A Their Story conversation with Sean Martin, Marco Ciappelli, and Bugcrowd executives, business leaders, and security researchers
This is a 4-part podcast and webcast series we have discussions with Bugcrowd executives, business leaders, and security researchers. The series will explore the traits, attributes, and mindset of the security researchers that enable the successful crowdsourced security assessment market, specifically focusing on these 4 areas: BUSINESS VALUE | GEOGRAPHICS | DEMOGRAPHICS | PSYCHOGRAPHICS
Bookmark this page to catch all of the episodes as they become available.
Listen and learn as you build out your security program by leveraging the global and diverse crowd.
Note: This story contains promotional content. Learn more.
Episode 1: The Business Of Crowdsourced Security | You Can Build Out A Team But It Is Way Better To Turn To The Crowd
Guests:
Joan Pepin, Chief Security Officer, Auth0
Ashish Gupta, CEO and President, Bugcrowd
Unique Histories, Shared Destiny — The Value Of A Diverse Researcher Community
Prefer a podcast? Have a listen!
In this series, we unveil and discuss the most extensive global hackers and security research economics study. From who they are, the skills they have, what they care about, and much more.
Who exactly are these security researchers, what do they have to offer that is unique, and can organizations trust them? In this report, we take a look inside the minds of 3,493 hackers to find out.
These security researchers come from all walks of life and live in countries spanning six of the world's seven continents. They possess varied skills, ranging from conventional techniques to specialist expertise, and act with an abundance of positive intent.
While stereotypes might lead you to think of a hacker as a formidable hooded character, real security researchers have more in common with everyday people than you might think.
Diversity happens to be the one thing security researchers have in common. Once thought of as an underground hobby, ethical hacking has since become a mainstream career choice that offers diverse individuals the means of generating a sustainable livelihood from anywhere in the world.
Over the past few years, ethical hackers have become part of many companies' security posture, providing unique insights that many organizations feel that they now must leverage. The security researcher crowd gets as much diverse thought into their security posture as they can to make it that much stronger. What would it take—and would it even be possible—to build that kind of internal team, manage it successfully, and keep getting the dynamically-scalable results offered by the crowd?
In this first episode, we introduce the vision behind this research. With our guests, we discuss how this on-demand cybersecurity workforce can work effectively with an internal security team and bring a company security posture to a whole new high.
Additional Resources
Episode 2: Exploring The Geographics Of Hacking | What The Researchers Target And Where They Hack From
Guests:
Jasmin Landry, Sr. Application Security Advisor at Videotron // Ambassador, Bugcrowd (@JR0ch17 on Twitter)
Grant McCracken, Senior Director, Program and Security Operations at Bugcrowd (@grantmcmusic on Twitter)
An International Hacker Community Comes Together To Root Out Technology Weaknesses
Prefer a podcast? Have a listen!
In a world where technology allows businesses to flourish and humanity to come together online, it should not come as a surprise that such technology can be both attacked and defended remotely from all over the world.
In this episode, we will look at the good side of it: the ethical hacker community. Where they are from, what they do, how they do it, and even where their research targets are located.
Leveraging Bugcrowd's Inside the Mind of a Hacker report (Download the ITMOAH report) as the basis for this conversation, and tapping into their own experience, our guests, Jasmin Landry and Grant McCracken, walk us through some of the geographical statistics of the bug bounty hunters community. To understand what is changing and how the profession is growing year after year, we look at geographical, linguistic, cultural, and economic differences — and then some more.
Despite all of the dissimilarities, we learn that this community is identified but many common traits and comes together with a common purpose: to root out technology vulnerabilities, responsibly disclose them to the creator/owner, and continuously push for an improved security posture for all things connected to the Internet around the world.
With a global hacker community at your fingertips, your bug bounty program can follow the sun to bring the right security skillset to bear when and where you need it. As we've discussed many times, variety and diversity mean you get a better view of your security landscape, which means you can't go wrong.
Despite the man-made boundaries, we all live on the same planet, come from the same ancestors, and the differences we bear are what make human ingenuity one of our best resources for a brighter future.
Episode 3: Exploring The Demographics Of Hacking | Methods, Experience, And Collaboration
Guests:
Robin Marte, Ethical Hacker/Security Researcher at Bugcrowd (@masonhck357 on Twitter)
Michael Skelton, Global Head of Security Operations and Researcher Enablement at Bugcrowd (@codingo_ on Twitter)
There Will Always Be Hackers — We Just Need More
Prefer a podcast? Have a listen!
Forget about stereotypes of hackers being nefarious masterminds. Hackers are dynamic, young individuals who come from all walks of life — diversity is a big plus for this community — and so it is for the cybercriminals, but they actually are nefarious masterminds.
Countless people are building the applications and systems we use at work and at home. It's a safe assumption they are smart people. Do hackers need to be as smart or smarter than them?
We are glad you're back for another episode as we continue to unveil and explore what is inside the mind of a hacker.
Today we chat with Robin Marte, Ethical Hacker/Security Researcher at Bugcrowd and Michael Skelton, Global Head of Security Operations and Researcher Enablement at Bugcrowd, as they share their background, experiences, and thoughts about the global hacker community.
Our guests go beyond their profiles in the ITMOAH report to tell us what they hack on, the tools they use, how they manage ongoing training, mentorship, and collaboration with the community, and so much more.
Security researchers come from all walks of life and live in countries spanning six of the world's seven continents. We're even starting to see researchers join together in teams — mini "hacker companies, if you will — securing physical office space and sitting side-by-side to take on bug bounty programs that would be more challenging to tackle on their own. This group model gives them a massive benefit over solo hackers — and the organizations running the bug bounty programs presumably benefit as well as they experience faster, better, and perhaps even more in-depth results.
It's not all fun and games, however. Given the laws in the United States and around the world, hacking can be a dangerous profession. Given the current state of affairs, hackers must have a clear view of the bug bounty landscape they are traversing — which targets are safe, what are the boundaries, are the rules clearly defined? Can a formal bug bounty program coupled with a formal vulnerability disclosure program (VDP) — as can be seen listed on disclose.io — provide the necessary assurances to make it safe(r) for these researchers to do their good deeds? We hope it does, as there is plenty of scope for the researchers to explore. And, there aren't enough of them.
We hope you enjoy this new chapter and what you learn from it.
Have a listen... and get ready for the final episode with Katie Paxton-Fear and Casey Ellis. It's going to be the grand finale whopper you'd expect from this pairing.
Episode 4: Exploring The Psychographics Of Hacking | What Motivates Security Researchers
coming soon…
Guests:
Katie Paxton-Fear, Lecturer in Cyber Security, The Manchester Metropolitan University (@InsiderPhD on Twitter)
Casey Ellis, Founder/Chairman/CTO, @Bugcrowd (@caseyjohnellis on Twitter)
What Does "Mindset Of A Hacker" Even Mean?
Prefer a podcast? Have a listen!
Humans are life-long learners — well, most of them anyway. Hackers are certainly the curious and "challenge accepted!" kind. In fact, learning as they go may even be considered a lifestyle. Instead of taking an exam at a university, they dive into a problem to solve, breaking things apart to see how they work and see how they can make them work better than they were originally designed/intended. Eventually, their exam papers become a bug submission via responsible disclosure. The reward? Not a degree, but a bounty. How cool is that?
But what is in a hacker's mind? Who wouldn't want to know?
In this final episode in the four-pack of conversations looking inside the mind of a hacker, we are joined by Katie Paxton-Fear, Lecturer in Cyber Security, The Manchester Metropolitan University, and Casey Ellis, Founder, Chairman, and CTO for Bugcrowd. Together we bring everything full circle to get the 360-view of what a hacker mindset really is; what does that even mean?
To really get the full picture, however, you must listen to the other three episodes (here on this page!).
And, finally, in this grand finale EPISODE 4, we discover how hackers learn, some of the skills and traits they are born with and later acquire, the value of diverse thinking from diverse backgrounds and experiences, and what being part of the hacker tribe means to the hackers (and to society).
What was once an elusive badge to gain — an exclusive tribe to be part of — has become both a world that welcomes new talent and a critical component of raising the security posture for so many organizations worldwide. The relationship between the hacker community continues to flourish. Through platforms like Bugcrowd and programs like disclose.io, the hacker community finds a safe and meaningful way to contribute to today's security tomorrow's safety in an increasingly-digital world.
But enough talking about it, let's get inside the mind of a hacker.