Are you getting ready for the upcoming Black Hat USA 2023 event, an
internationally recognized cybersecurity event providing the most
technical and relevant information security research, now in its 26th
year. The
event is quickly approaching, taking place August 5-10, 2023, returning
to the Mandalay Bay Convention Center in Las Vegas, NV with a 6-day
program.
Ahead of the show, VMblog received an exclusive interview with Nick McKenzie, CISO at Bugcrowd, a multi-solution crowdsourced cybersecurity platform. Make sure to add them to your MUST SEE list.
VMblog: Before we get into it, can you give us a quick overview of the
company? What should folks know?
Nick McKenzie: Bugcrowd
exists to help customers take back control against threat actors. We empower
our customers and ethical hackers to be heroes by unleashing their ingenuity to
protect brands and intellectual property. We do this by providing our customers
with the only multi-solution crowdsourced cybersecurity platform - built with a
diverse pool of elite hackers (all with their own unique mindsets and
tradecraft), AI and automated matching expertise - and guaranteeing we find the
perfect talent for our customers' unique fights. The Bugcrowd Security
Knowledge Platform is our bread and butter, empowering organizations to
proactively safeguard against the most sophisticated threat actors out there.
VMblog: You are sponsoring the upcoming Black Hat USA event. How can attendees find you at the show? Does your booth have a theme? How many folks are you sending?
McKenzie: We're excited to be at Black Hat
this year in Las Vegas from August 9 - 10 and have a ton of exciting
things in store! Everyone is encouraged to visit our booth (#2700D)
to get your hands on our latest swag and ask us any burning questions about
crowdsourced cybersecurity.
We are also hosting an exclusive
reception at The Chandelier on Thursday, August 10 from 7 - 9pmPT, where there
will be laid back networking and complimentary appetizers and drinks. Tickets
are limited, so join the party at the link here.
There's also an opportunity to meet our leadership team 1:1, including
myself, to discuss any security challenges you are facing in your organization
and learn how the Bugcrowd Platform can help.
VMblog: The show is focused on cybersecurity. What specific problems is your company and
technology addressing?
McKenzie: Today's cybercriminals are
sophisticated, creative and relentless. Modern organizations are confronted
with an intensified challenge - their attack surface is multiplying, threat
actors are leveraging cutting-edge AI techniques to exploit their defenses'
vulnerabilities, time to remediate is shorter than ever, and their go-to
outsourced methods are falling short. Security teams are overburdened, yet
still remain in a reactive state that isn't keeping up with a constant storm of
threats. Bugcrowd exists to usher in a new era of cybersecurity, one founded on
speed and productivity and leveraging the wider researcher and hacker community
to achieve this goal.
Bugcrowd set out to solve this
problem by helping organizations stay ahead of attackers before they even think
about striking. We have a trusted alliance with a diverse pool of elite
hackers, which sets us apart from others in the space. Combined with our AI and
automated matching expertise, we work to find the perfect talent for the unique
fights our customers are facing. In reality, today's challenges are just the
beginning, and tomorrow's fight will bring its own twists and turns. This
reality means that we had to have a platform that unleashed limitless
scalability and adaptability. And that's what Bugcrowd did.
VMblog: The market is a crowded space.
What is it about your company and technology that sets you apart from
the competition? What are your
differentiators?
McKenzie: Pun intended here? I wouldn't say
the market is a crowded space because at Bugcrowd, we pride ourselves in being
the fastest, most accurate platform on the market that none of our competition
can keep up with. It takes only 72 hours on average to launch and set up a new
Bugcrowd program and we have an over 99% success rate in meeting service level objectives.
We don't let security teams go it alone. From the get-go, we dive headfirst
into the specific requirements of an organization, curating an experience that
covers onboarding, launch, triage, reporting and hacker teams in real time.
To outsmart the best attackers, we
need ethical experts who think just like them. A key differentiator is our pool
of unmatched expert talent - we've curated and vetted hundreds of thousands of
highly specialized cybersecurity researchers and we have an expert team of
triage specialists who vet and prioritize real-time findings. Our CrowdMatch
tool matches your team precisely with the right hackers needed for
your exact environment and requirements, so that customers can find,
prioritize, and fix security vulnerabilities at unprecedented scale and speed.
Unlike other tools that force you
to overhaul your tech stack, we prioritize integration into your internal
workflows. Whether it's your collaboration tools, ticketing, or vulnerability
management systems, we make it all work without ever slowing you down.
VMblog: What are some of the security best practices you would deem
critical?
McKenzie: As a CISO (and saw this first hand
as a large enterprise customer of Bugcrowd years ago) I understand the
challenges that come with ensuring a secure environment in a landscape that's
always shifting. One thing I would encourage CISOs - or any security
professional - is to leverage the value of ethical hackers and crowdsourced
cybersecurity to get continuous assurance across their external attack surface.
In my opinion, the adoption of crowdsourced security does not increase
operational risk; instead, it only decreases risk, as it enables the earlier
identification of vulnerabilities harvested by experts in the security
community before attackers can discover and exploit them.
Security leaders who may have some
reservations with this adoption should start with a small number of curated
hackers with small-scope proof of value (POV) to safely and effectively
mitigate any perceived risk of the approach. Running a smaller POV will then
give your team familiarity with the platform and capabilities. By becoming
accustomed to the crowdsourced model bit by bit over time, your team will
likely want to go deeper to glean the benefits of a larger community of hackers.
VMblog: What are some of the top priorities you believe attendees at Black
Hat should be considering for 2023/2024?
McKenzie: We recently launched our annual Inside the Mind of a Hacker Report, which
analyzed 1000 survey responses from hackers on the Bugcrowd Platform, in
addition to millions of proprietary data points on vulnerabilities collected
across thousands of programs. One of the biggest trends we saw come out of the
research was the impact of generative AI on security. Of course, this is a
topic that is not at all new in the cyber landscape, but our findings uncovered
interesting trends that add to the conversation.
For one, we found that more than
half of ethical hackers (55%) said that generative AI can already outperform
hackers or will be able to do so within the next five years. However, 72% of
these ethical hackers believe artificial intelligence (AI) will not replace the
creativity of humans in security research and vulnerability management.
I think attendees at Black Hat
should keep their eyes peeled for conversations that examine how generative AI
is impacting the work of ethical hackers, and how they can leverage it to their
advantage and stay ahead of cybercriminals also utilizing the tech for
nefarious purposes.
##