Marten Mickos, a veteran executive with companies from MySQL to Sun, Nokia and HP, was not particularly excited about his meeting to explore a leadership role with HackerOne, a fledgling security company. Security is hard, it’s unpleasant, it doesn’t work very well. But he perked up fast after learning about HackerOne’s crowdsourced model of finding and fixing security flaws – a model in which HackerOne plays a key matchmaking role between companies and ethical hackers in a rapidly growing marketplace of skills and needs.

After all, Mickos – who joined as CEO in November, 2015 – knows well the power of crowdsourcing, having served as chief executive of open source companies Eucalyptus and MySQL. In this conversation with IDG Chief Content Officer John Gallant, Mickos explains how the HackerOne system works and how companies get started. He talks about the company’s bug bounty platform for private and public-facing projects, and discusses how it can be expanded to tackle other big security problems in the future. Mickos also explores what attitude adjustments are required from mainstream companies in order to embrace crowdsourced security.

Exactly what does HackerOne do? Explain how it works for our audience.

HackerOne helps you find vulnerabilities in your internet-facing systems. We do it through a unique model where we have a community of researchers and hackers around the world who will hack you on your request and they will send you a report outlining what they found. You send them money as a thank you if the report was useful. If it wasn’t, you pay nothing.