Brian Neely, chief information officer and chief information security officer for American Systems, said the company is looking forward to applying the crowdsourced security testing model to its third-party testing portfolio.
Neely noted in a LinkedIn piece published Wednesday that researchers working under the company's HackerOne Challenge utilized their specialized and unique skills to deliver a controlled approach to the bounty-driven assessment.
He added that American Systems has transitioned from traditional checklist-based compliance tests to a performance-based bounty framework that covers internal and external penetration tests, compromise and forensics tests, red-teaming, insider threat assessments, compliance audits and tabletop exercises.
“It was surprisingly easy to engage, set up objectives, develop a bounty structure and execute the program from the start on the HackerOne platform,“ he noted.
Speaking about regulatory issues involving the cybersecurity industry, Neely said that threats will keep evolving and the defense industry must ramp up its cyber posture efforts to match the pace of adversaries.
“I only anticipate more regulation and more auditing in the years to come, which is a good thing,“ he added.
American Systems regularly conducts security assessments for companies such as Baker Tilly, Optiv and Mandiant.