HackerOne has the potential to completely transform the way we think about security. With an impressive round of financing closed, and the product's value proposition validated, I couldn't be more excited about the opportunities that the company faces. Below, I'll outline a few initiatives that I'd love to focus on in the first 90 days to build and develop the business.
Crystallize HackerOne's Value Proposition
Clearly and concisely define what makes this product offering so amazing; utilize this messaging in the company's communications and outreach efforts
Run an Educational Campaign
Employ strategies such as content marketing, white papers, case studies, and op-eds to educate the general population on the importance of disclosure programs and establish HackerOne as the leading solution. Not having a disclosure program should become an embarrassment for companies in the future.
Increase Profile in the Security Community
Present key findings at security conferences, engage hackers where they hang out (both online and in the real world), establish an open dialogue between friendly hackers and technology companies
Leverage Massive Vulnerabilities for Exposure
Orchestrate PR campaigns to capitalize on the press generated by the discoveries and fixes of huge bugs like Heartbleed (and the bounties, which are sure to grow)
Effectively Segment and Target Potential Clients
Determine who ideal clients are, how their needs differ (e.g. Fortune 1000 company vs. Series A startup), and establish best practices for communicating HackerOne's value proposition to companies in each client segment
Manage Inbound Interest
Reach out to and build relationships with potential clients who have expressed interest in working with HackerOne, make trying our product as frictionless as possible
Qualify HackerOne's Impact
Devise a set of marketing tools that evangelize the product's benefits to potential clients using case studies, company data, and even hackers to make the "hypothetical" issue of security more tangible
Leverage Feedback and Data to Improve Product
Gather constant, candid feedback from clients about their experiences, analyze their usage data, and use these insights to improve HackerOne's product offerings and develop new ones
Establish HackerOne as Standard Bearer
Secure Partnerships with High Profile Partners
In the security space, clients will gravitate towards the solution employed by market leaders. Partnering with these leaders to define best practices will ensure that HackerOne's policies become the default across the internet.
Widely Promote Best Practices
Widespread adoption of HackerOne's marketplace will bring much needed transparency in the world of security disclosures. The policies established will allow hackers to feel comfortable reporting bugs, and ensure that boundaries are clearly established. This transparency will draw hackers to the platform, increasing participation, and improving the quality of security research.
The sheer number of items in this document highlights the array of opportunities facing HackerOne, and hints at the importance of prioritizing these initiatives. Focus should initially be on the initiatives that positively impact other areas of the business, which in my opinion are building tools and materials to convey HackerOne's value proposition, and developing relationships with desired (ideally high profile) clients. For example, building a set of materials that demonstrates the effectiveness of the product will increase conversion rates, which will attract more clients, increase visibility, and provide valuable case studies to further improve the company's marketing and positioning. Effectiveness of lower priority initiatives such as white papers and PR campaigns will only increase as the company grows from meeting its core goals.
As customer data becomes more and more valuable, HackerOne is uniquely positioned to help companies keep their information secure. The company sits at the crossroads of several trends that are shaping the future of technology; big data, crowdsourcing, and marketplaces. Bug disclosure programs are the future of security, but awareness remains low. It's a perfect example of a product that clients don't know they need yet, and I can't wait to get out there and show them that they do.