Bugcrowd Blog

Bugcrowd - Correcting the Math for Customers in their Cybersecurity Equation

Posted by Ashish Gupta on Sep 22, 2017 10:00:00 AM

First and foremost, I want to thank everyone for such a warm welcome to Bugcrowd. I am thrilled to be joining a brilliant team as the new CEO and proud to be a part of something that will not only make an impact on organizations, but also on each of us as citizens of today’s digital world. I have watched closely as Bugcrowd pioneered the space for crowdsourced cybersecurity and security testing, winning the hearts and minds of hundreds of customers and tens of thousands of security researchers around the world, through the leadership of Casey Ellis. I’m thrilled to join the team and help steer the ship through this next phase of growth.

Interconnectivity at Scale, Needs Security at Scale

We are quickly approaching a technological threshold: interconnectivity at scale. As everything around us, from cars and street lights, to medical devices and washing machines, becomes interconnected, the result is a larger attack surface driving an increasing number of data breaches.

According to research from Risk Based Security, there were just over 4K breaches reported during 2016, exposing more than 4.2 billion records – approximately 3.2 billion more records than the previous all-time high established just last year. Cybercrime is expected to cost the world $6 trillion by 2021, up from $3 trillion in 2015. As we’ve witnessed in the last 9 months, that number is bound to increase. At the same time, we are experiencing an extreme shortage of security resources. Today, there are more than 350K unfilled cybersecurity jobs in the U.S. alone, and we’re on pace to hit a half-million or more unfilled cybersecurity positions by 2021. That is an unfilled need of $7B to $10B at a moderate cost per security resource. This is before adding in the costs of recruiting, training, and on-boarding the person into the organization. The only way to meet these needs is to use a crowdsourced approach with an intelligent platform that brings the right skill set to the specific need of the customer at whatever scale needed. This is the beauty of what we do at Bugcrowd and how we make the cybersecurity math equation work for our customers.

Interconnectivity at scale requires security assessment and remediation at scale. By using a trusted global task force with diverse skill sets, to complement internal security teams, organizations can take advantage of the collective skills of thousands of security researchers for results that go far beyond any one penetration testing consultant or the structured patterns of automation.

Harnessing the deep, diverse skills of security researchers around the world allows businesses to scale their security assessment strategies. Bugcrowd uses its managed service and platform to bring together more than 65K security researchers to surface critical software vulnerabilities for customers before the adversaries can take advantage of them. The actionable insights from the researchers and our platform has already helped customers address hundreds of thousands of security vulnerabilities.

This week, I had the opportunity to communicate with several of our researchers and was blown away by their passion to do the right thing. One of them said that their motivation comes from being the “sheep dog” for organizations.  An interesting phrase that I had to look up on the Internet and sourced it to an Hollywood movie where the father asks his son to play the role of a “sheep dog” and protect the innocent sheep from foxes or other predators.  Although, just my third week on the job, I have already learned a ton from my conversations with our researchers and am excited to get to know our Crowd a little better.  I am looking forward to engaging with our researchers often and continuing our passion to build and foster our community of researchers.

World Economic Impact: Connect the Right Minds and Technology to Complex Security Issues

We’ve seen a dramatic shift in the last year with more organizations adopting the crowdsourced model. While the bug bounty model has historically been seen as something only major tech companies — including Facebook, Apple and Microsoft — can run, the introduction of the bug-bounty-as-a-service model has enabled adoption outside of the tech sector. In fact, some of our fastest growth this year was in industries like financial, healthcare, retail, hospitality, and automotive.

Following this trend, enterprise adoption is also at an all-time high. These companies know that providing the right incentives to the security researcher community for their vulnerability findings far outweighs the cost of a potential data breach.  

Bugcrowd has managed hundreds of successful programs over the last four years, helping companies at every stage of security maturity take advantage of the Crowd. And, by providing security researchers the ability to make a living no matter where they live, businesses are benefiting the global economy.

A Culture of Builders: Address Use Cases that Are not Addressed by the Status Quo

During my interview process, I had the chance to visit Bugcrowd’s headquarters in San Francisco and experienced first-hand the energy and culture that enables this innovation every day. Bugcrowders take on big challenges, build things from our researchers’ and customers’ perspective, and use our diverse expertise to bring the power of the platform and the crowd together. We are a group of happy people that come to work because it is fun and due to the positive impact we are having in our socio-economic surroundings.  

The cultural fit was extremely important for Casey and equally so for me in making the decision. Growing up in a family with a father who served in the Indian military and mother who translated Mahatma Gandhi’s works was interesting to say the least. However, both of them had a common sense of purpose that stemmed from their belief that we should always give back more than what we get in life and that this was only possible if you challenged the status quo. We do this everyday at Bugcrowd. During my first year at college in America, I remember being in an Economics class where someone said that India will never be able to produce enough milk to feed our growing population of children. The following year, I returned to India to challenge that statement by addressing the root cause of the problem - the lack of a logistics system that could transport the plentitude of milk produced in our villages to milk dairies for distribution before it spoiled in the heat. We employed an unconventional approach of using solar refrigerators to cool the milk enough to move it to collection points. This saved thousands of gallons of milk but more importantly brought smiles to the faces of the children who now had milk to drink. In starting Bugcrowd which essentially created the crowdsourced security industry, Casey also took an unconventional approach. He has built a team of like-minded employees and a community of security researchers that are motivated by challenging the status quo and are contributing profoundly to our society by securing our customers’ digital assets. This purpose drives our company and fosters our culture.

For example, recently I was speaking to one of our major, worldwide financial services customers. I was amazed to learn that in May of this year, Bugcrowd had helped them identify the very same vulnerability that reportedly led to the Equifax breach. One of our researchers found this vulnerability and submitted it through our platform, which prioritized it at a level that warranted immediate action by the customer’s engineering team. The result was that the customer addressed the vulnerability well ahead of any damaging attacks. If this went the other way, think about the reputational and possible financial impact of not solving this vulnerability. It’s truly inspiring what our researchers, platform, and the Bugcrowd team do every day for our customers and I love hearing so many first-hand accounts like this.

Bugcrowd is expanding its lead in the market every day, and is growing rapidly. Leading companies like MasterCard, Tesla, Atlassian, and Pinterest depend on Bugcrowd for their managed bug bounty programs. I am excited to have the opportunity to contribute to our company’s continued success and will be working closely with Casey and the team to drive further market leadership and scale for the company.  

Interesting, Bugcrowd News
Ashish Gupta

Written by Ashish Gupta

Ashish Gupta is CEO and president of Bugcrowd.