How did you get interested in the field of information security?
When I was in school, I had an interest in computers. Physics, mathematics went over my head - Computers were the only one thing which I could understand. Since then I started playing around with computers, breaking them, fixing them. One day my blog got hacked, I did not get angry at the Hacker. Instead, I was very fascinated and curious about how he did it. After that incident, I started to do research in this field and now here I am.
Can you tell us about your company?
BugsBounty.com basically is providing crowd sourced security solutions to corporate organizations. We host public and private programs but not all companies, especially in India, are ready to allow external people do testing. They believe it is risky. So in such cases, we can offer what we call "crowd simulation", which is unlike any other company is doing.
Crowd simulation - We have internal team, top hackers who we chosen from the crowd, we call them - "crowd hackers", they will simulate the crowd. So, for example, if we have a crowd about 10000 peoples, we will choose top 20 who are performing well. Currently, we have about 30 chosen hackers. "Crowd Simulation" is one of the thing that gives advantages over other companies as it gives them the power of the crowd yet trust of an internal team.
We have raised about 5 Millions from LLoyds ventures.
Is this company unique to India ?
Yes. It was very difficult and so risky to open company like this. it wasnt easy to take this risk. In our company the confidence is the most important thing. We trust each other and we know everything about every singe person in the team, who is working for us in a private group.
I might add, that we need to accept the fact that crowd security is the best form of security, which one can get. Even the Pentagon has accepted it already. Its time for you now.
How did you come up with the idea?
One day I realized that I need to show Indian companies that security is very important thing and so we suggested to use crowd security inplace or concurrent to a typical VAPT company! I believe 1000 brains in the crowd are better than 10 in your office.
What do yo think about the bug bounty market in India?
Actually, people now are more opening up. We have worked with over 80 clients in the past year, and a lot of them are from India - So it's pretty big of a market.
Do you think Indian corporates have enough security?
Indian corporates do have quite some security in place. However, to ensure a better state of security, the power of the crowd has to be utilized. "The security of your website is as good as the best hacker that has tested you."