Some know him by his hacker handle, TomNomNom. UK-native Tom Hudson started at Detectify as a Senior Security Researcher, and he is now the Tech Lead for Security Research & Module Development on the Crowdsource team.
His passions include fixing and reshaping most things from software to furniture and spending time with his two kids. He also values collaboration, and this has played a significant role in his journey going from software engineering to ethical hacking:
Image of Tom Hudson, Tech Lead for Security Research at Detectify
Somewhere in Yorkshire
Tom lives in Yorkshire, the UK, somewhere near Leeds. Since he was a kid, he wanted to become an inventor and he found that becoming a software engineer was a better choice, since he could meet his interest in creating something new, without the cost of raw material. Hence, he studied Electrical and Electronic Engineering at Bradford College and started his career as a network engineer.
Over a decade has passed since then and Tom now carries a heavy backpack of experience that encompasses everything from DevOps and Solutions Architecture to People Management and Training.
A passion for fixing things and giving knowledge
Tom has a collection of over 1000 tools and spends most of his time in the garage reshaping objects or fixing some of the toys that his 4- and 6-year-old kids damaged while playing. Fixing broken things has become more of a job since he started his career in Development and therefore, in search of a new hobby, he stumbled across training and education. “I have a passion for learning and finding out how things work,” he says, “that is maybe why I thrive the most in a training role.”
Besides fixing tools and toys, Tom is passionate about learning new things and he feels the urge to share this knowledge with others as a trainer:
“The good thing about having a training role is that it pushes you to be better at conveying complex topics in accessible ways to a varied audience. The feeling I get from giving others tools to learn by themselves is truly rewarding.”
From Network Engineer to a Hacker
Tom started his career as a Network Engineer at a small company that provided Information and Communications Technology (ICT) support to local schools. He was already interested in Cybersecurity then but never imagined that being an Ethical Hacker would be his full-time job one day.
His first hacking experience arrived when a former employer invited all employees to hack their system to help find vulnerabilities and breaches. This experience landed him on the HackerOne (a bug bounty platform) scoreboard and he was suddenly invited to different hacking events.
As he got introduced to the bug bounty community, he realized that his previous knowledge as a Software Engineer was extremely valuable as he could use his competencies to build new tools and automate his hacking processes. This was received with a lot of curiosity by the community who started to follow him on different bug bounty platforms. The more connected he was with the community, the more he started to collaborate with other ethical hackers and build more automation for finding security flaws.
His ability to build these tools and share knowledge with other members has led him to many high-payout findings and interesting collaborations. In 2019, Tom landed one of the biggest bounties at Hackerone’s H1-4420 and won the title of Most Valuable Hacker and later led a workshop on Cybercrime with the local police.
Changing the narrative
Collaborating with the local police has made Tom better understand the need for education in cybersecurity and for a different tonality when talking about hacking.
Tom:
“Sometimes things concerning cybersecurity are legitimately scary. But I think that many marketing campaigns are trying to constantly push for a narrative that creates fear around the topic of cybersecurity. This is pushing people away, as there are a lot of misunderstandings.”
He believes that the future will bring more bugs and breaches, but hopefully, also more scanners, more software and ultimately, more ethical hackers. He says it feels like the Internet is mature but, in reality, there is a lot of room left for growing and discovery.
Tom believes that, as high-profile data breaches will become more common, there is an increasing need for changing the narrative when speaking about them and hopes that governments will recommend open corporate responsibility disclosure programs. He says, “some governments have already started doing so, and this might reduce the perceived shadiness that hackers and cybersecurity are associated with.”
The importance of diversity
While there have been interesting improvements in how people and governments understand cybercrime, Tom also acknowledges that there is still a lot to do. In particular, he believes that the cybersecurity industry needs more diversity alongside collaboration.
He says:
“I sometimes feel like people who don’t happen to be white and male might have a more difficult time getting started in the community and I believe that especially in such a complex field as cybersecurity, diversity is incredibly important. Monocultural teams so often fail to consider cases that are important to many.”
Tom mentioned that one of the aspects that were highly interesting about Detectify was diversity:
“In the past, I’ve found it difficult to drive diverse thinking in my teams. At Detectify, it happens naturally, thanks to the gender and nationality balance.”
Detectify – a diverse place for sharing
We asked Tom for other reasons for joining Detectify and he revealed his motivation to join a company that is aligned with his values of diversity and provides others tools to learn for themselves.
He explains:
“At Detectify, I can be part of the Hacker School project, which is a session in which we teach our customer-base, some of which may be non-security experts, about cybersecurity and give insight into the mind of a hacker. Sharing knowledge is at the core of Detectify’s values and products, and being part of the team means that I get to share what I know in different conferences but also within the team.”
Tom talks about the allocated Knowledge Sharing sessions that are organized by employees at Detectify, where members of different teams get to share their work, passions, and hobbies with the rest of the organization.
He adds:
“On top of that, the Detectify team seems to be aware of the importance of work-life balance and mental health. The people here are people, not just workers and it is humbling to work in such a human environment.
From a technical perspective, Detectify poses a whole new challenge for me as what we are doing is super interesting and fun stuff. It feels like I have a constant influx of new things to learn!”
The way forward
Moving forward, Tom suggests that we should lead with these values and try to be more collaborative with other companies in the industry.“We should take the community spirit to businesses,” he says, “and collaborate with our competitors or companies in the cybersecurity industry”.
Tom believes that more collaboration in the cybersecurity industry will be beneficial, “instead of looking at each other as competitors, we should enable each other and work together to fix the complex world of the internet.”
Quick Q&A with Tom Hudson
Mac or PC? A PC running Linux.
Android or iOS? Android; the closer to stock, the better!
What’s your #1 security tip? Don’t reuse passwords and do enable two-factor authentication.
How do you keep up-to-date with tech and business? Mostly through following interesting people on Twitter.
What’s your favorite Detectify blog post? Bypassing and exploiting Bucket Upload Policies and Signed URLs
If you are ready for a new challenge to bring a more collaborative spirit to web security and work with top-ranked ethical hackers like Tom Hudson, take a look at our open positions to join the teams in Stockholm or Boston!