Jonathan Cran

San Francisco, California, Usa

I'm a well-informed startup guy and experienced technical security professional based in San Francisco. I'm passionate about technology in general and security assessment in particular. I strive to understand clients' security assessment challenges and deliver elegant solutions.

I'm currently working with Bugcrowd, building and delivering the most effective and comprehensive security assessment solution for web and mobile applications on the market today.

In previous a previous full-time position, I served as CTO and platform lead for Pwnie Express, an information security startup developing products and solutions for Security Service Providers, Government and F500 organizations. During my tenure we released 6 products, garnered thousands of customers, and raised funding of 5.1 million to grow the organization.

Before I joined Pwnie Express, I was a integral part of Rapid7. I joined as a junior pentester in 2007 and threw myself into the work, learning everything I could about security assessment and penetration testing. I quickly moved into a team lead position, mentoring and building a world-class, world-wide security assessment team. Over the course of 3 years, we conducted assessments and penetration tests for Fortune 500 clients around the globe.

When the opportunity arose in 2010, I joined the newly formed Rapid7 Metasploit team to spearhead the development of a dedicated quality assurance team. Metasploit is one of the largest OSS Ruby projects in the world, and a vital tool to the pentesting and security communities. Along the way my team provided the bedrock for 75+ high-quality releases of 2 brand new Metasploit products in just 2 years (and learned a hell of a lot).

I maintain a blog at, and most of my current work can be found there. If there's anything i can do for you, you can reach me anytime via my contact info below.

  • Work
    • Bugcrowd
  • Education
    • Iowa State University