Jan 2026 – Present · 3 mos

• After 13 years, I have finished up my operational roles with Bugcrowd.

Oct 2024 – Jan 2026 · 1 yr 3 mos

• BoD observer and contracted advisor
• Consulted on company strategy, partnerships, and market positioning, while writing on cybersecurity policy, the role of hackers in cybersecurity, and the evolution and impact of AI on the crowd

Jul 2024 – Nov 2024 · 4 mos

• ❤️‍🩹❤️‍🩹❤️‍🩹

Nov 2023 – Oct 2024 · 11 mos

• Defined Bugcrowd's long-term strategic platform, crowd, and market direction alongside Dave Gerry through a period of accelerated growth, culminating in a $102M Series E led by General Catalyst and unicorn valuation ($1B+)
• Helped grow the global researcher community past 500,000 across 65 industries in 29 countries, and expanded the customer based with customers like OpenAI and T-Mobile
• Continued national and international cybersecurity policy work and named in The Australian's Top 100 Innovators of 2024
• Served on the Board of Directors and continued to educate the market through community, evangelism, and nurturing key industry relationships

Aug 2017 – Nov 2023 · 6 yrs 3 mos

• Stepped into Chairman of the Board and CTO to focus on platform technology, cybersecurity policy, and scaling the business alongside Ashish Gupta. Raised $26M Series C and $30M Series D (Rally Ventures, Salesforce Ventures, Triangle Peak Partners), growing the customer base to include brands like Mastercard, Atlassian, and Amazon
• Won Department of Defense "Hack the Pentagon" contract as part of a $34M expansion of crowdsourced security into sensitive military assets, and was named #10 on Fast Company's Most Innovative Companies in Security (2019)
• Served as amicus curiae to the US Supreme Court in Van Buren v. United States, helping secure a landmark ruling that narrowed the CFAA and protected good-faith security researchers, and advised DoD, DHS/CISA, DOJ, and Congressional committees on national cyber strategy and election security
• Awarded two US patents (US 10,972,494 & US 11,019,091) for crowdsourced vulnerability detection systems

Aug 2012 – Aug 2017 · 5 yrs

• Founded Bugcrowd in Sydney in 2012 and built the founding team to pioneer "crowdsourced security-as-a-service". Relocated the company HQ to San Francisco in 2013 to scale globally
• Led go-to-market from zero on both sides of the marketplace, defining and evangelizing a new category by selling the concept of inviting hackers to test enterprise systems. Keynoted and presented at RSA, Black Hat, and TechCrunch Disrupt to build market awareness and legitimacy for the crowdsourced security model
• Raised Seed through Series B ($24M total) from Paladin Capital, Costanoa Ventures, Blackbird Ventures, Salesforce Ventures, Rally Ventures, and Icon Ventures.
• Grew a high-performing early-stage team to 110 people and built the platform's researcher community from zero to 27,000+
• Won SVForum Launch: Silicon Valley "Most Likely to Succeed" (2013, selected from 300+ startups), RSA Innovation Sandbox Top 10 Finalist (2015), and landed landmark customers including Googl, Tesla, Western Union (the first major financial institution to adopt the model), Fitbit, and Motorola
• Engaged with early-stage U.S. cybersecurity policy as a participant in the NTIA multistakeholder process for vulnerability disclosure, supported the development of the DoD's "Hack the Pentagon" initiative, helping validate crowdsourced security at the federal level and accelerating mainstream enterprise adoption

Nov 2025 – Present · 5 mos

May 2025 – Present · 11 mos

• The security layer for AI coding.

Apr 2025 – Present · 1 yr

• The best way to query, use, and investigate security logs at scale.

Apr 2025 – Present · 1 yr

• Unearth your secrets.

Mar 2025 – Present · 1 yr 1 mo

Jan 2025 – Present · 1 yr 3 mos

• https://anetac.com - Solving the identity vulnerability attack surface.

Oct 2024 – Present · 1 yr 6 mos

• https://dreadnode.io - Research-driven offensive ML and AI.

Apr 2023 – Jan 2025 · 1 yr 9 mos · Washington DC-Baltimore Area · Remote

• The Hacking Policy Council aims to make technology safer and more transparent by facilitating best practices for vulnerability disclosure and management, as well as empowering good faith security research, penetration testing, and independent repair for security.
• Key goals of the Hacking Policy Council
• Create a more favorable legal environment for vulnerability management and disclosure, bug bounties, AI red teaming, good faith security research, and pentesting;
• Grow collaboration between the security, business, and policymaking communities;
• Prevent new legal restrictions on security research, pentesting, AI red teaming, or vulnerability disclosure and management; and
• Strengthen organizations’ resilience through effective adoption of vulnerability disclosure policies and security researcher engagement.

Mar 2020 – Oct 2024 · 4 yrs 7 mos

• Making life difficult for Internet bad guys during the onset and peak of COVID. More info here: https://cti-league.com

Aug 2018 – Present · 7 yrs 8 mos

• disclose.io is a collaborative and vendor-agnostic project to make vulnerability disclosure safe, simple, and standardized for everyone. Free, open-source tools to standardize, normalize, promote, and protect good-faith security research.

Jul 2017 – May 2023 · 5 yrs 10 mos · Melbourne, Australia · Remote

• Mentored early-stage cybersecurity startups in APAC on product-market fit and scaling challenges.
• Advised founders on go-to-market strategies leveraging personal experience as a cybersecurity entrepreneur.
• Contributed to the growth of the cybersecurity ecosystem through innovation and collaboration.

Jan 2016 – Jul 2024 · 8 yrs 6 mos · Sydney, Australia · Remote

• Mentored ambitious founders, operators, and investors through Startmate's programs to accelerate their growth and success.
• Collaborated with a highly-trusted mentor-driven community to provide valuable guidance and support to startup professionals.
• Connected with the best angels, venture funds, and tech startups in the region to foster a thriving entrepreneurial ecosystem.

Jul 2010 – Jun 2012 · 1 yr 11 mos · Sydney, AU

• Mentored Australian start-ups in community-driven activities to foster a sustainable ecosystem for entrepreneurs in Sydney.
• Provided guidance and support to start-ups in developing business strategies and navigating challenges.
• Collaborated with Pushstart team to organize events and workshops to promote entrepreneurship in Australia.

Jan 2009 – Jan 2013 · 4 yrs · Sydney, Australia

• In my role as Founder/CEO at White Label Security, I led the development of remote penetration testing teams and operational frameworks to ensure high-quality security assessments. By collaborating with resellers, we bridged skills gaps in the Australian market, enabling partners to offer advanced security services under their own brand.

Jan 2008 – Present · 18 yrs 3 mos · 0.0.0.0/24

• Tall Poppy Group is a start-up skunkworks with a focus on cybersecurity, AI, security research, and emerging threats. Proud parent of White Label Security, Bugcrowd, and disclose.io. Currently Recombobulating...

Sep 2006 – Feb 2012 · 5 yrs 5 mos · Sydney, Australia · On-site

• Hybrid role incorporating enterprise sales, technical sales engineering, business development, security consulting, and solution architecture.
• Worked with Vectra's key accounts to develop pragmatic and cost-effective remediation strategies to comply with PCI DSS and other RMFs.
• Worked with Vectra customers and partners to create, develop, and productize cybersecurity MSSP offerings to expand Vectra's market footprint.

Jan 2001 – Jan 2006 · 5 yrs · Sutherland NSW Australia · On-site

• IT break/fix, network and solution design, security architecture, penetration testing, wireless auditing, "whatever the heck needs doing" stuffs.