The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
How does a serviceman or woman get involved with security research? Don’t hackers belong to a mysterious subculture that doesn’t match the culture of government? The truth is that many uniformed officers engage in ethical hacking, on and off duty! Air Force Master Sergeant Johnathan Miranda is one of them.
Master Sergeant Miranda is a Cyber Warfare Operator assigned to the Defense Information Systems Agency (DISA). Miranda previously led a team of enterprise-scoped threat hunters focused on finding a red team and nation-state activity on the Air Force network for the Air Force Computer Emergency Response Team (AFCERT). In his free time, he participates in bug bounty programs as a “bug hunter” to find and disclose vulnerabilities in systems. When not hunting bugs, he is honing his bug hunting skills for the next event.
The following is an interview with Master Sergeant Miranda about his experience as a military hacker.
I started around 15 months ago; Hack the Army 2.0 was the first time I participated in any bug bounty program. Participating in Hack the Army 2.0 and Hack the Air Force 4.0 events got me started down the path of bug bounties. In the fall of 2019, I had an unexpected change in my work roles, and that drove me to dive headfirst into bug bounties during my time off. I needed something to channel the desire to do deeply technical work, and bug bounties filled that gap. After spending time exploring the different platforms, I became involved with the bug bounty community and was hooked. Now I spend all my free time on bug bounties.
Bug bounties were always interesting to me. When I heard about Hack the Army 2.0, I just had to give it a shot. I worked with a Defense Digital Service team member on a project back in San Antonio, so through the power of "sending a random email," I just asked if there was a way I could participate. A couple of days later, I received an invite and had the opportunity to hack on the program.
Some aspects of hacking overlap with my current work role; I am assigned to DISA as the Deputy Branch Chief of the Cyber Fusion cell. Our team must have a deep understanding of current threats to the public-facing assets and services that DISA provides to the enterprise.
I've been lucky enough to interact with some of the best military hackers in the Department of Defense, having been stationed in San Antonio and now Fort Meade. I am currently associated with the Shell Collecting Club, which is all active duty, and some recently separated capture the flag teams that participate in various CTF events. There are nearly 200 of us in the community.
Find an aspect of this field that interests you and dive right in. There are so many learning resources out there to get you started. For example, if bug bounties interest you, start looking at the platforms that host bug bounty programs (try HackerOne, Bugcrowd, Synack, or Safehats, just to name a few). Then, jump in headfirst. Don't worry about labels or barriers. If you are out there hacking what interests you, congratulations, you're now a "Hacker."
There's a vast community of researchers that want to help protect our systems, and it is evident from how successful the DoD VDP is. Automated scanners cannot find the bugs that these researchers are finding; leveraging crowdsourced platforms is something that we should be doing across all federal and state governments. I've had the pleasure of being part of the bug bounty community for a little over a year, and it is the most welcoming and friendly group of people I've ever been a part of, and I plan to continue to be part of it for a very long time.
Yes! I am very excited to participate in Hack the Army 3.0. I took a couple of days of leave to hack on the program and plan to participate throughout the entire event.
Hack the Army 3.0 program will run from January 6 until February 17, 2021. If you’ve got the skills and are ready to dive in like Master Sergeant Miranda did, apply now!