At TikTok, we're always focused on ensuring the safety, security, and privacy of our global community. This is a responsibility we take very seriously, as over 1 billion people turn to our platform to express themselves creatively, learn something new, or be entertained. As we continually invest in the people, processes, and technology to enable best-in-class security operations at scale, we know it's important to work with third-party experts to help test our defences.
We're proud to support efforts that elevate cybersecurity best practices from global industry-leading organisations like HackerOne and the Global Cyber Alliance (GCA). TikTok also promotes European Cybersecurity Month, an annual campaign coordinated by the European Union Agency for Cybersecurity (ENISA) and the European Commission, to raise awareness and share best practices on cybersecurity among EU citizens and organisations.
Together we're continuing to spread cybersecurity awareness, education, and opportunity. We're celebrating our 2-year anniversary of our Global Bug Bounty programme, unveiling our 2022 TikTok Cybersecurity Champions, elevating the #SeeYourselfInCyber initiative to inspire people of all backgrounds to explore professional opportunities in the growing field, and sharing tips to always #BeCyberSmart. Celebrating our 2-year anniversary with the ethical hacker community
Earlier this year, TikTok became a founding sponsor of HackerOne's Corporate Security Responsibility (CSecR) pledge, honouring transparency, collaboration, innovation, and differentiation as core principles to help create a safer digital world for everyone. The pledge furthers the commitments we made two years ago when launching our Global Bug Bounty programme. Since its inception, we've awarded over $585,000 in bug bounties to over 250 ethical hackers for responsibly identifying and disclosing over 450 vulnerabilities so we could quickly resolve them. The programme continues to attract new hackers thanks to our comprehensive scope and commitment to transparency.
As of October 1, this year's top contributors are:
- s3c: Yusuf is a 23-year-old bug bounty hunter from Kurdistan, Iraq, claiming his spot as one of TikTok's top contributors for the second consecutive year! As an independent security researcher on the HackerOne platform with five years of experience, Yusuf enjoys helping top companies protect their business.
- Apapedulimu: Nosa is a 22-year-old security engineer by day and bug bounty hunter by night. From a small city in Indonesia, he started working with HackerOne in 2017 and hopes to become a superstar bug bounty hunter by improving his skills every day.
- Amakki: Abdulrahman is a 21-year-old bug bounty hunter from Saudi Arabia who has been discovering vulnerabilities for various technology companies since starting his hacking journey at age 10 and formally joining the HackerOne community in 2019.
- datph4m: Pham is a security engineer at a software company in Vietnam who has been working with HackerOne for about four years, during which time he's discovered serious vulnerabilities for some of the world's top technology companies.
"The best ethical hackers choose to work on bug bounty programmes that are open and transparent, and customers trust vendors that clearly communicate about what they’re doing to improve security," said HackerOne CEO Marten Mickos. "A key reason for TikTok's success with software security is that they practice such transparency, and we commend TikTok's active engagement in our Corporate Security Responsibility initiative, which prizes transparency as one of its core principles."
Presenting the 2022 TikTok Cybersecurity Champions
At TikTok, we believe security is a team sport. Both internally and on our platform, we're always working to advance a culture of security. Behind the scenes, our security experts and technologists work tirelessly to build, implement, test, and maintain next-generation security and privacy controls to protect our global community. Today we're shining a spotlight on members of our community who inspire others to make strong online choices, and we're proud to introduce the 2022 TikTok Cybersecurity Champions. These creators are experts in their field who make it fun to #LearnOnTikTok by sharing educational and entertaining content that encourages people to #BeCyberSmart.
- @cybersecuritygirl: Caitlin is dedicated to helping people from all backgrounds — especially women — crush stigmas, embrace opportunities in STEM, and become passionate about cybersecurity. Join her community of nearly 300k followers for the latest industry news or tips to incorporate security best practices into your daily life.
- @kyle.tobener: Kyle is a cancer survivor and 10-year enterprise security veteran of Salesforce. He discovered TikTok in 2020 and built a community of over 250k followers by sharing foundational cybersecurity practices, cutting-edge ethical hacking techniques, and ways to break into entry-level security roles.
- @engineeramber: As a mom with over 10 years of IT Security experience, Amber's passion is teaching tech and security skills to both children and adults. On top of making TikTok videos for people who love to #LearnOnTikTok, she authored and illustrated a security childrens book, "The Little Cyber Engineer," as part of her efforts to provide underserved communities with access to technical literature and education opportunities.
- @rossbrous: Ross has a passion for making IT personal. From security-themed parodies of the "Fresh Prince of Bel Air" theme song to a remix of the popular "Sea Shanty," this Cybersecurity Champion showcases his creativity through cybersecurity tips and information that anyone can understand.
Whether you're technical or non-technical, there's something for everyone in cybersecurity. We hope to empower people to check out ENISA's cybersecurity skills framework and explore opportunities across the industry, including open roles with TikTok's security team in New York, Washington DC, Mountain View, Los Angeles, Nashville, Dublin, Singapore, and more. There's never been a more exciting time to #SeeYourselfInCyber.
It's easy to stay safe online
As part of our ongoing commitment to elevating cybersecurity best practices, we're sending in-app push notifications encouraging users to enable 2-step verification. We're also launching new @TikTokTips videos with some of our favourite ways to stay safe and secure online, including reminders to:
- Set strong, unique passwords on all accounts and use a password manager.
- Act on that in-app notification to enable 2-step verification for an added layer of security.
- Avoid opening, downloading, or clicking on links and attachments from unrecognised senders using phishing or smishing as a tactic to trick people into giving up personal information.
- Only download apps from official app stores after reading their reviews, keep all devices and apps updated with the latest software, and offload unused apps.
- Use caution when connecting to unsecured public Wi-Fi or use a Virtual Private Network (VPN).
"Setting up 2-factor authentication and a password manager takes a few moments to get going, but then you can let the tech do the work of securing your accounts and remembering your passwords," said Lisa Plaggemier, executive director of the National Cybersecurity Alliance. "Staying safe online is probably easier than you imagine."
Follow @TikTokTips for more ways to defend against common cyberthreats, and check out the interactive Cybersecurity Toolkit for Individuals we developed with the GCA. As part of our Latinx Heritage Month celebration, GCA and TikTok also launched a free toolkit to help Spanish-speaking business owners protect themselves from cyber attacks.
"The most important thing for people to know about cybersecurity is that YOU CAN DO THIS," said GCA President and CEO Phil Reitinger. "It sounds complicated, but there are a few basic things—like using more than just a password to log onto sites—that will make you much, much more secure."
Together with our partners and TikTok Cybersecurity Champions, we aim to inspire people of all backgrounds to always #BeCyberSmart.