web analytics

New HackerOne CEO Kara Sprague to Expand Beyond Bug Bounties – Source: www.databreachtoday.com

new-hackerone-ceo-kara-sprague-to-expand-beyond-bug-bounties-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Artificial Intelligence & Machine Learning
,
Governance & Risk Management
,
Next-Generation Technologies & Secure Development

Sprague Replaces Veteran CEO, Plans to Double Down on PTaaS and AI Red Teaming

Michael Novinson (MichaelNovinson) •
September 3, 2024    

New HackerOne CEO Kara Sprague to Expand Beyond Bug Bounties
Kara Sprague, incoming CEO, HackerOne (Image: HackerOne)

HackerOne has tapped F5’s longtime product leader as it next chief executive to continue expanding its portfolio beyond operating vulnerability disclosure programs.

See Also: InfoSec: Applying AI to Third-Party Risk Management to Achieve Consistency

The San Francisco-based bug bounty provider has tasked Kara Sprague with capitalizing on HackerOne’s existing growth in areas such as AI red teaming and penetration testing as a service to boost the company’s wallet share with large enterprises. Sprague will start as HackerOne CEO on Nov. 4 and replace Marten Mickos, who has led HackerOne since November 2015 and will move into a strategic advisory role (see: Human-Powered Security in the Era of Rapid Automation).

“Bug bounty is not the only way that a community of security researchers can provide value to enterprise organizations,” Sprague told Information Security Media Group. “As we talk about web apps giving way to APIs and APIs giving way eventually to AI models, all of these have different threat vectors, so there will be a need to continuously innovate on the HackerOne platform.”

Sprague comes to HackerOne after spending seven years at Seattle-based F5, where she led the vendor’s $1.3 billion application security and delivery product business since December 2022 as chief product officer. F5’s product business grew 1.3% in the fiscal year ended Sept. 30, 2023 (see: How Security Risks Might Halt the Use of AI in Applications).

“My work over the last seven years at F5 has really focused on transforming the product portfolio so that it is future-ready – getting ready for software, cloud and AI-based deployments,” Sprague said.

The Role of Security Researchers at HackerOne

Sprague plans to grow HackerOne’s security researcher community by providing more opportunities for engagement and ensuring the platform is a trusted place for researchers to apply skills and creativity. Specifically, she wants to provide more opportunities for researchers to engage with various threat surfaces and establish partnerships that enhance the technical proficiency of the researcher community.

“They bring different sets of capabilities and different talents, so the more variety you can offer to them in terms of ways to engage and identify vulnerabilities in a threat surface area creates more opportunities for a larger group and a more diverse group of security researchers to participate in that,” Sprague said.

The scale and creativity of HackerOne’s security researcher community has allowed the company to become a market leader in the vulnerability disclosure space, Sprague said. She plans to build on this foundation by providing more engagement opportunities and maintaining a strong balance between enterprise needs and the researcher community.

“HackerOne has awarded over $300 million in bug bounties to its security researcher community, and we’ve minted 35 millionaires based on bug bounties,” Sprague said. “It’s a great way of showing how you apply market dynamics to a problem by basically enabling security researchers to use their time and apply their skill sets to solve issues and problems that organizations around the world have.”

The Role of Trust in a Bug Bounty Program

Trust is fundamental to HackerOne’s business model both in terms of customer relationships as well as the security researcher community since clients rely on security researchers to uncover vulnerabilities that pose risks to their organizations.

“Ultimately, this becomes a place where sometimes, their dirty laundry is exposed,” Sprague said. “In a successful bug bounty program or successful pen test program, you’re likely to uncover things that create risk for the organization. They have to be able to trust the platform in order to use the platform to identify those things.”

From a metrics standpoint, Sprague said, she’s focused primarily on revenue growing, market share and penetration into the large enterprise. She noted the importance of profitability and driving revenue growth at an effective margin rather than just expanding at all costs.

“If CISOs don’t already have in place a formalized vulnerability disclosure program, get ready for it, because if it is not something that is required today – either by your board or by regulation – it will be something that will be required in the near future,” Sprague said. “It’s a critical element of ensuring that your threat surface area is as low-risk as possible.”

Original Post url: https://www.databreachtoday.com/new-hackerone-ceo-kara-sprague-to-expand-beyond-bug-bounties-a-26187

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Codrut Andrei
Secure Software Development Lifecycle Fundamentals by Codrut Andrei
Secure Software Development Lifecycle Fundamentals...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
CISO Forum
CISO’s – First 100 Days Roadmap – Your success as a security leader is determined largely by your first 100 days in the role.
CISO’s – First 100 Days...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
National Cyber Security
Cyber Security Toolkit for Boards – Helping board members to get to grips with cyber security by NCSC
Cyber Security Toolkit for Boards...
WILEY
Cybercrime Investigators Handbook by WILEY
Cybercrime Investigators Handbook by WILEY
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

LogRhythm
A Guide to User and Entity Behavior Analytics (UEBA)
A Guide to User and...
BONI YEAMIN
100 Offensive Linux Security Tools
100 Offensive Linux Security Tools
SentinelOne
90 DAYS A CISO’S JOURNEY TO IMPACT
90 DAYS A CISO’S JOURNEY...
ChiefExecutive
Ciberseguridad: Prioridad Estratégica para los CEO.
Ciberseguridad: Prioridad Estratégica para los...
CYBER SECURITY COALITION
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
CYBER SECURITY INCIDENT MANAGEMENT GUIDE
INL/EXT
Cybersecurity for Distributed Wind
Cybersecurity for Distributed Wind
ARTIC WOLF
Cybersecurity Compliance Guide
Cybersecurity Compliance Guide
ESRAA MOHAMAD
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
ELEARN SECURITY CERTIFIED INCIDENT RESPONSE
DRAGOS
Impact of FrostyGoop ICS Malware on Connected OT Systems
Impact of FrostyGoop ICS Malware...
Victor Tong
Digital Operational Resilience Act – Control Mappings
Digital Operational Resilience Act –...
ARMIS
DORA Resiliency Guide Strengthening Cybersecurity and Operational Resilience in the Financial Sector
DORA Resiliency Guide Strengthening Cybersecurity...
IGNITE Technologies
Docker Penetration Testing
Docker Penetration Testing

More Latest Published Posts

Apress
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
Cyber Security on Azure An IT Professional’s Guide to Microsoft Azure Security
CyberJA
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
ASSET IDENTIFICATION & CLASSIFICATION-A CRITICAL COMPONENT OF CYBER RISK MANAGEMENT
SOSAFE
CybercrimeTrends 2024 The latest threats and security best practices
CybercrimeTrends 2024 The latest threats and security best practices
Routledge
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cyber Security Politics Socio-Technological Transformations and Political Fragmentation
Cigref
Surviving a Massive cyber-attack by Cigref
Surviving a Massive cyber-attack by Cigref
Hidaia Mahmood Alassouli
Common Windows, Linux and Web Server SystemsHacking Techniques
Common Windows, Linux and Web Server SystemsHacking Techniques
Splunk
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SPLUNK® AND THE CIS CRITICALSECURITY CONTROLS Mapping Splunk Software to the CIS 20 CSC Version 6.0
SOC SIEM Use Cases
SOC SIEM Use Cases
safecode
Six Pillars of DevSecOps- Collaboration and Integration
Six Pillars of DevSecOps- Collaboration and Integration
SentineOne
WatchTower I ntelligence-Driven Threat Hunting
WatchTower I ntelligence-Driven Threat Hunting
CNIL
Security of Personal Data
Security of Personal Data
OPSWAP
Securing ICS SCADA updates OT Environments
Securing ICS SCADA updates OT Environments
Top 300 Azure Sentinel Used Cases KQL (Kusto Query Language) queries
Top 300 Azure Sentinel Used Cases KQL (Kusto Query Language) queries
WITH SECURE
Threat Landscape Update Report
Threat Landscape Update Report
ThreatRadar
Threat Intel Roundup
Threat Intel Roundup
ThreatRadar
Threat Intel Roundup
Threat Intel Roundup
ThreatRadar
Threat Intel Roundup
Threat Intel Roundup
Mihaela Curcă
The Role of Cyber Espionage inInternational Relations
The Role of Cyber Espionage inInternational Relations
GLOBAL NETWORK OF DIRECTOR INSTITUTES
THE FUTURE OF BOARD GOVERNANCE
THE FUTURE OF BOARD GOVERNANCE
Deloitte
The CISO’s Guide to Generative AI
The CISO’s Guide to Generative AI
Capgemini
PROMPT THE FUTURE
PROMPT THE FUTURE
Google
We’re All in this Together
We’re All in this Together
CyberSN
U.S. Cybersecurity Job Posting Data Report
U.S. Cybersecurity Job Posting Data Report
CISA | Cybersecurity and Infrastructure Security Agency
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
UNDERSTANDING AND RESPONDING TO DISTRIBUTED DENIAL-OF-SERVICE ATTACKS
McKinsey & Company
Transforming risk efficiency and effectiveness
Transforming risk efficiency and effectiveness
Arnold Antoo
Zero Trust Security Model
Zero Trust Security Model
Richea Perry
Your Cybersecurity Toolkit
Your Cybersecurity Toolkit
IGNITE Technologies
Wireless Penetration Testing
Wireless Penetration Testing