Name: Calculating the ROI of Bug Bounty Engagements
Start: 2024-09-19T16:00:00Z
End: 2024-09-19T16:00:30.000Z
Location: BrightTALK

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We are creating a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd. 

Security-forward organizations don’t stop at reactive application security testing. They also demand visibility through an “attacker’s lens”–from early development through deployment–to preempt threats by finding and fixing exploitable vulnerabilities before attackers can strike.

In this webinar, we'll introduce you to Mayhem Security, now part of Bugcrowd, and reveal its role in unlocking preemptive security. Learn how Mayhem's automated offensive testing platform continuously detects both novel and known vulnerabilities in running code and APIs during development, with virtually zero noise.

You will:
-See how Mayhem augments traditional AppSec tools to help developers ship safer applications faster and at a lower cost.
-Explore real-world success stories from customers like Cloudflare, Boeing, and Roblox.
-Discover how Mayhem works alongside human-led penetration testing and crowdsourced testing delivered by Bugcrowd.

Beyond Scanning: Test Your Code Like a Hacker From Build to Deploy

Most organisations rely on penetration testing to meet compliance and assess internal risk, but as threats evolve, that point-in-time approach alone isn’t enough. Bug bounty programs extend coverage beyond traditional testing—offering continuous, creative insight from a global community of ethical security researchers, called hackers.

In this session, we’ll explore how these two disciplines intersect and how security leaders can combine them into a unified, modern offensive security strategy that delivers both assurance and agility.

Key takeaways:
- Understand the complementary strengths of pen testing (depth, targeted scope, and compliance) and bug bounty (breadth, continuous coverage, and creativity).
- Learn how to design and operationalise hybrid testing programs.
- Discover how continuous testing and Crowd-powered validation reinforce a mature security posture.

Join us for an in-depth discussion with Dardan, Matthias and Julian, and get actionable tips for your own pen testing and bug bounty programs to safeguard your organization’s security.

Modern offensive security: Integrating pen testing and bug bounty for continuous assurance

CISOs are in the thick of so much change impacting their entire teams in the wake of AI adoption. How can security teams tackle topics like AI governance, which extends beyond actual technology into realms of compliance, operations, and brand reputation? How do security leaders effectively translate AI risks and other risks to the board? 

We’re excited to be joined by Bugcrowd customer, Dan Maslin, Group Chief Information Security Officer and Head of Infrastructure Strategy at Monash University. Monash is Australia’s largest university, with around 90,000 students and 20,000 staff. In this session, Dan will speak to Nick McKenzie, CI&SO at Bugcrowd, and Trey Ford, Chief Strategy and Trust Officer. They’ll cover: 
-The unique impacts of AI on both research and education, with actionable examples of how Monash is prioritizing AI governance, organization-wide
-How Monash’s team scaled to continuously proactively test their environment with limited internal resources
-Tips to leverage offensive security outcomes for resilience and executive decision-making.

Inside the Mind of a CISO: Exploring AI governance and resilience with Monash University

You can learn a lot about your security posture by thinking like a hacker.

In this live session, Bugcrowd pentesters will pull back the curtain on how they approach testing — what they look for, what they uncover, and how their findings often challenge assumptions about what’s “secure enough.” Through real-world examples and candid discussion, they’ll share what separates effective security testing from routine exercises and how adopting a pentester’s mindset can reveal new ways to strengthen your defenses. You’ll walk away with a better understanding of how attackers see your environment — and how that perspective can sharpen your testing strategy, improve coverage, and build greater resilience across your organization.

Key Takeaways:
-How pentesters approach and prioritize targets — and what that reveals about your environment
-Common blind spots across app, API, and cloud testing (and how to close them)
-What “real-world” attack simulation looks like beyond compliance testing
-How to adopt a pentester’s mindset to continuously evolve your testing strategy

Inside the Mind of a Pentester: What Hackers Know About Your Testing Gaps

Join Keyur from Village Roadshow, alongside Joshua from Bugcrowd, as they answer your questions on the impact of bug bounties on company security. From understanding the enormous benefits of bug bounty programs to exploring the best practices for scaling these programs effectively, this session offers a comprehensive look into leveraging crowdsourced security solutions for maximum impact.

We’ll dive into:

● Scaling your program and enhancing security posture: Gain practical insights into scaling your bug bounty program and improving your company’s security posture over time.
● The impact on security: Discover how the bug bounty program has significantly enhanced Village Roadshow’s security by identifying and fixing vulnerabilities before bad actors could exploit them.
● The impact on innovation: Explore how proactive security in practice allows the company to innovate and stand out as a leader amongst competitors.
● Hacker and program owner perspectives: Hear from hackers like Josh and program owners like Keyur about what makes a bug bounty program successful and what both parties want to see.
● Future trends and best practices: Explore emerging trends in bug bounty programs and predictions for the future, including their role in mitigating threats and improving overall security.

Join us for an in-depth discussion and get actionable tips for optimizing your own bug bounty program to safeguard your organization’s security.

Village Roadshow Ask Me Anything: Bug bounties and security success

Join Olivier from TX Group, alongside Matthias from Bugcrowd, as they answer your questions on the impact of bug bounties on company security. 

From understanding the enormous benefits of bug bounty programs to exploring the best practices for scaling these programs effectively, this session offers a comprehensive look into leveraging crowdsourced security solutions for maximum impact. 

We’ll dive into:

● Scaling your program and enhancing security posture: Gain practical insights into scaling your bug bounty program and improving your company’s security posture over time.
● The impact on security: Discover how the bug bounty program has significantly enhanced TX Group’s security by identifying and fixing vulnerabilities before bad actors could exploit them.
● The impact on innovation: Explore how proactive security in practice allows the company to innovate and stand out as a leader amongst competitors.
● Hacker and program owner perspectives: Hear from hackers like Matthias and program owners like Olivier about what makes a bug bounty program successful and what both parties want to see.
● Future trends and best practices: Explore emerging trends in bug bounty programs and predictions for the future, including their role in mitigating threats and improving overall security.

Join us for an in-depth discussion and get actionable tips for optimizing your own bug bounty program to safeguard your organization’s security.

TX Group Ask Me Anything: Bug bounties and security success

Bug bounty is a battle-tested method for continuously uncovering critical vulnerabilities that traditional testing will miss. But without a thoughtful approach to hacker/researcher activation and engagement, even the best intentions can lead you in the wrong direction.

In this webinar, elite bug bounty hackers CJ and Brig from the Bugcrowd community will reveal the telltale signs of poorly designed or mismanaged programs—and how the right bug bounty platform can mean the difference between success and failure. 
You'll learn:
-Hacker motivations and how the best programs align with them/the worst programs ignore them
-How to think about scope and rewards
-The critical role of triage and appeals

The Top 5 Reasons Bug Bounty Programs Fail—According to Hackers

Consumer trust is more than a buzzword—it’s a brand imperative. As organizations accelerate innovation, the ability to demonstrate proactive security has become a defining factor in building and sustaining customer trust, attracting top security talent, and bolstering an organization’s reputation. But how do leading companies turn security into a strategic advantage rather than a reactive necessity?

Join our fireside chat with Bugcrowd CISO Trey Ford as we discuss redefining trust through offensive security. We'll explore how forward-thinking organizations are using proactive security practices to strengthen their brand reputation, enable innovation with confidence, and differentiate themselves in a crowded market.
Our speakers will dive into:
-What “building a reputation of trust” truly means in practice
-How offensive security plays a critical role in establishing and maintaining that trust
-Real-world strategies for turning security credibility into market leadership

Walk away with fresh perspectives on how to harness security not just as protection, but as a powerful business enabler.

The Trust Factor: Why Security-Led Brands Win

Behind every red team engagement is a mindset built to mimic the unpredictable, creative, and often chaotic behavior of real-world adversaries. But what exactly goes into thinking like an attacker—and how do today’s red teamers stay ahead in an ever-shifting threat landscape?

Join the Bugcrowd team for an unfiltered look into the tactics, motivations, and mental frameworks behind effective red team operations. You’ll get a rare, behind-the-scenes perspective on what it takes to challenge assumptions, uncover hidden weaknesses, and simulate real-world attacks that move the needle on organizational resilience.

Find out: 
-What it really means to think like an adversary—beyond tools and techniques
-How elite red teamers plan and execute attack simulations that reflect real-world threat actors
-Common mistakes defenders make (and how red teams exploit them)
-The psychology of persistence, creativity, and lateral thinking in adversary emulation
-How Bugcrowd's crowdsourced red teaming approach brings unmatched agility, depth, and scale

Whether you're building a red team program, refining your current strategy, or just curious how professional operators approach the job—this is your chance to hear it straight from the source.

Inside the Mind of a Red Teamer

Whether you call them hackers, security researchers, white-hats, or any other name, the same question always comes up—can I actually trust them? 

Just like any career, not all hackers are the same. In this webinar, Beau Woods, Cyber Safety Advocate at I Am The Cavalry, and Justin Beachler, Global Director of Trust and Security at Bugcrowd, delve into the often misunderstood world of ethical hacking. They’ll discuss:
-Common intrinsic and extrinsic motivators for hacking
-Different hacking methodologies
-How knowledge of motivators and methodologies helps security leaders maximize their investment in crowdsourced security testing 

As emerging threats get bigger and resources become limited, security teams are increasingly turning to hackers to help them extend the reach of their team and solve their security challenges. Register for this webinar to learn how.

Turning “CrowdFear” into “Crowd-Cheer”: Your guide to trusting hackers

Consumer trust is more than a buzzword—it’s a brand imperative. As organizations accelerate innovation, the ability to demonstrate proactive security has become a defining factor in building and sustaining customer trust, attracting top security talent, and bolstering an organization’s reputation. But how do leading companies turn security into a strategic advantage rather than a reactive necessity?

Join our fireside chat with Bugcrowd CISO Trey Ford and our customers from Netrix Corporation and Skroutz, as we discuss redefining trust through offensive security. We'll explore how forward-thinking organizations are using proactive security practices to strengthen their brand reputation, enable innovation with confidence, and differentiate themselves in a crowded market.

Our speakers will dive into:
-What “building a reputation of trust” truly means in practice
-How offensive security plays a critical role in establishing and maintaining that trust
-Real-world strategies for turning security credibility into market leadership

Walk away with fresh perspectives on how to harness security not just as protection, but as a powerful business enabler.

Cyber threats never slow down and they’re constantly evolving—how do teams secure a moving target? Traditional security testing can tell you what’s broken. Red teaming shows you how attackers will break it.

Join Bugcrowd’s Alistair Greaves and veteran red team operator Nerdwell for a live session that pulls back the curtain on crowdsourced red teaming: what it is, why it matters, and how top security teams are using it to stay ahead of today’s most sophisticated threats.
In this session, we’ll break down:
-How crowdsourced red teaming is different from traditional red teaming
-Why flexibility—whether one-and-done or continuous—is key to meeting evolving risk and compliance needs
-The biggest challenges in running red team programs—and how leading teams are solving them
-How real-world adversarial insights can level up your incident response, board reporting, and control validation

Whether you're new to red teaming or a veteran in the space, you’ll walk away with fresh insight into how Bugcrowd is innovating the red teaming market and how you can uncover blind spots and strengthen your security posture—without the lag of traditional engagements.

Think Like an Attacker: Why Red Teaming is the New Must-Have in Modern Security

81% of security leaders call staying ahead of threat actors “a constant battle with an unsustainable cost.” We need to rethink how to meet security objectives, and with the chronic talent shortage, that includes activating the endless skill sets and diversity of the ethical hacker community to proactively reduce risk–not just react to threats we already know about. 

Join this webinar to learn:

-How augmenting your team with skilled, trusted hackers on demand can help find and prioritize vulnerabilities that traditional testing will miss
-What motivates hackers and why they are your best defenders when engaged correctly
-The specific types of programs/objectives for which hackers add the most value, and why 
-How to think about measuring success and ROI

The Greatest Cybersecurity Myth Ever Told: Why Hackers Are Our Best Defenders, And How They Augment Your Team

Join Abel from Skyscanner, alongside Matthias from Bugcrowd, as they answer your questions on the impact of bug bounty on company security. 

From understanding the enormous benefits of bug bounty to exploring the best practices for scaling these programs effectively, this session offers a comprehensive look into leveraging crowdsourced security solutions for maximum impact. 

We’ll dive into:

- Scaling your program and enhancing security posture: Gain practical insights into scaling your bug bounty program and improving your company’s security posture over time.
- The impact on security: Discover how the bug bounty program has significantly enhanced Skyscanner’s security by identifying and fixing vulnerabilities before bad actors could exploit them.
- Hacker and program owner perspectives: Hear from hackers like Matthias and program owners like Abel about what makes a bug bounty program successful and what both parties want to see.
- Future trends and best practices: Explore emerging trends in bug bounty programs and predictions for the future, including their role in mitigating threats and improving overall security.

Join us for an in-depth discussion and get actionable tips for optimizing your own bug bounty program to safeguard your organization’s security.

Skyscanner | Ask Me Anything: Bug bounty and security success

Join us on March 11, 2025, at 14:00 GMT for an inspiring and insightful discussion in celebration of International Women’s Day. This exclusive webinar brings together top female leaders in cybersecurity to share their journeys, challenges, and strategies for success in a traditionally male-dominated field.

Panelists:
- Einat Shimoni, CISO of Lusha
- Katie Paxton-Fear, Ethical hacker
- Liz Steininger, CEO of Least Authority
- Emily Ferdinando, CMO of Bugcrowd

This event is more than just a discussion—it’s a movement to empower and uplift women in cybersecurity. Whether you're an aspiring security professional, a student exploring career paths, or already in the field looking to break through barriers, this webinar is designed to provide real-world insights, career advice, and mentorship. Our panelists will share their personal experiences, the obstacles they've overcome, and the lessons they’ve learned in their journey to the top.

We encourage attendees to bring their questions! If you’re wondering how to start a career in cybersecurity, where to find opportunities, or how to navigate challenges as a woman in the industry, this is your chance to get guidance from those who’ve been there. Let’s work together to close the gender gap in cybersecurity and pave the way for the next generation of female leaders.

Don’t miss this empowering conversation—reserve your spot today!

Breaking barriers: Women leading in cybersecurity

Cybersecurity vulnerabilities can result in severe legal, financial, and reputational damage, affecting both enterprise and personal data. As the threat landscape evolves, Vulnerability Disclosure Programs (VDPs) have become essential for organizations looking to proactively manage risk. However, building a successful VDP requires strategic planning, the right tools, and a well-structured approach.

Join us for a webinar featuring Kent Wilson, VP of Global Public Sector at Bugcrowd; Casey Ellis, Founder of Bugcrowd; Conrad Long, OIS Security Operations Chief for the State of California; and John Cleveland, Deputy State Chief Information Security Officer of California, as they share insights on:
-Their experience implementing and managing a VDP with Bugcrowd
-Key metrics from California’s VDP, one of the most successful government programs
-Why VDPs are critical for compliance and cybersecurity maturity
-Seven key steps to successfully set up and manage a VDP

7 VDP best practices from the State of CA

Bugcrowd’s most popular report, Inside the Mind of a Hacker, is almost here! Join us for this breakdown of some of the most interesting findings from the report. This annual report provides valuable insights into the unique ways hackers are taking their security research and advice on how the cybersecurity community can benefit from these trends. This specific edition also shares research highlighting the ways 1300 hackers are using generative AI as a tool to make their hacking more valuable. 

Join Michael Skelton, Vice President of Operations at Bugcrowd, Erik De Jong, Hacker and Security Officer at Delta Fiber, and Erica Azad, Director of Content Marketing at Bugcrowd, in this webinar to learn:
-Age and education trends in hacking as a new generation of Gen-Z hackers hit the market.
-The real reasons why hackers spend their time on security research.
-Why hardware hacking is experiencing an unexpected resurgence.
-How hackers are approaching AI as a tool, a target, and a threat.

Inside the Mind of a Hacker 2024

Security ROI is top of mind for security and business leaders who need to quantify the impact of their investment. Line of sight into security ROI has always been hard, and adoption of crowdsourced security with a "pay for results" economic model (aka, bug bounty) adds additional considerations -- but also opportunities to show a tangible impact on the bottom line.

Join our webinar featuring Paul Ciesielski, Chief Revenue Officer at Bugcrowd, and Jason Haddix, CEO and Hacker of Arcanum Information Security, as they discuss:
-The overall potential economic impact of bug bounty adoption
-How bug bounty potentially affects operational efficiency and traditional pen testing
-How to think about qualitative benefits

Calculating the ROI of Bug Bounty Engagements

Hackers

Bug Bounty

Cyber Security

Cyber Defense

Pen Testing

Application Security

Cyber Crime

Bugcrowd

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Calculating the ROI of Bug Bounty Engagements

Presented by

About this talk

Bugcrowd