Name: Calculating the ROI of Bug Bounty Engagements
Start: 2024-07-11T16:00:00Z
End: 2024-07-11T16:00:30.000Z
Location: BrightTALK
Rating: 3

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd. 

Security ROI is top of mind for security and business leaders who need to quantify the impact of their investment. Line of sight into security ROI has always been hard, and adoption of crowdsourced security with a "pay for results" economic model (aka, bug bounty) adds additional considerations -- but also opportunities to show a tangible impact on the bottom line.

Join our webinar featuring Paul Ciesielski, Chief Revenue Officer at Bugcrowd, and Jason Haddix, CEO and Hacker of Arcanum Information Security, as they discuss:
-The overall potential economic impact of bug bounty adoption
-How bug bounty potentially affects operational efficiency and traditional pen testing
-How to think about qualitative benefits

Calculating the ROI of Bug Bounty Engagements

Join Jack Edwards, Security Engineer at ITV, and Bugcrowd Technical Program Manager, Matthias Held, as well as Robin Morte, ethical researcher on Bugcrowd, as they answer your questions on the impact of Vulnerability Disclosure Programs (VDP) on company security. 

From understanding the enormous benefits of VDPs to exploring the best practices for scaling these programs effectively, this session offers a comprehensive look into leveraging crowdsourced security solutions for maximum impact. 

We’ll dive into:

1) Scaling your program and enhancing security posture: Gain practical insights into scaling your VDP and improving your company’s security posture over time.

2) The impact on security: Discover how the VDP has significantly enhanced ITV’s security by identifying and fixing vulnerabilities before bad actors could exploit them.

3) Hacker and program owner perspectives: Hear from hackers and program owners like George about what makes a VDPs successful and what both parties want to see.

4) Future trends and best practices: Explore emerging trends in VDPs and predictions for the future, including their role in mitigating threats and improving overall security.

Join us for an in-depth discussion and get actionable tips for optimizing your own VDP to safeguard your organization’s security.

ITV Ask Me Anything: Vulnerability Disclosure Programs & Security Success

Fewer than 10% of organizations have visibility into their evolving attack surface, yet nearly 70% have been compromised through an unknown or poorly managed asset. With that in mind, having constant access to up-to-date external attack surface intelligence about digital assets in motion isn’t optional. 

In addition, the most security-forward organizations will use that intelligence to amplify the impact and productivity of follow-on human-driven testing and drive contextual recommendations, creating continuous assurance that compliance and risk reduction requirements are being met over time.

Join us to discuss, among other things:

-How attack surface intelligence unlocks new capabilities such as continuous attack surface pentesting and dynamic scope for bug bounty
-The complementary roles of pen testing and crowdsourced testing
-Bugcrowd’s vision to give users data-driven insights and recommendations based on rich asset and vulnerability data – plus the ability to proactively act on them – for continuous risk assurance

Attack Surface Intelligence for Continuous Assurance: The Journey Begins

The CISO role is evolving. The path to becoming a CISO, expectations of the role, and the path after the role is earned are varied. 

Bugcrowd recently released a new report, Inside the Mind of a CISO, which surveyed 209 security leaders globally to understand their biggest priorities and challenges. In this webinar, the author of the report is sitting down with Jason Haddix, former CISO and current CEO at Arcanum Information Security, to discuss his perspective on:
-How CISO roles and responsibilities are changing over time
-AI as a tool, a target, and a threat
-How an offensive security background has impacted his security strategy
-Advice for aspiring CISOs

Inside the Mind of a CISO

Join Skroutz CISO, George Papakyriakopoulos, and Bugcrowd Technical Program Manager, Matthias Held, as well as Robin Marte, ethical researcher on Bugcrowd, as they answer your questions on the impact of bug bounty programs on company security. 

From understanding the enormous benefits of bug bounties to exploring the best practices for scaling these programs effectively, this session offers a comprehensive look into leveraging crowdsourced security solutions for maximum impact. 

We’ll dive into:

1) Scaling your program and enhancing security posture: Gain practical insights into scaling your bug bounty program and improving your company’s security posture over time.

2) The impact on security: Discover how the bug bounty program has significantly enhanced Skroutz’s security by identifying and fixing vulnerabilities before bad actors could exploit them.

3) Hacker and program owner perspectives: Hear from hackers and program owners like George about what makes a bug bounty program successful and what both parties want to see.

4) Future trends and best practices: Explore emerging trends in bug bounty programs and predictions for the future, including their role in mitigating threats and improving overall security.

Join us for an in-depth discussion and get actionable tips for optimizing your own bug bounty program to safeguard your organization’s security.

Skroutz Ask Me Anything: Bug Bounties and security success

Join Kent Wilson, Vice President of Global Public Sector at Bugcrowd, to explore how crowdsourcing can revolutionize the Department of Defense's (DoD) cybersecurity posture. Discover actionable strategies drawn from Bugcrowd's expertise to learn how they can:

-Accelerate vulnerability discovery and mitigation
-Enhance the security of AI systems vital to DoD operations
-Foster knowledge transfer and collaboration within the cyber workforce
-Implement a strategic framework for ethical and secure crowdsourced engagement
-Secure a decisive advantage against asymmetric cyber threats

Don't miss this opportunity to learn how crowdsourcing can strengthen national defense in an era of unprecedented challenges.

Asymmetric Advantage: The Crowd as a Force Multiplier

Join Sophos CISO, Ross McKerchar, and Bugcrowd CEO, Dave Gerry, as they answer your questions on the evolution and significance of bug bounty programs. From defining bug bounties and exploring their key benefits to understanding the intricacies of running a successful program, this session offers a comprehensive look into how to leverage crowdsourced security solutions effectively. We’ll dive in to: 

-Getting started and growing your program: Gain practical insights into launching, expanding, and measuring the impact of bug bounty programs over time.  
-Collaboration between hackers and organizations: Discover the relationship between the hacking community and organizations  
-Real-world examples and success stories: Hear about successful bug bounty programs and gain actionable tips for optimizing your own program.  
-The future of crowdsourced security: Explore emerging trends and predictions for the future of bug bounty programs, including their role in mitigating ransomware threats.

Sophos Ask Me Anything: Bug Bounties - on demand session

Join Michael Skelton (Codingo), VP of Security Operations, and Nick McKenzie, CISO, as they break down Bugcrowd’s annual report, Inside the Platform (previously known as the Priority One Report). In this webinar, you’ll learn:
What millions of vulnerabilities tell us about the year to come.
The value of an open scope program.
How different hacker roles contribute to crowdsourced security.
How much different industries can expect to pay for a vulnerability.

Whether you’re a seasoned crowdsourced security veteran or just looking to dip your toes into the world of crowdsourced security, this webinar is a great tool to give you insight into best practices from the most successful programs on the Bugcrowd Platform.

Inside the Platform: Vulnerability Trends for 2024

AI is revolutionizing how work is done in every industry, and it has the potential to solve unsolvable problems beyond improving productivity. But it also poses unique challenges for security and business leaders, as reflected in President Biden’s Executive Order 14110 establishing U.S. federal standards for AI safety, security, and trustworthiness, along with the formation of a U.S. Artificial Intelligence Safety Institute.

In this conversation featuring Bugcrowd Founder and Chief Strategy Officer, Casey Ellis, and Conductor AI Founder, Zach Long, you’ll learn:
- How the AI attack surface differs from the current state and main considerations for security teams
- Emerging compliance requirements for adopters of AI
- Why crowdsourcing is the right solution at the right time for these urgent challenges

AI Safety and Compliance: Securing the New AI Attack Surface

Join Michael Skelton (Codingo), VP of Security Operations, and Nick McKenzie, CISO, as they break down Bugcrowd’s annual report, Inside the Platform (previously known as the Priority One Report). In this webinar, you’ll learn:
-What millions of vulnerabilities tell us about the year to come.
-The value of an open scope program.
-How different hacker roles contribute to crowdsourced security.
-How much different industries can expect to pay for a vulnerability.

Whether you’re a seasoned crowdsourced security veteran or just looking to dip your toes into the world of crowdsourced security, this webinar is a great tool to give you insight into best practices from the most successful programs on the Bugcrowd Platform.

Step inside the minds of 1000 hackers and see your organization from a new perspective, with the latest analysis on security researchers and their transformative use of generative AI.

Take a walk in their shoes and learn:
-Who hackers are, the skills they have, and their biggest motivators.
-How hackers are leveraging generative AI
-Where hackers are focused and which industries leverage their expertise

Inside the Mind of a Hacker

Join Rob Gurzeev, Founder and CEO, of CyCognito, and Casey Ellis, Founder and Chief Strategy Officer, of Bugcrowd, as they discuss how the utilization of automation and external attack surface management (EASM) coupled with crowdsourced testing (including pen testing and bug bounty) work together to empower organizations to effectively address these challenges.

In this roundtable webinar, you’ll discover how:

-Automation plays a pivotal role in enhancing security testing efficiency and accuracy.
-Crowdsourced security testing and EASM together allow you to proactively identify vulnerabilities, thus reducing time to remediation and bolstering your overall security posture.
-EASM informs and optimizes testing, ensuring that critical assets are thoroughly tested for improved accuracy, reducing, or eliminating false positives.

Strengthen Your Security Posture

Economic realities dictate that DevSecOps must find more cost-efficient ways to develop, secure, and manage technology. Yet demands from boardrooms to deliver the next generation of industry-transformative digital products continue to grow. Juggling these priorities is top of mind for CTOs, CISOs, and engineering leaders, which is why companies like Clari and Motorola Mobility are increasingly turning to crowdsourced testing as a disruptive staffing model to scale up security and quality testing operations. 

Watch this roundtable discussion to learn how crowdsourced testing programs can:
-Serve as an extension of internal expertise and capacity. 
-Provide on-demand access to a global network of skilled quality and security experts to address a broad set of product validation use cases.
-Help product and security leaders unlock more efficient ways to deliver high-quality, highly secure end-user experiences.

Crowdsourced Confidential: Comprehensive Security & Quality Testing

Inside the Mind of a Hacker 2023

81% of executives say the cost and constant effort required to stay ahead of hackers is ‘unsustainable.’ Many organizations are turning to crowdsourced security to tap into specialized skill sets of ethical hackers to beat bad actors at their own game.

Rapyd, a fintech company, is doing just that. Watch this webcast to learn their take on the 4 essentials to picking the right partner:
-A multi-solution SaaS platform with real-time visibility
-The right crowd of hackers for their industry and program
-Integration with existing workflows and systems
-Dedication to customer experience

4 Essentials to Look for in a Crowdsourced Security Platform

Government agencies and their contractors are held to the highest standards where cybersecurity is concerned. To meet those expectations, the US Cybersecurity and Infrastructure Agency (CISA), made vulnerability disclosure programs (VDPs) a requirement for all federal civilian agencies and launched the CISA VDP platform to help these agencies, federal contractors, and critical infrastructure providers strengthen their security posture by engaging the global ethical hacker community to voluntarily find and report vulnerabilities.

Join us for this panel discussion to learn how in the first 18 months CISA :

✓Onboarded more than 40 agencies onto the VDP platform, built in partnership with Bugcrowd
✓Identified >1,300 unique valid disclosures
✓Remediated >1,000 vulnerabilities, an 85% remediation rate
✓Expanded the program to include a private bug bounty program to encourage additional reporting

Combating Cyber Threats with VDP: A Federal Success Story

Security ROI is top of mind for security and business leaders who need to quantify the impact of their investment. Line of sight into security ROI has always been hard, and adoption of crowdsourced security with a "pay for results" economic model (aka, bug bounty) adds additional considerations -- but also opportunities to show a tangible impact on the bottom line.

Join our webinar featuring Paul Ciesielski and Jason Haddix as they discuss:
-The overall potential economic impact of bug bounty adoption
-How bug bounty potentially affects operational efficiency and traditional pen testing
-How to think about qualitative benefits

Hackers

Bug Bounty

Cyber Security

Cyber Defense

Pen Testing

Application Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Calculating the ROI of Bug Bounty Engagements

Presented by

About this talk

More from this channel