September 8, 2022

From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss

by Hacker Valley Studio

Show Notes

We’re joined again by the hacker’s hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cover everything we couldn’t get to from part 1 of our interview, including his struggles with burnout, his past hacking foreign countries on a bold quest to stop terrorism, and his future in Twitch streaming to teach you how to be a better bug bounty hunter.

Timecoded Guide:

[02:57] Fixating on hacking because of the endless possibilities and iterations to learn

[09:54] Giving advice to the next generation of hackers

[17:17] Contacting Tommy and keeping up with him on Twitter

[21:43] Planning a Twitch course to teach hackers about bug bounties using real bugs and real-world examples 

[24:57] Hacking in the early 2000s and understanding the freedom Tommy has to talk about any and all illegal hacking he’s done now that he’s gone to prison

 

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac is pleased to offer an exclusivecRed Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

 

Do you ever struggle with burnout when it comes to hacking?

Hacking has maintained Tommy’s interest longer than anything else because of the constant changes in technology and the ever-evolving issues in the online world. However, just because hacking is his passion, doesn’t mean that burnout or frustration never happens. Currently, Tommy is taking more of a break with hacking, letting his current day job and his passion for gaming have a front seat. However, he’s still firmly in the industry, passionately developing learning opportunities for future hackers and answering questions from cyber professionals of all backgrounds.

“I do get burned out sometimes…When it comes to bug bounty hunting, I try and make it so it averages out to where I make at least $1,000 an hour for my effort. It doesn't always work. Sometimes I'm more, sometimes I'm less, but I try and get it so it averages out to about that.”

 

What hacking advice would you give the younger version of yourself?

Although his black hat ways resulted in prison time for Tommy, he doesn’t regret his past and instead seeks to teach others the lessons he’s learned. When we asked Tommy for advice for new hackers, he was clear that success is a longer journey than people assume it is. Tommy’s success was not a fluke, it took years of hands-on learning and patience with failures in order to develop his bug bounty skills. Nothing is actually automatic or easy with hacking, especially as the technology continues to change and evolve. Tommy wants hackers to take every opportunity to try out their skills, even if it's a complete failure.

“Don't expect success overnight. Also, don't let failure discourage you. When it comes to hacking, you're going to fail significantly more than you're going to succeed. And the people that are successful in bug bounties are the ones that don't let those failures discourage them.”

 

What do you think about the “media obsessed” stereotype many people have about black hat hackers?

Wrapping up today, Tommy tells us that he’d be happy to be back in the Hacker Valley Studio again some time. Although the stereotype of a black hat hacker wanting attention from the media is disproven, Tommy believes that he definitely has craved that media attention for a large majority of his hacking career. Starting in the early 2000s, after 9/11, Tommy had one of his first brushes with fame in an interview with CNN about hacking Middle Eastern companies. Although his hacking and his politics have changed since then, Tommy enjoys having in-depth conversations about hacking and explaining the intricacies of what he does.

“We loved the attention back then, and I still love the attention now, it's nice. The good thing about now is, because I already got in trouble for everything that I've done, I've done my prison time, I don't have anything that I did illegally on the computer anymore that I can't talk about, because I've already paid my debt to society.”

 

What are the best ways for people to keep up with what you’re doing?

Considering Tommy’s success, it’s understandable that a lot of cyber professionals and amateurs have tons of questions for him. When it comes to getting in contact with Tommy, he recommends tweeting him on Twitter publicly so that he can not only answer your question, but help others with the exact same questions. Education is key, and Tommy is so dedicated to teaching other hackers that he’s currently developing a recurring Twitch stream centered around helping others learn about bug bounty hunting.

“I don't know how successful we're going to be in finding the bugs, but I think it'll be fun to teach people [on Twitch] and do it that way, so that they can actually spend some time learning it. The best way to actually learn this stuff is to actually try and do the hacking.”

-----------

Links:

Stay in touch with Thomas DeVoss on LinkedIn and Twitter.

Check out the Bug Bounty Hunter website.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn

Catch up with Chris Cochran on Twitter and LinkedIn

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Read more

Listen Now

test
From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss

September 8, 2022 Hacker Valley Studio

00:00:00

Recent Episodes

January 31, 2023
by Hacker Valley Studio

In this episode of the podcast, Maril Vernon joins Ron and Chris and discusses the importance of breaking down silos between cyber teams and inspiring individuals to drive their own careers in cybersecurity. Maril has been a key player in promoting t...

January 24, 2023
by Hacker Valley Studio

In this episode of Hacker Valley Studio, Rob Wood, Chief Information Security Officer (CISO) at CMS, discusses the challenges of data silos within organizations. Rob explains that security teams often operate in silos, with different departments focu...

January 17, 2023
by Hacker Valley Studio

Taylor Lehmann, Director of Office of the CISO at Google Cloud, has made it his mission to make healthcare and life sciences more secure and strategic for everyone. Joining our security podcast this week, Taylor talks about how security and strategy ...

January 10, 2023
by Hacker Valley Studio

Maxime “Max” Lamothe-Brassard, Founder of LimaCharlie, brings a tech-focused community perspective and a history of working at Google to the Hacker Valley security podcast this week. Inspired by the internal motivation to empower others and build wha...

January 3, 2023
by Hacker Valley Studio

Brian Haugli, Founder and CEO of SideChannel, brings his CISO expertise to the security podcast this week for a discussion about strategy and leadership in cybersecurity. Working alongside CISOs and fractional VCISOs, Brian has seen his share of lead...

December 20, 2022
by Hacker Valley Studio

Allison Minutillo, President of Rebel Interactive Group and Host of the Rebel Leadership podcast, joins the Hacker Valley team this week to talk about her journey from individual contributor to company leader. With a leader’s mind and a rebel’s heart...

December 15, 2022
by Hacker Valley Studio

Cody Wass, VP of Services at NetSPI, brings his near-decade of experience to the pod to talk about longevity, development, and leadership. It’s no secret that cybersecurity is in need of people. Cody’s journey from intern to VP at NetSPI has shown hi...

December 13, 2022
by Hacker Valley Studio

Brad Liggett, CTI Intel Engineer Manager at Cybersixgill, puts on his improv hat and joins the pod ready for anything. After COVID pressed pause on daily life, Brad kept himself sane and gained some new skills by returning to his improv roots (a hobb...

December 6, 2022
by Hacker Valley Studio

Richard Rushing, CISO at Motorola Mobility, brings his decades of experience to the show this week to talk about leadership, communication, and perhaps most importantly of all: prioritization. After joining Motorola through a startup acquisition, Ric...

November 29, 2022
by Hacker Valley Studio

Kenneth Ellington, the Senior Cybersecurity Consultant at EY and Founder of the Ellington Cyber Academy, achieves his goal of being on the Hacker Valley Studio this week. From working at Publix in college to becoming an online course instructor, Kenn...