Introductions - Meet your fellow Bugcrowd members


Hi Mariano! We’ve got a thread about RSA that we can use to coordinate a meetup :slight_smile: RSA 2015/ BSides SF/ Yahoo Trust UnConference Roll Call


Hey there!

My name is Jonathan “jcran” Cran, I’m the VP of Operations at Bugcrowd.

I’ve been with Bugcrowd since 2013, and have worked in a lot of aspects of the business. I’m responsible for ensuring the growth of the customer and researcher success functions, as well as the analyst and support services. I’ve been lucky enough to work with many of you through the disclosure or support processes over the last few years and am constantly striving to create the best experience possible. My number one priority is to align both organizations and researchers toward a common goal - better functional security.

My background is security assessment, and I’ve been active in the security community for many years through various organizations and groups - Rapid7, Metasploit, and Pwnie Express - SOURCE, Masshackers, AHA!, etc.

I’m always interested in new attack techniques and ideas and i’m really looking forward to being able to share some of my own learning on this forum. If you’re interested to chat, please feel free to reach out anytime.



Hi all! I am an offensive security adept working for a security firm based in the northern Italy. Recently I have developed an interest in reverse engineering and vulnerability research and joined in various bug bounties initiative.
You can find some of my works on github. Feel free to follow me on twitter (@cmaruti) and get in touch!


Good evening , my name is James and I study electronic engineering in the University of Piraeus ,Greece.During my free time I “write” simple programs using C and over the last 2 years I have been involved into the hacking world.

I have good knowledge of Kali Linux and I like performing pen-tests using Zimperium on Android.I am very interested in bug-bounty programs because the motivate me to learn new stuff and extend my knowledge.In the future I would also like to give exams for certs like CEH ,Offensive Security etc.

If you ever want to contact me for ideas or anything else feel free to send a message here or at


Hi…my name is John…and I have am an al^H^H…wait never mind wrong forum…Currently working for the borg collective, spent the majority of my 17 pr so years in IT doing networking and defensive security…I’ve spoken at various conferences from ToorCon San Diego, all the way to Derby…#PumpCon alum…Been to 3 summertime weddings at the Alexis Park…Currently writing a book on WAF…though I am painfully behind and my publisher is on my case to get it done…Fan of Cat Memes…Have a collection of action figures on my desk that i talk to, some even take my place during meetings…Member of the World Famous ™ often imitated never duplicated Wester Regional Cyber Defense Competition Red Team…

Theres probably a bit more…but thats all i can think of now…


Hey All,

My Name is Jason. I do web/mobile/net penetration testing by day and bug hunting by night. I blog and speak at conferences whenever possible and play CTFs when I can carve out the time. Im a big believer in methodologies and training, OSINT, and hacker culture. Feel free to ping me anytime =)


Hello, hello Hi…

My name is John (@n0x00) I’m a UK based Pentester, we don’t really do that many certs over here I’ve been a CTM/CTL if anyone know’s what that means.

I’ve spent time as a Pentester mostly for government, I’m Just finishing a two year stint as a principle consultant for an investment bank… it’s all the same work with different purposes right !? I have a blog that I try to keep upto-date

If anyone needs a hand, or wants to talk industry / problem / whatever ! or you’re visiting London UK and you want to hang out with some of us rotten lot … !ping


Hi Everyone!
Sorry to be late to the intro party. I’m Kymberlee, or @kym_possible on twitter. If LinkedIn is more your thing, you can connect with me there too.

I am the Senior Director of Researcher Operations at Bugcrowd, and manage a team that runs quality and engagement programs for the Crowd. If it has to do with security researchers it is on my team. Our goals are to help researchers be more efficient and profitable, which not only means fostering tradecraft development to find the most critical bugs as quickly as possible, but also skills like writing up great vulnerability submissions that customers can quickly understand and take action. We help the Crowd to help Bugcrowd customers to identify critical vulnerabilities in their applications and networks.

Before joining Bugcrowd I had the opportunity to do a lot of other cool infosec things too, like 4 years of Security Incident Response at BlackBerry where I investigated webkit and open source vulnerabilities in smartphone and tablet products. I got started in information security in 2003 at Microsoft, when I founded the first security researcher outreach team in the industry. I’ve investigated botnets malware and APT’s, done a ton of data analysis on vulnerability time to fix and [third party libraries][4], and even [helped design the anti-clickjacking feature in IE8][5].

I am super excited to be part of the team at Bugcrowd since November 2014, the people I get to work with every day are amazing. So is the Crowd. We have a ton of great stuff planned for y’all, can’t wait to show you. :grinning:


Hi All,

I’m Justin Kennedy (@jstnkndy), I lead an Offensive Security & Red Team for the US region of a global consulting company. I’m also active on IRC (freenode) as juken. Looking forward to some great discussions here. :slight_smile:


I work on Security at NetSuite. My interests include cracking clouds, modeling complex systems, developing massive software-defined infrastructures, and is the outlier in your risk model.


Welcome @pwn :slight_smile: Glad to have you here!


Some legit people up in here :wink:


Hi I am Prima. Never really participated in Bug-bounty programs yet like most of you here. Worked in InfoSec in Perth, Australia previously and now in SF Bay area. Trying to teach myself to penetration-test and such and hoping to get to know a few people in the Info Sec community here in the bay area. :blush:


Welcome @vpreema! Awesome to have you here, and great to have a Bay Area researcher! Bugcrowd is based in San Francisco, near the Jackson Square area. Maybe we can meetup sometime? :smile:

Please reach out if you ever need anything. We’ve got a bunch of resources here on the forum that can be helpful when just getting started. We also have a ton of very smart people that can help!


Hey Sam! For sure! Thanks for reaching out. Is there an e-mail address I can contact you on and carry on with the conversation maybe?


Yep! I’ll follow up via private message here on the forum :smile:


Hi All,

I am Anant Shrivastava (nick @anantshri) from India. Started my career as a System’s administrations then did a bit of stint into development and now fully focused into information Security. I have a total of 7yrs corporate experience and a teaching experience of 9years.

I work as an independent consultant, I take projects on Web and Mobile security. I am also the project owner for Android Tamer (Android security distro) and CodeVigilant (opensource notforprofit bug hunting project)

My technical articles are published on

Looking forward to have some great discussions.


Thank you for having me here.


Hey all, I’m @caseyjohnellis, CEO and co-founder of Bugcrowd.

@codesoda and I are the two nutters who, back in 2012 when bug bounties where strictly the domain of big tech and security geeks, decided a crowdsourced model solved a much broader problem for both sides of security market. We decided to form Bugcrowd to make that happen.

My tl;dr is that I did 6 weeks of university, dropped out and took an IT internship, started hacking stuff, and haven’t looked back since… except that what I’m hacking has evolved from networks, to apps, to sales, to entrepreneurship, to business, to markets.

We’re going to do a founder’s AMA over the next little bit where we’ll give a little more backstory and answer any questions, but those of you who’ve already met me know that I’m a very open and chatty person who loves meeting new people and learning new things, so hit me up on Twitter or reach out here.

Peace out.


Hi Everyone,

My name is David, I have been known as @flotrizzle for the past few years so feel free to use whatever y’all are comfortable with. I was an active duty network administrator in the Army for 6 years until I was medically retired at 23. The retirement was a blessing in disguise, I now have my entire life to devote to penetration testing and the study of computer forensics in its entirety. I am in no way new to this profession but I am new to Bugcrowd and hope to share my knowledge with everyone and learn new techniques along the way.

When I am not conducting penetration tests at home I am studying for my CompTIA or EC-Council exams. Some people call it “paper chasing” but I call it improving my resume. I like to take as many test’s as I can because it helps me keep a fresh mindset and gives me something to do on a boring day.ha

Feel free to contact me anytime.