Unusual Gathering Podcast featuring Casey Ellis and Liz Wharton


  •  
  •  
  •  
  •  

Moving Security out from Under the Hood

Brian Honan once likened the value of effective security practices to that of brakes in a car; both often viewed as things that slow us down, rather than arguably the only things enabling us to deftly maneuver the most critical challenges. In a recent interview with ITSP Magazine, Bugcrowd founder Casey Ellis teams up with VP of Strategy for Prevalian, Liz Wharton, to discuss what it takes to shift security from reactive necessity to profitable business initiative.

Buying for the brakes

The duo highlight an interesting challenge in framing security as a product or service differentiator. Ordinarily, consumers are very good at dictating features they want (like more cup holders in their minivan), and suppliers respond accordingly. However, when it comes to security, consumers aren’t quite as clear in their needs. While many are savvy to the general idea of cyber risk, few know how it relates to the products and services they consume, and fewer still know what exactly to demand of their providers to assuage those fears.

So how does Security move from under the hood, to the center-console of consumer wants and needs? Wharton and Ellis believe the answer lies in 4 key elements:

  1. Data- More research supporting the benefits of cutting-edge security measures
  2. Economization- Scalable solutions to improve product quality and speed to market
  3. Legislation- Best practices to leverage and protect new security methods
  4. Conversation- Socializing key concepts in language that every consumer can grasp   

Crowdsource it

One approach well on its way to ticking these boxes is the Crowdsourced security model. By connecting businesses to thousands of white hat hackers, crowdsourced security platforms have helped organizations find critical vulnerabilities faster, with less operational overhead. Increased adoption and reported rate of return for these programs has spurred legislative support, which in turn has promoted greater interest and discussion at the consumer level.  While these levers help justify the business benefits of these programs, Ellis notes the most critical component for mainstream adoption has been continued socialization of these truths.

Framing the Need- Conversation is King

Even when consumers realize they want more secure products, they may struggle to assign value to one approach over another (“Do I know what firewalls you’re using? Do I care?”) As interviewer Marco Ciappelli points out, anti-lock brakes didn’t become a standard feature in commercial vehicles from the public initiating demand. It took decades of research proving measurable benefit before manufacturers were able to produce and effectively message ABS as having tangible value for consumers. When Keren Elezari compared hackers to the internet’s immune system in her wildly popular TedTalk, she helped even non-techie consumers grok the value of crowdsourced security programs, elevating their importance amongst mainstream buyers. By seeding value at the consumer level, Elezari helped foster a business justification for companies to adopt and market the use of crowdsourced security as a key differentiator for their customers.

Scaling the Virtuous Cycle

For a solution to claim status as a business investment, value to the customer must compound with scale. For crowdsourced security, the same ends up being true for Hackers. When Uber and Lyft gained enough popularity (and subsequently drivers) in a given area, they enabled drivers to operate within a tighter radius. Customers benefited from more immediate service, and drivers reported higher job satisfaction. This kicked off a positive feedback loop which converted more customers and still more drivers. Ellis notes a similar trend between hackers and program customers. More data, legislation, and socialization has lead to increased user adoption. In turn, an increasing number of Hackers with unique skills have surfaced, hungry for new challenges. Growth on both sides ensures customers get the right resource for every program, and hackers can find new programs that continue to challenge and motivate them. Engagement, outcomes, and value multiply for all, and a focus on excellence – enabled by technology and platform employees – promotes quality at scale without risking degradation of service, or commoditization of skills.

Breaking for Better

Wharton and Ellis are both encouraged by the social, political, and economic cues that indicate revolutionary security methodologies like crowdsourced security are bound for the top line of the business. Though indeed, the driving force behind these 3 measures will continue to be the conversation around why this technology is necessary today, and what it means for every consumer. This relationship may be best summarized by the host’s closing observation, “Evolution, invention, and development of our society all come from people talking about problems with the old approach”.

To hear more about how market perceptions drive the adoption of security as a key feature rather than a requirement, listen to the whole ITSPmagazine Podcast.

Learn the ins and outs of Crowdsourced Security, Managed Bug Bounty and Vulnerability Disclosure ProgramsDownload the Guide
+