The cybersecurity market has grown sharply in recent years as vendors develop new solutions and tools to tackle cybercriminals. Despite this, cyberattacks continue to happen and are increasingly sophisticated and dangerous.

That’s why bug bounty startup HackerOne Inc. decided to take a new approach to solving the problem: using the same weapons as the enemy. It relies on people with the same skill and passion to find vulnerability that the bad guys have, except for one difference: They are intent on doing good.

“We have a collection, a community of all the ethical hackers in the world, over a million of them, who are all ready to go in and, in a way, think the bad and do the good,” said Marten Mickos (pictured), chief executive officer of HackerOne. “They approach your system as if they were attacking you, and when they find a hole, they tell you and you can fix it.”

Mickos spoke with John Walls, host of theCUBE, SiliconANGLE Media’s livestreaming studio, during the AWS Startup Showcase: New Breakthroughs in DevOps, Analytics, and Cloud Management Tools event. They discussed the hardships of the cybersecurity industry, the benefits of fighting virtual crimes through a community of talented and passionate hackers, and the changes brought about by the cloud and the digital transformation. (* Disclosure below.)

Diversified and always-improving skills

Founded in 2012, HackerOne has gone from strength to strength as the leading hacker-powered application security platform provider. The company facilitates bug bounties, a process where a company offers a payment to coders and ethical hackers for identifying flaws in their code on websites, applications, databases, software or whatever has been coded.

The impressive community built by HackerOne, which already exceeds 1.2 million ethical hackers, is diverse in terms of talent and experience.

“So, we have a ranking system where we can learn about their skills and we test them so we can, out of that giant community, find the ones who are truly outstanding,” Mickos said.

The company believes that the problems of cyberattacks must be approached from two dimensions. The first involves finding the “cure” for what is one of the biggest nightmares of businesses, governments and citizens alike.

“We have to have a cure that is as strong, as potent as the risk, so we have to find vulnerabilities at the same level as criminals will find. Our hackers will do that,” he stated.

The second dimension of the problem is that it is a moving target. Everything a company or individual learned about cybersecurity yesterday may already be out of date today. The solution for this is inside the community, as new talents with new skills are always coming in and challenging the others to improve, according to Mickos.

“As a hacker, of course, you compete with all your other friendly hackers to be the best, but one day you’ll get beaten by a new guy, a new person, a new hacker who has figured out the new technology. And that’s how we stay current,” he said. “There’s no risk of the knowledge being outdated or stagnated, because the people revolve in this community and it’s always the freshest, most accurate, current talent that’s being deployed in our programs.”

New services for the cloud

As organizations’ attack surfaces have increased due to the digital transformation accelerated by the COVID-19 pandemic, the number of vulnerabilities encountered by ethical hackers has also risen. The “2021 Hacker Report” released in March by HackerOne reveals a 63% growth in the number of hackers submitting vulnerabilities in 2020.

Given the growing migration of business to the cloud, HackerOne has developed specific services for enterprises operating in this environment. The services find typical vulnerabilities that customers have in the cloud and report them so businesses can fix them. It is a cycle of learning and applying it.

“When we find them with one company, we learn and we can look for the same in some other company. So the pace of learning is much faster in our system, and that’s how we can bring companies to a higher level of security when they’re on the public cloud than they were before,” Mickos explained.

As part of its strategy for the cloud, HackerOne announced in August expanded capabilities for Amazon Web Services Inc. The startup’s new integration into AWS Security Hub aims to enable AWS customers to more easily identify and fix vulnerabilities, develop a deeper understanding of their cloud application security posture, and access AWS-specific security expertise.

While many want a single solution that solves all cybersecurity problems at once, Mickos says there is no such thing as a silver bullet.

“There’s nothing that in one change will make you secure, but if you every day fix one little thing, soon you are more secure than your competitors and soon you are among the most secure in the industry,” he said.

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the AWS Startup Showcase: New Breakthroughs in DevOps, Analytics, and Cloud Management Tools event. (* Disclosure: HackerOne sponsored this segment of theCUBE. Neither HackerOne nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE