At just 13 years old, Dylan embarked on a remarkable journey into the world of cybersecurity, becoming the youngest security researcher to collaborate with the Microsoft Security Response Center (MSRC). His story is a testament to the power of curiosity, resilience, and the drive to make a difference.
Early Beginnings: From Scratch to Security
Dylan’s fascination with technology ignited at a young age. He began with Scratch, a visual programming language designed for beginners, and swiftly progressed to mastering HTML and other programming languages. By the fifth grade, his curiosity led him to delve into the source codes of educational platforms, seeking to understand and manipulate their functionalities. This hands-on exploration laid the foundation for his future endeavors in cybersecurity.
The Catalyst: A School Challenge
The COVID-19 pandemic brought about significant changes in educational methodologies, with many institutions transitioning to online platforms like Microsoft Teams. When Dylan’s school restricted students from creating Teams meetings, he identified a workaround using Outlook, enabling his peers to stay connected during a period of isolation. This initiative was not about circumventing rules but about fostering communication among classmates.
Later, when the school disabled student-created Teams chats, Dylan’s determination to restore communication channels led him to discover a vulnerability that allowed him to take control of any Teams group. After nine months of self-directed learning and experimentation, he reported this vulnerability to Microsoft, marking his entry into the world of responsible disclosure.
Breaking Age Barriers in Cybersecurity
Recognizing Dylan’s significant contribution, Microsoft revised its Bug Bounty Program to include researchers as young as 13, making Dylan the youngest individual to collaborate with MSRC. This policy change not only acknowledged Dylan’s talents but also signaled Microsoft’s commitment to inclusivity and the recognition of young talent in the cybersecurity domain.
A Prolific Contributor
Dylan’s collaboration with MSRC has been marked by prolific contributions. In the summer following his initial discovery, he submitted 20 new vulnerability reports, a significant increase from his previous submissions. Notably, he identified issues in Microsoft’s Authenticator Broker service. His ability to articulate concerns and engage in constructive dialogues, even when disagreements arose, showcased a maturity beyond his years.
Overcoming Personal Challenges
Dylan’s journey has not been without personal challenges. During the pandemic, he faced a health issue that resulted in the loss of his voice, necessitating two surgeries for recovery. This experience further honed his resilience and determination, qualities that have been evident in his approach to cybersecurity research.
Balancing Academics and Cybersecurity
Now a junior in high school, Dylan adeptly balances his academic responsibilities with his passion for cybersecurity. His extracurricular activities include participation in Science Olympiad, math competitions, swimming, biking, and playing the cello. His dedication to continuous learning and exploration in the field of security research remains unwavering.
Recognition and Achievements
Dylan’s contributions have earned him a place on MSRC’s Most Valuable Researcher list for both 2022 and 2024. In April 2025, he competed in Microsoft’s Zero Day Quest, a premier onsite hacking event in Redmond, Washington, securing third place among top global researchers. These accolades underscore his exceptional skills and the impact of his work in the cybersecurity community.
The Broader Impact on Microsoft’s Bug Bounty Program
Dylan’s involvement has had a ripple effect on Microsoft’s Bug Bounty Program. Since its inception in 2013, the program has awarded over $60 million to security researchers from 70 countries. The inclusion of younger researchers like Dylan has diversified the pool of talent, bringing fresh perspectives and innovative approaches to identifying vulnerabilities. This evolution reflects Microsoft’s commitment to proactive security measures and collaboration with the global research community.
