Jack Cable is a coder turned white-hat hacker, a leader in making government and industry more secure.

twitter | mastodon | scholar | blog | github

Jack is currently a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency, where he helps lead the agency's work on Secure by Design and open source software security.

Before CISA, Jack worked as a TechCongress Fellow for Senator Gary Peters, advising on cybersecurity policy, including election security and open source software security.

Jack previously was a Security Architect at Krebs Stamos Group.

Prior to that, Jack served as an Election Security Technical Advisor at CISA, where he created Crossfeed, a pilot to scan election assets nationwide.

Jack rose to top ranks in bug bounty programs, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the U.S. Department of Defense. He is ranked within the top 100 hackers all-time on HackerOne. For this work, Jack was named to Time Magazine's list of the 25 Most Influential Teens of 2018.

After placing first in the Hack the Air Force bug bounty challenge, Jack joined the Defense Digital Service out of high school, where he helped run the Hack the Pentagon bug bounty portfolio, advised on the next iteration of the DoD Vulnerability Disclosure Program, and built innovative cybersecurity assessment tools.

Jack studied computer science at Stanford, where he worked as a researcher with the Stanford Empirical Security Research Group and the Stanford Internet Observatory

Some of my work:

Led development and deployment of CISA's first passive, opt-out vulnerability scanning program with Crossfeed, assessing all 50 states and over 2,500 counties ahead of the 2020 election.

Advised the IT-ISAC on rebuilding relationships between the hacker community and elections industry, leading to the adoption of the first vulnerability disclosure policies for voting machines.

Launched Ransomwhere, the first website to publicly track ransomware payments.

Discovered a temporary workaround to a nascent ransomware strain, saving 50 victims $27,000 and leading to recognition from the U.S. Secretary of Homeland Security.

Organized a sign-on letter reaffirming the crucial role of security research in response to a Supreme Court Amicus Brief, with over 50 signatories including Congressman Jim Langevin. The letter was cited in the petitioner's reply brief to the Court.

Helped organize the Hack the Marine Corps bug bounty program, which culminated in a briefing demonstrating the discovered vulnerabilities to thirty 3 and 4-star Marine generals.

Academic work:

Showing the Receipts: Understanding the Modern Ransomware Ecosystem
Jack Cable, Ian W. Gray, Damon McCoy
Symposium on Electronic Crime Research, October 2024

Money Over Morals: A Business Analysis of Conti Ransomware
Ian Gray, Jack Cable, Vlad Cuiujuclu, Benjamin Brown, Damon McCoy
Symposium on Electronic Crime Research, December 2022
Best Paper Award

A Systematization of Voter Registration Security
Jack Cable*, Andrés Fábrega*, Sunoo Park, Michael A. Specter
Journal of Cybersecurity

A Tale of Two Markets: Investigating the Ransomware Payments Economy
Kris Oosthoek, Jack Cable, Georgios Smaragdakis
Communications of the ACM

Stratosphere: Finding Vulnerable Cloud Storage Buckets
Jack Cable*, Drew Gregory*, Liz Izhikevich*, Zakir Durumeric
24th Symposium on Research in Attacks, Intrusions and Defenses (RAID), October 2021

Website design from Zakir Durumeric, with inspiration from Eric Mill.