How the Threat Landscape Is Evolving

Bugcrowd CTO Casey Ellis Talks Log4j, Ransomware, Open-Source Software and More
Casey Ellis, CTO and founder, Bugcrowd

The cybersecurity industry continues to face a seemingly endless list of challenges. Lately, supply chain risks, including flaws uncovered in open-source software such as Log4j, have led to frantic and ongoing attempts to identify, mitigate and one day fully patch all affected tools, says Casey Ellis, CTO and founder of Bugcrowd.

See Also: The Healthcare CISO’s Guide to Medical IoT Security

The rapid shift to remote work during the pandemic and embrace of digital transformation and zero trust have also left everyone scrambling to belatedly make sure that everything has been rolled out in a secure, locked-down manner.

"There's a lot more effort going into - potentially on the bad guy side, as well as the good guy side - figuring out what's vulnerable, and how to exploit it," he says.

Criminals are "economically rational," he says. "People think about malicious attackers like this sort of ephemeral force; it's a business. … They're just trying to be as effective as they can, and they'll use whatever's put in front of them."

In a video interview with Information Security Media Group, recorded at the UKI Cybersecurity Summit in London, Ellis discusses:

  • The evolving threat landscape and expected trends for 2022;
  • The importance of adopting a risk-based approach;
  • The growth of crowdsourced security and how it works.

Ellis is the founder, chairman and CTO of Bugcrowd. He is an 18-year veteran of information security, servicing clients ranging from startups to multinational corporations as a pen tester, security and risk consultant and solutions architect, and most recently as a career entrepreneur. Ellis pioneered the "crowdsourced security as a service" model, launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2016.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.