The story of Bugcrowd, from Startmate to San Francisco

There are many more bad people hacking computer systems than good ones helping them not get hacked. Each week it seems that some huge institution reveals that their customer’s financial information has been breached or passwords compromised. There was Target earlier this year and Home Depot in the US more recently and hundreds more that never see the light of media attention.


So what do companies do to get help? Smooth sounding salespeople from trusted large organisations sell the time of security penetration testing consultants at a rate of $2000 per day. The client doesn’t know if they’ll be any good and the cost means they can’t hire as many of them as they would like.


Bugcrowd was setup to change the way this corner of the world works. Casey Ellis and Serg Belokamen had worked together in a small consulting firm selling their services one day at a time before starting Bugcrowd and joining Startmate last year.


The premise of Bugcrowd was to pay for results not hours. Companies like Facebook and Google had pioneered the concept of a bug bounty program where good hackers would responsibly disclose vulnerabilities and the companies would reward them, first with t-shirts and now with serious cash. Bugcrowd would let all the companies in the world who weren’t the size of Facebook and Google run similar bug bounty programs.


The second insight was to help security testers build a reputation. By sitting in the middle of helping security problems get fixed, Bugcrowd could audit and verify if a security consultant was any good or not. The tester could then take that reputation and help win more consulting work, more reliably and not have to work for a big accounting firm. You can see an example here in Pinterest’s bug bounty hall of fame, who use Bugcrowd’s platform to manage their security testing.


What was once a whacky idea is now a common practice, at least in Silicon Valley, and Bugcrowd has grown very quickly. But not without some heartfelt moments. The company decided to relocate to San Francisco to be nearer to its customers and Serg, the original co-founder, had to make the personal decision to stay in Australia and leave the company. Chris Raethke, who was a founder of another company in the same Startmate batch last year that had failed, joined the company as a founder.


The company’s growth though, meant they were able to raise a large multi-million dollar seed round from some great investors like Icon Ventures, Paladin Capital and Square Peg Capital, as well as a bunch of angels.


We filmed an interview with Casey and Chris about their journey so far and the help Startmate gave them in this mini documentary. Applications for Startmate 2015 close next Tuesday and we’d love for you to begin your own story. Apply now.



Follow StartupSmart on Facebook, Twitter, and LinkedIn.


Notify of
Inline Feedbacks
View all comments
SmartCompany Plus

Sign in

To connect a sign in method the email must match the one on your SmartCompany Plus account.
Or use your email
Forgot your password?

Want some assistance?

Contact us on: or call the hotline: +61 (03) 8623 9900.