Trung Nguyen
CyStack / Founder & CEO
Trung Nguyen is the Founder & CEO of CyStack, a leading Vietnam-based cybersecurity firm, known for its research, innovation, and award-winning products and services.
Trung possesses over a decade of dedicated expertise, specializing in application exploitation and cloud security. His outstanding contributions as a white-hat hacker have earned him recognition in the Hall of Fame of global tech giants, such as Microsoft, IBM, Daimler, HP, Deloitte..., where he uncovered critical vulnerabilities in their products. As one of Vietnam's foremost researchers in the field, he also serves as a senior security strategy consultant and digital forensic expert for major corporations.
In addition to his security acumen, Trung excels as a software architect and active open-source contributor in globally recognized projects.
Premiere: 4/16 14:40 - 15:10
Replays: 4/16 20:40 - 21:10, 4/17 02:40 - 03:10
Bug bounty programs are a double-edged sword. Done right, they uncover critical vulnerabilities before attackers do. Done wrong, they create noise, drain resources, and even introduce new security risks. So how do you build a bug bounty program that actually works?
Drawing from my experience running Vietnam’s first and largest bug bounty platform, this session will cut through the theory and dive into the real-world lessons of designing, securing, and scaling a successful program. We’ll cover:
1. Program Design: How to define scope, set fair rewards, and attract serious security researchers - not just low-effort spam.
2. Vulnerability Handling: Triage strategies to separate signal from noise, manage false positives, and deal with duplicate reports effectively.
3. Operational Security Risks: How to prevent abuse, secure your own bug bounty infrastructure, and avoid becoming a target yourself.
4. The Human Factor: What motivates researchers, how to build trust, and why community management is just as important as technical execution.
We'll also discuss hard lessons learned, like how to handle rogue submissions and why transparency can make or break your program.
By the end of this talk, you’ll walk away with a practical, tested framework for building a bug bounty program that is secure, efficient, and actually useful - whether you’re starting from scratch or improving an existing initiative.