How to get started with bug bounties and finding vulnerabilities | Guest Casey Ellis

On this week’s Cyber Work Podcast, BugCrowd and disclose.io! founder Casey Ellis discusses how to think like a cybercriminal, the crucial need for transparent vulnerability disclosure, the origins of BugCrowd and why mentorship is a gift that goes in both directions.

– Start learning cybersecurity for free: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

0:00 - Intro 
3:15 - Getting into cybersecurity
4:30 - Criminal mindset in cybersecurity
5:49 - Ellis’s career to date 
9:10 - Healthcare cybersecurity
11:47 - Mentoring others 
13:52 - Mentorship as a two-way street
16:12 - Bugcrowd and bug bounty
19:18 - Vulnerability disclosure project
21:30 - Bug bounty popularity 
24:52 - U.S. sanctions on hacking groups
26:52 - Hiring hackers 
31:52 - Pursue specialization 
33:51 - Cyber threats flying under the radar
39:17 - Working from home safely
40:48 - How to get into bug bounties
42:18 - How to report vulnerabilities
44:04 - Advice to begin ethical hacking 
45:23 - Learn more about Ellis 
45:56 - Outro

About Infosec
Infosec believes knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and privacy training to stay cyber-safe at work and home. It’s our mission to equip all organizations and individuals with the know-how and confidence to outsmart cybercrime. Learn more at infosecinstitute.com.