Casey is the Chairman, Founder and CTO of Bugcrowd, and has been inventing stuff and generally getting technology to do things it isn’t supposed to since childhood. He’s been in the industry for 20 years, working with clients ranging from startups to government to multinationals, and awkwardly straddles the fence of the technical and business sides of information security. Casey pioneered the Crowdsourced Security as a Service model, launching the first bug bounty programs on the Bugcrowd platform in 2012, co-founded the disclose.io vulnerability disclosure standardization project in 2014, and has presented at DEF CON, Black Hat USA, RSAC, Techcrunch DISRUPT, Shmoocon, ENISA Incibe, Usenix ENIGMA, AusCERT, and others. A proudly “currently semi-repatriated ex-pat” of Sydney, Australia, Casey normally lives with his wife and two kids in the San Francisco Bay Area. He is happy as long as he’s got a problem to solve, an opportunity to develop, a kick-ass group of people to bring along for the ride, and free reign on t-shirt designs.
Release The Hounds - Part 2 (aka 8 Years Is A Long-Ass Time)
It has been 20 years since Rainforest Puppy released the RFPolicy responsible disclosure policy, 11 years since Google and Facebook brought the concept of bug bounty into the eye of the security industry, and 9 years since Bugcrowd pioneered the concept of inserting a platform in the process to facilitate conversations between builders and breakers. In March 2013, there was a talk at Ruxmon Sydney titled “Release the Hounds! A look inside Bugcrowd.” At the time we had a total of 10 programs, 1,500 hunters, and a $50,000 “Ramen-noodle round” from Startmate under our belts; and were getting ready to depart for Silicon Valley in April... In this talk, Casey will provide a long-overdue status update (apologies... got a bit sidetracked) on Australia’s crowdiest export and indulge in a few tall tales of the crazy stuff that happens as you build a multi-national, venture-backed category creator. More importantly, he’ll dig into the evolution of crowdsourced security and vulnerability disclosure, where it’s going next, and what that means for an Internet and a global userbase who are undergoing some pretty dramatic change.