Bugcrowd, a marketplace for security testing websites via crowdsourced “bug bounties”, has raised $1.6 million in its seed funding round, set to close in a few weeks.
The start-up has signed deals with Australian venture capital firm Square Peg Capital, and American investors Icon Venture Partners, Paladin Capital Group and a range of angel investors including Sydney-based start-up mentor Alan Jones.
Bugcrowd allows companies to access Bugcrowd’s pool of over 3,000 hackers and security testers. Any tester that locates a unique issue is paid, and those who identify an issue that has already been discovered receive points. Clients have included supermarket giant Coles and BigCommerce.
Founded by IT security researchers Casey Ellis and Sergei Belakomen in 2012, the start-up graduated from Sydney-based program Startmate in 2013 with a third founder, Chris Raethke.
Ellis told StartupSmart they have been raising funds for three months since the Startmate demo day and went to Silicon Valley in April 2013.
“We learned a lot about how to raise, and what was possible for a start-up when we were in Silicon Valley,” Ellis says.
“The Australian start-up scene is awesome and it’s growing, as the early stage venture scene is growing as well, but there are things that are possible that you don’t necessarily realise are possible until you get over there.”
Ellis says pitching to investors in the US was a steep learning curve for this team. He says while Australian investors are focused on traction, revenue models and income projections, investors in the US were more focused on working out if the start-up team could execute their plans.
“There are also a lot of cultural differences in how you pitch what you’re doing in Australia compared to the US. Over there, you’re expected to be very over the top and very in control, knowing what you want and what you’re doing. The assumption is you’re exaggerating by 300% every time you open your mouth,” Ellis says, adding that Australians expect a bit more humility from their founders.
Ellis says they worked out quite quickly they would need to change their pitch significantly.
“I went over there and people were getting the story, but it wasn’t getting traction. I realised what I was doing and started correcting it,” Ellis says.
The funding will mainly go towards developing a sales team and growing. Ellis is set to move to Silicon Valley later this month.
“We’re an Australian start-up and we’re very proud to be that, but at this point in time we can have Bugcrowd be a moderately successful business from here with a fairly even trajectory, or we can move to the valley, where the potential for connecting and making a big noise about this is so much higher,” Ellis says, adding they probably would move to Silicon Valley if they had started out in Boston or Texas.
“It’s where tech start-up stuff really happens. Getting a phone call from someone from Facebook or Google and organise a coffee with them in town, that’s such a foreign but amazing concept,” Ellis says.
The idea to create a managed service for bug bounties clicked for Ellis when he kept hearing the same challenges from clients he was working with as a security consultant.
They launched their proof of concept test with 1,200 hackers, mostly recruited through Twitter.
“Most customers can see the logic behind the idea, and are keen to try it out. Some do go ‘holy crap that sounds scary I’ll let someone else try it first’ though, so we’ll be focusing on educating people and sharing the success stories,” Ellis says.
“Without fuller context, it can sound like a Wild West thing, where we tell a whole lot of hackers to go and bash a site, but it’s more structured than that.”