It’s no secret that there is a shortage of female hackers. Being part of this world, we understand this better than anyone. Within the bug bounty community alone, 95% of hunters are male—but we’re here to change that. One way we can help diversify the industry is to influence the next generation of female security talent by bringing those already defying stereotypes to the forefront.
In this article, we’re speaking with and highlighting the work of three of Intigriti’s best ethical hackers, all of whom have been featured in our bug business and/or Hacker Heroes series.
Up first is Katie Paxton-Fear
Katie has been creating educational videos around hacking techniques since 2019. Her YouTube channel offers her viewers tips, tricks and tools for finding vulnerabilities.
When speaking about the first bug she found and reported, she said “I don’t think I could ever forget that experience. I was fortunate to be able to go to a live hacking event that was hosted in London.” Initially, Katie had said no to attending the event believing it to be too hard. Explaining further, she told Intigriti “I almost didn’t go! I got peer pressured into it by my friend! But I applied and I was accepted. And while I was there, I found my first bug.”
Two years later, Katie was invited to another live event, DEFCON, as a mentee. After speaking with her fellow mentees, she quickly realised that one of the biggest obstacles for novice hackers was how to use Burp Suite. This gave her the idea to create her first educational video about Burp Suite tabs, and what each of them do.
When asked if she has any advice for beginner hackers approaching their first target, she said:
“To everyone who is stuck finding their first bug and ends up doom-scrolling through social media and feeling kind of bad because of other’s success. Don’t do that. You’ll find your first bug when it’s time. And then it might take a while before it is time, but you’ll find it. Just keep on being persistent. Don’t end up getting caught up in the hype. Do your own thing. You got this!”
Read the full interview.
Next, we hear from Rana Khali
Rana Khalil is well-known for her YouTube channel and write-ups she hosts on Medium. She started her career in the computer security field in 2018, starting off in application security and then transitioning into pentesting.
Rana got into IT security through university, where she studied a joint honour in mathematics and computer science. Explaining further, she tells Intigriti:
“In one of my courses, we learned about cryptography. And that’s where I was introduced to something called fully homomorphic encryption. This kind of blew my mind. That was the first area in computer security that I was introduced to. So, I ended up working on cryptography during my honours project and after that I was set to do my masters in that area as well.”
Today, her favourite vulnerabilities to target are those that scanners can’t find because they rely on human logic. Her advice to someone new to infosec is to “keep learning and always be persistent in everything that you do — whether it’s learning or trying to exploit something.”
Read the full interview.
And last (but by no means least), we chat with Farah Hawa
Farah Hawa describes herself as an application security engineer first but she’s also a bug bounty hunter and content creator. For two years, she’s been spreading awareness in the world of infosec all over social media platforms, from YouTube to Instagram.
At university, Farah was studying to be a journalist. However, she quickly realized that journalism wasn’t her passion. Unsure what was, she set out to find it and it was at this point she came across info security. She joined a local training institute and did a course on ethical hacking. While the course covered more of the theoretical aspects of hacking, the concept had her hooked. Even so, she knew that she had a lot of self-learning to do.
After finding her first bug, in which she earned a $100 bounty, Farah posted about it on one of her social platforms which was met with lots of questions from other beginners. This is when Farah realised there was a gap in the market for content aimed at novice hackers from a fellow beginner. Combining her infosec knowledge with her media expertise, Farah created her YouTube channel, which as of today, has 37k subscribers.
Her favourite topic to cover in her YouTube videos is “one extremely complex bug, which I then break down.” However, she likes to push creative boundaries on her Instagram, which today has 43.8k followers to date. Explaining more, she says “Instagram is where I like to have fun with the content I create.”
Calling the next generation of female hackers!
Interested in becoming a bug bounty hunter? As mentioned above, traditional educational establishments are struggling to offer comprehensive and up-to-date training in ethical hacking for beginners. But content creators, like Katie, Rana and Farah are stepping in to fill this educational gap.
Intigriti’s Hackademy is also a good starting point for beginners. As the name suggests, Hackademy is an online location where wannabe white hat hackers can come and learn about categories of security vulnerabilities. They can also see real world examples and learn how to identify and protect against such weaknesses. There is a lot to learn and, thankfully, a huge and growing number of resources are available.