January 7, 2020
Passing Enterprise Security Reviews
Lisa Hawke, VP of Security and Compliance for Everlaw, demystifies the enterprise security reviews and vendor risk assessment processes. She...
In First Round Capital’s State of Startups 2019 report, nearly 80% of founders reported that building a community of users is important to their business, with 28% describing it as critical to their success. I’ll bet many of you reading this would place yourself in the latter category, as Jesse Davis does.
At HackerOne, we connect independent security researchers (aka “hackers”) with organizations like The US Department of Defense, Airbnb, Starbucks, General Motors, Goldman Sachs, and hundreds more to find and report security vulnerabilities in the name of defense. Our focus at HackerOne is to create the best hackers and provide them the best education, support, and financial opportunities. Our community of security researchers is essential to HackerOne’s mission and our success as a business, so we work hard to ensure that we’re supporting them as the community grows.
Your community may prefer to build, ours prefers to break, but the tool chest is not much different for your DevRel community-building tactics. In this article, I’ll share a look under the hood at the suite of community building tools that we use at HackerOne to keep our community connected and engaged.
Never underestimate getting your community on a video call, nor the power of an email. There’s a bevy of tools that are core to interacting with and serving the HackerOne community of hackers. We’re a Google shop, using their entire suite of tools.
But with 700,000 registered users from over 170 countries signed up to hack on HackerOne, the sheer volume of standard communication is impossible to manage manually and takes time away from impactful and personal communications that may have greater impact. We also needed a solution that could safely and securely be integrated into the core HackerOne platform. We use Intercom to send personalized, automated emails to the community after certain milestones are achieved (they submit their first report, get their first bounty, etc.).
It gives us the WYSIWYG tool that my team can manage and analyze performance, conduct A/B tests, manage copy edits, etc without bothering Engineering or Product.
With a global community to serve and nurture, even the simplest tasks require cross-functional execution and collaboration. Utilizing Asana, a tool that’s adopted company-wide, goes a long way for the Community team at HackerOne to get things done efficiently, whether it’s a hacker spotlight blog post with marketing, planning one of our flagship live hacking events, or shipping swag to over 170 countries.
As you scale your community, you’ll invariably need to create some bespoke tools to fit your needs. For us at HackerOne, we have a hybrid of Looker and our home-baked Support App tool.
Looker queries provide the relevant data for us to make the right decisions for our business, and the uniqueness of our invitation model has led us to innovate within the Support App tool, which was originally built for the Customer Success function at HackerOne. An idea born out of a company hack day — dedicated solely to innovation and measured in engagement and impact — has turned into an essential and robust tool to help my team source, invite, communicate with, analyze and serve our community which has doubled in size over the past 12 months.
Pro-tip: lean into the “hack days” at your respective companies, win over engineers and designers passionate about your community and work with them to build that quick win thing you’ve been wanting for a long time. Both teams will be happy you did it.
At HackerOne, we are hacker anthropologists. We are the bridge between our users and the product org that is building the features and experiences for them. As a community leader, you must go and do likewise in your DevRel functions. Before you start building what you think is best or what’s been requested, listen to your users. Go beyond what they ask for and search for why. You can’t build anything of value for your users unless you understand them and their needs.
The primary mechanisms we have in place to accomplish this at HackerOne includes a Hacker NPS satisfaction survey and, coming soon, a vibrant Hacker Advisory Board with diverse representation from our community. We, of course, utilize surveys for other needs as well. It seems there isn’t a week that goes by that we don’t have some Google Form or SurveyMonkey out in the wild, seeking to learn more about a new product release, feedback on a particular bug bounty program, etc.
Remember that your users are people too! The community of hackers on HackerOne tell us that, not unlike developers, they hack for good. They’re not just in it for the money. Hacking to protect and do good, having fun, learning and challenging themselves is as important to the hacker community on HackerOne as earning a $10,000 bounty — a monetary reward for a real-world vulnerability finding.
They’re proud of their work, so communicate with them frequently, share status updates on products, fixes, payments, and roadblocks, and thank them for their support. This is especially relevant in the hacker community when users are finding critical vulnerabilities and earning thousands — and sometimes millions — in cash. Our community members are big fans of ChatOps. And for good reason. We invest in various platforms, but the three biggest for us are Twitter, Discord, and Slack. That’s where hackers interact regularly, so we bring the conversation to them.
My advice: Know your community; go where they are.
Our community adores swag and we love to adorn them with it. Swag ROI is impressive when done right and wasteful when done wrong.
In the early days of HackerOne, our co-founders were the couriers, dealing daily with DHL, FedEx, UPS and more to be able to ship a swag pack to India, which isn’t simple. With our volume, we needed to have a partner that could handle the bulk of the logistics. That partner has been Printfection.
The authors of Get Together — a recent best-selling book published by the community leaders who built Instagram, Facebook, and eBay — talk about the concept of “building with” your community.
I challenge my team at HackerOne that we must:
As we say: Together, we hit harder.
Image Source: HackerOne