'Bug Bounty' pioneer Gus Anagnos leaves PayPal for security startup full of ex-NSA spooks

“Bug Bounty” guru Gus Anagnos left a righteous salary and options at PayPal to throw his lot with a group of former National Security Agency spooks and their security startup Synack.

“I left quite a bit on the table,” Anganos told VentureBeat. “I’ve left the bureaucracy behind. At Synack, these guys are no nonsense and get shit done. It’s like ‘let’s kill it. This is what we do.'”

Snaring Anagnos, 47, is a coup de main for Synack, which builds a security solution that sits outside the firewall and can detect and neutralize breaching and infection launches before they enter the network. Synack also deploys an inhouse intelligence team that provides paying clients with actionable intel on the myriad threats facing corporate networks.

The DNA of the team is NSA grade. Chief executive and cofounder Jay Kaplan spent four years at the agency specializing in vulnerability assessments, and he was involved with teams that helped prevent terror attacks on the U.S. that you will never read about. Others at Synack also have an NSA lineage.

Synack is a one-two punch of a business model that is rapidly gaining traction in the IT world, and for good reason. Indeed, Anagnos ran PayPal’s much hyped “Bug Bounty” program in which employees who discovered anomalies within the network reported the flaws and reaped cash rewards. Those programs are now ubiquitous, and they’re standard at Synack.

“Synack brings together the crowd. We’re only offering our clients the real meat, the ugly, hard to find stuff, that matters,” Anagnos said.

According to Kaplan, describing Synack:

“Synack’s Crowd Intelligence Security model brings together a private crowd of the best security researchers worldwide to work on sensitive enterprise applications and network elements. The Synack Red Team operates on a bounty basis to find vulnerabilities in its customers on a unified enterprise-grade technology platform.

Key differentiators from private consultancies: diverse talent pool, continuous service, incentivized-model

From automated utilities: human-powered intelligence (automation cannot replicate a human), closely mimics a true adversary, zero false positives, keeps up with the latest attack vectors.”

Synack, based in Menlo Park, has raised a total of $9 million since launching last year, $7.5 million of that back in April. Their funding benefactors are admirable, and include Kleiner, Perkins, Caufield & Byers, Google Ventures, Allegis Capital and Shape Security chief Derek Smith.

“Gus isn’t your typical infosec exec; he takes risks and faces his back to the status quo — hard to find in an executive who runs security at a big company,” the affable Kaplan, who originally hails from New Jersey, told VentureBeat.

“Gus has had a profound impact since day 1. His perspective is relevant yet fresh, forward-thinking, and fits extremely well in Synack’s culture. We’re excited to have him on board.”

Anagnos’ official title is veep of strategy and business ops, and he said that with him onboard, Synack will begin quickly building out their business model. He has chops not only in the bounty program but also information security, enterprise risk, enterprise resiliency and crisis management. So yes, a stacked deck.

As Anagnos is fond of saying, “getting shit done” at Synack and growing the enterprise is his main focus. At least for now.

“We are,” he said, “increasing the signal and reducing the noise.”