Today we have one of the Security Professional with us who is working in the domain of cyber security. He is currently working with Bugcrowd as Sr. Trust and Security Engineer – Essentially a Sales Engineer but with the added responsibilities of assisting the operations teams (Customer Support, Researcher Success, Onboarding, Security Operations, Account Management) in his roles. Previously he worked in WhiteHat Security and Apple for several years. So let’s have a look on the below conversation Hackers Interview had with Mr. Jeff Boothby.
Hackers Interview: Hello Mr. Boothby, please introduce yourself to our readers.
Jeff Boothby: My name is Jeff Boothby and I’m a bug bounty security researcher and hacker, as well as a Senior Trust & Security Engineer at Bugcrowd.
Hackers Interview: Why have you decided to pursue Information Security as your career option.
Jeff Boothby: It wasn’t my first choice but after I was introduced to it, it became a personal interest which made the switch very easy. I consider myself very lucky to be able to have a job that aligns with a fun hobby.
Hackers Interview: How did you start your journey in InfoSec?
Jeff Boothby: A friend of mine introduced me to my first job in InfoSec in which they trained me from the ground up. With some time spent on the side studying and researching, I was able to climb higher, start bug hunting, and got me to where I am today.
Hackers Interview: What is it like to work at Bugcrowd?
Jeff Boothby: Like many, I believe the people can make or break a job. All the folks on the backend, which includes both employees and other researchers, absolutely make every day a blast. Getting to meet everyone at conferences is probably one of the best perks! That, and I believe in crowd-sourced security testing.
Hackers Interview: What are the amazing things you did in security testing ?
Jeff Boothby: Unfortunately, I can’t disclose certain pieces of information as to what I’ve found, but there are some critical vulnerabilities that I’ve identified and reported. Hearing that they’ve been fixed is what I’d consider to be pretty amazing!
Hackers Interview: What advice will you give to our readers to improve their security testing skills?
Jeff Boothby: Research. Google. Find and join community forums or Slack instances. Get hands-on experience and try for yourself. The best way I learn is seeing someone else performing something and explaining it as they do and then attempting it myself.
Hackers Interview: What upcoming challenges do you see for a security tester as per the current security postures of companies?
Jeff Boothby: The demand for people skilled in penetration testing or security testing is already high and I don’t see that going away any time soon. However, what that means is that as people start to study and enter the InfoSec field, we’ll start to see some dilution in terms of those skills and we’ll likely need more folks with higher skills or unique skillsets. It may be easy to find a critical vulnerability today, but as more companies start to better secure themselves and other individuals increase their own skill in security testing, it will hopefully and unfortunately become harder and harder to find critical bugs.
Hackers Interview: What are the useful online and offline sources to learn security testing?
Jeff Boothby: For web applications, The Web Application Hacker’s Handbook is a great start. Any Burp proxy training video or guide. As I mentioned before, knowing how to use a search engine with the right query will get you a long way or at least lead you to someone or somewhere that has the information you’re looking for.
Hackers Interview: What certification do you suggest to master the skills in security testing? Please suggest the right path and resource to achieve it.
Jeff Boothby: The OSCP is probably the most widely respected certification but you don’t actually need any certification to advance in the industry or net yourself a job. It certainly helps, but starting with bug bounties and learning from all the free content out there will get you a lot further than some certifications out there. Time and dedication will always be a factor as well.
Hackers Interview: What are the myths companies have in their mind while dealing with Cyber Security?
Jeff Boothby: Not all ‘hackers’ are bad; hackers can actually help companies with their security posture, as best evidenced by having a bug bounty or vulnerability disclosure program. Security through obscurity is not a good solution. No person or company will ever be perfectly secure; there will always be some uncovered bug or avenue that can be exploited and the best we can do is to remediate the ones we know about and secure ourselves as best we can.
“Thanks Mr. Jeff Boothby, for giving your precious time to our readers.”
Author: Prachi K
Technical Writer, Branding Executive – Hackers Interview. Prachi has professional experience in the area of Branding and Article writing.