Santiago Lopez became a millionaire aged 19.
So-called ethical or "white hat" hackers can make millions off "bug bounties" — when companies pay them for breaking past their security, exposing their vulnerabilities.
Business Insider spoke to two ethical hackers who have become millionaires through their work on bug bounties.
Santiago Lopez, 19, lives in Argentina with his parents. Nathaniel Wakelam, 24, lives in Thailand and works for a security consultancy.
Hackers loom large in people's imaginations often because of film and TV depictions of hooded figures typing furiously to crack into some top-secret vault somewhere.
But not every hacker is a criminal and more companies solicit so-called "white hat" hackers to break through their security to show them where their weaknesses lie, paying them with "bug bounties."
Big companies can pay extremely handsomely for bug bounties. Apple recently offered a $1 million bounty to anyone who can crack into an iPhone using a specific hack.
Business Insider exchanged emails with two young hackers who became millionaires, having made a career from bug bounties.
Santiago Lopez, who lives with his parents and became the first ever bug bounty millionaire
Santiago Lopez, 19, currently lives with his parents in Buenos Aires. In February he officially became the first ever bug-bounty millionaire, according to bug bounty platform HackerOne.
Lopez told Business Insider that he got into hacking aged 15, and earned his first bug bounty at 16. He made $50. It wasn't until he signed on with HackerOne that he realised he could make a career out of it.
"I realised just how much money I could make through ethical hacking. The platform opened me up to leading organisations who pay very well for vulnerabilities so I had an opportunity to make a lot of money and really make a career out of bounty hunting," he said.
Lopez mostly makes his money finding private bug bounty challenges through the HackerOne platform, rather than sifting through public bug bounty programmes.
Santiago Lopez hopes to go study before possibly opening his own security company.
"I will always want to hack as I enjoy the challenge so much, but I would like to go to university or college at some point and start studying. After that I would like to start my own company within the security space," he said.
"Hacking will always be a big part of my life," he added.
Nathaniel "Naffy" Wakelam who began hacking as a student
"I generally spend about six or seven hours a day hacking, so it's almost like a full-time job," he said. "When you find a bug it's the best feeling in the world."
Santiago has saved up enough bug bounty money to buy himself two cars (a Peugeot RCZ and a Mini Cooper) and a beach house.
Australian-born Nathaniel Wakelam is 24, is the chief information security officer at a security consultancy. His friends call him Naffy, and he's most recently settled in Thailand.
Like Lopez, Wakelam got into hacking as a teenager — specifically he spent most of his time hacking a video game to give himself an unfair advantage. "I found in-game vulnerabilities that allowed me to become invisible... duplicate in-game gold, and move into restricted/unintended map areas," he told Business Insider. Although he preferred not to name which game it was, he said it was a large MMO (Massively Multiplayer Online game). MMOs are massive online worlds where players can interact, think "World of Warcraft."
"I found out later on that what I was doing was pretty similar to a lot of what my security roles cover," he said.
He first turned to hacking as a money-earner as a cash-strapped student. "During my first semester of university I was having trouble paying rent, I was also working five hours during the day five days a week at a call centre while maintaining full-time study," he said.
"After doing this for a month I realised that this was unsustainable. At the same time, Yahoo had just created their bug bounty program. I quickly earned $60,000 in bug bounties and decided to do it full-time."
Nowadays Wakelam works extensively with Riot Games, the game studio behind the wildly popular game "League of Legends", and Verizon.
Unlike Santiago, Wakelam's schedule varies widely. "When I'm not finding many bugs I can spend as little as 5 hours per week, but when I'm doing well it can be as many as 30 to 40 hours per week," he said.
Wakelam also said he can't imagine a future for himself without hacking. "After working as both a consultant and in the bug bounty space for many years I've recently branched out to start a computer security consultancy called Gravity. The new challenges and experiences I have in this space year to year keep me interested, and I can't see myself doing anything else," he said.