For many years I worked in teams that were expected to "bolt on" security testing at the end of a project. This never worked, it created tension between developers and security teams and outside consultants never provided great results.
Bugcrowd connects companies to freelance security researchers who search for vulnerabilities and the company pays the first to find each issue. Researchers are given tools to track their bug reports and withdraw rewards to their bank.
One of the biggest challenges was building out an early stage two sided market. Providing liquidity to both sides at once can be tough, so often you need to provide value for one side in isolation as you build it up, then add the second side at a pace which maintains the balance between the two.
Over the last 12 months, I've grown the company from 1500 freelance researchers to over 14,500 and signed on more than 300 customers. Both sides are now growing organically and fully interacting on the platform.
I've learned a lot over this period to do with early start business tech decisions, the first hires in a company, pitching to customers and investors. I've learned a lot in particular about go-to-market strategies and how to grow a business over a 4 year period. The other big thing is how to take an early stage startup codebase and maintain the technical debt the acrues pre product-market-fit and turning that into a solid code base that can be scaled to handle the load of a big business.
Bugcrowd is always growing, it now has 30+ employees and a lot of the early stage responsibilites has been passed on to other executives who are more specialised to take on responsibilities ("many hats") that I previously had to do as part of being a startup company founder.
Log in or sign up for Devpost to join the conversation.