October 6, 2020 Security operations
Joe Savini

Onboarding log: My first 30 days at Red Canary

What’s it really like to work at Red Canary? A new employee who has spent years in infosec offers a peek behind the curtain into Red Canary’s internal security policies and company culture.

During my 15-year career in information security, I’ve worked as an analyst, system administrator, red teamer, threat intelligence consultant, incident responder, digital forensics investigator, technical marketing engineer, competitive intelligence analyst, and product specialist. I’ve had the opportunity to work directly with security operations teams of various sizes and in many industries. This perspective has given me an appreciation for variations in the ways that companies achieve their security objectives. Over the years I’ve assisted many customers with their security operations through guided exercises with goals to optimize and enhance their capabilities. I’ve had the chance to see what works and what doesn’t work.

I’m often internally critical of the way that an organization operates its security program. The urge to analyze operations and motives is unavoidable and I’m always seeking to define ways that programs can be improved.

First impressions

My first interaction with Red Canary was at the Black Hat security conference. The interaction and product demonstration were enjoyable, as with many vendors present that day, but that wasn’t what stuck with me. What ultimately cemented Red Canary in my mind was the knowledge, candor, and passion exhibited by the employees and booth staff that day. Everyone that interacted with me had a sense of pride. This extended not only from staff but in small talk with additional vendors and partners. Bringing up the Red Canary brand seemed to garner an enhanced sense of respect. It sparked a curiosity in me that would later emerge during my job search just a few short years later.

I’ve been at Red Canary for a few months now, operating as a principal solutions specialist for the Red Canary + Microsoft team. My position helps drive strategic initiatives involving Microsoft products to create security outcomes for customers. Reflecting on my time here, I’m extremely confident about my decision to join Red Canary. The enthusiasm, knowledge, and sincerely humble attitude received at the Black Hat booth was not a fluke but rather a cultural tenant of Red Canary employees.

infosec onboarding and training

It’s unconventional to see an organization that is willing to take the extra steps to promote a culture of accountability, candor, transparency, and excellence in information security. This is contrary to what I’ve witnessed in my years of consulting where the, “Do as I say, not as I do” policies are all too common. This will usually involve things like a security team not enforcing endpoint security, device encryption, or other policies on their work assets in order to reduce the administrative burden of tuning security testing tools. This behavior is obviously shortsighted, as it creates major security risks.

Day one

When I was handed my machine, my first day of onboarding at Red Canary consisted of ensuring that mobile device management (MDM) was properly deployed by setting up multi-factor authentication (MFA) and other measures to protect our customers. I quickly realized that this was required of not only product teams, but also developers, incident handlers, and…everyone else! I was informed that all telemetry gathered from my machine would be monitored by our internal Cyber Incident Response Team (CIRT.) I was skeptical that this would be a consistently enforced policy, so out of curiosity I casually asked, “What if I need to perform malware tests?” as a query to potentially invoke an exception. To my surprise, I was told that I could go for it as long as I notified the internal security team, who has a detailed malware handling policy in place.

Settling in

During my next few weeks, I would be introduced to the back end of the Red Canary product. I kept waiting for the moment when I would encounter some sort of operational band-aid but it’s a good thing I wasn’t holding my breath. With a watchful eye, I witnessed two minor bugs during my training. Moments after discovery, tickets were entered immediately, actioned, and resolved within moments, followed by a “thank you” from the teams who worked on the code. Beyond being amazed by the efficiency of the workflow, I felt a personal sense of pride emanating from the teams, an attitude I will be sure to carry forward.

The merit of this behavior transcends process and technology; the need to drive efficiency and to work autonomously but with accountability are cultural elements. When your coworkers exude a sense of pride in their organization and in their individual tasks, it motivates you to continue to improve.

Walking the talk

I recall being shocked at Red Canary’s transparency with customers. During one particular call, a member of our executive team explained our vision and roadmap in detail to a customer, laying out what features we support and being honest about what features we do not. During another, Red Canary was responsive and open about an operational platform bug identified by a customer. Both of these instances were driven by candor and humility, fostering trust in our customers and creating growth within the company in the best way possible.

I’m proud to be part of an organization where employees are not only encouraged but individually insist on following security policies and doing their part to protect customers. It’s a privilege to be among smart, enthusiastic individuals who strive to work together, preserving humility and being honest about where and how we can improve. It’s the essence of this attitude that attracted me to information security in the first place and I’m glad to see it alive and well here at Red Canary.

Looking ahead

As I put the first few months behind me, I’m extremely optimistic about the future for not only myself but for Red Canary and our customers. I hope that my story emboldens readers to resist complacency and embrace excellence in cybersecurity.

 

It’s time for better cloud workload security

 

Cloud workload security: 7 reasons why it’s complicated

 

Zero in on the alerts that matter with Red Canary’s Alert Center

 

A guide to evaluating EDR security tools

Subscribe to our blog