Hackers First

Why are you here?

Whoami

Very talkative person
Accidentally found out that my set of skills is a good fit for cybersecurity
Made many friends in cybersecurity just in 1 year

Alex Moshkov

Community Bro at Positive Technologies

… or no matter what you call me ☺

x.com/amoshkov t.me/amoshkov

Back in the day

Before cybersecurity I spent 20+ years in gamedev and tech — building products, teams, and communities.

But something always felt off — like I was applying the right skills in the wrong place.

Gaming → IT → Travel & Fintech → Cybersecurity

↓ Some of my fav games ↓

RPG character mixed of everything

Empathy & communication

Reading people fast. Building trust fast.

Business overview

Owning a business changed my mind. Helicopter view on the whole picture.

Diversified experience

Marketer, product/project manager, business developer, product owner.

Community building

Yes, in gaming. But talking to people is talking to people. Kinda same thing anywhere.

Technical base

IT solutions and products knowledge. Scripting, automation, scraping, basic coding.

Hacker brain

Curiosity. Alternative approach to XYZ goal with a faster / cheaper / better result.

Hackers First,
but why?

What companies usually do

Most companies underestimate the importance of the offensive community:

Security became too corporate and too isolated
They believe it's safer to stay silent
They rely on official, controlled formats
They avoid horizontal connections
They don't see value in simple, honest conversations

… and we all know these stories of hackers being ignored:

"Corporate security is weird" — bobdahacker

Meanwhile, hackers

Hackers are actually friendly in most cases:

Most hackers are open to talk — if you talk to them like a human
Their world is horizontal: no hierarchy, no corporate layers
They avoid corporate filters and formal formats
Their community is tightly connected

If you're not in this network — you don't see what matters.

Connection with the
community creates trust.

And trust opens doors no process can open.

Community values and soft power

Community value is not theory — it's what actually happens when people trust you.

Early signals: problems, ideas, risks, feedback
Access to talent and minds you'd never hire in a normal way
Reputation shield: the community will defend you if they trust you
Real, organic growth of your product, business, or initiative

If the community trusts you — they help you. In ways you didn't even expect.

What NOT to do

What NOT to do / What TO do

× DON'T

Treat hackers as free labor
Add bureaucracy
Let marketing/PR control the conversation
Give cold corporate responses
Stay silent when something matters
Hide problems instead of discussing them
Make connections transactional

✓ DO

Put a real human in front — someone who likes people
Be reachable (Twitter, messengers, Discord)
Attend local / global meetups
Support community leaders and contributors
Build 1:1 trust
Share insights
Give them space for growth

Let's get back to that story

Positive Hack Talks Hanoi

My goal: find the core offensive community in Vietnam.

Two weeks before the event
Zero connections
No background in cybersecurity
Zero budget
And I was solo

1

Scraping

Collected everything I could. Groups, profiles, traces, links.

2

Research

Mapped people, communities, ties, and micro-clusters.

3

Conversations

Talked to everyone. DMs, calls, meetups.

PH Talks around the world

Oct 2024

140

India · Bengaluru

Nov 2024

217

Vietnam · Hanoi

Feb 2025

245

Egypt · Cairo

Jul 2025

378

Indonesia · Jakarta

Dec 2025

175

Brazil · São Paulo

● Happening now

May 5, 2026

Malaysia · Kuala Lumpur

3rd Edition · Moscow 🇷🇺 · 2 weeks on-site

Positive Hack Camp

An onsite camp in Moscow, organised by Positive Technologies with the support of Russia's Ministry of Digital Development. Two weeks that pull the cybersecurity community together and send everyone home a little more in love with the craft.

camp.ptsecurity.com →

2024 · 1st edition 74 students

Completed

2025 · 2nd edition 88 students

Completed

2026 · 3rd edition Coming up

You provide

Round-trip flight to Moscow
Visa, if required

02

Included

Accommodation
Meals · Cultural program
Training

03

Requirements

English B1 or higher
You are a student
Linux/Windows · network basics

Positive Hack Days

A major annual international cybersecurity festival and forum held in Moscow since 2011. It blends a professional technical conference with a public festival — training, competitions, and demonstrations — bringing together experts, government officials, and students.

To Be Announced

Earn

Standoff Bug Bounty

Hunt real bugs in real companies.

Find real vulnerabilities in real companies and get paid. A large community of serious hunters. Private programs for the best ones.

$5.5M+ paid out to researchers
46,000 researchers onboard
Since 2022 running year-round

bugbounty.standoff365.com →

Meet and celebrate

> Standoff Hacks

Live hacking events. Real money on the spot.

Offline live-hacking tournaments. Hunt bugs in real companies with hosts in the room and payouts handed out live. Held around the world since 2022.

$500K+ paid at live events
7 editions to date
4 countries

[ hacks.standoff365.com ]_

./bin/list-editions --sort=desc

[2026]Shanghaich[COMPLETED]
[2025]Ahmedabadin[COMPLETED]
[2024]Hanoivi[COMPLETED]
[2024]Myachkovoru[COMPLETED]
[2023]Moscowru[COMPLETED]
[2023]Sochiru[COMPLETED]
[2022]Moscowru[COMPLETED]
$_

Compete

Standoff Cyberbattle

Attack-defense at industrial scale.

Hyperrealistic red vs blue. 1,500+ VMs simulating real industries — energy, finance, oil & gas. 5,500+ veterans have battled here.

1,500+ VMs per battle
5,500+ veterans who've battled
16 editions since 2016

cyberbattle.standoff365.com →

Defender Attacker

Vulnerabilities' home

The free database we run — built around researchers, not entries. Every CVE, every trend, every voice.

350,000+ vulnerabilities
50,000+ researcher profiles
daily updates
forever free ❤️

What you'll find on dbugs

PT-ID for non-CVE discoveries Our thing
Trending signals
AI summaries
Researcher profiles
Full-text search
Unified vuln cards

dbugs.ptsecurity.com →

PT Expertise

Two teams that publish their work.

attacker ~ zsh

PT SWARM

Our offensive security team. Real pentests, real 0-days, real CVEs — shared openly on the blog. They breach 90% of client perimeters and then write exactly how. Good reading.

soc-jumphost ~ bash

PT ESC

Proactive threat intelligence, threat hunting, and incident response. Anticipating adversaries, tracking campaigns, uncovering 0days, and delivering actionable, real-world intelligence.