A few years ago, I was a software developer with a passion for security but had limited people around me to learn from. Bug bounties, and the communities around them, led me to a whole new world of knowledge that ultimately led to me landing a job as a pen tester, and then continuing to hone my craft from there.
Today I’m excited to announce I’m joining Bugcrowd as Head of Researcher Enablement, with the goal of helping others to do the same. Joining Bugcrowd will allow me to generate resources, content, and processes to help security researchers within the Crowd to achieve their own goals — whether that’s to bug hunt for an income, the challenge in bug hunting itself, or to use it to launch into something else.
I’ve been involved with bug bounties for a good while (currently ranked solidly in the top 50 on Bugcrowd, in fact), and I’m excited to jump in to see the other side of this world and make my mark on it.
As Head of Researcher Enablement my role will be to help maximize the productivity, engagement, and growth of the Bugcrowd security researcher community. Within Bugcrowd, there are a few organizations that interact with researchers: Researcher Success, Program Architecture, and the Security Operations Triage & Validation teams. The office of Researcher Enablement is embedded in all of these organizations, allowing for full service visibility and input across the entire workflow from researchers to platform to customers.
My role will also be embedded within the Bugcrowd Product team, and I am looking forward to bringing my pen testing expertise to drive additional innovation into the Bugcrowd Next Gen Pen Test (NGPT) product. With the introduction of NGPT last year and additional service offerings like Attack Surface Management (ASM), I can see the lines between what drives a pen test and what drives a bug bounty shifting into incentive-driven pen testing and a more unified community with similar goals and outcomes.
A heavy focus of mine will be bringing my experience as a pen tester to bear on the process, outputs, and direction for NGPT as well as crafting out content to help the experience of the broader community to grow, and succeed.
I think the Crowd can be deployed in a lot more ways than it already is today, and Bugcrowd has already started to explore that through NGPT and ASM. As we launch new service offerings, the opportunities for researchers will continue to expand, and with that the possibilities for incentive-driven testing within organizations. I’m excited to help explore that direction within my work here at Bugcrowd.
You can find me on Twitter (@codingo_) and in a variety of other channels if you’d like to discuss Bugcrowd, NGPT, or bug hunting in general.