Jack previously was a Security Architect at Krebs Stamos Group.
Jack rose to top ranks in bug bounty programs, having identified over 350 vulnerabilities in companies including Google, Facebook, Uber, Yahoo, and the U.S. Department of Defense. He is ranked within the top 100 hackers all-time on HackerOne. For this work, Jack was named to Time Magazine's list of the 25 Most Influential Teens of 2018.
After placing first in the Hack the Air Force bug bounty challenge, Jack joined the Defense Digital Service out of high school, where he helped run the Hack the Pentagon bug bounty portfolio, advised on the next iteration of the DoD Vulnerability Disclosure Program, and built innovative cybersecurity assessment tools.
Led development and deployment of CISA's first passive, opt-out vulnerability scanning program with Crossfeed, assessing all 50 states and over 2,500 counties ahead of the 2020 election.
Launched Ransomwhere, the first website to publicly track ransomware payments.
Discovered a temporary workaround to a nascent ransomware strain, saving 50 victims $27,000 and leading to recognition from the U.S. Secretary of Homeland Security.
Organized a sign-on letter reaffirming the crucial role of security research in response to a Supreme Court Amicus Brief, with over 50 signatories including Congressman Jim Langevin. The letter was cited in the petitioner's reply brief to the Court.
Helped organize the Hack the Marine Corps bug bounty program, which culminated in a briefing demonstrating the discovered vulnerabilities to thirty 3 and 4-star Marine generals.
Money Over Morals: A Business Analysis
Ian Gray, Jack Cable, Vlad Cuiujuclu, Benjamin Brown, Damon McCoy
Symposium on Electronic Crime Research, December 2022
Best Paper Award
Systematization of Voter Registration
Jack Cable*, Andrés Fábrega*, Sunoo Park, Michael A. Specter
Journal of Cybersecurity
A Tale of Two Markets: Investigating the
Ransomware Payments Economy
Kris Oosthoek, Jack Cable, Georgios Smaragdakis
To appear in Communications of the ACM
Stratosphere: Finding Vulnerable Cloud Storage Buckets
Jack Cable*, Drew Gregory*, Liz Izhikevich*, Zakir Durumeric
24th Symposium on Research in Attacks, Intrusions and Defenses (RAID), October 2021