Crowdsourced Security & the Gig Economy

Crowdsourced Security & the Gig Economy
Crowdsourced platforms have redefined both pentesting and the cybersecurity gig economy. Just not in a good way.

Let's pretend you have offensive security skills and you want to use them for gainful employment. You attend a job interview and you listen to the benefits of what this company has to offer. First of all, most of the time you'll be working for free — unless you find a vulnerability, and then they might pay you a few weeks later. You'll also receive no paid sick days, paid holidays, or days off of any kind because, well, you're working for free remember?


The tools you'll need for this job — laptops, mobile devices, and any other widgets — you'll have to provide yourself. As for a pension… of course not. No subsidized gym memberships, health insurance, discount vouchers, free breakfasts, or free food of any kind.


This is the reality for thousands of individuals who work on bug bounty programs for various crowdsourced security companies. And it's hard to find a comparison with other companies in the current gig economy (such as Uber, Airbnb, and Deliveroo), where employees work their own hours and forgo traditional employee benefits (holidays, pensions, etc.) as a trade-off. The one crucial difference: Gig economy workers are actually paid for their labor and can predict their income if they choose to invest two hours or two days a week.


Let me elaborate. You'll only be paid on bug bounties if you find vulnerabilities. To find vulnerabilities, you have to invest your time. Sometimes, you might be lucky and find critical, high-paying vulnerabilities in minutes; I was once lucky enough to find $6,000 of vulnerabilities in 30 minutes — not a bad hourly rate. But these findings are the exception, not the norm. Most of the time, you ..

Support the originator by clicking the read the rest link below.