The Intigriti Ethical Hacker Survey 2022

The Intigriti Ethical Hacker Survey 2022 highlights how ethical hacking continues to grow as a popular career choice for all levels of security experts.

For the second year running, Intigriti has gone into the field and spoken to a wide range of respondents of all levels of experience working in the fast-moving world of ethical hacking, bug bounty programs, and beyond. In this article, we’re putting a spotlight on the report’s highlights.

Ethical hacking is growing as a career for young people

The world of ethical hacking belongs to a young community, with 73% of the respondents we interviewed falling under the age of 30.

It’s still not a full-time job for most of these bug hunters (86% are part-time), but 96% of ethical hackers would like to dedicate more time to bug bounty hunting in the future and 66% are considering it as a full-time career.

When asked, “What aspects of full-time bug bounty hunting appeal to you?”, money was a big motivator, with 48% citing this as the most desirable aspect. Other answers included:

• I want to be my own boss (45%)
• I can work my own hours (45%)
• The work is interesting (41%)
• I can help companies be more secure (36%)

Naturally, money is a big deal but lifestyle is almost as important for this young generation of “hackerpreneurs”.

The pandemic helped grow the bug bounty program community

There’s no question the pandemic has disrupted many lives and careers. What Intigriti’s report discovered, however, was that there has been a positive knock-on effect in the bug bounty program community.

Compared to the pre-pandemic levels, 59% of Intigriti’s survey community are spending more time bug bounty hunting. That can only be good news for cybersecurity across the globe as well as for these rising stars of the crowdsourced security community.

Learning from bug bounty programs is helping close the cybersecurity skills shortage gap

One critical conclusion from the survey is that bug bounty programs are helping with the prevalent skills shortage in the IT security world. The reasons are more diverse than might first be assumed.

Bug bounty hunting was listed as the second most popular method to develop their general security skills and knowledge. In fact, with 50% of respondents choosing bug bounty hunting as their first choice, this was voted a significantly better avenue to learn than through their jobs (11%).

The same holds true for traditional education paths. When it comes to building a toolset of the most relevant and useful information about security, 78% of respondents chose bug bounty hunting as the best resource, compared to 8% that said they learned more in an official education environment (in school, college, or university.)

Bug bounty hunting is helping to elevate careers

While we’ve seen that 54% of respondents are considering a full-time job in ethical hacking, we also uncovered that 49% of them say their bug bounty experience has helped them secure an employment opportunity, and many more believe their experience will help them secure work in the future.

Ethical hackers are rising to the challenge of evolving threats

Cybersecurity threats are, unfortunately, constantly evolving. Many of these threats remain undocumented until they are encountered by a human ethical hacker. The reason? Pentests and vulnerability scanner approaches only offer a snapshot in time of threats that are known. Ethical hackers, however, very often discover security threats that were previously unknown.

It’s one reason why a staggering 90% of respondents agreed that “a penetration test cannot provide continuous assurance that an organization is secure year-round.”

Added benefits of bug bounty programs for ethical hackers

Beyond careers, education, and nomad lifestyles, our participants indicated some further perceived strengths of bug bounty programs, this time when compared to working on pentests. From the report:

• 53% like that they can earn according to the impact of their finding
• 46% liked that they could choose their own target
• 44% liked that they could choose their own methodology
• 42% liked that they could choose when they want to work.

A strong preference for working through a bug bounty platform

One final observation from the 2022 survey was that most of our respondents strongly prefer not working outside of a bug bounty platform like Intigriti. The reasons given range from the legal aspects through to communications, triage, and beyond.