In the past months we have been reaching out to our community of hackers and each month we highlighted one of the genius minds from our network through our blog series called “Meet the 1337!”.
During those interviews, we also asked about the challenges that this industry faces from their perspective. What we discovered is that the issues are much broader than you might think, and it’s not just about keeping systems safe from criminals. These challenges often extend beyond technical hurdles and touch on social and emotional aspects that are rarely discussed outside the community. Each person faced different challenges, from mental health struggles to how people react to them when they are trying to help.
One of the most common frustrations that the hackers shared is how hard it can be at times to report a vulnerability to an organization. Even when they find something that could be a serious security issue, getting in touch with the right person can be challenging. Sometimes hackers are spending a lot of time trying to find the correct contact, only to be met with indifference or even hostility.
Kasper: “About 20 years ago, attempts to responsibly disclose vulnerabilities to organizations were not always appreciated. In the best case, you got an informal thank you from a sysadmin, but defensive (or even hostile) responses were quite common.”
Their job is to find vulnerabilities and point them out so they can be fixed, but unfortunately some people don’t understand this and think of them as troublemakers. This misunderstanding creates a significant barrier in the cybersecurity world, where collaboration and trust are crucial. This is why many hackers in the community are calling for better education and awareness about what they do, both within organizations and in the public eye.
Alwin: “What remains difficult is getting contact from an organization to report a vulnerability. Publishing a responsible disclosure and security.txt file on the public website will help us enormously.”
To make this process easier, many in the community are pushing for more organizations to adopt Coordinated Vulnerability Disclosure practices or use a security.txt file. This simple file, placed on a company’s website, provides clear contact information and instructions for reporting security issues. Having these practices in place would save hackers a lot of time and frustration, letting them focus on what they do best—keeping systems secure.
Another challenge that usually gets overlooked is the toll this job has on mental health. Some hackers have a full time job that means they will do any CVD or Bug Bounty outside of their working hours. As Hidde said it:
“ People work 8 hours a day and then you read about guys doing Bug Bounties so you’re like, well I’m going to do it as well. So you spent your entire weekend doing Bug Bounties, but without you noticing it might build up a lot of stress because you don’t get to relax and power down. So yeah, if you notice that you’re getting really frustrated or you sleep badly, stuff like that, definitely take it down the notch and chill out. I’ve had the same with my previous job, just doing so much in security. It’s really overwhelming. And hackers don’t have working hours and then they do anything whatever they want. “
Some other hackers do CVD and Bug Bounty programs full time, but again, finding vulnerabilities takes time, and there is no 9-to-5 schedule when doing that.
It’s important to remember that while security work can be all-consuming, it’s just as important to live your life outside of it. Balancing work with personal time is key to maintaining your mental well-being in such a demanding field.
To sum up, hackers can face multiple challenges, and they go far beyond the technical aspects of their work. And to address these issues it requires a collective effort to improve how organizations engage with the hacker network and to foster a culture that values their contribution.By doing so, we can make sure that hackers are empowered to continue doing what they are doing best – ultimately strengthening the security of our digital world.