Braden Russell, Chief Product Officer, Bugcrowd in this CIO Q&A highlights advantages of crowdsourcing security efforts, AI for sophisticated cyber adversaries and more…

—————-

Hello Braden, Welcome to our CIO Influence Interview Series. Walk us through your Leadership journey in the Tech world.

Thank you! I joined the Bugcrowd team from CrowdStrike, where I was the Chief Technology Officer of the Falcon Platform and Next-Gen Security Information and Event Management (SIEM) solution. Prior to CrowdStrike, I held leadership positions at Foundstone, McAfee, Intel Security, and Cylance. In this new role leading Bugcrowd’s fast-growing product portfolio, I will assume responsibility for all R&D groups within the company, including Product, Engineering, Infrastructure, and Data Science. I also hold patents in advanced techniques for automated vulnerability discovery and intelligent malware detection. Before venturing into the cybersecurity world, I was part of the Advanced Digital Systems Group at Sony Pictures Studios, where my team was awarded a Technical Academy Award in 2000.

Bugcrowd has been a leader in crowdsourced security. From your perspective, as a Chief Product Officer, what are the key advantages of crowdsourcing security efforts compared to traditional approaches like SIEM?

In today’s fast paced threat landscape where cyberattackers are becoming more evasive and sophisticated, many organizations lack the resources and diversified skills to find hidden vulnerabilities before attackers do. The problem is that using reactive tools alone leads to noisy, low-impact results that miss emerging risks and often respond when it’s already too late. The cybercriminals have already infiltrated your system and caused damage. Even sophisticated companies can misjudge the creativity, patience, and diverse skills of today’s attackers.

Also Read: CIO Influence Interview with Serge Lucio, VP and GM of Agile Operations Division at Broadcom

In essence, crowdsourcing emerged to address the skills gap—and the imbalance between attackers and defenders—by incentivizing ethical hackers to report critical bugs. Many firms struggle to integrate crowdsourcing into their security strategy in a trusted, efficient way, because purpose-built tools are too limited and consulting-based approaches fail to scale.

This is where Bugcrowd has re-envisioned crowdsourced security. Bugcrowd has pioneered a new approach, with a SaaS platform that activates skilled, trusted hackers for your needs on demand, with all operational details fully managed for you at any scale.

How important is real-time vulnerability detection in today’s cybersecurity landscape, and how does Bugcrowd’s platform address this challenge for its customers?

Continual visibility into your organization’s entire attack surface is vital. Your attack surface includes all potential points of unauthorized access to your systems. All it takes is one vulnerable point in your attack surface going unnoticed and unprotected to provide an entry point for a malicious actor to potentially extract data or install malware.

Today’s IT environments are far more dynamic than the relatively static environments organizations dealt with a decade ago. The emergence of containers, cloud infrastructure, and SaaS applications don’t often easily adhere to security policies, which results in shadow IT assets. Distributed workforces are connecting to networks or accessing digital assets in the cloud remotely outside of the 9-5 window. This is where Bugcrowd’s Continuous Attack Surface Management provides immense value to organizations. CASPT contains detailed asset data acquired through Informer’s EASM solution coupled with the massive amount of vulnerability information Bugcrowd has processed in the past twelve years to create new and unique value for customers and hackers alike on the platform.

Also Read: CIO Influence Interview with Tomer Shiran, Founder and Chief Product Officer of Dremio

With the rise of AI-driven attacks, share tips about ensuring that AI capabilities can outpace and outsmart sophisticated cyber adversaries.

Our industry is rapidly advancing into the era of Artificial Intelligence, with AI even recently passing the Turing test. While AI plays a crucial role in automating security against malicious actors, I believe that human ingenuity remains irreplaceable. According to last year’s Inside the Mind of a Hacker Report, Bugcrowd found that 72% of hackers believe artificial intelligence (AI) will not replace the creativity of humans in security research and vulnerability management. To truly outpace and outsmart sophisticated cyber adversaries, the human element cannot be taken out of cybersecurity operations. Although the report also found that more than half of respondents (55%) said that AI can already outperform hackers or will be able to do so within the next five years, hackers aren’t worried about being replaced. Nearly three out of four respondents (72%) said that generative AI will not be able to replicate the creativity of hackers. The key takeaway? Organizations need to tap the diverse skills and expertise of hackers through a multi-solution crowdsourced cybersecurity platform. One that combines data and ML-driven crowd-matching with decades of applied experience to bring the right human creativity to the right problem at the right time.

As Bugcrowd continues to innovate, what exciting developments or upcoming features can we expect from the platform in the coming months?

At Bugcrowd, we are on a mission to harness the power of the global hacker community, backed by advanced automation and AI. We are also building the most complete perimeter security offering available. I am excited about the opportunity to create innovative products that solve real business problems at scale. I know that I am joining in the midst of significant momentum for Bugcrowd, including continued product innovations in pen testing and attack surface management. This company, a leader in crowdsourced security, has developed an incredible platform that combines the unmatched creativity and problem-solving skills of the Crowd with cutting-edge automation and AI. This combination delivers a level of security that customers have never experienced before. I’m thrilled to join the team and contribute to further developing and expanding this platform!

Lastly, before we close, please share five innovations that excite you most about the future of cybersecurity.

• The power of Crowdsourced Security amplified by Artificial Intelligence. There’s no denying the ingenuity and will of a determined hacker. Enabling a security researcher to do their work more efficiently with Artificial Intelligence will produce very rapid threat intelligence for those who take advantage of it.
• Using AI to defend against malicious AI. If defenders can use AI, we know attackers will utilize it as well to make their attacks faster, more pervasive and more costly. The only way to keep up with the speed of malicious AI attacks is to leverage AI and automate defenses against it.
• Eliminating secrets with Passwordless authentication. Passwords remain one of the biggest weaknesses in the security ecosystem. Companies working on ways to eliminate passwords for people and secrets for computers will prevent countless breaches that rely simply on stolen passwords to gain access to privileged systems and information.
• Protecting privacy with Homomorphic encryption. Our personal, private data is everywhere in the cloud. Our data is at social media sites, ecommerce sites, banks, job boards, insurance companies, medical providers, and many more. All of this data is being used to train ML and AI models. Homomorphic encryption keeps the data secure while still allowing it to be used for data science model training and building. It protects our privacy without removing the benefits we can get from big data analysis.
• The promise of XDR and NG-SIEM. For some time, companies have had to choose between, on one side, best of class security products that don’t work well that have to be tied together with home-grown integrations that don’t always work, and on the other side, best of suite security products that work well together but don’t provide the same level of protection. The combinations of XDR and NG-SIEM allows companies to pull data from any best of class product into the same platform and threat hunt across all of it in one command and control console.

Thank you, Braden, for sharing your insights with us.

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]