Aviva Zacks of Safety Detective had the pleasure of meeting with Ashish Gupta, CEO of Bugcrowd. She had the opportunity to ask him how his company stays ahead of its competition.
Safety Detective: How did you get into cybersecurity?
Ashish Gupta: As a coder in the 90s, I was introduced to security early on but what I realize now is that “security then” is different from security today. The pressure of getting products to market often put deep security thinking into the background, often summarized as speed is the enemy of security and probably because attack surfaces in the 90s weren’t (or didn’t feel) as vulnerable. Today, with software everywhere and in most things we touch, the stakes are much higher. My real start to security was when I joined a big data company and our customers used analytics (mostly on small data but moving towards big data and event processing) to determine attack vectors and attacks. This got me really interested in how Infoblox was doing security from the core of the network and I joined as their EVP and Chief Marketing Officer with the added responsibility of being their Security products business leader. Interestingly, it was clear that Infoblox’s products were helping secure the network and prevent things like DDOS attacks. However, when I got the opportunity to speak with Bugcrowd, the fact that Bugcrowd’s products were catching actual flaws from the perspective of the hacker and significantly increasing the “cost of attack” by nefarious actors became that much more attractive. Bugcrowd helps makers build safer products by getting the “breakers” to provide in-time feedback on security flaws that can be fixed for the betterment of the digitally connected world.
This proposition of addressing the inherent mismatch between makers and breakers led me to join Bugcrowd to elevate the company to a global organization leading cybersecurity innovation across a wide variety of industries. In the last year, Bugcrowd achieved record year-over-year growth, including a 100% bookings growth in the North American enterprise market, a 100% increase in critical vulnerabilities identified for customers, and a 116% increase in vertical industry reach. I also guided Bugcrowd through its $30 million series D funding round—during the COVID-19 pandemic—bringing investment in the company to over $80 million. And, since 2019, our crowd of ethical hackers have prevented more than $8.9 billion in cybercrime.
SD: How can Bugcrowd help protect organizations from adversaries?
AG: Bugcrowd is the #1 crowdsourced cybersecurity company, providing priority access to a global marketplace of on-demand, highly specialized cybersecurity experts who protect our customers from constantly evolving adversaries and attack methodologies. This is made possible through the Bugcrowd platform which provides an exceptional crowdsourced security experience by seamlessly integrating the collective expertise of thousands of ethical hackers into our customers’ security ecosystem, and ensuring that customers are paired with the right researchers for their unique use cases. With contextual insights, standardized workflows and robust APIs, companies of all sizes can take control of their security while leveling the playing field with adversaries as a result.
Bugcrowd is the force multiplier in a new age of cybersecurity strategy, enabling our customers to prioritize and remediate even the hardest to find vulnerabilities with on-demand talent, tools and partners that augment internal resources, and maximize the impact of existing security controls. With our customers, researchers and partners, Bugcrowd is harnessing the power of crowdsourced security to safeguard our digitally connected world.
In addition to our platform, security can be significantly enhanced by bringing diversity to a company’s security posture. Diversity is a critical, yet often overlooked factor in any successful security strategy and Bugcrowd allows organizations the ability to uncover vulnerabilities in their security posture using global perspectives from its crowd of highly skilled ethical hackers. We have taken great initiative in supporting diversity in cybersecurity, both internally at Bugcrowd and in the larger InfoSec community. Internally, we’ve launched four new initiatives to increase employee diversity in 2020. Externally, Bugcrowd’s annual “Inside the Mind of a Hacker” report shows that diversity is key—of the more than 3,000 respondents, 73% of hackers speak multiple languages; 53% of hackers are under the age of 24; 13% of hackers are neurodiverse. We also created disclose.io—a cross-industry, vendor-agnostic standardization project for safe harbor best practices to enable good-faith security research. Recently, the DHS/CISA (Cybersecurity and Infrastructure and Security Agency) released election security guidelines which contain usage of the election VDP boilerplate in disclose.io as a recommended safe harbor framework for the Election Systems & Software (ES&S) new Vulnerability Disclosure Program. Today, Bugcrowd connects Fortune 500 companies, including HP, Motorola and FitBit, to hackers who live in 109 countries worldwide. and our global expansion has also been prioritized. We grew our Bugcrowd offices in Australia, Kosovo and Costa Rica.
SD: How does Bugcrowd set itself apart from competitors?
AG: With more crowdsourced cybersecurity players entering the market, it’s important to choose a vendor that complements and enhances your organization’s current security program. Today, Bugcrowd is recognized as the only true SaaS platform for crowdsourced cybersecurity, and we are the only crowd-powered solution to provide flexible access to the security expertise that companies need for an investment that’s anchored to the value their business extracts. As a result, we give our customers fast return on investments by launching their programs faster, enabling them to find and fix vulnerabilities faster and get the highest signal to noise ratio as we give them the most important bugs to focus on and remove false positives so that customers are able to be efficient and not compromise on quality.
From program launch to reporting, Bugcrowd guides customers to ensure they have the right team, the best SDLC integrations, standardized workflows for crowdsourced cybersecurity, the industry’s only linked remediation advice, benchmarking and flexible reporting, optional secure disclosure and much more. We pride ourselves on the continued advancement of the platform and remain dedicated to ensuring our customers achieve comprehensive results faster than they have ever experienced. Companies will typically discover a critical vulnerability within 24 hours, empowering them to take immediate action before the day is over.
SD: What do you believe is the number one threat facing most organizations today?
AG: The business world is experiencing changes of epic proportions that pose threats to the future of digital business. Organizations have been rapidly moving to embrace new digital models both before and during the pandemic, and as a result their attack surfaces have been exponentially increasing as well. Unfortunately, many security vulnerabilities will remain undetected by these organizations until they are exploited by attackers.
However, with the Bugcrowd platform, companies can harness the power of global security researchers to proactively defend against attackers and their ever-evolving methodologies. We help customers break the adage that “speed is the enemy of security” by providing them with contextual knowledge about their security vulnerabilities in a timely and actionable manner.