Why did you get into IT security?
I've always been attracted to the community aspects of the security industry. This is an industry where anyone clever at solving puzzles can make an impact that can improve the internet for everyone.
How do you describe your job to average people?
My job is motivating the global community of computer security researchers to use their skills to make our customers' code more secure. When they all work together, it becomes a powerful force with greater numbers than the bad guys.
What was one of your biggest challenges?
It's convincing people that we need people with a wide variety of skills. We tend to place more value on jobs with skills that are quantifiable, like penetration testing, and shy away from those with less concrete contributions, like risk management.
What keeps you up at night?
I worry about miscommunications. At Bugcrowd, we are the go-between for security researchers and companies in a stressful time. Where one side is hoping for appreciation for their efforts, the other side is protecting their assets. Our goal is to get them to speak the same language.
What makes you most proud?
In our community of over 11,000 security researchers, there have been many success stories that make me feel honored to work in this industry. Often we hear about people paying their way through school or supporting their family with the money they earn from bug bounty programs. We also run charity bounty programs where our researchers will contribute their expertise to help secure a charity organization for free.
How would you use a magic IT security wand?
I would create an effective, adaptable security awareness training program that would give people the same excitement and passion for security that I share with my peers.