bio

Professional Experience

I currently serve as the Chairperson, Founder, and CTO of Bugcrowd and co-founder of The disclose.io Project.

I started in cybersecurity as a penetration tester in the early 2000s before moving to solutions architecture and technical sales. In 2008, my wife and I formed the Tall Poppy Group and I began my journey as a career entrepreneur.

My practical experience ranges from startups and not-for-profits to governments and multinationals, where I’ve specialized in troubleshooting and bridging gaps between the technical and business aspects of information security.

The Bugcrowd "Mayhem at the Mint" event during RSAC 2019.

In 2012, I pioneered the crowdsourced-security-as-a-service model by founding and launching the first program on Bugcrowd, which has gone on to raise 80M USD of venture capital and transformed the security assessment industry.

I hold three patents [11019091, 10972494, and 20200076847] and have contributed to a variety of academic papers and books.

Community and Policy Activism

Two years after founding Bugcrowd I started disclose.io, an open-source project which promotes vulnerability disclosure program and safe-harbor adoption, with the goal of reforming anti-hacking law from the ground up to protect those who hack in good faith.

I'm an active advocate for the rights of good-faith cybersecurity research, including acting as amicus curae to the Supreme Court, and advising DOJ and the Senate and House Judiciary Committee around Computer Fraud and Abuse Act reform, contributing the the CFAA reforms seen in 2020 and 2022.

House Rules Committee meeting on Election Cybersecurity in 2019.

I'm active in the CTI Cyber League, w00w00, Rapid7 Cyber Policy Working Group, and the US Election Security Advisory Council, and have contributed to Federal and State-level election security policy in the USA as part of the CISA/DHS #protect2020 initiative, an well as contributing extensively to cybersecurity policy in Australia through DOHA, ASD, and ACSC, and the UK through the NCSC.

Media and Speaking

I’m an experienced keynote speaker and have presented at DEF CON, Black Hat USA, RSA Conference, Techcrunch DISRUPT, Shmoocon, ENISA Incibe, Usenix ENIGMA, Derbycon, SOURCEConf, AISA, AusCERT, and many others.

Pitching Bugcrowd as a finalist in the RSA Conference Innovation Sandbox in 2015.

I’ve also had the opportunity to provide plenty of media commentary on a variety of cybersecurity, national security, information warfare and entrepreneurship subjects, with quotes in most major media outlets in the United States, United Kingdom, and Australia. A list of press quotations, interviews, podcasts, and papers I’ve contributed to or been featured in can be found here.


Casey is the Chairman, Founder, and Chief Technology Officer of Bugcrowd, as well as the co-founder of The disclose.io Project. He is a 20-year veteran of information security who spent his childhood inventing things and generally getting technology to do things it isn't supposed to do.
Casey pioneered the Crowdsourced Security as-a-Service model, launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2014.
Since then, he has personally advised the US Department of Defense and Department of Homeland Security/CISA, the Australian and UK intelligence communities, and various US House and Senate legislative cybersecurity initiatives, including preemptive cyberspace protection ahead of the 2020 Presidential Elections.
Casey, a native of Sydney, Australia, is based in the San Francisco Bay Area with his wife and two children.

Headshots

The "hustle" headshot
The "hack" headshot
My @caseyjohnellis avatar