Editor's take: At an age when most teenagers are just beginning to explore the possibilities of technology, one high school junior has already made a name for himself in the world of cybersecurity. Dylan, now 17, first caught the attention of Microsoft's Security Response Center at just 13, when he reported a critical vulnerability in Microsoft Teams. The discovery ultimately reshaped the company's bug bounty program and set Dylan on a unique professional path.
Dylan's interest in computers began at a young age. He started with simple programming platforms like Scratch and gradually moved on to more complex languages such as HTML. By the time he was in elementary school, he was already exploring the code behind educational websites.
That curiosity deepened during the Covid-19 pandemic. When his school restricted students from creating chats in Microsoft Teams, Dylan saw an opportunity to help his peers stay connected. After months of independent research and experimentation, he discovered a security flaw that allowed him to take control of any Teams group.
Rather than exploit the vulnerability, Dylan promptly reported it to Microsoft.
The company's response was significant. Microsoft revised its bug bounty program to allow participants as young as 13, a direct result of Dylan's contribution. Since then, he has worked closely with the Microsoft Security Response Center, submitting dozens of vulnerability reports and collaborating with security professionals around the world. His technical skills are matched by a rare ability to clearly communicate complex findings, a quality that has earned him respect throughout the industry.
Dylan's partnership with MSRC has not been without its challenges. He has faced setbacks and disagreements over the severity of certain vulnerabilities, but his persistence and professionalism have often led to positive outcomes.
In one instance, his detailed explanation of a flaw in Microsoft's Authenticator Broker service convinced the company to expand the scope of its bug bounty program, ensuring that similar issues would be recognized in the future.
Outside of cybersecurity, Dylan is a well-rounded student. He participates in Science Olympiad, math competitions, and music, and still finds time for swimming and biking.
Dylan's achievements have not gone unnoticed. He has been recognized as one of MSRC's Most Valuable Researchers and recently placed third in Microsoft's Zero Day Quest, a prestigious hacking competition. Looking ahead, he hopes to attend security conferences and continue collaborating with experts in the field.
Meet the 17-year-old who helped change Microsoft's bug bounty program
