In a recent conversation, we had the privilege of speaking with Martin Choluj, the Vice President of Security at ClickHouse. Our discussion provided valuable insights into his experience collaborating with Bugcrowd and shed light on the critical role that crowdsourced security plays in safeguarding a brand’s intellectual property.

Choluj is a seasoned security professional with an impressive 15-year track record in the field. He is currently VP of Security at ClickHouse, a company renowned for its efficient open-source database solutions. 

Before stepping into this role, Choluj spent nearly six years as CISO at Campaign Monitor and has held various security leadership roles in international financial institutions. Alongside his practical experience, he holds a Master’s Degree in Security and Forensic Computing and a Bachelor’s Degree in Information Technology.

At its core, ClickHouse champions the principles of trust and risk reduction, and it’s this ethos that led them to explore a bug bounty program. Choluj highlights that the company’s aim is not simply compliance but to foster innovation in security and build constructive relationships with the hacker community.

Choluj’s partnership with Bugcrowd started in 2016 at a previous role, which led ClickHouse to choose our platform over others. With Bugcrowd, ClickHouse was able to tap into a global community of hackers to identify and address hidden, high-impact vulnerabilities. 

According to Choluj, a proactive approach is essential for any large-scale assurance program. He underscores the importance of crowdsourced security by saying, “Interacting with the hacker community is vital for our assurance program to operate on a large scale effectively.” 

He praises Bugcrowd’s triage response time and commitment to long-term customer success, both underpinned by a solid track record of experience. The primary challenge for ClickHouse was anticipating attack vectors and attacker ingenuity—an area where Bugcrowd’s expertise has proven invaluable.

Choluj also acknowledges a skills gap in cybersecurity, particularly when bridging the divide between security and engineering. He sees the Bugcrowd platform as a viable solution to this challenge, enabling organizations to augment their internal teams by tapping into the collective creativity of hackers. This approach effectively bridges the workforce gap, fostering a stronger synergy between different domains of expertise.

A wave of digital revolution has prompted organizations to rethink their security strategies. Old-school methods, centered on safeguarding known environments and networks, no longer suffice. Choluj asserts that the shift to remote work, amplified by the pandemic, requires a new focus on securing systems and users, regardless of location.

Choluj’s experience highlights the importance of treating cybersecurity as an ongoing strategic endeavor rather than a one-off project. His partnership with Bugcrowd exemplifies how a platform-driven approach to crowdsourced security can strengthen an organization’s defenses, turning potential vulnerabilities into fortified security measures.

Embracing crowdsourced security is more than a wise business decision in today’s intricate digital landscape; it’s a necessary step towards a secure digital tomorrow.