“I think the best way to tell a story is by starting at the end, briefly, then going back to the beginning, and then periodically returning to the end, maybe giving different characters' perspectives throughout. Just to give it a bit of dynamism, otherwise it's just sort of a linear story.” – David Ershon
The first thing you should know about me is I’m a HUGE movie geek, so starting off my initial blog post as Rapid7’s new Detection & Response Practice Advisor with a quote from one of my favorite movies seemed apropos. It’s also relevant, because my interest in information security was sparked by the 1985 film “Prime Risk,” where two hackers scam ATMs and try to take down the Federal Reserve. I thought, “There’s no way this stuff can be real,” started researching how electronics worked, and got into phreaking. I built a couple boxes, broke a few BBSs, got grounded, found the wonderful world of IRC, got grounded again, and then decided to go legit and pursue this field as a career shortly after high school.
Fast forward 20 years and I’m the Information Security Officer of a healthcare company. Why healthcare? Well, that’s where we get to the second thing to know about me: Past all of the jokes and the endless amounts of useless trivia information is a deeply rooted desire to help others. Spending time helping yourself can make your immediate sphere of influence a better place. Spending time helping others can change the world. A bit dramatic, I know, but it’s something I truly believe. So, naturally, when I got the call saying a healthcare company wanted me to join their team, I jumped at the chance.
Jump ahead a month or two, and I was ready to start laying down the foundations of a new-and-improved information security program. This is where I turned to a company I knew could really take things to the next level: Rapid7.
My account rep, Bret Steiman (yes, I’m name-dropping you buddy, credit due where credit deserved), and I immediately got to work. I can’t recall how many times we met (it was a lot), but what I do remember is how the focus wasn’t on selling products and services—it was on doing whatever it took to help both myself and the program out. The simple acts of showing empathy and a willingness to do what it takes to make a difference made a big impression on me. I ended up going all in with Managed Detection and Response (MDR), InsightVM, and InsightConnect, and I haven’t looked back.
Bret and the fine folks over at Rapid7 (Stephen Davis, I’m looking at you) worked very closely with me and my team over the next few years. We did great things together: improved the organization’s security posture, helped my analysts get some sleep at night, passed audits, and infuriated more than a handful of pen testers. They were less of a managed service provider that I worked with and more an extension of my team—a force multiplier on which I could always rely.
Right about now you may be asking yourself, “So, that’s a fine story and all, but why did you join Rapid7?” I joined because of you, the person reading this blog post. How could I possibly pass up the opportunity to help people stop worrying about the next incident and actually get ahead of the 8-ball for once?
The detection and response role gives me the ability to take feedback from the security community (new and prospective customers, boards, forums, conferences, etc.), combine it with my own experience/expertise, and deliver the results directly to the folks who are in charge of products and services. Rapid7’s approach to detection and response already brings together the best aspects of technology and managed services, and this allows for even more iteration and innovation, which will not only impact the operations of security personnel at the micro level but will influence the industry on a macro level.
Rapid7 is a company dedicated to your success, no matter how small or large the organization. Everyone from the person answering your calls and asking questions about a product, all the way up to senior leadership, has shown me that they are deeply invested in helping raise the bar so that, ultimately, we can all rise together. I’ve got quite a few new responsibilities here, but my main goal is to help you any way I can.
Since I started this blog post with a movie quote, it just wouldn’t feel right without ending it the same way:
“No matter what, I promise that if you need us, if you need me, I’ll be there.”
– Captain America