Black Hat USA 2019 Event Coverage | A Conversation With Kymberlee Price

Black Hat 2019 Event Coverage | A Conversation With Kymberlee Price.jpeg

By Sean Martin &  Marco Ciappelli

During our Hacker Summer Camp 2019 coverage in Las Vegas, we connect with keynote speakers, presenters, panelists, organizers, and the InfoSec community to keep the conversation going. This is one of those chats.

ITSPmagazine event coverage, podcasts, webcasts, articles, and all our happenings before, during, and following Hacker Summer Camp 2019 in Las Vegas is made possible by the generosity of our sponsors. We are ever so grateful for your support.

There are numerous methods available to uncover and identify operational weaknesses and functional vulnerabilities in both software applications and hardware systems. One manner in particular—running a bug bounty—has become one of the more popular methods in recent years as it can quickly scale to the scope of the environment being evaluated [covering breadth] while also matching expert researchers to specific functional areas of the operational environment to ensure the most covert weaknesses are exposed [encompassing depth]. As with most vulnerability testing methods, the goal is to find and fix these issues before a bad actor does it on the company's behalf.

Bug bounties—well, application security overall—is a topic near and dear to my heart. I've written about this topic, helped craft one of the early state of bug bounty reports, hosted many podcasts and webcasts on this topic, and I’ve even lead a panel at AppSec USA about what it looks like to run a successful bug bounty program.

One more sign that I am deep into this topic area is that I often make this joke (which isn't laughable I suppose):

Every company is running a bug bounty; many don’t know it and don’t have a formal disclosure process in place.
— Sean Martin

With this mindset and background in place, you'll understand why I was excited for two things happening during this year's Hacker Summer Camp excursion:

1) An opportunity to meet—in person—someone leading the bug bounty charge for quite some time: Kymberlee Price, Principal Security PM Manager - Microsoft Security Response Center's Community Programs.

2) To explore and discuss the dedicated Bug Bounty micro-summit during Black Hat USA 2019.

Fortunately, both of these activities came together in a single setting during Black Hat, as Marco and I got to meet Kymberlee not only to discuss the micro summit, but to also hear about her journey in InfoSec and her role in establishing some of the best practices being leveraged by the industry for some time now—specifically via her work at Microsoft, at Bugcrowd, and Microsoft (again).

I loved this having conversation and hearing Kymberlee's story.

Now it's your turn to hear it. Have a listen.