An unconventional journey into bug bounty hunting
Born in Transylvania, Romania, this hacker has ventured across continents, taken on multiple fields of education, and emerged as a rising star in cybersecurity. Today, we delve into the life and career of Flaviu.
From student to cybersecurity specialist
Flaviu’s journey is anything but conventional. “Hacking has always been in my blood ever since I was a kid,” he shares. Although he was initially accepted to study engineering at Glasgow University, he ultimately chose a different path, believing that real-world experience was key to his future.
After years of traveling and living in various European countries, including Germany, Spain, and Greece, he eventually found his way to Scotland. It was here, supported by his wife—whom he credits for encouraging his passion for cybersecurity—that he pursued a degree in Digital Security, Forensics, and Ethical Hacking at Glasgow Caledonian University.
The transition from student to professional wasn’t immediate. “Halfway through my course, a friend who had graduated and was hired encouraged me to apply for a position” he recounts. This push, combined with his previous vulnerability disclosures to various high-profile organizations including several notable common vulnerabilities and exposures (CVEs), participation in bug bounty programs, and involvement in Capture the Flag (CTF) competitions, eventually landed him his first and current role as a cyber security consultant.
Now specializing in web application and API testing, he prides himself on being a versatile consultant. Flaviu says, “I am capable of conducting various types of tests such Cloud assessments, internal network assessments, mobile application testing, Citrix breakout, thick client testing, build, firewall and code reviews and lastly my favorite social engineering such as vishing and phishing.”
Finding the right tools for your bug bounty journey
For the past five years, Flaviu has been actively participating in bug bounty programs. “Bug bounties have taught me several valuable lessons,” he reflects. “From time management to report writing, the experience has been invaluable.”
But it’s not just about the skills. “Competing against some of the top hackers in the world can be challenging, but it also fosters a sense of community,” he notes. Friendly collaboration, coupled with the satisfaction of making software and systems safer drives Flaviu’s passion for ethical hacking.
Along the way, Flaviu has discovered a number of helpful tools and a variety of ways to use them. “My tool usage varies from case to case, and I use them as needed based on the specific requirements of each situation. This flexibility allows me to tailor my approach and ensure that I’m using the right resources at the right time. When testing I prefer to identify vulnerabilities manually, though I do see the value in tooling and automation. While tools and automation can enhance a hacker’s capabilities, I believe it’s important not to solely rely on them. In the cyber security world, many people think that just having the latest tools or some “magic tool” will guarantee great results. The real skill comes from understanding how to use them and knowing the basics behind them. It’s not just about what you have; it’s about how you use it.” He shares some of his favorite tools, “Burp Suite” with several extensions such as Autorize, Reflected Parameters, HUNT, and Param Miner among others. Additionally, I leverage a performance oriented Kali Linux box for fuzzing and other tools such as SQLMap, FFUF, Amass, Nuclei, etc.” He also finds that articles written by other top hackers provide him immeasurable value.
Flaviu has a preference where he hacks, and for good reason. He says, “I hunt with Bugcrowd because I appreciate the platform, the companies involved, and their broad and diverse scopes, which include testing operating systems, web applications, APIs, mobile apps, and many other types of projects. I know of other platforms that require the use of a VDI and VPN which I feel slows me down. Others operate on a leveling system, to level up, researchers typically need to demonstrate their expertise through valid submissions on the platform and each level unlocks additional opportunities or rewards.
I do receive a lot of private engagement invites on Bugcrowd, which keeps me motivated. I like to joke that the algorithm secretly loves me!”
He also says that triage and payment are prompt. These reasons, combined with the support of the Bugcrowd team, keep Flaviu focused on his goals and moving forward in his career.
Overcoming hacking challenges and looking to the future
Like anyone, Flaviu has faced his share of challenges related to hacking. “One of my biggest challenges has been thinking outside the box to identify vulnerabilities, it can be very hard to cut through all the noise. There are so many ‘resources’ that claim to offer solutions and better methods.” he admits. His solution? Adopting a hacker’s mindset instead of a developer’s perspective. He says, “This shift in thinking allows me to explore creative approaches and identify unconventional methods to identify security vulnerabilities effectively.”
Looking ahead, he believes he’s just getting started. “I have a long career ahead of me. I’m continuously learning, and with my passion and determination, I plan to keep upskilling and tackling the challenges I face head-on. I also plan to help others, I know there are so many newcomers that need help in the cybersecurity space, especially landing their first job and I hope to be a source of inspiration and guidance.” With goals of becoming a well-rounded cyber security consultant and potentially moving into red team engagements, his journey is far from over.
A balancing act: Life beyond the computer
In a field as demanding as cybersecurity, burnout is a real concern. Flaviu emphasizes the importance of self-care, from maintaining a healthy diet to taking breaks and spending time with family. “My kids really keep me grounded,” he shares. He also says, “I prioritise my diet because I believe it plays a significant role in mental health. It’s easy to fall into the trap of snacking on cookies while sitting at my desk, so I try to avoid that. We cook fresh meals at home, and my wife often prepares immune-boosting drinks for me.”
While some might picture hackers as solitary people, Flaviu proves this stereotype to be dated and misinformed. “Outside of hacking, my life is split between family and friends,” he shares. With young children keeping him busy, he finds joy in supporting their hobbies and interests. Along with that, he expresses appreciation for his ever supportive wife. “Honestly, my biggest influence is my wife. While I admire many talented individuals in the cybersecurity space for their incredible work, it’s my wife who truly inspires me.”
When he’s not playing the role of devoted father and adoring husband, you might find him hitting the open road on his beloved motorbike. “I’ve loved motorbikes since I was young,” he says. “They give me the freedom to explore and disconnect from the digital world, reconnecting with the real one.”
This passion for motorcycles, however, hasn’t been without its challenges. A recent accident left him with a broken femur (ouch!), temporarily sidelining his love for other physical activities such as rock climbing and kayaking. But true to Flaviu’s resilient nature, he’s been focusing on rehabilitation at the gym, proving that setbacks are nothing but opportunities for him.
I also try to help inspire others and have been working with a local college to help inspire the next generation to consider a career in cyber security.
His advice to aspiring hackers? “Don’t let money be your primary motivation for getting into bug bounty hunting.” Instead, he encourages newcomers to celebrate their findings, no matter how small or even if they’re duplicates, and to focus on challenging themselves. Flaviu advises, “Focus on identifying harder-to-find vulnerabilities such as insecure deserialisation, XML External Entity (XXE), Server-Side Template Injection (SSTI), Server-Side Includes (SSI), and SQL Injection (SQLi). These types of vulnerabilities can yield higher rewards and, fingers crossed, are less likely to be duplicates.”
Flaviu also recommends taking a step back and narrowing in on your focus. “One important lesson I wish I had learned early in my hacking career is to take one step at a time. There were moments when I felt overwhelmed by the vast amount of information to learn, and I often struggled to know where to focus.”
Approaching cybersecurity with a growth mindset
From the internet cafes of Romania with his father to the rolling hills of Scotland, Flaviu’s journey is a testament to the power of passion, perseverance, and the right support system. As Flaviu reminisces, “Some friends of mine on Internet Relay Chat (IRC) networks would order virtual private servers (VPS) and build botnets, customising them to respond to our commands. We even had fun with Sub7 (SubSeven), a Remote Trojan Horse we’d use for harmless pranks on each other. It was an exciting time that truly fueled my interest in the world of hacking.”
As he continues to grow in his career, one last piece of advice from Flaviu is: “I’d definitely recommend finding a mentor, this can really accelerate your growth and help you navigate challenges more effectively. If anyone ever needs direction, please don’t hesitate to reach out to me via LinkedIn or flaviu.io, I’d be more than happy to help!”
