6 Valuable Lessons I Learned Working for A Cybersecurity Startup

In 2016, I was invited to the HackerOne office in San Francisco, now mind you this was after I had posted a series of angry tweets directed at them. These tweets included criticism about their invite system, bounty payouts, program selection and platform features. This meeting was originally organized for me to meet the team and provide them with feedback. This was an amazing opportunity, not just because I had the chance to get to meet their team, but it also opened up my eyes to how much work goes on behind the scenes and how many different hoops they had to jump through in order to make things work as a small company. A few days later following our meeting  with them and after giving it some thoughts, I realized my tweets and in person feedback may have been a bit too direct and harsh. After reflecting I realized my options were to continue to provide them feedback over email/twitter or to ask them if there’s any way to join their team and help with addressing some of my concerns and help the community grow. I ended up choosing to try to work with them and in March of 2016, I was hired as a Security Associate intern to work closely with Jobert Abma and Michiel Prins. 

As I write this blog post, exactly 6 years have passed and today marks my last day of being a Hackeronie. It has been an amazing 6 years and working at HackerOne, not only changed my life, but it also helped shape me into who I am today while also teaching me invaluable lessons. During this time I’ve also created personal connections that I will forever be grateful for.  As I say goodbye to this chapter of my life, I wanted to share some of the lessons I have learned from working with an amazing talented group of people at one of the fastest growing startups and “the #1 most popular bug bounty platform”. 

As you read this blog, please keep in mind that this was my first ever “desk” or 9-5 job, let alone being a newbie in tech, and scoring my first job in security. This is also me sharing a huge piece of my life so be kind :)

Company Culture 

Before jumping into some of my learnings from working at HackerOne, I want to highlight the company culture. Company culture is what makes working at a company more desirable and fun. Fortunately for HackerOne, even though things shifted at times while the company grew, at its core, HackerOne has a great company culture that’s beyond just snacks, wellness, office equipment or the unlimited paid time off. Being hired at the company so early on, it gave me the chance to be a part of the early group of employees attending the first ever HackerOne all hands. This specific all-hands focused on coming up with HackerOne’s values:

Start with integrity - Integrity is how we act when no one is watching.

Default to disclosure - Ask “Why should this be private?” instead of “Why should this be public?”

Act like an owner - Greater alignment for greater autonomy.

Win as a team - Compete to achieve excellence. Enable each other to do our best.

Empower the community: Our community is composed of hackers, customers, the security industry, and ourselves.

These values made the working environment easier to be a part of: “Defaulting to disclosure” allowed me to be transparent when making a decision, disclose any mistakes, or share any learnings. “Start with integrity” held most people, including myself, accountable. “Act like an owner” allowed me to wear many hats and help with other areas of the company that needed help. “Win as a team” encouraged everyone to celebrate with each other; whether it was on slack, in person at a happy hour, or during our team meetings.  I wanted to highlight these as you may see me reference or talk about some of these throughout the blog post. But company or team culture isn’t just defined by these values. To give you an example, one of my favorite rituals in the community was Luke’s sign off message. Every Friday, Luke Tucker, former VP of Community (and my boss), would sign off with a weekly roundup, where he would summarize the week, celebrate our progress, and get us ready for the weekend. Little things like this made work so much more enjoyable and gave me something to look forward to.

Everyone is replaceable 

This isn’t to say I have ever felt unappreciated or not valued, but I’ve learned that no matter how hard I work, there are people far smarter and more experienced out there. Someone else can and will do my job better. This is not to say people will forget what I have done, but as the company grows, more and more people with different backgrounds and experiences bring more and even better ideas to the table. It’s also a very humbling concept to grasp: I am not irreplaceable, don’t get too comfortable at your job, and show up everyday ready to do your best.

Even though someone else may take over my projects, or do my job better due to their experience and background, and I may be replaceable, I eventually learned that my relationships aren’t. People enjoy working and having me as a stakeholder for a reason. It was extremely important for me to Invest time in helping others in different areas outside of my role to build some meaningful relationships as well as help me grow as an individual. Which is also a great segue to my next point…

Adapt to change

When I joined HackerOne, a small startup, everything was moving quickly. Projects hit the ground running overnight in some cases. Stakeholders change and people come and go. In the 6 years of working at HackerOne, I reported to 8 different people from co-founders, to director/managers, and even our CFO. Not only because people were moving on to bigger and better things, but also because the company was growing and we kept introducing new products or projects that seemed interesting and a great opportunity for growth.

In addition to the changes in company organization or structure, your teammates or company leaders (directors, executives or the CEO) may make changes to a product or offering. When a change is being implemented try to understand “why”? Why is this change being implemented? Not only did this allow me to learn from others, but it also let me contribute to these changes as well as adapt or cover any blindspots that may have not already been looked at. Asking why allowed everyone, including myself to present our arguments for or against these changes, which welcomes a more collaborative approach and helps everyone align and contribute to the direction the company or product is headed. 

Wear As Many Hats As Possible

Working at a startup means that you may have limited resources. That’s not because you are unable to attract the right talent or don’t have the budget to bring on more people, but mostly because you are still figuring things out. You may still not know what role you may need to hire for. Working at HackerOne at the early ages, gave me the opportunity to work with a number of different teams: from triage to program management, to operations, community management and becoming the head of hacker education during my last year or so. 

Wearing different hats allowed me to influence more aspects of our platform than just for hackers. It allowed me to educate people internally on how to speak to hackers, allowed me to explain to our customers why a bug was more critical than they expected it, it allowed me to work with sales team in early stages to justify why they should work with hackers across the world, or even help create new features that helped the hackers succeed on the platform.  Having the freedom to do this, allowed me to learn a lot more than just the bug bounty ecosystem. It allowed me to learn how other teams within our company operated. It let me learn about some of our customers' needs or worries. It taught me how to problem solve while I collaborate with others that may not be on my team or have the same goal as I did. 

Create Your Own Path

While it’s great to wear many hats (“act like an owner”) to make things work because you are passionate about your job, you should put yourself first. While I have reported to some amazing people during my work at HackerOne, I’ve learned one thing: don’t expect your managers to know your path better than you do. This is a hard pill to swallow. Don’t get me wrong, I’m not saying you shouldn’t build a good relationship with your manager, but always keep in mind that no one is going to come to your rescue or create a path for you; everyone has their own life and career goals. 

Working at HackerOne at its early stages had its own career challenges. As I said, I really enjoyed wearing many hats and having my hands in a number of different projects, but this also pushed me back in a number of different ways. For starters, it was hard to find a well defined path for my career at HackerOne. It wasn’t clear where I would be headed next in the company or what my career growth looked like. I say all of this, not to criticize HackerOne or my managers for not being able to answer these questions for me, but because I also didn’t know how to create my own path for the first half of my career. I always waited for someone to define that for me until eventually, I had sat down and created a plan for where I want to be in the next three to five years. 

So if you are reading this and you are in a similar situation, don’t just rely on your manager (or their managers) to define this for you. Sit down and ask yourself “where do I want to be next year? Where do I want to be in 3 years? How about 5?” and so on. 

Money Doesn’t Buy Happiness

I know we all have our bills and mortgage to pay for. But one of the biggest lessons I’ve learned in the past 6 years is that money doesn’t buy happiness. Let me explain before you head over to twitter and roast me. While money doesn’t buy happiness, it does make being sad a whole lot easier because you’ll be worrying less about your bills and it gives you the ability to focus on other life problems. I’m not here to talk about that though.

Even though I originally took a paycut (in comparison to my other offers) to join HackerOne, in the end I realized that job fulfillment was more important. Sure I could’ve joined a big organization to help secure their products as a security engineer and probably learned more of the technical side of things, but I also didn’t want to just have a regular job. I wanted to have an impact on other people’s lives by showing how they can use hacking through bug bounty programs to change their lives and open up so many different opportunities for themselves and their families. Whether it was to represent hackers internally to implement changes to our policies, look into their support/mediation tickets, or even create content to teach them how to get started in bug hunting… and I think my job at HackerOne allowed me to do exactly that! With that being said, don't be afraid to ask for what you’re worth. The negotiation process can feel daunting but try to find the sweet spot between your compensation and your fulfillment you receive from your job.

Final thoughts 

I didn’t write this to criticize nor say working at HackerOne was perfect (even though it was in most cases). I wrote this to reflect on the last 6 years (almost 20%) of my life at a startup. Honestly the amount of experience I gained from working for HackerOne has been incredible and something I will always hold close and dear to my heart.  

As I wrap this up, I want to thank a few people I directly worked with, who have made a huge impact on my career: 

• HackerOne co-founders, Jobert Abma and Michiel Prins for taking a chance on me (or making the mistake of hiring me) and supporting some of my crazy and ambitious ideas.

• Former HackerOne CFO/COO, Ning Wang for being an amazing mentor and for being extremely  patient with me while asking to do a role with zero prior experience or knowledge of the job.

• Former VP of Community, Luke Tucker for being a great sounding board and helping me grow as a content creator and educator

• And last but not least, the amazing (current, former and honorary) community team members at HackerOne. Thank you for not only being an amazing group of talented individuals who made work more fun and engaging, but for being there as a second family. I will genuinely miss working with every single one of you! 

To the rest of my fellow hackeronies, I cannot wait to see you do amazing things like you always have and I will always be rooting for you from the sidelines! 

As to what’s next for me and the “NahamSec'' brand, I’ll be publishing a series of blog posts that’ll dive more into where I’m headed and what I will be doing with my personal brand. Stay tuned! 

Ben Sadeghipour
March 2022

Also a HUGE thank you to the following people for reviewing this blog post and providing me their valuable time and feedback: @zseano, Todd Bailey, @vickielie, and @securibee.