Head of Crowdsource, Johanna Ydergård, joined Detectify to work on solving the information gap in cybersecurity by scaling the knowledge of ethical hackers and helping them make a broader impact, with the ultimate mission of making the internet a safer place.
Johanna Ydergård has a passion for engineering and tackling complex issues. Outside of the office she engages in the complexity of sewing dresses and creating new clothing patterns. “It is both creative and a bit of an engineering process,” she says, “it is also very hands-on and detailed work compared to what I do day-to-day at Detectify.”
A broad and consultative beginning
Back in 2015, Johanna graduated from Chalmers University, where she learned to combine management, economics and data engineering. After studying this broad scope of academic subjects, she naturally wanted to continue applying her knowledge across industries and roles. Hence, she pursued the opportunity to start her career at Bain & Company – a global strategy consulting firm – with the expectations of getting herself immersed in solving complex problems, driving different projects, learning how organizations work across a range of companies and industries.
She helped large industrial organizations digitalize themselves and conducted her share of commercial due diligence to assess whether a company is worth investing in or not. “I therefore now know unreasonably much about building material, vacuum toilets, plastic boxes, beauty e-commerce, district heating facilities, men’s luxury goods and all sorts of things I don’t apply in my work today,” she says with a laugh.
Being comfortable with uncertainty
Today Johanna is heading up Detectify Crowdsource, our invite-only bug bounty platform for ethical hackers. What we are doing with Crowdsource is the first of its kind in the cybersecurity industry as we bring together automation and crowdsource security to make cutting-edge security research more accessible. While Johanna has worked with many industries, this is a whole new terrain for her, and she is also challenged to make it scalable. This is her approach:
“From day one, I’ve had to learn new things quickly and make pragmatic and relevant analyses that enable quick decision making. This is familiar to me since I’ve been doing this as a consultant. The key is to feel comfortable with uncertainty. You have to embrace the very fact of not having much idea about a certain topic at the beginning of a project and still diving in headfirst – eventually, you will understand it. I believe there is nothing that can’t be learned or can’t be done if you simply put effort into it.”
Narrowing down the focus to hackers and cybersecurity
Detectify also managed to catch Johanna’s attention, in a time when she was getting tired of the consulting lifestyle – traveling and changing industry focus every other month or week. Eventually, she felt the need of being part of something that is at the forefront of a field and driving development forward, rather than helping large companies try to catch up with the world.
She was particularly attracted by cybersecurity and MedTech as both industries are pushing innovation and driving change, but in the end, the fundamental question behind the value proposition of Detectify Crowdsource is what caught her interest.
Diving into the world of hackers
Her journey at Detectify isn’t always a path of roses. You’re bound to face some challenges when diving in headfirst into the world of crowdsourced cybersecurity, especially if it’s your first time standing at the springboard:
“Gaining credibility among a group of niche experts without at all being an expert myself was a challenge, but the community’s mindset is fantastic! There is a strong willingness to share knowledge with others and there is always something new to learn.”
She’s observed that to be a successful hacker, one has to keep up-to-date with new techniques and security research, as well as learn new things daily since cybersecurity is a fast-changing matter. Johanna also adds:
“The technical part of my role today requires much deeper knowledge in comparison to consulting; I have to dive into details about how our platform is built and understand it to be able to make good decisions to push development and adoption forward. Thankfully, my team has been extremely helpful and patient to support me.”
Overall, to succeed as a challenger in this industry, Johanna says that it takes curiosity and willingness to dive into a highly complex field with all its implications.
The challenge of scaling up a hacker’s impact
Johanna’s team is set with the challenge of helping hackers make a broader impact by automating their knowledge to secure more web applications. Members of the Crowdsource community send in working proof of concepts of vulnerabilities with exploitable payloads to Detectify via the platform. These crowdsourced vulnerabilities are automated in our web application security scanners to detect vulnerabilities in our customer base. Hackers are then rewarded with a financial kickback for every finding, and in her words, “it’s a R&D engine for vulnerabilities.“
“Working with the ethical hacking community is rewarding. Even though I’m not a hacker myself, everyone is friendly and has a genuine intent to help companies get safer, by sharing knowledge and learning from others.” She adds, “it’s an unexpectedly diverse community as ethical hackers come from all over the world and many different backgrounds, although not from a gender perspective – in this regard, we still have a lot to work on!”
Running a company, within a company
As the Head of Crowdsource, Johanna is responsible for scaling this “engine” – together with her team. This entails anything from developing the crowdsourcing platform, engaging our hacker community, handling marketing activities, recruiting new hackers to setting the reward model for our hacker community. She says, “essentially, I focus on a variety of functions, ranging from strategic development to sourcing to HR to finance – it’s almost like running a mini-company, within the company!”
Building a platform made for hackers
Johanna’s plans for the department are exciting. The ambition for the coming year is to be the fastest-growing ethical hacker network that attracts the best hackers in the world, by continuing to make our Detectify Crowdsource platform fun, engaging and receptive to the feedback of our community. This could involve, for example, more transparency on submissions, collaborations on the platform’s development and learning from each other. The plan is also to boost the community feeling with events and content that bring people together.
The outlook of Crowdsource
The vision is simple: make Detectify Crowdsource the world’s largest and most scalable platform for crowdsourced vulnerability information.
For this to happen, Johanna asserts that we need to have the best hackers onboard with a variety of skills and a larger customer base to secure. Putting these two together with our multiplier payout model, hackers in Detectify Crowdsource have the potential to earn amounts superior to selling vulnerability information on the black market:
“By achieving this part, we would truly help more ethical hackers make a broader impact by securing websites en masse and at scale. But first, we need to be a significantly larger team with more platform developers, vulnerability automation developers, community managers, project managers, marketers, and probably much more. It is an ambitious plan, but that is also what makes it fun!”
Re-defining an industry with diversity
When asked what motivates her each day, Johanna explains:
“I like how we are trying to create change and do something new that has not been done before. We want to completely re-define the flow of vulnerability information. We know that there are easier ways of earning money, easier jobs to take, but trying to change something structurally is fun.”
And from a people perspective:
“I like that we have managed to maintain good diversity – in terms of gender and where people are from – given the context and industry we are in. I think this shows in our day-to-day work; we can merge different perspectives coming from different types of people in a fun and innovative way.”
What it takes to join Johanna and the Detectify team
Our team will keep on growing, which means that finding candidates who want to be part of driving change in a rapidly evolving cybersecurity space is a priority for the talent team at Detectify. Johanna: “Cybersecurity is a complex subject, and I’m looking to add team members who are willing to nerd out and dive deep into the complex world of hacking and IT security to enjoy the ride together.”
Quick Q&A with Johanna:
Mac or PC? I am OS-agnostic. For my last job, I would never have used Mac given the number of hours I spent in Excel, but in my current role, I love Mac.
What’s your #1 security tip? Use a password manager. This could help you with not reusing the same one everywhere.
How do you keep up-to-date with tech and business? My team and community are good at sharing security and tech news in our internal Slack channels.
What’s your favorite Detectify blog post? I enjoy all our “Meet the hacker” posts – It is so interesting to get into the head of a hacker and understand how they think.
If you are ready for a new challenge to broaden the impact of ethical hackers, take a look at our open positions to join Johanna and the Crowdsource team in Stockholm!