Crowdsourcing Security Knowledge

Given the current skills shortage in all fields of security, it is essential that we maximise resources and opportunities for talent looking for interesting and profitable engagements, and for companies looking for talent.


There is a huge amount of security talent that is not available for hire, yet there are companies who are desperate for security talent, even if only on a part-time basis.

This Working Session will address this problem by exploring the possibility of creating a marketplace, based on the crowdsourcing concept for bug bounties, where companies could access the talent they need, and security professionals could gain more experience and improve their working conditions in the process.


  • Is it the right time to create this market?
  • Create an engagement model for a marketplace for all skills levels (from CISOs, to Senior Ops directors, Threat Modeling experts, security developers, tech hubs, etc…)
  • Review the legality and operation details of the engagement model
  • Define the kinds of organisations that could be used as proxies/facilitators
  • Is the ‘Artist/Agent’ model a good one to follow?
  • What is the financial model that makes sense for both talent and hiring companies?
  • How would this talent marketplace benefit companies and security talent?
  • Is OWASP leadership a good benchmark for talent?


  • Roadmap for a skills market for security talent


The target audience for this Working Session is:

  • Security professionals
  • Companies looking for talent
  • Companies looking to provide such services

Working materials

  • Draft roadmap for a skills market for security talent
  • Please add as much information as possible before the sessions


… Add content …

Related Working Session(s)

Back to list of all Working Sessions and Tracks

Edit this page here