Bugcrowd's First Principles

About 12 months after Bugcrowd started, one of our team pulled me aside and made a suggestion that truly altered the course of the company:

 Bugcrowd has such a strong set of operating principles and ethics, and they seem to impact everything we do — for customers, for the crowd, and for the internal culture. It’s really early to do this, but we should codify our First Principles. 

And so we did… It was earlier than most companies tend to do it, but over the past three years the following ideals have guided everything we’ve done. As we head into 2016 with all the promise, opportunity, excitement, and hard work it will bring, we’d like to share what we affectionately call the Bugcrowd “isms”:

1. Simple is strong

Simple is strong, because it creates a beautiful experience for the user, and because it avoids the fragility inherent in complex systems. It’s also a lot harder to make something simple than to make it complex… We strive to do it anyway, and have from the start.

 Example: Build briefs that researchers who don’t speak English as a first language can understand, but still provides the necessary defenses and parameters for our clients. If you succeed at that, it’ll work for just about everyone. 

2. Respect is king

This one is key. As the intermediary between two groups of people who desperately need each other, but are historically terrible at getting along, we actively take the position of making sure both sides are heard, and that both get a fair deal.

This is especially critical when you consider the number of folks who are entering the supply-side of the crowdsourced security phenomenon who get “points for enthusiasm” but aren’t at a point where they are contributing value yet. One should never be polite to the point of becoming a doormat but, instead of ignoring them, we feed them into training programs that help their interactions become valuable, both to our customers and to them personally. They deserve it because they are trying to help, and because respect is king.

 Example: Strive to respond to every submission, no matter it’s value. Everyone deserves a response, even if it’s “No thanks, try harder — Here’s how…” 

Apart from the pure principle of it, no-one wants a cranky hacker who feels ignored.

3. Build it like you own it

This one is self-explanatory. When you own it, it’s not just your job… it’s your creation that you’re invested in and passionate about.

 Example: We don’t offer option/salary trade-offs for new employees… If you are part of the Bugcrowd family, you should own a part of Bugcrowd. We should be excited that you do, and you should be too. If you’re not, that’s OK… You probably fit better elsewhere. This is all about reinforcing the idea that this isn’t just a job, you’re a part of creating something that you should be proud of. 

4. Don’t be valuable, create value.

Take a look at our team… We’ve got a deep bench of smart, smart people. The inevitable temptation that comes with being a subject-matter expert is that it becomes easier to “sell your time” than to leave residual value. So easy to do, in fact, that you have to actively decide to not to.

It goes both ways too; Bugcrowd takes a responsibility for creating and depositing value in our team, our crowd, and our customers, at every opportunity we can.

 Example: One of my favourite questions for new team members is “What do you want to be when you grow up?” The reality is that, for 100% of our team, Bugcrowd won’t be the last thing they do in their career. If we can help build a team member towards what they they want to do next, then we’re getting more value from them now, and they’re getting more value from us. 

It flies in the face of the typical SF/SV “I bought the t-shirt and I’m going to wear it until I’m 120” culture, but in our minds it’s intuitive, practical, and realistic… and most of all, it’s a win/win.

5. Think like a hacker

Hacking is about understanding your starting point, understanding your endgame, knowing what’s going to try to stop you, and knowing what you have to work with… Then exploiting that knowledge to get from A to B. This thinking is the starting point for everything we do, and the beauty of it is we have 23,000 people who think just like that to make us even better at it. Product, marketing, sales, engineering, operations… It applies everywhere.

 Example: REDACTED. You’ll just have to come work here to find that out 😉 

6. Open company, no bullshit

OK, OK… We stole this one from Atlassian because Mike and Scott are two of our personal heroes. Transparency, wherever possible, is key; and we’ve worked hard to build a team that is 100% competent, but also 100% open to challenge, input, advice and honesty.

 Example: One of my favorite one-liners is “don’t get caught on Mount Stupid 

So that’s it — Bugcrowd’s First Principles. Open kimono. I hope this gives you more of an insight of who we are, how we work, and why we’re the most trusted, most flexible, and most valuable orchestrator of relationships between a vulnerable Internet and the weird, wonderful folks who have the answers.

Here’s to a happy, prosperous, and successful 2016.

Originally published at blog.bugcrowd.com on December 31, 2015.