Trust is the currency of the security industry
Crowdcurity, a startup that is helping companies test their resilience against hackers, realized from the beginning, that trust was crucial if they wanted any customers.
On the fourth floor of a building, on one of the better locations in downtown San Francisco, sits the core of the Danish startup Crowdcurity, with 11 employees.
The road from the good idea, to an office in the prominent Runway incubator with a $1.5 million investment, has only taken Crowdcurity 1.5 years. Perhaps because the founders already from the beginning realized, that they were both in the security industry as well as the fiduciary industry.
Crowdsourced security test
Crowdcurity’s business model, as the name suggests, consist of crowdsourcing security tests of corporations’ websites and applications.
Crowdcurity is setting up companies, with security testers from around the whole world, through their platform. These security testers then try to find any security breaches at the companies. If a tester manage to find a flaw in a company’s security, they will receive a “bug bounty” from the involved company. Crowdcurity gets a piece of the cake, every time a tester receive a bounty.
However, to be the link between companies with security vulnerabilities, and security experts trying to solve them, requires that you radiate confidence.
“We are working in an area, which is sensitive. Talking security is something that makes companies a bit afraid. There has been prejudice on our platform that you invite a lot of “bad guys” in to hack you”, explained Esken Friis Jensen, Co-Founder of Crowdcurity, and continued
“Therefore, it is our responsibility to build up the trust to the platform, to make sure companies are not afraid.”
Trust as engine
The founders of Crowdcurity realized from day one, that having a good platform and a strong network of skilled security testers was not enough to create a success. If Crowdcurity is to convert companies that consider getting them to test their security, they must first create trust.
“If a marketplace as ours is to work, is it about building trust between the involved,” tells Esben Friis Jensen.
Therefore, Crowdcurity created a rating system for their platform, which gives companies the opportunity to check out the testers’ reputation, and evaluate the tester after the job is done.
“The tester gets feedback from the companies, every time they find and report a bug. The companies assess how good the tester’s report is, and the tester will get his reward. The tester gets points, based on the two criteria’s states above,” clarified Esben and continued:
“These points form their reputation score, and if they have enough points, they get put into the “Wall of Fame.”
Rating as a driving force
Even though the rating system may seem like a smaller detail in the Crowdcurity platform, the founders quickly discovered how important the visual assessment and the possibilities of having a spot on the “Wall of Fame” was for the testers.
“Money is a motivator for the testers, but the reputation score is also a huge motivator. We have free test programs, where the testers get points towards their reputation score instead of a bounty,” told Esben Friis Jensen.
He explains that the security testers are everyone, from students to hobbyists to security professionals, and that they all use the rating system to build their own reputation on Crowdcurity’s platform.
They can profile themselves, through their work and their good reviews. Crowdcurity has been shown to act as a springboard to more permanent jobs in the security industry.
“We had a tester who were number one on our Wall of Fame for a long time, and he has gone from working as a system administrator in England to being hired by Tesla.”
Distributed trust
As the important of the rating system has become clear for Crowdcurity, they have tried to improve and develop the system. The newest addition is called “Rep”, and distributes the security testers’ reputation on Blockchain. This enables the testers to own their own rating as a digital token.
“We have made trust into something tangible, which can be used elsewhere, by transforming the testers’ rating into digital tokens. By doing this, many interesting opportunities occur, and we are still only in the early phase,” commented Esben Friis Jensen.
Crowdcurity keeps improving their rating system, even though they just released “Rep”. They are currently working on making the companies’ assessments of the testers visible.
“We motivate our testers to produce high quality reports through the ratings, and we have a similar system for motivating companies to make fair evaluations of our testers. Every time a tester get feedback on a report, the testers also give the company feedback,” disclosed Esben Friis Jensen and followed up:
“Until now we have only had corporate rating running in the background, but soon we are making that part of the rating visible to other testers, so testers can assess whether they want to work with a company.”
