Security is one of the most important things for a startup to focus on, but many struggle to dedicate time, resources, or budget to protect against something you never want to happen. How should startups prioritize security, and what do emerging companies need to know?

1. The Crowdsourced Security Platform

2. bugcrowd.com/try-bugcrowd
How to prioritize security
for your startup
Casey John Ellis
TechCrunch Early Stage
July 2020

3. bugcrowd.com/try-bugcrowd
#realtalk

4. bugcrowd.com/try-bugcrowd
You’re probably *not* prioritizing
security at your startup…

5. bugcrowd.com/try-bugcrowd
…this workshop will help.

6. bugcrowd.com/try-bugcrowd
whoami
Founder/Chairman/CTO of Bugcrowd
20 years in information security
Hacker >> Pentester >> Solution Architect >> Entrepreneur
Pioneered Crowdsourced Security as-a-Service
Proud Australian, husband, and father of two
Based in San Francisco, CA
$ sudo hack.sh $ sudo hustle.sh

7. bugcrowd.com/try-bugcrowd
…what is Bugcrowd?

8. bugcrowd.com/try-bugcrowd

9. bugcrowd.com/try-bugcrowd
> Contain a army of hackers
> Ask the entire Internet to try and break in to us 24x7
> Convince the market that hackers are OK
> Safely store customer vulnerability data
> Lead the category in our own cybersecurity
Our first day…

10. bugcrowd.com/try-bugcrowd
…as well as the normal stuff

11. bugcrowd.com/try-bugcrowd
> Create and validate a category
> Move fast and break things
> Nail product/market fit
> Fundraise and hire
> Out-execute the eventual competition
> Figure out how to immigrate
> Comply with privacy and security regulation
> Get mad write-ups in Techcrunch
> Convince big customer we aren't going to get hacked
> etc, etc, etc...

12. bugcrowd.com/try-bugcrowd
Sounds crazy, right?

13. bugcrowd.com/try-bugcrowd
8 years later
> 80M USD raised
> 100,000s of vulnerabilities annihilated
> 1,000s of hackers paid
> Offices in 5 countries
> Customers from DoD to 10-person upstarts

14. bugcrowd.com/try-bugcrowd
Takeaway #1
Teach your business to wash it’s
hands while it’s still young.

15. bugcrowd.com/try-bugcrowd
Kill password re-use:
Use an enterprise password manager.

16. bugcrowd.com/try-bugcrowd
Use two-factor authentication:
Force it where you can.

17. bugcrowd.com/try-bugcrowd
Apply updates:
Automate them wherever you can.

18. bugcrowd.com/try-bugcrowd
Use platforms:
Insource your core, outsource your context.

19. bugcrowd.com/try-bugcrowd
Takeaway #2
Make secure easy
and insecure obvious.

20. bugcrowd.com/try-bugcrowd
Avoid singular failure:
Have two primary owners on key service accounts.

21. bugcrowd.com/try-bugcrowd
Instill productive paranoia in your entire team.
Security isn’t just an engineering problem.

22. bugcrowd.com/try-bugcrowd
Get your sales, marketing, and finance people on
Chromebooks BEFORE you hit 20 employees…
Just trust me on this one.

23. bugcrowd.com/try-bugcrowd
Takeaway #3
Security sells product.

24. bugcrowd.com/try-bugcrowd
Be ready for security feedback from the Internet with
a vulnerability disclosure program.
https://www.bugcrowd.com/try-bugcrowd

25. bugcrowd.com/try-bugcrowd
COMPLIANCE IS AWESOME!!!
Pick a requirement that makes sense, meet it, find the
next one, lather, rinse, repeat.

26. bugcrowd.com/try-bugcrowd
Startups are all about managing
risks.
Which ones to take.
Which ones to avoid.

27. bugcrowd.com/try-bugcrowd
Cybersecurity is just another risk.

28. Start working on it today!
https://www.bugcrowd.com/try-bugcrowd

29. bugcrowd.com/try-bugcrowd
Thankyou!
Questions?
@caseyjohnellis
casey@bugcrowd.com
@bugcrowd
www.bugcrowd.com
greetz to @zackwhittaker and the @techcrunch team, the bugcrowders,
@codesoda, @wendynather and the duo crew, and @haroonmeer