SUMMER holidays often see students pulling pints or stacking supermarket shelves to tide themselves over.

But one Glasgow Caledonian University (GCU) graduate is looking to turn bounty hunter to bring in the cash during the holidays.

Tamar Everson has just graduated from the BEng Digital Security, Forensics & Ethical Hacking programme but, unlike more famous bounty hunters, his quarry will be found in cyberspace.

Tamar will spend the next couple of months using the skills he has developed at GCU to operate as a freelance bug bounty hunter - a hacker paid to find vulnerabilities in software and websites.

And he says companies can be prepared to pay handsomely for this service with the recent cyber-attacks on the NHS still fresh in the mind.

Tamar said: “Bug-bounty rewards range from a t-shirt to thousands of pounds.

“So far, I have only submitted a couple of bounties. One of them gave me $100 and the other gave me free postage on an order I was making with the website.

"How much you earn is down to chance. You may spend a week searching to find nothing, or a couple of hours to find a bug worth thousands.

"When you’re taking on a bounty, you need to consider the time/reward ratio. Looking for complex bugs can take a long time, for example, and the reward may not always be worth it.”

The formal term for bug bounty hunting is penetration testing, which Tamar learned on his GCU course.

He is a member of bug bounty website Bugcrowd - but sometimes things online just don't look right and that flags his interest.

The 22-year-old said: "Sometimes I am just browsing the internet and notice something that doesn’t look right, so poke around a little and realise it’s a security vulnerability.

"I then contact the relevant person to report it.

“The way bug bounties work is that a company puts out an advertisement saying: ‘Please try to hack us, we will pay you.’

"Anyone can take up the offer, but they only pay for genuine unreported bugs that are found, so you need to know what you’re doing.

"Everything has to be done ethically and in line with the Computer Misuse Act 1990."

While a bug bounty hunter’s job is to locate an issue, it’s not necessarily their job to fix it.

Tamar said: “Usually, an organisation’s own IT team would resolve it.

“That said, I alerted a company to an issue I found two years ago, whereby I could set the price I wanted to pay for any item on its website – it still hasn’t been fixed.

"It’s not unheard of for companies to hire people who find issues, though.”

Tamar also believes the rise of bug bounty hunting is persuading those who may be hacking illegally to rethink their motives.

He said: “I do know of people who have been turned from potential criminals into good guys.

"Hackers in the past, who have discovered vulnerability in a website, would either exploit it themselves or sell the information to the criminal underworld.

"With the introduction of bug bounties, they know they can be rewarded by the organisation itself for reporting it, without having to break the law for financial gain.”

Given the amount of malicious cyber-attacks that do still occur on a global scale, Tamar believes that more people should study security to help protect future generations.

He added: “I had no knowledge of cyber security before I saw the course title in the GCU prospectus.

“I thought: ‘Hacking? That’s illegal, how can they teach that?’ I just knew I had to study it.

“According to the Scottish Qualifications Authority, there is a shortage of two million experts worldwide.

"In the UK, we are one of the better prepared countries in terms of the talent we have, but there is still a critical shortage."