bio
Casey is a serial entrepreneur, best known as the founder of Bugcrowd and co-founder of The disclose.io Project. He is a 25+ year veteran of information security who grew up inventing things and generally getting technology to do things it isn't supposed to do. Casey pioneered the crowdsourced security as-a-service model, launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2014 prior to its launch in 2018.
He’s an active member of a variety of policy and threat intelligence working groups and think tanks such as the Cyber Threat Intelligence League, w00w00, Hacking Policy Council, and the Election Security Research Forum. He has personally advised the US White House, DoD, Department of Justice, Department of Homeland Security/CISA, the Australian and UK intelligence communities, and various US House and Senate legislative cybersecurity initiatives, including preemptive cyberspace protection ahead of the 2020 Presidential Elections, the US National Cyber Strategy, and a variety of policies and EO’s relating to security research, anti-hacking law, and artificial intelligence.
Casey, a native of Sydney, Australia, is based in the San Francisco Bay Area.
Professional Experience
I currently serve as founder and advisor to Bugcrowd, co-founder and President of The disclose.io Project, and advisor to a variety of other startups in cybersecurity, AI, and vulnerability research.
I started in cybersecurity as a penetration tester in the early 2000s, before moving into solutions architecture and technical sales. In 2008 I formed the Tall Poppy Group and began my journey as a career entrepreneur.
My practical experience ranges from startups and not-for-profits to governments and multinationals, where I’ve specialized in troubleshooting and bridging gaps between the technical, business, and societal aspects of cybersecurity.
In 2012, I pioneered the crowdsourced-security-as-a-service model by founding and launching the first program on Bugcrowd, which has gone on to raise over 180M USD of venture capital and transformed the cybersecurity assessment and intelligence industry.
I hold a variety of patents, contributed to academic papers and books, and been a judge on a number of cybersecurity and startup panels.
Community and Policy Activism
Two years after founding Bugcrowd I started disclose.io, an open-source project which promotes vulnerability disclosure program and safe-harbor adoption, with the goal of reforming anti-hacking law from the ground up to protect those who hack in good faith.
I'm an active advocate for the rights of good-faith cybersecurity research, including acting as amicus curae to the Supreme Court, and advising DOJ and the Senate and House Judiciary Committee around Computer Fraud and Abuse Act, contributing to the CFAA reforms seen in 2020 and 2022.
I'm active in the CTI Cyber League, w00w00, Rapid7 Cyber Policy Working Group, and the US Election Security Advisory Council, IT-ISAC Election Security Research Forum, and have contributed to Federal and State-level election security policy in the USA as part of the CISA/DHS Protect2020 and Protect2024 initiative, as well as contributing extensively to state and national cybersecurity policy in Australia through DoHA, ASD, and ACSC, and in the UK through the NCSC.
Media and Speaking
I’m an experienced keynote speaker and have presented at DEF CON, Black Hat USA, RSA Conference, Techcrunch DISRUPT, Shmoocon, ENISA Incibe, Usenix ENIGMA, Derbycon, SOURCEConf, AISA, AusCERT, and many others.
I’ve also had the opportunity to provide plenty of media commentary on a variety of cybersecurity, national security, information warfare and entrepreneurship subjects, with quotes in most major media outlets in the United States, United Kingdom, and Australia. A list of press quotations, interviews, podcasts, and papers I’ve contributed to or been featured in can be found here.