简体中文
One million always seems like a number so out of reach for many people as their income, if not a lottery win, but for some, a million is not only within reach but also very easy to find.
“We offer a million yuan reward to those who can crack our bugs!”
At the Hack for Security 2018 conference in Shanghai in March, such calls were not extraordinarily eye-catching.
Being a white hat hacker in China nowadays not only means a cool title, it also means a good income, that is, if you are skilled enough, as the country rapidly connects everything online but faces a desperate shortage in the supply of cybersecurity talent.
Sqler, a 24-year-old white hat hacker, started off as a bug bounty hunter on Butian, China’s largest vulnerability response platform. Three years later, he has changed his job twice with a consistent rise in income that has reached more than 200,000 yuan per year as a cybersecurity expert.
“My pay rise may be higher than others. It tripled when I changed jobs,” he told People’s Daily Online.
Similarly, Lunlun, a 26-year-old white hat hacker on Butian who is also a senior Internet security expert with Guangdong-based breeding industry R&D enterprise, HAID Group, now enjoys an annual income of over 200,000 yuan.
The young men were not shy to admit that cybersecurity experts in China tend to receive better paychecks than average IT professionals, adding that their bug hunts also help them collect bonuses – money, gifts, and trips – from companies beyond their main employers.
Photo courtesy of Butian
The more, the merrier
The 2018 report from HackerOne, a San Francisco-headquartered international bug bounty platform, showed that top white hat hackers on the platform earn 2.7 more than software engineers on average globally. In China, it is 3.7 times more.
According to a survey by China Information Technology Security Evaluation Center (ITSEC), the average annual salary of cybersecurity professionals in China was between 122,000 and 178,000 yuan in 2017, while that of IT professionals on average was 120,000 yuan.
With international cyber attacks targeting financial institutions, Chinese banks are also hiring more cybersecurity talents, and the competition is fierce, Cao Yue, a Beijing-based financial cybersecurity expert, told People’s Daily Online.
The ITSEC survey indicated that financial institutions were the most generous in terms of payment to cybersecurity professionals. Of those surveyed, 80% receive an annual income of over 200,000 yuan and 31.8% make over 300,000 yuan each year.
Game on for what’s rare
“It’s normal to see a high salary for the young people and fierce competition among companies on cybersecurity talents. It was also like this 20 years ago for programmers when the Internet was a newborn,” Qi Xiangdong, Chairman of 360 Enterprise Security Group, told People’s Daily Online on the sideline of Hack For Security 2018 conference.
Data released at the conference showed that China needs 700,000 cybersecurity talents and the number is expected to grow at 15,000 per year till it jumps to 1.4 million by 2020.
The talent shortage has become especially prominent as cybersecurity no longer threatens websites only, but also new technologies like AI and IoT, which are harder to fix due to their complexity. “It is a matter of national strategy and personal safety,” Qi emphasized.
Photo courtesy of Butian
“As blockchain developers, we want to ensure everything on our blockchain is secure. There were several security breaches in the past on some of the industry-famous blockchains, which caused millions of dollars in losses. We’re happy to have white hat hackers help to mitigate the risks and seek out systematic vulnerabilities. We already have tens of thousands, if not hundreds of thousands yuan invested in blockchain network securities. Experts such as white hat hackers are worth their price,” Li Pu, a partner at Achain, a Beijing-based blockchain technology company, told People’s Daily Online.
Fill in the blanks
In spite of the rising awareness on cybersecurity among Chinese companies after several outbreaks of attacks in the past years, including the WannaCry ransomware attack in May 2017, it is never easy to fill talent shortage gap, especially for cybersecurity talents, experts noted.
As early as 2015, China began to list cyberspace security as a university major like software engineering or civil engineering. Since then, the nation has stepped up its efforts in this regard and in 2017 it unveiled an ambitious plan to build four to six world-class cybersecurity colleges by 2027.
On March 29, the nation’s first cybersecurity training center was launched in Mianyang, Sichuan Province, to specifically train professionals capable of handling cyber attacks in real life. The base is expected to provide 1,200 cybersecurity engineers every year.
Cybersecurity companies like 360 Enterprise Security Group and vulnerability response centers like Butian have also pooled their efforts in this regard. Based on experience, the group has designed a series of textbooks for undergraduate students on cyberspace security and for white hat hackers on Butian, who serve as tutors at some 60 Chinese universities and have given lectures at over 30 universities to help students get first-hand information and skills.
In addition, many cybersecurity training courses are now available online to meet the demands from both the professionals and the newbies who are trying to tap into the industry.
“But I must admit that many who come out of the training are far from good. Some even lack basic knowledge. I’ve seen too many of them join, driven by profits, just to quit half way in the end. It’s important to constantly study by yourself, if you are truly interested in it,” said Sqler.
Echoing Sqler, Lunlun added that studying cybersecurity technologies is a long and boring process, which takes more time than interest.
The two white hat hackers said they sometimes still do cybersecurity case studies late into the night, which was more common back when they were at school.
“We’re not geniuses as people say. It’s more about practice makes perfect. You’ll be able to see more problems and threats after you’ve seen enough,” Lunlun said.
(People's Daily)
