4 min read

Bugcrowd: 10 Years On, and Still Just Getting Started

On the 1st of September 2012 during a flight from Melbourne to Sydney, a series of ideas I’d been working on for a year or more coalesced with a bunch of conversations I’d just had, the lightbulb went off, and Bugcrowd was born.
Bugcrowd: 10 Years On, and Still Just Getting Started
First posted on LinkedIn: https://www.linkedin.com/pulse/bugcrowd-10-years-still-just-getting-started-casey-ellis

It’s a memory that feels like it was yesterday, but the sheer volume of progress and transformation since makes it feel like a million years ago - On the 1st of September 2012 during a flight from Melbourne to Sydney, a series of ideas I’d been working on for a year or more coalesced with a bunch of conversations I’d just had, the lightbulb went off, and Bugcrowd was born.

No alt text provided for this image
Like any good entrepreneur, the domain name registration always comes first.

The idea itself was simple: Build a platform that connects the latent potential of those who hack in good faith around the world with as much of the global cybersecurity problem as possible, and in doing so, provide Internet builders and defenders with an army of allies to compete with and outsmart the growing army of adversaries. I also wanted to find a way to keep my buddies (who were hackers-but not the criminal kind) out of jail, and get them free of the chilling effects of security research and hacking that existed at the time.

Today, I look at what Bugcrowd started-not just as today's cybersecurity powerhouse in and of itself, but as a pioneer of the market category and a substantial contributor to the movement itself-with incredible pride, deep humility, and profound gratitude for those who’ve been a part of the journey to date.

Bugcrowd has given me the opportunity to work with some of the smartest, huge-hearted, most mission-driven people I’ve ever known, and I want to thank each and every one of you-those who work “inside the tent” with Bugcrowd today, and our incredible diaspora who played roles in getting us to where we are, and continue to kick ass and take names in their own pursuits. We’ve literally created an industry, changed the Internet forever and for always, and made life materially more difficult for the bad guys- I’m profoundly grateful for how you’ve all “built it like you own it.”

No alt text provided for this image
Bugcrowd's first principles.

Bugcrowd has witnessed and been a part of leading some incredible shifts in the way the  Internet views and secures itself—we’ve seen tens of thousands, if not more, cybersecurity careers launched around the world, we’ve seen young hackers realize that there are legitimate career paths available to those who “think bad, but do good” and then go on to finance homes, cars, care for parents, and all sorts of other amazing things in their personal lives, and most importantly, we’ve seen the perceptions-and more recently, the laws themselves—shift to acknowledge the crucial role hackers play as the Internet’s immune system.

Last but, in many ways, first: thank you to each and every one of our customers-especially those who understood the true nature of builder/breaker feedback early on. You took a gamble on a young company and a new and provocative idea, reaped the benefits of being on the cutting edge, and now lead their respective verticals when it comes to cybersecurity posture and trustworthiness in the market. There are a lot of problems you can get answers to with an assembled army of brilliant, diverse minds and a platform that knows who can do what and how to connect them both to your cybersecurity challenges- Our customers played a pivotal role in the giving of feedback, ideas, and inspiration around "which part of the elephant to eat next" and how to best create value for all three parties—them, the Crowd, and Bugcrowd—for the past decade.

This a keynote I gave retelling the Bugcrowd founding story and journey for cyber-entrepreneurs who think "hey, I think I could probably do that too!"

In 2012, cybersecurity wasn’t dinner-table conversation in the way it is today. Most of the progress that happened was either a response to failure, or the result of people like myself and my peers screaming from a soapbox on a street corner until someone stopped and listened. Hackers and hacking were a niche and almost completely misunderstood subculture, and the bounty hunter community barely existed. That's very different now.

Going forward, our vision and mission for the problem we’re solving remains the same, and has largely remained the same since day one: to build the leading platform for delivering a radical, continuous cybersecurity advantage. Our mission remains to connect the untapped value of the global security community with the unmet demands of the cybersecurity market through the Bugcrowd Security Knowledge Platform™.

... and no, this isn't that we haven’t come up with anything new—far from it! On the contrary, it was and continues to be very deliberate. Cybersecurity is ever-evolving and always changing, and for as long as humans are the ones building products, creating companies, and writing code, human knowledge and creativity will be required to outsmart the adversary and defend the attack surface of our customers and help them defend their users.

We've spent the last 10 years building the leading platform for connecting that creativity to where it's needed most—and I'm very excited about what the next 10 years hold in store for Bugcrowd, our space, and a more resilient and trustworthy Internet.