During my 15-year career in information security, I’ve worked as an analyst, system administrator, red teamer, threat intelligence consultant, incident responder, digital forensics investigator, technical marketing engineer, competitive intelligence analyst, and product specialist. I’ve had the opportunity to work directly with security operations teams of various sizes and in many industries. This perspective has given me an appreciation for variations in the ways that companies achieve their security objectives. Over the years I’ve assisted many customers with their security operations through guided exercises with goals to optimize and enhance their capabilities. I’ve had the chance to see what works and what doesn’t work.
I’m often internally critical of the way that an organization operates its security program. The urge to analyze operations and motives is unavoidable and I’m always seeking to define ways that programs can be improved.
My first interaction with Red Canary was at the Black Hat security conference. The interaction and product demonstration were enjoyable, as with many vendors present that day, but that wasn’t what stuck with me. What ultimately cemented Red Canary in my mind was the knowledge, candor, and passion exhibited by the employees and booth staff that day. Everyone that interacted with me had a sense of pride. This extended not only from staff but in small talk with additional vendors and partners. Bringing up the Red Canary brand seemed to garner an enhanced sense of respect. It sparked a curiosity in me that would later emerge during my job search just a few short years later.
I’ve been at Red Canary for a few months now, operating as a principal solutions specialist for the Red Canary + Microsoft team. My position helps drive strategic initiatives involving Microsoft products to create security outcomes for customers. Reflecting on my time here, I’m extremely confident about my decision to join Red Canary. The enthusiasm, knowledge, and sincerely humble attitude received at the Black Hat booth was not a fluke but rather a cultural tenant of Red Canary employees.
It’s unconventional to see an organization that is willing to take the extra steps to promote a culture of accountability, candor, transparency, and excellence in information security. This is contrary to what I’ve witnessed in my years of consulting where the, “Do as I say, not as I do” policies are all too common. This will usually involve things like a security team not enforcing endpoint security, device encryption, or other policies on their work assets in order to reduce the administrative burden of tuning security testing tools. This behavior is obviously shortsighted, as it creates major security risks.
When I was handed my machine, my first day of onboarding at Red Canary consisted of ensuring that mobile device management (MDM) was properly deployed by setting up multi-factor authentication (MFA) and other measures to protect our customers. I quickly realized that this was required of not only product teams, but also developers, incident handlers, and…everyone else! I was informed that all telemetry gathered from my machine would be monitored by our internal Cyber Incident Response Team (CIRT.) I was skeptical that this would be a consistently enforced policy, so out of curiosity I casually asked, “What if I need to perform malware tests?” as a query to potentially invoke an exception. To my surprise, I was told that I could go for it as long as I notified the internal security team, who has a detailed malware handling policy in place.
During my next few weeks, I would be introduced to the back end of the Red Canary product. I kept waiting for the moment when I would encounter some sort of operational band-aid but it’s a good thing I wasn’t holding my breath. With a watchful eye, I witnessed two minor bugs during my training. Moments after discovery, tickets were entered immediately, actioned, and resolved within moments, followed by a “thank you” from the teams who worked on the code. Beyond being amazed by the efficiency of the workflow, I felt a personal sense of pride emanating from the teams, an attitude I will be sure to carry forward.
The merit of this behavior transcends process and technology; the need to drive efficiency and to work autonomously but with accountability are cultural elements. When your coworkers exude a sense of pride in their organization and in their individual tasks, it motivates you to continue to improve.