Have you ever wondered how your favorite Bugcrowd program is set up before you’re sent that coveted Private Invite? Shreyance Tewari is the Lead Security Solutions Architect here at Bugcrowd, ensuring that programs are up and ready for researchers to test before they go live!
An avid soccer enthusiast and rookie referee, Shrey brings his passion and excitement from the field to Bugcrowd, getting a real kick out of improving security posturing on every program he works with. He helps researchers score those critical vulnerabilities for any goal-oriented customers.
We sat down with Shrey to learn more about his background and get some advice on getting started in cybersecurity.
Check out his story below!
How did you get into Cybersecurity?
During my master’s in Electrical Engineering at Texas A&M I was allowed to take a few Computer Science courses. Having heard about this one great security professor, Dr. Daniel Ragsdale, I decided to audit one of his classes and that was the start of a great journey. Dr. Rags by just being the kind of person he is, really motivated and inspired me to dig deep and was the one who got me hooked into cybersecurity.
What brought you to Bugcrowd?
One of the common pain points I learned about cybersecurity both in school, in talks/ seminars, and then in my first security job was the `lack of talent to fill the cybersecurity job vacancies in the market`. So when I read about the work Bugcrowd was doing to employ the gig economy model to solve this industry-wide problem I got super interested. Then it was about finding how I could contribute to this and that came in the form of becoming a Security Solutions Architect where I could work with customers to understand their security needs, threat model, attack surface, etc., define the program brief and then work with researchers to find interesting bugs to help improve the customers’ security posture.
In your opinion, what makes a program successful?
By far the biggest factor in helping drive the success of any program on Bugcrowd are the program owners themselves. If the program owner thinks about the target application from the researcher’s point of view they’ll strive to work with the Bugcrowd team to create as detailed bounty briefs as possible to facilitate testing, so researchers can immediately start finding valuable issues. Similarly, customers who are Fair, Responsive, Understanding, Invested and Transparent (F.R.U.I.T) in their communication with the researchers are able to build long-lasting relationships and an invested researcher following that provides them long-lasting value.
What’s your favorite Bugcrowd memory (so far)?
The first Bugcrowd hosted, Women In Security and Privacy (WISP) meetup was a great experience. Getting to hear from the brilliant panel members on how they got started in the security industry and what keeps them going was great.
Do you have any favorite tools or resources you use to learn? Why?
I love listening to the weekly Security Now! podcast by Steve Gibson and Leo Laporte whenever I get the chance. They cover the latest in security every week and present the information in a very engaging and fun way.
When you aren’t working, what do you do for hobbies/fun?
I love playing and watching soccer whenever I can. Hala Madrid!
Do you have any advice for new hackers or people transitioning into InfoSec?
Whatever your motivation for looking at InfoSec as a career, just go all in. There are plenty of opportunities everywhere so try to find a mentor who can guide you to get to where you want, but most importantly put your head down and just get at it.
Connect with Shrey on LinkedIn!