Internet of Things
In today’s rapidly evolving security landscape, product security requires more than just traditional testing methods. A well-managed bug bounty program offers a dynamic, scalable solution that can significantly enhance a product security program. This presentation will explore how bug bounty programs can work as an extension of your security team, complementing internal testing efforts and providing a continuous, real-world testing environment. Attendees will learn how to build and integrate a bug bounty program into their security strategy, with a focus on best practices, real-world case studies, and how such programs can drive proactive vulnerability discovery. Key topics include creating a clear scope, triaging reports efficiently, and measuring success through key metrics. By the end of the session, you’ll have a solid understanding of how to leverage bug bounty programs to reduce vulnerabilities, improve security posture, and foster a collaborative approach to securing products.
Jake Jacobs-Smith is a seasoned information security leader with 7 years of experience building security programs from the ground up. He currently manages the Application Security Engineering team at Yext, where he has developed a robust Product Security program. At Yext, Jake built out the vulnerability management lifecycle, API security, infrastructure security, offensive security, and the bug bounty program. He also designed and implemented internal tooling to consolidate all vulnerability findings across security tools and automatically create Jira tickets for tracking. Jake is currently pursuing a Masters in Cybersecurity from Georgia Institute of Technology and is passionate about helping organizations transition from focusing solely on the secure development lifecycle to adopting a more comprehensive approach that incorporates the entire product development lifecycle. He is also dedicated to product security, teaching, and mentoring others in the field.
We proudly present SecretCon, an entirely unparalleled conference for the state of Minnesota, built for our new digital reality. This conference is dedicated to the many specialties of our hacker, cybersecurity, and privacy community. We have taken it upon ourselves to construct a conference that not only embraces our past, but also looks to the future. Join us!
