Like a double agent who's been turned, I switched from the offensive to the defensive side this week. After four years of working on Metasploit simulating attackers, I'll now be hunting them with UserInsight, Rapid7's new incident detection and response solution that helps organizations detect intruders on their network.

Working on Metasploit for the past four years definitely taught me a lot about attacker methodologies and the attacker mindset. I'm now a more paranoid person for it, which will be a huge help when hunting the bad guys going forward.

I've had a blast work with an awesome team of security researchers, including @todb, @_sinn3r, @_juan_vazquez_, @TheLightCosine, "the man who never sleeps" aka @hdmoore, and many extremely talented coders who are a little less in the limelight but are among the best in their field. Together, we released Metasploit Pro, Metasploit Community, Metasploit on Kali Linux (special shout out to Brandon, Dookie, Muts), and many cool new features, including our recent release, which focused on credentials.

I'd also like to thank our Metasploit open source contributors (you guys are the the reason Metasploit is so well respected and widely used), the folks who participated in the Metasploit T-shirt design competition (my wardrobe is full of them), and @dualcoremusic for writing and performing the Metasploit track (he tried hard, but I could never quite pull off the B-Boy Pose).

Because we've been playing musical chairs here at Rapid7, some very cool roles opened up. Throw your hat in the ring if you're interested:

Don't be shy - contact me on LinkedIn if you have additional questions on any of the roles or on UserInsight. Always happy to chat!