cybersecurity | 06880
All throughout high school, Graham Zemel chased bugs.
It’s a passion project. And it pays.
Graham — who graduated from Staples last week — estimates he’s earned somewhere between “a tank of gas, and four years of college.”
Graham is not chasing beetles, mosquitoes or cicadas.
He’s after bugs in computer code. They can cost companies big bucks, if the bad guys — “black hat hackers” — find them.
Graham is a good guy: a “white hat hacker.” He’s part of a group that gets paid bounties by those companies, before the black hats hit.
Payments range from $50 to $2 million.
Graham Zemel: White hat hacker.
But Graham is not just a member of the white hat hacker community.
He’s a leader in it.
Though still a couple of months away from freshman year at the University of Colorado, Graham is the real deal.
He took all 8 computer science courses at Staples (plus discrete math, his favorite, studying subjects like cryptography and fractals).
But he’s also self-taught. Starting during COVID — when, to battle boredom, he built his own computer — Graham explored the internet. He learned how to code, on his own.
Then — still in his mid-teens — he put his mathematical mind and creative skills to work.
The more Graham learned about ethical hacking, the more he wanted to share. On his website — where he calls himself “a full-stack developer, cybersecurity programmer, and IT enthusiast” — he links to The Gray Area.
He began the site by providing educational resources to beginning programmers and cybersecurity enthusiasts.
But it evolved to much more. Over 30 writers have contributed more than 250 posts. More than 2 million readers have learned about topics like “How I Hacked the Dutch Government” and “The Akira Ransomware Saga.”
Meanwhile, GrahamZemel.com is the place to find projects like Game Bank (where users play online games with friends, or alone); a variety of hacking tools, and links to resources like the book he wrote about ethical hacking (“A Beginner’s Guide to Bug Bounty Hunting” is on Amazon).
It’s hard to believe, looking at his vast web presence, that until a few days ago, Graham was still a high school student.
He made his mark there too. He founded the Crypto Club, and was president of both the Cybersecurity Club and Coding Club.
In his spare time he developed the PowerSchool GPA Calculator. The Chrome extension helps students navigate their grades efficiently. Nearly every student at Staples uses it. So do thousands of others, across the country.
Clearly, Graham could be a black hat hacker if he wanted. There’s money to be made extorting companies after discovering their vulnerabilities.
Yet, he says, “it gives me a high to find vulnerabilities, and report them.” Plus, he adds, “I don’t want to go to jail.”
He has discovered 7 “high-quality” vulnerabilities, and hundreds more lower-level ones.
Graham Zemel, at work.
Bug hunting requires “divergent thinking,” Graham says. He sifts through code, runs a variety of tests, and sometimes spends hours searching for a particular bug.
He’s a very motivated young man. He’s accomplished a lot on his own.
But Graham has plenty of praise for his Staples education. Teachers like Dave Scrofani, Nick Morgan, John Wetzel and Maxim Kolb do a “fantastic” job, he says.
He tips his (white) hat to them.
(“06880” often highlights the accomplishments of Staples students — and everyone else in town. If you enjoy reading stories like these, please click here to support our work. Thank you!)