The Unlikely Romance Between Hackers and CISOs>
Global Security Magazine – Nick McKenzie, Bugcrowd CISO
Bugcrowd CISO Nick McKenzie discusses the “unlikely romance” between ethical hackers (“white hats”) and CISOs/security leaders.
Though stereotypically adversaries, they increasingly collaborate for mutual benefit.
CISOs face ongoing challenges like the cybersecurity skills gap despite workforce growth.
Attack surfaces also continually evolve.
Crowdsourcing hacker intelligence helps address resourcing gaps and identify unique vulnerabilities.
77% of hackers work in cybersecurity roles.
Partnering with them via crowdsourced security extends existing teams’ reach.
McKenzie argues this decreases vs increases risk by finding issues sooner.
Effective partnerships require finding the right hackers with specific skills vs just quantity.
Curated hackers should match target types and required testing like web, network, etc.
Taking a gradual approach also builds confidence.
Investing in hacker relationships, through good submission experiences, triage, and rewards, fosters goodwill and continuous testing.
Platforms like Bugcrowd connect clients to qualified hackers, manage programs, triage submissions, and enable “unlikely romances” between CISOs and hackers.
Link: https://www.globalsecuritymag.com/the-unlikely-romance-between-hackers-and-cisos.html