Over the past few years, AI has dominated the conversation at many cybersecurity events. We found that it was especially prevalent at Black Hat this year, which is understandable considering the mainstream adoption of generative AI technologies such as ChatGPT. During the Dark Reading News Desk interview on the second day of the event, Bugcrowd CEO Dave Gerry said,“we’re really focusing on the role that AI is going to continue to play in security, both from the perspective of defenders–how do we help enable them to be more efficient and productive–and adversaries–what does AI empower them to do and what do we need to do as an industry to put guardrails around that.”

In the same interview, Casey Ellis, Bugcrowd Founder and CTO, added, “we did a recent report called Inside the Mind of a Hacker that has a lot of compelling findings about how AI is impacting cybersecurity. 72% of hackers don’t expect AI to ever replace human creativity. I believe the main reason for that is we are all here because of creative adversaries. If we solve all of our problems with AI, the adversaries aren’t going to go home. They are going to innovate past that. That is where the cat and mouse game of security comes into play.” 

You can watch the whole interview here. 

1. The Bugcrowd Theater was busier than an AMC on Barbenheimer weekend. 

Thanks to everyone who joined us in our in-booth theater. We hosted 10 informative sessions with speakers from T-Mobile, Cycognito, Braze, Taxslayer, and BigCommerce, plus leading hackers on the Bugcrowd Platform and thought-leaders at Bugcrowd. Some of the most popular sessions included Unleash the Ingenuity of the Cybersecurity Industry: The Unlikely Romance by Casey Ellis and Secure with Rewards: T-Mobile Bug Bounty Program by Mark Clancy, SVP of Cyber Transformation at T-Mobile. 

If you missed our first Theater Session, Marcus MacNeill, VP of Product at #Bugcrowd gave an excellent talk on the importance of now. Don’t wait for the attack to happen. Take action! #UnleashIngenuity pic.twitter.com/SEakERrgWp

— bugcrowd (@Bugcrowd) August 9, 2023

2. Three is better than one, especially when it comes to specialist panel discussions. 

During DEF CON 31, Casey Ellis joined a panel discussion led by the Hacking Policy Council, where he is an advisory committee member. The Hacking Policy Council aims to “make technology safer and more transparent by facilitating best practices for vulnerability disclosure and management, as well as empowering good faith security research, penetration testing, and independent repair for security.” Casey joined Katie Noble from Intel and Harley Geiger from Venable for the All your Vulns Belong to Terms and Conditions panel, covering common questions around bug submissions and disclosure delays. 

3. Launches>Lunches…And T-Mobile’s launch hit the spot. 

We joined T-Mobile for their happy hour at the S Bar in Mandalay Bay to wrap up the Black Hat festivities. The happy hour had a great energy, with drinks, food, swag, giveaways, and an exciting announcement—the launch of T-Mobile’s program with Bugcrowd. This program is a great opportunity for hackers to hunt on T-Mobile’s applications and systems in order to find potential security vulnerabilities and report them. Keep your eyes peeled for more information coming soon! We love working with customers who are so committed to protecting their customers, employees, partners, and brand.

4. Sometimes the b-side is better than the singles. And the Las Vegas BSides are really where it’s at. 

As part of Black Hat, Casey Ellis stepped in to present at Las Vegas BSides in a presentation called Hungry Hungry Hackers: A Hacker’s Eye-view of the Food Supply. This 45-minute, intimate session had a conversational tone with tons of audience participation. Casey told the story of the work Sick.Codes and himself did to change the perception of cybersecurity criticality in the food industry. He gave insights into how hackers can use research to make positive and meaningful changes in the world. 

5. Security professionals + a giant chandelier = the best night.

Look, here at Bugcrowd, we know we can throw a pretty great party. But sometimes, even we surprise ourselves. Yep, we accidentally threw the biggest Black Hat party of the year. Imagine a killer playlist, a bar flowing with cocktails, mocktails, and other Vegas libations, and the famous Chandelier Bar packed shoulder-to-shoulder with security professionals letting loose after a long conference day. Thanks to everyone who came and contributed to the energy of the evening! 

Don’t stop the party!

We’re reminiscing on last night’s Happy Hour because it was EPIC! Thank you to all of our incredible customers, partners, and hackers for making it an event to remember. pic.twitter.com/1v2lkc7Okx

— bugcrowd (@Bugcrowd) August 11, 2023

6. Bugcrowd is #SwagGoals.  

We can’t help it that we’re popular Our t-shirt printing station was an absolute hit, printing off Bugcrowd favorites like “my other computer is your computer” and “find the gap.” And you know we don’t mess around when it comes to stickers… We launched some brand new stickers this year that instantly became fan favorites, inspired by old-school horror movies. Check out our virtual swag store. 

Come grab some great swag, meet some @Bugcrowd team members & take at break at @defcon in the @Bugcrowd suite at the Flamingo (#24-24159) 11-5p today! pic.twitter.com/rRdKiXpHD0

— Dave Gerry (@davegerryjr) August 12, 2023

Well, that’s a wrap on Black Hat 2023. We hope to see you at Black Hat and DEF CON next year, and hopefully before that too! Check out more pictures from the event on our Twitter feed.

The post 6 Hot Takes from Black Hat 2023 & DEF CON 31 appeared first on Bugcrowd.

Security professionals are heading to Black Hat this month, in search of networking and learning opportunities alike. This is no surprise, considering the challenges security professionals face and the intensified need for solutions. From multiplying attack surfaces to threat actors who leverage cutting-edge AI techniques, being reactive just won’t cut it in this constant storm of threats. 

Bugcrowd empowers organizations to take back control and proactively safeguard their brand and intellectual property from increasingly sophisticated attackers. We will be at Black Hat this year, August 9-10th at the Mandalay Bay Hotel in Las Vegas, and we can’t wait to share with you how we empower our customers and hackers by unleashing their collective ingenuity to take back control and outpace threat actors. Learn more about what you can expect from Bugcrowd during the conference. 

Visit the Bugcrowd Booth

Drop by Booth 2700D in the Black Hat Business Hall to get your hands on our latest swag and join in on one of our education sessions. These sessions give you a chance to hear from Bugcrowd customers, hackers, and industry CISOs. 

A few of the sessions include:

• Inside the Mind of a Hacker: The Impact of AI and the Rise of Generative AI Hacking
• From Security Leader to Hacker: How Braze leverages crowdsourced security with Bugcrowd
• Crowdsourced Security: What Builders and Breakers can Learn from Each Other with BigCommerce

Don’t forget to meet with the Bugcrowd Leadership Team! Schedule time with our executives during the event to discuss your challenges and learn how the Bugcrowd Platform can help. You can book a private meeting in advance here to confirm your spot. 

Attend the Bugcrowd Exclusive Reception 

Join us at the Chandelier Bar in The Cosmopolitan hotel at level 1.5 Thursday, August 10th from 7-9pm. Bugcrowd’s Exclusive Reception provides a laid-back space for networking, chatting with our leadership team, and enjoying complimentary drinks and appetizers. Join the waitlist here. 

You can find us at the Guidepoint Happy Hour preceding the event, Tuesday, August 8th at the Skyfall Lounge in the Delano Hotel at 5:30pm.

DEF CON 31

To close out the week, you can find us at DEF CON, often referred to as Hacker Summer Camp. DEF CON formally kicks off Friday, August 11th. We will be hosting a suite in the Flamingo Hotel on Saturday, August 12th for a chance to network with other hackers on the Bugcrowd Platform and our internal teams, who work side by side to make the internet safer.

You don’t want to miss a presentation from Casey Ellis, Bugcrowd’s Founder and CTO, at ICS Village DEF CON 31 at the Caesar’s Forum. Add the session, The Unlikely Romance–Critical Infrastructure Edition, to your calendars Saturday, August 12 at 12pm.

Keep an eye on our Twitter for the location and to pick up swag! Don’t miss a chance to join us and learn more about future live hacking events (Bug Bashes) and how to get involved. 

We hope to see you at one of the events! 

The post Ingenuity Unleashed with Bugcrowd at Black Hat USA 2023 appeared first on Bugcrowd.

Bugcrowd is—and there are many chances for you to connect with us from June 20–22 at ExCeL London:

• Meet members of Bugcrowd’s senior team, including co-founder Casey Ellis at the Aloft London Excel Hotel next door. Discuss your challenges, and learn how the Bugcrowd Platform can help.
• Get your hands on some Bugcrowd swag, and ask us your burning questions about crowdsourced cybersecurity—also at Aloft London Excel.
• On Tuesday evening, join our reception at Tapa Tapa Restaurant for laid-back networking with complimentary drinks and tapas, plus fireside talks with a Bugcrowd customer and hacker.

Click here for details, and reserve your place.

Among the members of Bugcrowd’s senior team attending Infosecurity is Emily Ferdinando, Vice President of Marketing, and one of our newest hires: Vlad Nisic. We say, “newest hires,” but you may recognize his name. Between March 2016 and October 2019, Vlad was Vice President of Sales (EMEA & USA East) for Bugcrowd. After a three-and-a-half year absence, Vlad has returned to Bugcrowd, this time as VP sales for EMEA & APAC.

If you knew Vlad during his first term with Bugcrowd, say hi again. If you didn’t, do introduce yourself and tap into his 25+ years of experience in IT, information security, and digital transformation. Cybersecurity has never been more important, so there’s plenty to talk about!

The post Meet Bugcrowd at Infosecurity Europe 2023 appeared first on Bugcrowd.

In 2023 alone, Bugcrowd, and in particular these new PTaaS capabilities, has won five distinct industry awards. This recent string of wins demonstrates Bugcrowd’s persistence in delivering industry-leading solutions to the market and validation as an accomplished and preeminent organization throughout cybersecurity.

Most recently, our team was recognized by Cyber Defense Magazine’s Global InfoSec Awards as a Hot Company in the Penetration Testing Category for our PTaaS capabilities, along with being recognized as a Gold Winner in the 19th Annual Globee® Cyber Security Awards for the technology. Additionally, Bugcrowd PTaaS was recognized as the Gold Winner in the Pentest-as-a-Service category in the 2023 Cybersecurity Excellence Awards among North American companies between 1,000 and 5,000 employees.

As an organization, we took home two more wins in the Cybersecurity Excellence Award program with recognition as Gold Winner for Cybersecurity Provider of the Year and Silver Winner for Best Cybersecurity Company.

For one, I am so proud to see all of these incredible wins. It’s a huge testament to our stellar team and technology! At Bugcrowd, we are committed to delivering the very best crowdsourced solutions to our customers and ultimately fulfilling our mission to democratize security testing for all.

Our team has taken major strides over the course of the past year to walk out this mission, including a major upgrade to our PTaaS offering, all aimed at staying at the forefront of innovation and leadership within a very saturated cybersecurity market. With a surge of vendors offering security testing solutions, a common concern that we hear is that vulnerability assessments in the market today are often shallow and low impact. 

Our goal was to provide a human-driven, high-impact pen test with a team matched to their precise needs with just a few clicks, cutting configuration time from days to hours. These recent award wins validate our work and the direction we’ve been laser-focused on. By focusing our priorities on our employees, the hacker community, partners and vendors, we are excited to build upon this momentum throughout 2023!

To learn more about our award-winning PTaaS offering, which is now available globally, visit https://www.bugcrowd.com/products/pen-test-as-a-service/.

The post Bugcrowd PTaaS Takes Home Five Awards for Cybersecurity Excellence appeared first on Bugcrowd.

To prepare you for LevelUp0x07: Hack Another Day next week on August 22nd at 6pm PST, we’ve created a brand new Capture the Flag challenge with some very special rewards. 

This CTF is a web and mobile-based challenge in which players are encouraged to test their security skills and collect all 7 flags. Each flag varies in difficulty with the first flag being the easiest, and the last being the hardest.

Our challenge is based on real web and mobile applications and includes sensitive data exposure, authentication bypass, Javascript, and Android-based challenges. 

The challenge starts on August 16 and runs through August 22nd at 11:59 PM PST. Click here to check out our rewards and submit your flags to the program!

This challenge would not have been possible without the incredible work of Maxim G! Check out his Bugcrowd Spotlight to find out more about his work with Bugcrowd and the InfoSec Community. We love you Max!

You can also join our Discord and Twitter for more updates.

Good Luck Agents!

Mission Briefing: 

We’ve received reports of a worldwide cyberattack using a new form of ransomware known as WannaSpy. This worm has been designed to target hospital data and aims to delete all information related to COVID 19 worldwide in the next week. As such, the President has assigned this mission to H.A.C.K. (Heroic Agents Clacking Keyboards).

We need you to bypass their authentication and bring down their operation.

Good luck Agent.

Sincerely,

Spymaster 

The post Calling all Agents: Join our LevelUp0x07 CTF Challenge! appeared first on Bugcrowd.

Did you miss the event? Don’t fret, you can check out all of our talks on Youtube!

Our speakers brought an incredible level of knowledge and experience. Thank you for sharing your time with us, truly proving the value that these conferences have in supporting the community.

Thomas Dullien | @halvarflake
Josh Schwartz | @fuzzynop
Katie Paxton-Fear | @InsiderPhD
Chloé Messdaghi | @ChloeMessdaghi
Rhys Ellsmore @RhysElsmore
Ricki Burke | @CyberSecRicki
Jay Turla | @shipcod3
Louis Nyffenegger | @Snyff

Our con would have been nothing without our on-air talent and moderators who kept everything flowing! Thank you for your insightful comments, conversation, and candor.

Stök | @stokfredrik
Michael Skelton | @codingo_
James McClean | @vortexau
Luke Stevens | @hakluke
Sajeeb Lohani  | @sml555_
Casey Ellis | @caseyjohnellis

Stay tuned for more announcements, LevelUp0x07 will be here sooner than you think. Want to continue the conversation from LevelUp0x06? Sign-up for our Discord and get to it!

The post Levelup0x06 : So many great talks! appeared first on Bugcrowd.

Applying for a job is always daunting, and resumés can trip up even the most organized person. Crafting a resumé can be even harder when you are trying to break into a new industry, reaching for a more senior position, or have a “non-traditional” career history. Hackers and security professionals don’t always come from university or schooling backgrounds — our successes are hard won, and some, or perhaps all, of our achievements don’t easily translate to a traditional resume. 

How do you leverage your successes into a stronger, cohesive story that fits into the job for which you are applying?

We’ve all struggled with organizing our work history in a clear and concise manner. We list our accomplishments, fuss over the font size, spacing, and margins, and at some point we exclaim, “It’s done, I don’t want to look at it ever again!” – leaving an incredible opportunity to sell our experience to a potential employer dormant on our desktops. Ricki’s LevelUp workshop will help participants decide what stays, what goes, what should be included that isn’t already, and how to tailor your narrative to best suit the opportunities you’re pursuing.

How does the workshop work?

We have three simulated job descriptions that you can apply to by submitting your CV/resumé and supporting documents. We will review the applications and choose 3-5 resumés from each job to review for this workshop. Ricki from Cybersec People will be presenting some of the suggested changes during LevelUp and any resumé that has been chosen will receive a personalized response and review.

The three jobs to apply to are: 

• Penetration Tester : Submission Form
• Security Engineer : Submission Form
• Jr SOC Analyst : Submission Form

Applications are open now. While these jobs aren’t real, we are looking forward to helping you leverage your hacking experience into a stronger resumé. Ricki and the Bugcrowd team are looking forward to sharing tips and tricks to help land you the job of your dreams and Hack the New Normal.

Don’t forget to register for LevelUp updates and if you haven’t been to our Discord, check that out too!

The post Hack Your Resumé Workshop @ #LevelUp0x06 appeared first on Bugcrowd.

For a long time I’ve felt a bit guilty about attending a conference without seeing most of the talks, but I’ve since realised something: The social aspect of conferences is just as important as the content of the talks, perhaps more so.

Enter COVID-19.

Suddenly everyone is stuck at home. Our social lives are… well, limited. Conference schedules for this year have been crushed. At the risk of sounding too morbid, it feels like the epicentre of the hacking community has been obliterated. These are indeed turbulent times, not just for hackers – for everyone. There are inevitable downsides to COVID-19, it will have lasting impacts on our lives, but there are two sides to every story. Change also presents opportunity. The question then becomes, how will you respond? How will you prepare yourself for the new normal?

Thankfully, hackers are a resourceful bunch.

LevelUp is a free online hacking con started by Bugcrowd in 2017 to make both the content AND the social value of security conferences accessible to everyone, regardless of their means or where they live. COVID has transformed this accessibility from a nice-to-have to a have-to-have, and I’m excited that the sixth installment (LevelUp 0x06) is coming up on May 9th 2020. 

Every installment of LevelUp has been great, but 0x06 has taken on new meaning for us at Bugcrowd. The online con format has obvious advantages: They encourage equality, eliminate travel time and cost, allow for more international speakers, allow greater anonymity/privacy and they can hold unlimited attendees. Those are all good things, but now they’re not just a convenient way to go to a con without pants. We’ve already seen virtual conferences like VirSecCon and ComfyCon pop up alongside LevelUp to fill the void, and they’re fast becoming a pillar of the hacking community.

I helped put together the list of speakers this year, and I’m getting more and more excited are the date approaches. We can’t tell you who all of them are yet, but I can tell you these ones: @snyff, @rhyselsmore, @halvarflake, @fuzzynop and @ChloeMessdaghi. 

If you attend LevelUp 0x06, you’ll come away armed with invaluable knowledge from these and other security legends, and you’ll get to connect with them and many others in the scene throughout the day. We are designing LevelUp 0x06 to be a collaborative, social experience for everyone.

So, whether you are looking to level up your hacking skills, earn more bounties or socialise with other hackers – we’re looking forward to seeing you at LevelUp 0x06. Hack the new normal.

To get updates on speaker announcements, event details, and Bugcrowd’s sekrit plans to make it awesome, head over to LevelUp 0x06 and sign up. While you’re at it, be sure to join our discord server!

The post Three cheers for virtual cons! #LevelUp0x06 appeared first on Bugcrowd.

Block your calendar for May 9th 2020, from 10am to 4pm Pacific Time, for Bugcrowd’s 6th LevelUp virtual conference!!! As a hat-tip to the unusual times we’re all experiencing with COVID19, and with a firm view of the role that bounty hunters and hackers will play in the future, 0x06’s theme is “Hacking The New Normal”. 

We’ve got a full roster of absolutely STELLAR leaders and experts, covering a variety of technical and career-focussed topics in security research, bounty hunting, and cybersecurity, and we’ll be releasing more details about the speakers throughout the coming weeks.

Without further ado, below are our first two speakers:

Louis Nyffeneger (@snyff)

Bio: Louis (@snyff/@pentesterlab) is a security engineer based in Melbourne, Australia. He is the founder of PentesterLab, a learning platform for web penetration testing.

Talk: Code that gets you pwn(s|’d)

In this talk, Louis will cover examples of vulnerabilities that are not necessarily obvious. We will look at some snippets in Golang, Ruby, Python and others, demonstrating practical flaws and attacks on:

• Golang Tempfile

• Golang path.Clean

• Startswith and URL

• Unicode

• Unicode and Regexp

Rhys Elsmore (@rhyselsmore) 

Bio: Rhys Elsmore is a self-deputised internet mall cop who has a passion for breaking computers in weird and wonderful ways. By day he helps secure a large blue cloud, and by night he hunts bugs in other people’s clouds. Outside of the internet he likes to overdo it at CrossFit (People who do CrossFit are legally required to tell you that they do CrossFit), gets his butt kicked at Brazilian Jiu-Jitsu, cooks new and exciting food, looks after two Australian Shepherds, and serves his community as a Retained Firefighter with Fire + Rescue NSW.

Talk: Recognition-Primed Bug Bounty Hunting

Humans are wired to consume, process, and act on large amounts of information. Every day – often without knowing – we take cues and signals from our environment, recall our past experiences, mix it all together, and make decisions. As bug bounty hunters we are often faced with many decisions, such as “where do I look next?”, “where do I start”, “how can I maximize impact”, “how can I escalate this finding”, and “how do I understand what this means”. A well-tuned decision making process is essential to maximizing impact and ensuring success while hunting bugs.

This talk draws on my experience in various emergency service roles – where the outcome of decisions are critical and thinking several steps ahead is required, mixes it with walkthroughs of the decision-making process I have followed when finding high-paying bugs, adds in a bit of psychology*, and details focus areas that will assist bug bounty hunters in being able to make better decisions.

Attendees will not only get walkthroughs of hard-hitting bugs, but also learn the basics of a decision making model that will hopefully lead them to bigger scopes and larger rewards.

What’s Next?

Stay tuned for our next announcement, the #levelup0x06 Keynote!  

Subscribe to our LevelUp news for speaker and conference announcements, tips and cheats for the event, and updates as the day approaches. Not on Discord? Sign up for our Bugcrowd Community to get yourself ready for the event. DON’T FORGET to submit your CFP.  The deadline is April 14th.

We’re pumped and look forward to seeing you there and helping everyone LEVEL UP!!!

The post SAVE THE DATE!!! #LevelUp0x06 Date Announced appeared first on Bugcrowd.

Attackers are more equipped and motivated than ever, which seemingly fuelled the passion vendors brought with their employees sharing security expertise through keynotes, booth presentations, and the occasional “I just wanted a fidget spinner” swag-for-a-scan sales pitch (RIP). This zeal was made apparent by a marked shift towards edgier messaging in the expo hall. For example, Malwarebytes creatively described itself as a means to “Keep business productive af,” while Axonius offered a comical concession that “Asset management isn’t sexy.” Similarly, landmark security veteran, Check Point, activated the encompassing brand promise “Secure your everything” (which is fine…unless there’s nothing left to secure because you used Zscaler to “Eliminate your attack surface.”)

Key themes from the expo hall

Three specific topics permeated the show floor—here’s what you need to know about them:

1. 1. Security Personification

The most pervasive theme, by far, was concerned with the “intelligence” of security. Many products described themselves broadly as “intelligent security” or “smarter security,” and sometimes even blended the attributes to form personified propositions. While these technologies may help to remediate risk, the truth is that inanimate security products don’t miraculously become smarter: the people who build them do. What you need to know is that intelligence isn’t a feature—it’s the benefit of having had the right humans solve a specific set of problems.

1. 1. Cloudpocalypse

It’s safe to say that 2020 will go down as the year the industry began coming to terms with jumping into the cloud head first. We’re now ten years into the modern cloud (can you believe it’s older than the first iPad?!), and vendors surfed the metaphor’s third wave with elaborations like “multi-cloud world” and “cloud-enabled threats.” What you need to know is that the cloud isn’t as soft or fluffy as the advertisements made it out to be—it’s a myriad of different challenges that continue to demand specific expertise with unprecedented scale.

1. 1. The Same But Different

Language in the expo hall was colored in strokes of modernity and futurism, with many vendors proposing a “new approach” and offering “security reimagined.” Some even pressed organizations to “reimagine their perimeter,” while others claimed that contemporary cybersecurity now operates in a “post-perimeter world.” What you need to know is that however you conceptualize your attack surface and threat landscape, there’s nothing modern about solving complex security problems in novel ways—it’s something we’ve been helping world-class brands like Mastercard, Atlassian, and Motorola do for years.

Taking over Local Edition and DNA Lounge

For two days, Bugcrowd transformed Local Edition into an underground oasis where attendees could enjoy barista-made coffee, rolling appetizers, and any charger cord they could possibly need. Guests also had the opportunity to rub shoulders with infosec leaders and hear diverse perspectives on a variety of evolving problems. 

Here’s a recap of speaker sessions held live at Local Edition:

Builders vs. Breakers

In this fireside panel, guests learned how to make sense of their threat landscape through the eyes of a hacker. Grant McCracken, (Sr. Director of Security Operations), Michael Skelton (Top-50 Security Researcher and Global Head of Security Operations), and Leif Dreizler (Sr. AppSec Engineer at Segment) joined forces to explore how organizations can leverage the power of crowdsourced security to secure their assets proactively. Speakers advocated distinct perspectives from the researcher community and security teams, and discussed how they work together best to find more critical vulnerabilities.

Our #RSAC “Builders and Breakers” event is starting! Introducing our panel:
Grant McCracken, Sr. Director of Security Operations at #Bugcrowd
@codingo_, Global Head of Security Operations at #Bugcrowd
@leifdreizler, Sr. AppSec Engineer at @Segment pic.twitter.com/HdQVBtmvw1

— bugcrowd (@Bugcrowd) February 25, 2020

5 Ways You Can’t Fake the Human Element

In this session, Michael Skelton (aka Codingo) explained the one problem with cybersecurity racing towards a future of automation: technology still can’t outwit the human creativity of a hacker. He discussed why the enterprise has become increasingly reliant on data, and how hackers use a variety of methods to enter their systems undetected to extract valuable information. Skelton also shared 5 ways that scanners can’t catch the same vulnerabilities as humans, and gave insight on how he went from hacking by the beaches of Australia to becoming Global Head of Security Operations at Bugcrowd.

Listening to @codingo_ talk about 5 ways you can’t fake the human element at @Bugcrowd’s session at @LocalEditionSf! #RSAC2020 pic.twitter.com/jHdHCKFO8Z

— Don McKenzie (@TheDonMcKenzie) February 26, 2020

You may have also spotted Bugcrowd around San Francisco as our “said no one in security” campaign hit newsracks across the city:

Tell us your worst case scenarios and fill in the blank

______________, said no #CISO ever.#saidnoCISOever #RSAC pic.twitter.com/gvhVwiSflO

— bugcrowd (@Bugcrowd) February 25, 2020

Now, RSA Conference wouldn’t be quite the same without Bugcrowd’s 4th annual afterparty. This year, we kicked it up a notch with a change of venue that put music and entertainment at the heart of our event. Headlined by the synth-wave band, The Midnight, DNA Lounge was transformed into an after-dark experience that resembled something you might see in a Tank Girl comic. Guests didn’t just battle on the dance floor. In essence, they also battled each other playing retro arcade games, choosing where to get an airbrush tattoo, and seeing how many different pairs of novelty sunglasses a single person could wear in the photo booth (busted!).

The party is just getting started at @dnalounge #mayhem2020 pic.twitter.com/oqhzsvZMeP

— bugcrowd (@Bugcrowd) February 27, 2020

Check out photos from the event and download your personal keepsake here.

Looking Ahead

RSA Conference remains a signature event for many of the largest enterprises, helping the industry mature while preparing professionals to face their next challenge. One thing is clear: organizations must balance the Human Element with new efficiencies and scale afforded by technology to be successful. That’s why Bugcrowd has invested significantly in expanding our technology stack to integrate collective creativity at every stage of the security development lifecycle—for faster access to the skills that matter most—wherever and whenever you need them.

If you missed us during the show, you can still request a meeting or check out DarkReading’s coverage of new enterprise enhancements made by Bugcrowd, enabling organizations to access a wider range of security skills with more relevant experience to their unique security concerns. These enhancements include:

• Increased visibility: users of Attack Surface Management report up to a 97% reduction in unknown attack surface.
• Increased control: more oversight over multiple programs and the ability to spin up on-demand programs through a simple wizard which defaults to proven Bugcrowd best practices.
• Increased access: CrowdMatch democratizes access to researchers with the best skills to help enterprises find high-impact vulnerabilities first and provide contextual intelligence so they can fix faster. Industries like FinServ, Telecommunications, and IoT, report their first critical submission in under 1.6 days on average.

DarkReading also explained how Bugcrowd is helping CISOs better manage budgets and maximize impact from programs with two new in-platform reports:

• Security Posture report: identifies the vulnerabilities within an organization’s technology stack against industry benchmarks and prioritize areas of improvement.
• Health and Spend report: captures program performance and spending patterns as well as context-aware recommendations for program improvements.

For more product updates, be sure to read our latest blog on how Bugcrowd is accelerating security success with auto-join programs, enhanced skill matching, and new API extensions. 

You can catch Bugcrowd next at these upcoming events:

• Nullcon: March 3-5, 2020
• SecureWorld Boston: March 25-26
• FS-ISAC Spring Summit: May 17-20, 2020
• BSides London: June 3, 2020

P.S. Bugcrowd was also proud to be the official Brown M&M sponsor for @wendynather:

#RSACprep WHAT THE ACTUAL I SAID NO BROWN M&MS pic.twitter.com/qfO9Yh8P1A

— (@wendynather) February 25, 2020

The post RSA Conference 2020 Recap: The Year Human Element Went Viral appeared first on Bugcrowd.