When you think about hackers, you probably think about those sleazebags who steal your personal information and use it against you.

Not all hackers are bad, though – in fact, the best way to outsmart a hacker is by using another hacker.

HackerOne is a bug bounty platform that offers money in exchange for finding security vulnerabilities in IT systems from participating companies.

According to PC Mag, one of their hackers, 19-year-old Argentina native Santiago Lopez, has just become the first person to surpass $1 million in rewards.

You can check out his Instagram if you want to see how he’s using it.

Since joining HackerOne, he’s found more than 1,670 security flaws in products and services from Verizon, Twitter, WordPress, and government offices.

He’s a self-taught hacker who only got started three years ago by reading blogs and watching YouTube videos.

He really got into after watching a 90s hacker movie. No prizes for guessing which one.

“I didn’t even know it existed until I saw the movie Hackers, which opened up a whole new world for me,” he said in a Q&A with HackerOne. “As I learned more, I realized that I was naturally drawn to the types of challenges and problem-solving opportunities associated with hacking.”

Lopez didn’t find his first software bug until he was 17 for which he was awarded $50. Over time he refined his skills and focused on finding as many bugs as he could within a short space of time.

“I know they say quality before quantity, but quantity is what I like,” he said. “I see hacking as a normal job, so I tend to hack between 6 to 7 hours per day.”

The largest bounty he’s ever been awarded was $9,000 for a server-related vulnerability that could allow remote takeover. However, he specializes in finding software bugs that can let hackers bypass normal application processes to access protected resources, such as files and database records.

To date, HackerOne has been awarded over $45 million in bug bounties. Here’s Santiago living his best life:

Not bad for someone who hasn’t cracked 20 yet.

[source:pcmag]