Simon Reinhart, Ethical Hacker, and Lino Simoni, Head of Customer Success at Bug Bounty Switzerland, discuss in this inspiring exchange:
- Why Simon Reinhart transitioned from penetration testing to ethical hacking
- How ethical hackers can earn a living
- How Bug Bounty Switzerland builds trust-based and personal relationships with hackers
Simon Reinhart makes a living by discovering security vulnerabilities before others do. His journey into ethical hacking didn’t begin in a dark room wearing a black hoodie. On the contrary: Originally working in the field of technical hardware, he eventually found his way into IT security. After completing a part-time degree in computer science, he received a job offer as a software developer — which, as it turned out, wasn’t quite what it seemed. “The company was actually looking for a pentester,” Reinhart recalls in retrospect (see Expert Talk video below).
He honed his skills there for seven years before taking the leap into self-employment in August 2024. His interest in software development helped him along the way. “That’s essential if you want to be successful as an ethical hacker.” But the transition didn’t happen overnight. First, he reduced his workload to focus more on bug bounty programs. Only once he realized that he could earn a living from it did he commit to self-employment full-time. “As a self-employed ethical hacker, you have zero financial security. One month can go extremely well, the next significantly worse,” says Reinhart. That, he explains, is the biggest difference from a full-time position: you need a high level of frustration tolerance and the ability to cope with fluctuations.
Bug Bounty Offers More Freedom than Penetration Testing
The decision to explore ethical hacking was sparked by a newspaper article about the Federal Administration’s bug bounty program, launched in August 2022 in collaboration with Bug Bounty Switzerland. “I was reading the article at the swimming pool and found the federal government’s approach fascinating,” says Reinhart. He registered on the Bug Bounty Switzerland platform and soon reported his first vulnerabilities. His work was impressive. “We were speechless at the number of high-quality findings he submitted right from the start,” recalls Lino Simoni, Head of Customer Success at Bug Bounty Switzerland, in conversation with Reinhart.
Although his background was in penetration testing, Reinhart notes both similarities and differences to bounty hunting. While penetration testing typically operates within a defined scope, bug bounty programs remove most boundaries. “Bug bounty hunting usually involves a black-box approach,” he explains. That means hackers don’t know the internal structure of the system — they test it from the outside, just as a real attacker would. This allows for greater creativity and the use of diverse testing methods. Still, at the core, both approaches aim for the same goal: identifying vulnerabilities. Just like in criminal hacking — with the key difference being that “we report the vulnerabilities to the responsible parties or the platform instead of exploiting them ourselves.”
Disappointed by Other Platforms’ Processes
Another incentive in the bug bounty space is the international hacker ranking. Those who find many high-quality vulnerabilities rise in the rankings and gain recognition in the community. “The ranking isn’t my main motivation, though. What matters most to me is being able to make a living from bounties,” says Reinhart. Another key to success is constant exchange with other security experts. “You learn an incredible amount through discussions with fellow hackers,” he adds. Networking within the community helps him stay up to date and understand new attack techniques. Exchanging insights with other top hackers is especially valuable.
However, not all platforms encourage this level of interaction. Reinhart previously tried international platforms such as HackerOne but was disappointed by the experience. “Many programs are frustrating — they take forever to respond or dismiss reported vulnerabilities as ‘not reproducible.’” The experience was so discouraging that he stopped reporting vulnerabilities on those platforms. In contrast, working with Bug Bounty Switzerland has been not only more efficient and transparent, says Reinhart, but also more personal. Communication takes place on equal footing, and beyond that, there’s a genuine effort to get to know the people behind the platform. This personal connection — as seen between Simon and Lino — fosters trust, facilitates exchange, and offers deeper insight into the mindset of hackers. It’s a foundation that’s essential for long-term collaboration and meaningful improvements in security.
Trust Is Key in the Bug Bounty Space
Today, Simon is a full-time bug bounty hunter — a decision he doesn’t regret. “I earn more than I did as a penetration tester and enjoy the freedom to decide when and how I work.” His story illustrates how Bug Bounty Switzerland not only protects companies from cyber risks but also supports career growth. “Without this platform, I might never have taken the step into self-employment,” Reinhart says. What makes the difference is the personal interaction with the team and the quality of the programs: “You can call or send an email, get a response, and be taken seriously.”
Trust plays a central role in the bug bounty environment. “It’s one of the most important values in cybersecurity,” says Lino Simoni of Bug Bounty Switzerland. That makes open and transparent collaboration between hackers, companies, and bug bounty platforms all the more important. Simon Reinhart agrees: what matters is that vulnerabilities are reported honestly and communicated clearly and responsibly.
For Simon Reinhart, one thing is certain: “Cybersecurity is becoming increasingly important — and increasingly in demand.” On the one hand, awareness is growing among SMEs, increasing the need for analysis. On the other hand, regulatory requirements are tightening. For example, “banks and insurance companies are required to test their systems at regular intervals.” Bug bounty programs are one of the most effective tools to meet those requirements.
