Virtualization Technology News and Information
Black Hat USA 2023 Q&A: Bugcrowd Will Showcase Its Multi-solution Crowdsourced Cybersecurity Platform


Are you getting ready for the upcoming Black Hat USA 2023 event, an internationally recognized cybersecurity event providing the most technical and relevant information security research, now in its 26th year.  The event is quickly approaching, taking place August 5-10, 2023, returning to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day program. 

Ahead of the show, VMblog received an exclusive interview with Nick McKenzie, CISO at Bugcrowd, a multi-solution crowdsourced cybersecurity platform.  Make sure to add them to your MUST SEE list.


VMblog:  Before we get into it, can you give us a quick overview of the company?  What should folks know?

Nick McKenzie:  Bugcrowd exists to help customers take back control against threat actors. We empower our customers and ethical hackers to be heroes by unleashing their ingenuity to protect brands and intellectual property. We do this by providing our customers with the only multi-solution crowdsourced cybersecurity platform - built with a diverse pool of elite hackers (all with their own unique mindsets and tradecraft), AI and automated matching expertise - and guaranteeing we find the perfect talent for our customers' unique fights. The Bugcrowd Security Knowledge Platform is our bread and butter, empowering organizations to proactively safeguard against the most sophisticated threat actors out there.

VMblog:  You are sponsoring the upcoming Black Hat USA event.  How can attendees find you at the show?  Does your booth have a theme?  How many folks are you sending?

McKenzie:  We're excited to be at Black Hat this year in Las Vegas from August 9 - 10 and have a ton of exciting things in store! Everyone is encouraged to visit our booth (#2700D) to get your hands on our latest swag and ask us any burning questions about crowdsourced cybersecurity.

We are also hosting an exclusive reception at The Chandelier on Thursday, August 10 from 7 - 9pmPT, where there will be laid back networking and complimentary appetizers and drinks. Tickets are limited, so join the party at the link here.

There's also an opportunity to meet our leadership team 1:1, including myself, to discuss any security challenges you are facing in your organization and learn how the Bugcrowd Platform can help.

VMblog:  The show is focused on cybersecurity.  What specific problems is your company and technology addressing?

McKenzie:  Today's cybercriminals are sophisticated, creative and relentless. Modern organizations are confronted with an intensified challenge - their attack surface is multiplying, threat actors are leveraging cutting-edge AI techniques to exploit their defenses' vulnerabilities, time to remediate is shorter than ever, and their go-to outsourced methods are falling short. Security teams are overburdened, yet still remain in a reactive state that isn't keeping up with a constant storm of threats. Bugcrowd exists to usher in a new era of cybersecurity, one founded on speed and productivity and leveraging the wider researcher and hacker community to achieve this goal.

Bugcrowd set out to solve this problem by helping organizations stay ahead of attackers before they even think about striking. We have a trusted alliance with a diverse pool of elite hackers, which sets us apart from others in the space. Combined with our AI and automated matching expertise, we work to find the perfect talent for the unique fights our customers are facing. In reality, today's challenges are just the beginning, and tomorrow's fight will bring its own twists and turns. This reality means that we had to have a platform that unleashed limitless scalability and adaptability. And that's what Bugcrowd did.

VMblog:  The market is a crowded space.  What is it about your company and technology that sets you apart from the competition?  What are your differentiators?

McKenzie:  Pun intended here? I wouldn't say the market is a crowded space because at Bugcrowd, we pride ourselves in being the fastest, most accurate platform on the market that none of our competition can keep up with. It takes only 72 hours on average to launch and set up a new Bugcrowd program and we have an over 99% success rate in meeting service level objectives. We don't let security teams go it alone. From the get-go, we dive headfirst into the specific requirements of an organization, curating an experience that covers onboarding, launch, triage, reporting and hacker teams in real time.

To outsmart the best attackers, we need ethical experts who think just like them. A key differentiator is our pool of unmatched expert talent - we've curated and vetted hundreds of thousands of highly specialized cybersecurity researchers and we have an expert team of triage specialists who vet and prioritize real-time findings. Our CrowdMatch tool matches your team precisely with the right hackers needed for your exact environment and requirements, so that customers can find, prioritize, and fix security vulnerabilities at unprecedented scale and speed.

Unlike other tools that force you to overhaul your tech stack, we prioritize integration into your internal workflows. Whether it's your collaboration tools, ticketing, or vulnerability management systems, we make it all work without ever slowing you down.

VMblog:  What are some of the security best practices you would deem critical?

McKenzie:  As a CISO (and saw this first hand as a large enterprise customer of Bugcrowd years ago) I understand the challenges that come with ensuring a secure environment in a landscape that's always shifting. One thing I would encourage CISOs - or any security professional - is to leverage the value of ethical hackers and crowdsourced cybersecurity to get continuous assurance across their external attack surface. In my opinion, the adoption of crowdsourced security does not increase operational risk; instead, it only decreases risk, as it enables the earlier identification of vulnerabilities harvested by experts in the security community before attackers can discover and exploit them.

Security leaders who may have some reservations with this adoption should start with a small number of curated hackers with small-scope proof of value (POV) to safely and effectively mitigate any perceived risk of the approach. Running a smaller POV will then give your team familiarity with the platform and capabilities. By becoming accustomed to the crowdsourced model bit by bit over time, your team will likely want to go deeper to glean the benefits of a larger community of hackers.

VMblog:  What are some of the top priorities you believe attendees at Black Hat should be considering for 2023/2024?

McKenzie:  We recently launched our annual Inside the Mind of a Hacker Report, which analyzed 1000 survey responses from hackers on the Bugcrowd Platform, in addition to millions of proprietary data points on vulnerabilities collected across thousands of programs. One of the biggest trends we saw come out of the research was the impact of generative AI on security. Of course, this is a topic that is not at all new in the cyber landscape, but our findings uncovered interesting trends that add to the conversation.

For one, we found that more than half of ethical hackers (55%) said that generative AI can already outperform hackers or will be able to do so within the next five years. However, 72% of these ethical hackers believe artificial intelligence (AI) will not replace the creativity of humans in security research and vulnerability management.

I think attendees at Black Hat should keep their eyes peeled for conversations that examine how generative AI is impacting the work of ethical hackers, and how they can leverage it to their advantage and stay ahead of cybercriminals also utilizing the tech for nefarious purposes.


Published Friday, August 04, 2023 7:31 AM by David Marshall
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<August 2023>