Crowdsourcing Security Knowledge


Given the current skills shortage in all fields of security, it is essential that we maximize resources and opportunities for talent looking for interesting and profitable engagements, and companies looking for talent.

Why

There is a huge amount of security talent that is not available for hire, yet there are companies who are desperate for security talent, even if only on a part-time basis.

This Working Session will address this problem by exploring the possibility of creating a marketplace, based on the crowdsourcing concept for bug bounties, where companies could access the talent they need, and security professionals could gain more experience and improve their working conditions in the process.

What

  • Is it the right time to create this market?
  • Create an engagement model for a marketplace for all skills levels (from CISOs, to Senior Ops directors, Threat Modeling experts, security developers, tech hubs, etc…)
  • Review the legality and operation details of the engagement model
  • Define the kinds of organisations that could be used as proxies/facilitators
  • Is the ‘Artist/Agent’ model a good one to follow?
  • What is the financial model that makes sense for both talent and hiring companies?
  • How would this talent marketplace benefit companies and security talent?
  • Is OWASP leadership a good benchmark for talent?

Who

The target audience for this Working Session is:

  • Security professionals
  • Companies looking for talent
  • Companies looking to provide such services

Related Working Session(s)



Back to list of all Working Sessions and Tracks

Edit this page here