackers excited after receiving rewards or telling me they could hack a significant company with our help and for the better good.
What was your last meetup about?
In the last meetup, we spoke about the importance of the ambassadors in HackerOne. We also reminisced about how much fun the world cup was! Our bug bounty team placed third in a worldwide event organized by HackerOne. It was a lot of fun; we all learned a lot and had a chance to hack side-by-side for a massive event. Meetups are essential because we can create fun memories and meet new people while we learn.
How consistently do you meet up; do you have a predetermined location?
Generally, we hold meetups once a year in Santiago de Chile. Unfortunately, during the pandemic, we could not hold any face-to-face events. 2023 has another incredible event slate for the middle of the year. However, I am considering holding an additional one this year, too.
What do you believe brings most people into hacking?
Most people feel curious about how things work. I started like that. Also, many people who look for a challenge get into hacking. Personally, my curiosity started in college. I was just curious to learn how internal systems worked.
What makes an ambassador community successful?
The most important thing is the motivation of people to participate and learn more about hacking and Bug Bounty. We, ambassadors, must continue motivating and helping the community. Teaching people that there are only sometimes good results, such as dealing with the frustration of not getting bounties. The key to all of this is perseverance.
What difficulties do you and your group face?
Some people can get frustrated when they don't get good outcomes with their reports. At this point, motivating them to continue and not give up is challenging. Some people often get stuck due to negative results when doing bug bounties; however, when I have had the opportunity to give a talk or workshop, these people get motivated again. Being here for my community is part of my perseverance. I want to be here to see hackers through the tricky parts.
What can you offer to people just starting bug hunting?
When I started in bug bounty, no one guided me to report relevant vulnerabilities. I could help people who want to know the difference between the reported vulnerabilities in a pentest or a bug bounty program. Many people mistakenly believe that bug bounty is the same as pentesting, but it is not. It would be constructive if I could guide them to adopt a bug bounty hunter mindset.
What would you like to see next in the ambassador program? What's the next step?
Having meetups where HackerOne chooses a private program with a fresh scope to motivate local hackers would be good. One of the things that I liked the most about the World Cup was the possibility that the best hackers could be invited to an official Live Hacking Event, and several Chileans (who had never participated in one) were able to join, and they enjoyed it very much.