From Teenage Hacker to Cybersecurity Leader: Casey Ellis on Bugcrowd’s Mission in APAC
In our recent coverage of the NetEvents APAC Media Spotlight event, we highlighted key insights from David Gerry, CEO of Bugcrowd, regarding Bugcrowd’s plans to expand its services and presence in the APAC region, along with his thoughts on the evolving relationship between AI and hackers.
At the same event, which focused on addressing contemporary enterprise challenges, Casey Ellis, Bugcrowd’s Founder and CSO, also discussed the importance of reshaping public perceptions of hackers and harnessing their skills to combat sophisticated cyber threats.
During his keynote, Ellis shared his journey from a teenage hacker to establishing Bugcrowd as a leading cybersecurity platform. He emphasised his early experiences legally offering hacking services within the cybersecurity community and how that shaped his decision to pursue a career in cybersecurity after completing high school – sharing how he “moved into a penetration testing and offensive security role, pretty much straight out of high school.” “I did that for about six years and moved into solutions, architecture and sales,” said Ellis.
Changing the Perceptions of Hackers in APAC
It wasn’t until he assumed the role of a CSO for a company that he discovered a passion for entrepreneurship and the drive to trigger a change in the cybersecurity landscape. This newfound passion led to the founding of Bugcrowd in 2013. Ellis, who by then was already familiar with the fast-paced nature of the cybersecurity realm, decided to expedite Bugcrowd’s growth as a crowdsourced platform in a more ideal location, Silicon Valley, before moving back to the Asia Pacific region.
According to him, this decision was made because he believes there’s high engagement in hacker communities within the Asia Pacific region, just as much as in Europe and North America, if not more. Despite there being high engagement with these communities, hackers still faced a lot of prejudice and were demonised by society. This issue intensifies with the emergence and integration of AI technology; a new technology that still has many untapped potentials and unknown territories. The unknown nature of both hackers and AI intensifies the negative opinions society has about them, particularly in the Asia Pacific region. A region that is poised to become a technology hub, ironically, there are still many (the mainstream demographic) within the region that have only scratched the surface when it comes to hackers and AI.
Ellis hopes that the expansion of Bugcrowd into the Asia Pacific region will alleviate the prejudice surrounding the hacker communities; “The thing that I wanted to solve by starting the company was to create a better operating environment for hackers that operate in good faith. Because traditionally, historically, we’ve been treated as criminals. You know, the default assumption is if you can do a bad thing to a computer, you’re automatically a bad person. And that’s not true. Hacking is a morally agnostic skillset.”
Empowering Ethical Hackers with AI
Ellis believes that humans are the weakest link in cybersecurity. Relying solely on reactive tools alone leads to low-impact results and overlooks emerging risks. By positioning Bugcrowd as a crowdsourced cybersecurity platform, society will have access to diverse solutions, addressing skill gaps and imbalances between threat actors and defenders, explained Ellis during his presentation.
To that end, Bugcrowd will invest in AI technology with their recently secured funds, according to Ellis’ sharing. This transformation will evolve Bugcrowd into an AI-powered crowdsourced cybersecurity platform, enhancing hackers’ capabilities through the use of AI technology. In other words, AI technology will not be replacing their ethical hackers; instead, it will act as an accelerator and augmenter for Bugcrowd’s ethical hackers.
Ellis then touches on the three categories AI technology can manifest as; a threat, a tool, and a target. However, how these factors will manifest depends on who utilises the said technology. The same applies to the hackers as well, depending on who or the motive behind their hacking operations.
Recognising these dynamics, Ellis asserts that Bugcrowd will serve as a safe space for hackers: A platform where they can freely explore and experiment with new technologies such as AI. This enables them to contribute to cybersecurity solutions without the fear of being stigmatised or criminalised. Beyond providing a supportive environment, Bugcrowd also provides a bug bounty system that incentivises ethical hackers to actively participate in identifying and reporting vulnerabilities.
Bugcrowd’s Mission: Turning Hackers into Allies
Ellis hopes that the perks Bugcrowd offers will persuade some of the hackers to transition over to the other side of cybersecurity, embracing ethical hacking practices. Leveraging their expertise for constructive purposes can lead to positive contributions to cybersecurity efforts aimed at safeguarding digital assets.
He once again underscores the significance of this approach, as it will contribute to solving skill gap issues within the cybersecurity landscape. Ellis hopes that with the implementation of this approach, cybersecurity efforts will attain equal footing when against threat actors, thereby improving their countermeasures against threat actors’ malicious activities. By equalising the balance, cybersecurity defences will be able to remain robust and effective against ever-evolving cyber threats.
Ellis, however, does acknowledge that they will be navigating through many grey and uncertain territories in their efforts to connect society with hackers. Ergo, Bugcrowd is actively involved in shaping cybersecurity policies in the EU and North America. Ellis aims to achieve the same level of involvement within the Asia Pacific region as well. He also highlighted the importance for policymakers in each region to collaborate with ethical hackers to ensure future policies are sufficiently practical for ethical hackers to adhere to.