Who are you?
My name is Adnan Malik. I’m a web application security researcher, penetration tester and bug hunter. I currently run a startup named “Secure Purple,” which is cyber safety and digital wellness consultancy for end users.
What made you want to become an ambassador?
I have always been super enthusiastic about community building because I believe, “If you want to go fast, go alone, and if you want to go far, go together.” Humans are social animals who need each other to grow, nourish and groom. So, bringing like-minded people from the same area of work, to promote peer-to-peer learning, made me want to become an ambassador.
Why do you think people should join this program?
Hacking, particularly the bug bounty community, is a unique space where everyone contributes to the community by building tools, writing blog posts, and sharing tips & tricks. The journey of every hacker is a cycle of learning from the community, growing with it, developing your career, and paying it back. Therefore, one should join this program because it’s one of the best ways to contribute to the community, gain knowledge, and grow together.
What is your role as an ambassador?
As an ambassador, you are responsible for starting a community, bringing hackers under the same roof, and promoting hacking/bug bounty among them. You are the face of your community. As the head of your community, you build a culture and safe space where everyone is welcome. You motivate with an attitude that says, “No one becomes a master in [anything] overnight, so be ready for frustration and the pain of learning something new. But don’t worry, you won’t be alone!”
Peshawar HackerOne Club first in person meetup
What is the hacking scene like in your city/region?
It was 25 years ago that Amjad Farooq Alvi and his brother Basit, in Lahore (Pakistan), created the first virus to hit a personal computer. Since then, our region has been very active in various fields of infosec, especially bug bounties. Hundreds of them are known worldwide for their contribution to infosec. There weren’t many communities that existed then, but now, there are several infosec communities actively working in different cities. Students are forming cyber security clubs in their respective universities. The government has started a cyber security hackathon to support young talent and encourage others to explore cyber security. I hope we will see the impact of these efforts of government, private stakeholders, hacking communities, and student clubs soon.
Adnan Malik talking about HackerOne at Cyber Security Hackathon finale where President of Pakistan was chief guest
What was your last meet-up about?
Our last meet-up was in May 2022. Hackers from different cities met in the capital for the gathering. We were joined by bug hunters, malware analysts, developers, government officials, and infosec experts from the industry. The purpose was to catch up with fellow hackers and encourage everyone to build their network. For instance, you could network with industry leaders and find opportunities in the government sector, while eliminating doubts people may have on their path forward. Best of all, we met lifetime friends and shared memories.
Last meetup of Peshawar HackerOne Club at the capital
How consistently do you meet up? Do you have a predetermined location?
To arrange a meet-up, we look at the feasibility for everyone and a location to meet at. As we are the only club in Pakistan, our main priority is to arrange meet-ups in new areas to reach out to as many hackers as possible. We arrange meet-ups once every four months, which we publicize on our social media handles.
These are the cities we have meet-ups so far:
- Peshawar
- Lahore
- Islamabad
We encourage newbies and experts to join us in our meet-ups so they can make new friends, help each other, learn and collaborate.
Have you ever hacked a program as a team?
Hacking a program is a great way to improve your skill. Last year we started an online meetup named “Hack Hour” to work together. This was exclusive to the team members of the club. We used to spend 2 hours every week hunting together, and we found some neat bugs as a team. We plan to start it up again with more people from different infosec backgrounds later this year.
What do you believe brings most people into hacking?
Hacking is an everyday challenge. I believe people accept this challenge because they want to outsmart the system. It’s like having a superpower, and I think this feeling brings most people into the community in the first place. It’s the feeling that you are part of the greater cause, protecting the internet and making cyberspace safe. I would like to quote Keren Elazari, “Hackers just can’t see something broken in the world and leave it be. They are compelled to either exploit it or try to change it. So they find the vulnerable aspects in our rapidly changing world.”
How did you feel about the Ambassador World Cup?
The Ambassador WorldCup was a phenomenal experience as it let us get in touch with so many hackers from around the world and our own regions. The CTF was fun! Our team played it together and qualified for the bug bounty phase. Hunting for bugs for 4 days straight was exhilarating. This helped us see other hackers’ methodology and inculcate different aspects of it into our work toolsets. It’s a great event to work closely with fellow hackers, continuously chatting, discussing bugs, and sharing memes. Just generally having a great time.
Adnan Malik presenting workshop on OWASP TOP 10 at WomenTechmaker
What other events would you like to see in the future?
HackerOne’s “Live Hacking Event” is something that fascinates every hacker. I would like to see the extended version of it in the local communities as “H1 Live Hacking – Extended.” The Ambassador should play the role of onboarding local targets and inviting hackers to hunt them. This replica of H1 live hacking events in local communities will hugely impact the bug bounty industry.
What makes an ambassador community successful?
Building a thriving community takes time. The strength of the community lies in the respect each person has for the others. Empathy is the critical element of moving your community forward. The community consists of newbies, experts, and people in different stages of life. It’s your responsibility to push forward every member of your community.
What difficulties do you and your group face?
There were numerous challenges that we faced initially. Communicating with club members was one of them. Most club members were frequent users of Facebook and WhatsApp rather than discord. This initially caused communication problems and issues onboarding new members to the club. That’s where we planned to start using both of these applications in parallel, to ensure we had everyone’s preferred method of communication.
What can you offer to people just starting out in bug hunting?
If you are new to bug hunting or planning to start, reach out to us on our social media handles or WhatsApp group. We can help you initially in kicking off your bug hunting journey. The community is always here to resolve any confusion, questions, doubts, and difficulties. Furthermore, we periodically provide premium resources like HTB or pentesterlab PRO to help you sharpen your skills.
In addition, we arrange different workshops, training, and meetups. This is an excellent chance for everyone to make friends, collaborate, and learn from each other.
Did the ambassador program help you build your professional career?
Oh yeah! The HackerOne Ambassador Program helped a lot in terms of exposure, learning, networking, and spotlight. HackerOne Ambassadorship brings many job opportunities, collaborations, and community partnerships with private and public stakeholders. Working with HackerOne became an integral part of my career, polishing my leadership, management, community building, hacking, marketing, outreach, and speaking skills.
Adnan Malik teaching kids about cyber safety
What would you like to see next in the ambassador program? What’s the next step?
I want to see the H1 Ambassador Program as one of the top communities in infosec. A place where everyone is welcome to learn and contribute. Local communities have the power to shape the culture of the bug bounty industry. I want every community to be cohesive, inclusive, content-rich, professional, and safe. A place that encourages participatory development and welcomes everyone from any walk of life.
The club of H1 should arrange virtual events with clubs from other countries. This will not only create an impact globally, but also help hackers make friends across borders. A goal to learn and collaborate.
Check out a quick clip from their last meet-up!