Allan Jay (AJ) Dumanhug is a cybersecurity professional by day and bug bounty hunter by night.
Based in the Philippines, AJ says he first became excited about tech when he was introduced to computer science by a visitor to his high school. Today he is one of the top cybersecurity professionals in the Philippines – and when he’s not keeping businesses safe from hackers, he’s hacking into web apps himself to expose vulnerabilities, and winning cash prizes to do it!
After high school, AJ studied a Bachelor of Science (Information Technology) at STI College in the Philippines, and is currently completing Holy Angel University’s Professional Science Master’s (PSM) in Cybersecurity program. He’s also a certified security analyst and ethical hacker, and co-founded the Philippines’ first and only crowdsourced cybersecurity testing platform. The platform is called Secuna and it connects cybersecurity professionals like AJ with start-ups and small businesses, to find and fix bugs and vulnerabilities in their IT systems.
White House hacker
AJ is currently the head of IT, cybersecurity and privacy at Secuna, and he says he loves helping both private and government businesses all over the Philippines improve their cybersecurity. However he adds that it can be challenging convincing some businesses about the risk of being hacked at any time.
One of the ways he shows the world how vulnerable our IT systems can be is as an ethical hacker – often collecting bounties on offer along the way.
In the old days, bounties (cash rewards) were sometimes offered to people for hunting animals that were considered pests – sadly, that’s how the Tasmanian Tiger went extinct. Happily we’re a little more ecologically minded these days, and our bounty hunters use tech skills instead of traps and weapons. They’re ‘ethical’ because when they find the bug, they tell the organisation about it, and win the cash prize on offer – which is usually a pretty good deal for the organisation, which just avoided a bad-intentioned hacker instead finding and using that same bug to hurt their business.
For example, back in 2016, AJ hacked into the White House’s Medium.com blog and was able to add himself to the list of contributors, meaning he could add and delete posts as he pleased. This wasn’t the first time he’d exposed a bug on the Medium blog site, either – AJ previously figured out how to edit and delete any users’ post on the whole site. He was paid $250 by Medium for reporting each bug. Pretty fun way to earn some extra money on the side!
Last year, AJ was invited by Facebook and Google to attend BountyCon2019 in Singapore. He finished on the list of Top 10 Hackers, among hundreds of participants. AJ also participates in Capture the Flag (CTF) competitions with a Filipino team called the hackstreetboys (um, best name ever?).
AJ says his job at Secuna is his “dream job”, and he wants to help protect everyone from the possible risks that might come from cybersecurity attacks.
He thinks cybersecurity is one of the most exciting spaces in tech at the moment – but says it’s important that when considering your own career, don’t just go for what’s ‘hot’, instead make sure you “balance what you’re good at, what you’re interested in and what demand there is”.
And not all career paths are straight or smooth! AJ has previously worked as a garbage collector and says that experience helped him in his work as an entrepreneur, cybersecurity pro and bounty hunter today.
Interested in a career in cybersecurity? Read our free cybersecurity e-book here
Author: Gemma Chilton
Gemma has a degree in journalism from the University of Technology, Sydney and spent a semester studying environmental journalism in Denmark. She has been writing about science and engineering for over a decade.