This new role brings together corporate strategy, compliance, and public policy under one umbrella, supporting our mission to be the most trusted platform in crowdsourced cybersecurity.
Since joining Bugcrowd in late 2024 as CISO of the Americas, Trey has played a pivotal role in shaping our security posture, strengthening customer confidence, and guiding critical strategic initiatives. Now, as CSTO, he will take on a broader leadership scope, working closely with CEO Dave Gerry to drive our long-term growth, while continuing to champion the voice of the customer and hacker community.
“Trust is the bedrock of every successful security program and partnership, and it’s deeply ingrained in Bugcrowd’s DNA,” said Trey Ford, CSTO. “I’m honored to take on this role at a time when customers are asking not just for innovation, but for confidence, clarity, and long-term safety. This role is about solving real-world problems with a real-world mindset, while scaling responsibly.”
As Bugcrowd continues to scale globally, the need for this new role has never been greater. From FedRAMP and GDPR to customer trust programs and platform reliability, Trey’s work will ensure that compliance, safety, and credibility are embedded in every layer of our platform.
“Trey’s ability to align strategic vision with real-world customer outcomes makes him the ideal leader for this role,” said Dave Gerry, CEO of Bugcrowd. “As we drive innovation and expand our reach, Trey’s expertise and leadership will strengthen our position as the trusted partner in crowdsourced security, delivering compliance, safety, and confidence to our customers.”
Please join us in congratulating Trey on this exciting next chapter. His leadership reflects our continued commitment to building a safer, more connected, and more trusted future for all.
What excites you most about stepping into this newly created role?
I’m excited to narrow my focus. Bringing a background steeped in cyber operations leadership, consulting, and research—I get the opportunity to integrate my time in private equity and industry strategy with program execution. Partnering more deeply with customers, product, and the community every single day is a nexus I couldn’t be more thrilled to be in.
How will your role support the wider Bugcrowd community?
The initiative to work with and for the community, while helping our customers track objective measures on the performance of their security investments couldn’t be more timely. The boardroom narrative is top of mind, with the expensive question of “how are we doing” being asked by the CISO’s peer executives regularly. Bugcrowd has ways of helping CISOs answer that question with confidence, which I’ve seen time and time again with some of our most successful customers.
What are your top priorities as you take on this new position?
The way security teams do business is evolving, and Bugcrowd has a lot of exciting updates coming that continue to improve hacker experience, customer triage partnership, and executive oversight of our programs. I’m diving headfirst into corporate strategy, FedRAMP, and NIST 800-53 initiatives that will all extend the reach and impact of what we do here at Bugcrowd, resulting in a better experience for our whole community.
How do you personally define trust in the context of security, and how will that definition shape your strategy in this new role?
Relationships are built on trust and communication. Trust is the belief that the other party (in our case, Bugcrowd) is reliable, honest, transparent, and acting in the best interest of the beneficiary (in this case, our customers, their customers, partners, and hackers).
Trust is an ephemeral form of currency. It is built over time through consistent execution and validation. At the same time, trust can be lost so quickly. There are several layers to cultivating trust here at Bugcrowd:
Where do you see the most urgent gaps between security innovation and regulatory frameworks, and how do you plan to bridge them?
Security research and disclosure are still under attack. The public policy sphere needs the tools to pursue threat actors and attackers, while protecting those acting in good faith. This crucial work has been part of Bugcrowd’s DNA since the birth of the company over a decade ago. It is our conduct as security professionals and the security community that informs the bright line difference between public good and criminal behavior.
For example, the US CFAA (Computer Fraud and Abuse Act), is built upon a trespass statute. We rely heavily on guidance from the Department of Justice for attorney generals to inform prosecutorial discretion, but codifying research and disclosure as a public good has yet to be successfully locked down.
The CVE (Common Vulnerabilities and Exposures) Program is also in a rocky state of transition. At Bugcrowd, we are actively driving conversations about the future of this program. As a community, we need to define what good looks like. This isn’t just a moment of concern—it’s a moment of opportunity.