Jacob Riggs, of Bexley, south east London, claims he secured an Australian visa after uncovering a critical flaw in a live government system
A British ‘ethical hacker’ cracked the Australian Government system to successfully prove he was skilled enough to get a rare visa for experts.
Jacob Riggs, 36, secured one of Australia’s rarest visas after uncovering a critical flaw in a live government system. He helped demonstrate the exceptional expertise required for the invitation-only 858 National Innovation visa, one of the most selective pathways for highly skilled professionals.
The 858 visa, formerly the Global Talent visa, is awarded to less than 1% of applicants. It requires evidence of internationally recognised achievement, typically seen in Nobel Prize winners and Olympic medallists.
After hacking the system, Riggs, global director of information security for a large Software as a Service (SaaS) provider was granted full Australian residency. He is now preparing to relocate to Sydney to work in cyber defence.
Riggs, who did the hacking in July while at home in Bexley, south east London, said he was “not particularly” nervous during the process.
He said: “While I was aware of the significance for my visa application, I approached it as a routine security assessment and simply applied the same methodology I use professionally. It took roughly one hour and fifty minutes to identify the vulnerability.”
The expert said that he tested “multiple entry points” before identifying a weakness the organisation wasn’t aware of. During the government’s review of his visa application, Riggs identified and responsibly disclosed a critical vulnerability in a live system operated by the Department of Foreign Affairs and Trade.
He said: “If the 858 asks for anything, it’s evidence that your efforts to master yourself have meant something. For me, that meant demonstrating the value of my work in a way the system could actually recognise: by helping protect the nation assessing my application.”
The discovery offered proof of his technical skill and dedication to protecting Australia’s digital infrastructure. DFAT later formally acknowledged his work, adding his name to the department’s Vulnerability Disclosure Program honour roll.
The case unfolded amid rising cyber threats across Australia. Government agencies face constant attacks, while private organisations are under growing pressure to protect sensitive data. Ransomware, state-sponsored hacking, and large-scale breaches have made cybersecurity a central national priority.
Riggs’ approach reflects the modern model of cyber defence, which emphasises proactive identification of weaknesses before criminals can exploit them. It rewards researchers who act responsibly and disclose vulnerabilities through proper channels.
Riggs faced the challenge of proving world-class ability in a field where achievements are often invisible. There is no trophy for preventing a breach that never happens, and most cybersecurity work remains unseen.
His hands-on discovery gave tangible evidence of his expertise, a factor that helped secure the rare visa. The decision grants Riggs full residency rights, allowing him to continue his research, leadership, and public-interest cybersecurity work on a full-time basis in Sydney.
He said: “A specific date isn’t set yet, but the move to Sydney is planned within the next 12 months. There’s a lot to consider when you move your entire life to another country.”
Riggs says a lifelong interest in computers sparked a professional path in cybersecurity, turning early curiosity into a successful career. His career includes high-impact vulnerability discoveries across governments, universities, and major technology companies worldwide, earning him recognition for responsible disclosure practices and technical leadership.
Experts say Riggs’ achievement highlights a broader shift in how nations assess elite cyber talent. For Riggs, the journey has validated years of research, self-directed study, and hands-on leadership.
It has also provided a platform to continue strengthening Australia’s response to digital threats at a critical moment. He said: “In cybersecurity, mastery is invisible unless you can show its impact.”
The Australian Government did not immediately respond to request for comment.