Combining the Power of Builders and Breakers

Wednesday, January 17, 2018 - 2:00 pm2:30 pm

Casey Ellis, Founder of Bugcrowd


The current state of the industry and “what happens next” is keeping security practitioners up at night. The interaction between companies and security researchers is a fragile equation: can they like each other or should they hate each other? Or both?

Questions around this love/hate relationship, and its future abound, include: If we like each other, what are our groups’ strengths and weaknesses? How can this newly formulated partnership be celebrated? Controlled? Secured? When the honeymoon period is over, what happens if things go wrong? Can potential issues be predicted before we agree to partner together? How is trust established: Have we asked the right questions? How do we build long term rapport and respect? What regulations or legislation, if any, do we need to learn and follow?

One misstep in a bug bounty program could shut down this harmonious “marriage,” but at the same time, more and more companies are taking on this perceived risk given that they’re seeing this new way of doing things is necessary and inevitable. Arming companies with more ammunition is necessary to defeat their attackers.

If we make it through this fragile security landscape, what will that future look like?

Our current approach to security assessment is inherently flawed. In this talk, Casey will examine how we got here, and how the "unlikely romance" between whitehats and enterprise organizations is changing everything.

Casey Ellis, Founder of Bugcrowd

As Founder of Bugcrowd, Casey Ellis brings over 14 years of information security experience to lead the company’s technology vision and strategic operation. Prior to Bugcrowd, he served as chief security officer at ScriptRock and as an information security specialist and account manager for Vectra Corporation Ltd. A former penetration tester, Casey has taken on the role of “white hat” to connect organizations large and small with the power of Bugcrowd’s platform for a revolutionary approach to cybersecurity. Casey has presented at several top security shows including RSA, DerbyCon, BSides, Converge, SOURCE Conference and the AISA National Summit.

@inproceedings {208165,
author = {Casey Ellis},
title = {Combining the Power of Builders and Breakers},
booktitle = {Enigma 2018 (Enigma 2018)},
year = {2018},
address = {Santa Clara, CA},
url = {},
publisher = {USENIX Association},
month = jan

Presentation Video