We pulled Tommy DeVoss away from DefCon for a few minutes to get his take on life as a hacker. He in the upper decks of HackerOne’s signal and rep scores, and he has a real knack for Yahoo.

Q: Tell us who you are.

My name is Tommy. My handle is thedawgyg. Been hacking off and on for 23 years, and I’m from the U.S.

How did you get started?

Originally, I joined an IRC room by mistake and saw another hacker in that room who had broken into a server for every single university in the entire U.S. at the time and had a shell account on each one and a bot running from it. I thought it was cool and I wanted to do the same thing.

First vulnerability you found?

Yahoo. Remote code execution on Yahoo with ImageMagick.

Why do you hack?

It’s a challenge and it always changes. You can never learn it all.

Most memorable vulnerability?

It would probably still be Yahoo’s remote code execution – being able to do it twice in less than a week on two of their production servers.

How do you pick a program?

Generally Yahoo because I’m most familiar with them, then anytime I get a new private invite or see a new program. I try to stay away from old programs, except for something Yahoo, even if they’re not paying money. The newer the program is, the more likely I am to be spending time on it.

Coolest find with someone else?

Aside from our messing with Swisscom the last few weeks, not really.

What hardware/software do you use?

I have a custom-built laptop from a company called Velocity Micro in Richmond (Virginia). I run a Linux Fedora Core 20 server. I use a lot of different programs. Everything from Burp to Sublist3r, DNS Scan.

How have bug bounties impacted your life?

I would say they have improved it just because I spend a lot more time now doing that, so I’m not doing a lot of things that I used to do, and I got to come to DefCon because of bug bounties, so.

What do you do when you’re not hacking?

Video games, playing Xbox 360 and Xbox One.

Favorite security conference?

DefCon’s the only one I’ve gone to so it would have to be DefCon.

Best part of DefCon?

Meeting all the other people that are into the same things, and being able to learn from them.

Any advice for new hackers?

Pay attention to scopes and bug bounties, and don’t cross the line.

@thedawgyg is just one of thousands of motivated, conscientious hackers who are working to make our digital lives more secure. Hacker-powered security is changing the way enterprises think and act on matters of internet safety. Get started with your own bug bounty journey: https://hackerone.com/teams/new with HackerOne.