All posts by Rapid7

[Security Nation] Brian Honan on creating Ireland’s first CERT

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/21/security-nation-brian-honan/

[Security Nation] Brian Honan on creating Ireland's first CERT

In this episode of Security Nation, we’re joined by Brian Honan of BH Consulting. Jen and Tod chat with Brian about his experience as a founder of Ireland’s first CERT, the continuing scourge of ransomware, and cyber warranties. They also go beyond all of the recent salacious breach headlines, discussing the need to highlight successes and positive happenings in cybersecurity.

And stick around for our Rapid Rundown, where Tod and Jen talk about the under-the-radar WifiDemon vulnerability affecting iPhones and iPads.

Brian Honan

[Security Nation] Brian Honan on creating Ireland's first CERT

Brian Honan is CEO of the cybersecurity and data protection firm BH Consulting, and he is recognised internationally as an expert on cybersecurity. He has acted as a special advisor to Europol’s Cybercrime Centre (EC3), founder of Ireland’s first CERT, and sits on the advisory board for several innovative security companies.

Brian is the author of several books, and regularly contributes to various publications. For his contributions to the cybersecurity industry, Brian has been awarded the “SC Magazine Information Security Person of the Year” and was also inducted into the Infosecurity Hall of Fame.

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

Grow Your Career at Rapid7: North America Sales

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/21/grow-your-career-at-rapid7-north-america-sales/

Grow Your Career at Rapid7: North America Sales

As any sales professional knows, working for an organization where your growth and development are supported is key — not to mention selling a product you believe in and a company mission you can get behind.

At Rapid7, you can check both of those boxes. With a stellar Business Development program that develops our next generation of successful sales professionals and provides clear opportunities for growth and development, and being named a leader in the 2021 Gartner Magic Quadrant for SIEM, a Strong Performer in Managed Detection and Response Report, and a Visionary in 2021 Gartner Magic Quadrant for Application Security Testing, it’s a no-brainer why sales professionals are thrilled about the opportunity to launch and grow their careers with us.

We talked with five of our North America Account Executives to hear firsthand about how Rapid7 has supported their career growth and learning, why they would recommend Rapid7 as a great place to work, and notable deals they’ve had the unique opportunity to work on and close.

Grow Your Career at Rapid7: North America Sales
Justin Wait Account Executive, 2.5 years with Rapid7
Grow Your Career at Rapid7: North America Sales
Erica Villareal Account Executive, 2.7 years with Rapid7
Grow Your Career at Rapid7: North America Sales
Yunus Bhuiyan Enterprise Account Executive, 4.5 years with Rapid7
Grow Your Career at Rapid7: North America Sales
Gabriella Starkey Account Executive, 2.7 years with Rapid7
Grow Your Career at Rapid7: North America Sales
Elisa Rascia Account Executive, 3 years with Rapid7

How has Rapid7, your managers, and/or your peers supported and encouraged your career growth?

“There are so many dynamic ways in which my managers and peers have encouraged and supported me throughout my career here at Rapid7. My management has constantly coached me on ways to fine-tune my strengths and challenged me to develop areas that need work. They’re always ready to spend 1:1 time with me to talk through scenarios, build confidence in my abilities, and enable me to run my business in the way I see fit. They listen, ask, and implement my feedback proactively. They also don’t hesitate to commend me in front of their peers and their own leaders. Most importantly, they give me time to focus on life outside of work, to focus on my family and to mentally decompress. This is true across the leadership chain and is a priority of theirs, which is very rare in organizations.” – Yunus Bhuiyan

There is a ton of support at Rapid7 to further career development. Our People Strategy group is really proactive about reaching out to the company to make sure people know they exist and that they exist for us. I had someone from People Strategy reach out to me and put time on my calendar to get introduced and have a casual conversation about my future goals. She helped put a lot of things into perspective and has been a huge supporter getting me to my 5-year plan at Rapid7.” – Elisa Rascia

“My peers have been incredibly supportive during my tenure at Rapid7. Having started as BDR at Rapid7, I have remained close with a few team members despite being on different teams covering different territories today. It’s awesome to know that my peers are experiencing the same challenges as me and generally at the same time, too! We all cheer each other on and also have a good amount of healthy competition with each other.” – Gabriella Starkey

“We have a pretty tight team in the Austin office. At any given time, I have relationships with not only the sales team but our engineers, production, and pen testers due to the close proximity we’ve been able to work together in. I’ve had the opportunity to learn from every aspect of the company and grow with that holistic experience.” – Erica Villareal

What is the most notable deal you’ve closed that you’re proud of? How did you leverage your manager? What internal teams did you work with?

“My Director has a lot of catchphrases, but ‘Win together’ is a big one, and this deal couldn’t have been a better example as I worked with our BDR team, my Sales Engineer, CSM team, and my manager. Throughout the sales process, I had to loop in the CSM team to provide a specific customer reference based on industry, size, IT team, and geolocation, which helped seal the deal. We had to win this deal a few times: first, with the technical team members who’d be hands on (an easy win, thanks to my engineer!), and then with the board. With some help from my manager, we were able to secure some additional savings, as well as talk candidly with some of the financial decision makers on competitive differences, which won the deal the second and final time.” – Elisa Rascia

“My most notable deal was a perfect example of the ‘process’ being done right. We highlighted the value of MDR and aligned to what the customer was looking for throughout the entire sales cycle. I utilized my manager in that I was given the gold standard for how to run the deal and just needed to execute on that plan. I also utilized my manager to help stay organized and quarterback a successful POC. This was also my first ‘go-round’ with legal, and my manager was instrumental in navigating that process. We worked with the engineers, TEM counterparts, and legal during this deal.” – Gabriella Starkey

Why would you recommend Rapid7 as a great place to work and grow in your career?

I’d recommend Rapid7 as a great place to work because the opportunity it presents for growth, both in your career and personal life, are unmatched. The culture Rapid7 has cultivated is perfect for someone who is highly motivated. Everyone wants to see each other grow and succeed. You truly have as many resources at your disposal as you need.” – Justin Wait

“If you’re looking for a place where you’ll be able to be your genuine self, be surrounded by highly intelligent and caring people who bring the best out of you and root for you, be a part of a global mission, continuously strive to be better and challenge convention with the supporting ecosystem to accomplish this, I wouldn’t look any further. There’s a certain energy you feel as part of Rapid7 that I haven’t really felt elsewhere. I’ve grown personally and professionally in ways I didn’t foresee — in large part because of my time here. I’ve also had opportunities within the company that I wouldn’t have had anywhere else; in fact, I’ve been encouraged to take risks to challenge myself in so many different ways. We’ve been building something amazing, and it is a great feeling to truly have an impact and be appreciated for it.” – Yunus Bhuiyan

“Starting off as a BDR allowed me to challenge myself and learn the ropes of a complex security industry. The program is extremely organized and successful and set me up for a career as an AE at Rapid7. I will take the skills I learned from the BDR program and apply them for the rest of my life. The greater Rapid7 culture is also one of growth and inclusion.” – Gabriella Starkey

Interested in learning more and joining the team to support our audacious goal of growing 20% in 2021? Check out our North America Go to Customer LinkedIn Life page and our open roles today!

[The Lost Bots] Episode 1: External Threat Intelligence

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/19/lost-bots-vlog/

[The Lost Bots] Episode 1: External Threat Intelligence

Welcome to The Lost Bots, a new vlog series where Rapid7 resident expert and former CISO Jeffrey Gardner (virtually) sits down with fellow industry experts to spill the tea on current events and trends in the security space. They’ll also share security best practices and trade war stories with the Rapid7 SOC team. The best part? Each episode is short, sweet, and to the (end)point – so you gain insights from the industry’s brightest in just 15 minutes.

For this inaugural episode, Jeffrey sits down with Rapid7 Insight Platform SVP Pete Rubio and IntSights Cofounder and CPO Alon Arvats to discuss how teams can successfully leverage external threat intelligence to identify and mitigate lurking attacks. They tackle the “what”, “why”, and “how” of external threat intelligence. They also share how security teams can effectively put external threat intel into action and what behaviors and telemetry are the most useful to find advanced threats.

[The Lost Bots] Episode 1: External Threat Intelligence

Stay tuned for future episodes of The Lost Bots! For our second installment, Jeffrey will be back to discuss a topic we’ve all been hearing a lot about in recent months: Extended Detection and Response, or XDR.

[Security Nation] Jonathan Cran on demystifying startup funding for security companies

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/07/security-nation-jonathan-cran/

[Security Nation] Jonathan Cran on demystifying startup funding for security companies

In this episode of Security Nation, we’re joined by Jonathan Cran. We wade into uncharted territory with Jonathan, as he claims the title of Security Nation’s first repeat guest! He returns with an update on rapidly growing pandemic side project, Intrigue, which turned into a real attack surface management company with real funding and real customers!

Stick around for our Rapid Rundown, where Tod and Jen pointedly do not talk about the Kaseya breach and PrintNightmare, but instead, the Monpass breach and just how many certificate authorities you are implicitly trusting today.

Jonathan Cran

[Security Nation] Jonathan Cran on demystifying startup funding for security companies

Jonathan Cran is a 20-year information-security veteran and expert. Based in Austin, Texas, his career has focused on security assessment, with leadership roles at Rapid7, Bugcrowd, and Kenna Security. He founded Intrigue Corp in 2019 to help enterprise customers map, monitor, and manage their attack surfaces. Intrigue provides proven, data-backed methods to stay ahead of  threats.

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

#Rapid7Life Belfast: Why I Joined

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/06/29/rapid7life-belfast-why-i-joined/

#Rapid7Life Belfast: Why I Joined

Starting a new job at a new company can be daunting, particularly during a global pandemic. With interviews via Zoom, onboarding gone remote, first days at home instead of in a brand new office, and so many other shifts since the onset of the pandemic, switching jobs and companies is probably not something most would even consider. While this may seem to be the case for many, we’ve welcomed many new employees to our team around the globe since March 2020!

Interested in learning why these individuals chose to make a job change during these uncertain times and how Rapid7 made the decision a no-brainer? Read on to find out from a few of our Belfast-based Software Engineers!

#Rapid7Life Belfast: Why I Joined
Thomas Franklin, Software Engineer II, Joined Rapid7 September 2020
#Rapid7Life Belfast: Why I Joined
Lauren Quinn, Software Engineer II, Joined Rapid7 November 2020
#Rapid7Life Belfast: Why I Joined
Danielle Topping, Senior Software Engineer, Joined Rapid7 September 2020
#Rapid7Life Belfast: Why I Joined
Niall O’Hagan, Lead Software Engineer, Joined Rapid7 January 2021

Q: Where did you hear about Rapid7?

Having worked in a few companies around Belfast, Rapid7 was a name you heard of frequently (especially any of those companies which cared for cyber security) — but I had little insight into what they actually did (outside of maybe metasploit). Rapid7 in Belfast was always a name which is well respected and recognised as a great place to work (I use the analogy of how it is common to see “ex-” employees from Company X, Y and Z — but rarely will you see an ‘ex-Rapid7’ employee, as when you join Rapid7 you will be hooked from Day 0!)” – Thomas Franklin

“I think the first time I heard about Rapid7 would have been many years ago when they hosted a Women Who Code event I attended in their Belfast office. Since then I’ve seen them sponsor many more events, and have had a few friends start working here over the years.” – Danielle Topping

“I knew a few people that currently work at Rapid7 but I’ve also been part of the Belfast IT Market longer than I care to remember and they’ve always been seen as a positive place to work.” – Niall O’Hagan

Q: What attracted you to apply/work for Rapid7? (if you started during the Pandemic, why did you feel comfortable making a career change to work here)?

“Rapid7 felt like a startup company (even though it isn’t) which drew me towards it. I didn’t want to be just another employee. During my interview process I could tell that everyone I spoke to seemed really enthusiastic and excited for their work which is something I was honestly craving.

Changing jobs during the pandemic was actually a lot easier than people think. I found that doing my interviews via zoom was much less intimidating. I also didn’t have to worry about the daunting task of walking into a brand new office on my first day. I had the exact same setup as my previous job, just with different people on the other end of the zoom call. The team at Rapid7 made my enrollment as simple and straightforward as possible. Plus, a member of my team from my previous job joined Rapid7 on the exact same day as me.” – Lauren Quinn

“Predominantly the high regard that Rapid7 holds in the Belfast Market as a great place to work — I knew it was the kind of place that people stay at for years and that’s always a good sign. I never really saw the current working-from-home situation as a barrier to the move, we’ve all adapted at this stage and as it turns out the onboarding was seamless.” – Niall O’Hagan

“There were a few reasons why I was drawn to Rapid7. The first was the actual work that they do in cybersecurity. With the pandemic, even more areas of our lives had to be moved online. And with that, obviously, came more vulnerability to hacks, and other attacks. In all honesty, cybersecurity wasn’t an area that I had much knowledge in, and with all the changes that were happening it emphasised my desire to change that, and to learn.

The other side of that was what I was hearing on how Rapid7 were treating employees during the pandemic. They were one of the first companies in Belfast to send employees to work remotely. I’d heard through a friend about them making psychologists available at global Town Halls, who employees could submit anonymous questions to. I thought this was a great indicator of how they cared for the people that were working here, and that gave me the confidence to start during the pandemic, while everyone was still remote.” – Danielle Topping

Q: Why would you recommend Rapid7 as a great place to work for your next opportunity (regardless of the industry you’re coming from)?

“I may be biased as I am a huge dog lover, but joining for #puppies-and-stuff alone is well worth the move! Where you can get daily updates on dogs such as:

#Rapid7Life Belfast: Why I Joined

In all seriousness, Rapid7 is in one of the most exciting industries, where we are constantly in a position to be ahead and working on exciting technologies. If exciting technology does not interest you, then the culture should! Rapid7 has a captivating culture which is refreshing to see as everyone is true to our core values!” – Thomas Franklin

“Rapid7 genuinely cares about every single employee’s experience. They want everyone to succeed and grow their skills and their career. Everyone I have met cares about the work they are doing and are working hard to achieve their goals. Having people like that to look up to is irreplaceable.”  – Lauren Quinn

“The biggest positive for me so far at Rapid7 has been the people that I’m working with, and their patience and willingness to help. Starting a new job remotely was a slightly daunting thought. But from day one, my teammates were available for overviews, help with setup and all questions that have come up along the way. I’ve also had the opportunity to work with some people outside my team, and every time it’s been the same experience where folk are very willing to help, and are open with their time. I’m excited to get into our amazing new office, to get to spend proper time with them all.” – Danielle Topping

Interested in learning more and joining the team? Check out our Belfast LinkedIn Life page and our open roles in Belfast today!

Don Spies and Kim Grauer on tracking illicit Bitcoin transactions

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/06/23/don-spies-and-kim-grauer-on-tracking-illicit-bitcoin-transactions/

Don Spies and Kim Grauer on tracking illicit Bitcoin transactions

In this episode of Security Nation, we’re joined by Don Spies and Kim Grauer of Chainalysis. They discuss the relationship between ransomware and cryptocurrency and how Chainalysis leverages unique characteristics of the latter to combat the former.

Stick around for our Rapid Rundown, where Tod and Jen discuss a newly discovered, very old crypto vulnerability (and by crypto we mean encryption!), as well as take a look at election security news here in the wake of literally hundreds of audits of polling results.

Kim Grauer

Don Spies and Kim Grauer on tracking illicit Bitcoin transactions

Kim Grauer is the Director of Research at Chainalysis, where she examines trends in cryptocurrency economics and crime. She was trained in economics at the London School of Economics and in politics at Oxford University. Previously, she explored technological advancements in developing countries as an academic research associate at the London School of Economics and was an economics researcher at the New York City Economic Development Corporation.

Don Spies

Don Spies and Kim Grauer on tracking illicit Bitcoin transactions

Don Spies is the Director of Strategic Initiatives for Chainalysis, where he works with federal agencies to address their cryptocurrency needs. This includes fighting terrorism, enforcing sanctions, and detecting money laundering. Previously, Don held various roles at the U.S. Department of the Treasury. He also spent 13 years as an Intelligence Officer in the U.S. Army Reserve.

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

Celebrating Black History Today and Every Day

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/02/26/celebrating-black-history-today-and-every-day/

Celebrating Black History Today and Every Day

Black History Month is a time for every person, from all different backgrounds to honor and celebrate the achievements of Black and African Americans in the U.S. and their impact on world history. In honor of Black History Month, we would like to recognize some of our amazing team members who have made an impact on our company culture, embody our core values, and exude excellence. We pride ourselves on creating a safe space for everyone to be their authentic selves. Hear what Black History Month means to them!

Junior Carreira, Service Desk Technician, Boston, MA

Celebrating Black History Today and Every Day

What does Black History Month mean to you?

Black History Month to me means an opportunity for the black community to reconnect with their heritage and ancestry while celebrating how our accomplishments and heroes have impacted our ways of being today. It means legacy and continuing to add onto that legacy. It also stands as a reminder of our resilience and that our fight isn’t over as long as we’re still here.

What is one thing that you feel people can do to effect positive change?

I believe that one of the biggest ways that people can make the world a better place is to recognize the humanity/life of others and to respect them for who they are.

Which film or piece of literature was most impactful or life-changing for you and why?

My high school unfortunately did not offer a lot of STEM courses, so I took a lot of arts and drama classes. I had a chance to discover a lot of literature that shaped my life today. One of those was a book called, “Freedom Is a Constant Struggle: Ferguson, Palestine, and the Foundations of a Movement,” by Angela Davis. It’s a collection of interviews, scholarly essays, and speeches that cover several different topics that are relevant today, such as Palestine, Ferguson, BLM and mass incarceration. The biggest impact this book had on me is that I learned about how important mass movements can be to effect positive change, and this also helped me learn how to work with others both in school and in life.

How did you get into cybersecurity?

I’ve always been interested in technology, specifically when it comes to cybersecurity. I got interested in it because my cousin was in the military and then transitioned to a security engineer. I remember asking him a bunch of questions at a young age, even though I never understood anything.

What was your path to Rapid7?

Prior to Rapid7, I had the opportunity to be part of the 2020 Hack.Diversity cohort, which allowed me to develop and grow my professionalism, leadership, communication, and many other skills. Developing these skills was essential and helped me through my interview process, during my internship, and even now as I continue to grow. Overall, being part of the Hack.Diversity cohort after graduating from UMass Boston with a major in IT created a path for me to Rapid7.

Celebrating Black History Today and Every Day

What does Black History Month mean to you?

Black History Month is a great time for every American to reflect on our past and present in relation to not only the plight, but also the contributions of Black Americans. While I think it is very important to remember the plight of Black people in America and the figures who pioneered  change, I also think it is equally important for every American to learn and reflect on the contributions and accomplishments made by many Black Americans. This lack of knowledge is what I believe contributes to the “us vs. them” and “my country” mentality still plaguing our nation. It logically follows that if someone doesn’t see the person next to them as a meaningful contributor to an accomplishment, they will almost always have difficulty seeing that person as a rightful beneficiary of the resulting fruits.

What is one thing that you feel people can do to effect positive change?

I think education is truly the key. Black history should not be an optional education topic. Black history is American history, but has been either siloed, or presented as little more than a textbook footnote. This must end. It would be nice to get to a point where we can also ask non-Black individuals what Black History Month means to them, where Black people are truly seen and valued for their contributions to this great nation. Many of us grow up learning about Thomas Edison’s invention of the lightbulb but learn nothing about Lewis Latimer’s 1881 invention of the actual filament that made the lightbulb a success. Learning the role that Black people played in America’s speedy rise to world power will go far in improving the way many Black people are valued and still viewed today.

Which film or piece of literature was most impactful or life-changing for you and why?

Without pause, I have to say “The Allegory of The Cave,” by Plato. As an educated woman of color coming from a severely disadvantaged background, for more reasons than the obvious, I found this reading to be very insightful. It’s a great illustration (albeit fictional) of how a person’s environment can be one of the most powerful forces in forming who they are and how they see the world. Additionally, how without additional knowledge we give others the ability to manipulate us into believing what they will and seeing things as they do. Even more, it highlights the responsibility of those who are fortunate enough to break free from the bondage of the metaphorical cave and experience the splendor that is true freedom. Tim McGraw may have put it best: “When you get where you’re going, don’t forget to turn back around and help the next one in line.”

How did you get into cybersecurity?

At a time in the industry where cybersecurity was just at its infancy, my first job after leaving college was with a global internet service provider that happened to have a security department. My first role with the company was an Internet Abuse Investigator assisting local, state and federal law enforcement in tracking down people who would utilize the Internet in the commission of a crime. The things I witnessed and accomplished during my time in this role is what really got me hooked into cybersecurity, and ultimately what put me on a path to Rapid7.

Reuben Williams, Customer Advisor, Arlington, VA

Celebrating Black History Today and Every Day

What does Black History Month mean to you?

Black History Month (BHM) is a time to reflect on the struggles, as well as celebrating the resilience and achievements, made by black people. It’s a special period where I can slow myself down and really explore the rich history of people who look like me. It’s also a time when I am humbled and appreciative toward those who blazed the trails that we all now traverse. BHM is joyful and rewarding, understanding that we are all connected, and that BHM is everyone’s history—a history that can truly have a positive impact on the lives of everyone from every race.

What is one thing that you feel people can do to effect positive change?

Building a true dialogue is what first comes to mind. I’m a firm believer that in order to effect positive change, one must be open-minded, objective, and willing enough to listen to those with opposing viewpoints, with the mindset that something can be learned and achieved in such a dialogue.

Which film or piece of literature was most impactful of life-changing for you and why?

A film that has impacted me more than I expected is “Hidden Figures.” It’s a film that represents what I believe is an overlooked segment of the population when it comes to role models in film—black women. As a father of a daughter, it was very gratifying watching this film with her where examples of strong and intelligent women exhibited their determination to not allow barriers and challenges from different directions stop them from reaching their goals. These women are true heroes on the big screen as well as in life.

Terrica Byrd, VP, Change Management, Remote, U.S.

Celebrating Black History Today and Every Day

What does Black History Month mean to you?

To me, Black History Month is an opportunity for us to collectively remember and celebrate the sacrifices, contributions, and accomplishments of an amazing and often underappreciated group within our society. As someone who shares this history, it’s also a time of great pride and a call to action.

What is one thing that you feel people can do to effect positive change?

I think the one thing people can do to effect positive change is to embody empathy, personally and professionally. Empathy removes artificial barriers and encourages the desire to understand and meet the needs of others. I can’t think of anything more impactful.

How did you get into cybersecurity?

I had a very specific set of criteria that primarily focused on cultural fit, relevance, and a shared philosophy on organizational change. For me, relevance meant aligning with a global, technology-focused company. I wasn’t sure this really existed, but Rapid7 checked all of the boxes. The fact that it’s cybersecurity is icing on the cake! I feel very fortunate to do the work that I love for a company that I believe in and an industry that has no limits.

Interested in learning more about our culture and commitment to driving change? Check out the progress we’ve made on diversity, equity and inclusion.

Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/02/24/software-engineering-vulnerability-and-risk-management-revolutionizing-the-security-landscape-at-rapid7/

Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

At Rapid7, our software engineers defend the digital world and design the future of security. With a supportive, collaborative team, immense learning and development opportunities to fine-tune and hone in on skills and knowledge, opportunities to work with innovative technology, and the pursuance of continuous innovation to achieve secure advancement for all, joining our team of Vulnerability and Risk Management software engineers is a no-brainer.

As we continue to build this team, we are looking for engineers who exemplify our core values and are passionate about making a positive impact on our customers.

Read on to meet and learn more about our North America VRM Software Engineering team, why they chose to bring their talents to Rapid7, and why you should, too!

Courtney Wood: Software Engineer II, VRM (Los Angeles)

Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

Rapid7 is an amazing company to learn and grow your career. As someone who began my career at Rapid7, I was intimidated by my lack of cybersecurity knowledge. Fortunately, I joined a team full of passionate engineers who were more than willing to teach me about the cybersecurity landscape. The people at Rapid7 truly make this an amazing place to work. The VRM software engineering team is a bright, enthusiastic, and determined group of people who consistently exhibit a “never done” attitude. On top of that, they are a team that loves to have fun! Whether it’s KBBQ dinners, team-building activities, or just a competitive game of ping pong, there is always something exciting going on in the office.

David Castellanos: Manager, Engineering, VRM (Toronto)

Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

Cybersecurity is a dynamic and ever-changing field that takes on the problems of an ever-connected world. Sophisticated cyber-actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. At Rapid7, we are tackling those challenges head on. We develop software solutions to help private companies as well as public institutions secure their information infrastructure. We develop a range of software solutions, from cloud-based services to on-premises software. We need engaged and committed software engineers who enjoy solving complex and often difficult problems to simplify security practices for our customers. We need creative people that can collaborate, challenge us, and help us grow and innovate. We offer a collaborative environment that will both challenge and help you (and us) grow together.

Pearce Barry: Manager, Engineering, VRM (Austin)

Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

Enjoy “taking the offensive” with your work? Our Offensive Security teams build and improve a number of well-known, top-tier security applications, such as Metasploit Framework and Metasploit Pro. These teams also create exciting new security apps, like AttackerKB (The Attacker Knowledge Base). Working alongside the bright and curious software developers on these teams provides an amazing opportunity to learn and grow while helping make our customers more secure with your contributions. In addition, your impact has the potential to be felt even beyond our customers with the open source (Metasploit Framework) and open data (AttackerKB) nature of some of our projects!

Jimmy Cancilla: Lead Software Engineer, VRM (Toronto)

Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

We are a full-stack team, and our work spans the technological spectrum. We offer opportunities that include UI development, building and managing cloud-based web services, as well as working with low-level network scanning technologies. We are a diverse team made up of an exceptional group of brilliant engineers who are eager and willing to share their knowledge. By joining the team, not only would you be bringing a unique perspective to the table, but you would also be able to expand your expertise and skills. Also, we have beer on tap in the office!

Richard Tsang: Manager, Engineering, VRM (Toronto)

Software Engineering, Vulnerability and Risk Management: Revolutionizing the Security Landscape at Rapid7

Do you know about CVE-2013-4866? No? It details a hardcoded PIN in a Smart Bidet giving attackers access to the functionality of the toilet—discomforting to know. Unfortunately, InsightVM doesn’t scan for this, but for all the hundreds of thousands of other vulnerabilities out there, we work to understand and distill this information down into actionable steps that give our customers a peace of mind knowing which risks hide within their environment and what can be done to secure it. If you’re curious of all the various products in existence and ways we can harden (and weaken) security, join our InsightVM Coverage Team and learn of the craziness that is the reality of cybersecurity.

Interested in learning more and joining the herd? Check out our Software Engineer, VRM roles in North America today and read more about our technology in our blog!

Upcoming Rapid7 Webcast: How Far Does Your VRM Strategy Go?

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/01/27/upcoming-webcast-how-far-does-your-vrm-strategy-go/

Upcoming Rapid7 Webcast: How Far Does Your VRM Strategy Go?

Web applications have been growing in complexity over the past several years, while also becoming the preferred method for attackers looking to capitalize on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your web application testing strategy to your development team’s practices and languages. We’ll say it simply: Managing your overall risk must extend to weaknesses in your web apps and APIs. This webcast will be offered live on two dates—please register by choosing the region closest to you:

Location Date Registration Link
North America Feb. 11, 2021 Register Now
Asia Feb. 16, 2021 Register Now
Europe Feb. 16, 2021 Register Now

Exploitation can happen anywhere across your attack surface, so it’s critical that your vulnerability risk management (VRM) program provides enhanced visibility into web apps as well as traditional on-premises and cloud infrastructure.

Join Forrester’s principal analyst for security and risk professionals, Sandy Carielli, and Hypertherm’s information-security manager, James Thompson, for our Feb. 11 webcast as they discuss:

  • Best practices and common challenges for a sound VRM strategy
  • Their thoughts on extending a holistic VRM approach to the application layer
  • Why it’s so important to have mitigating controls in place for possible exploitation

And, if your team is considering an expanded presence in the cloud, your solution needs to eliminate as many blind spots across your environment as possible. Start gaining deeper visibility into potential real-time attacks and minimize their ability to create chaos in your world.

We hope to see you there!

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

What’s New in InsightVM: Q4 2020 in Review

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/01/06/whats-new-in-insightvm-q4-2020-in-review/

What’s New in InsightVM: Q4 2020 in Review

Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space. We’re constantly investing in and improving InsightVM capabilities so our customers have no trouble seeing and proving value. That said, here’s our roundup of the new and improved features we’ve updated in Q4.

[NEW] Fewer false alarms and faster reporting with InsightVM’s new false positive investigation tool

You can now investigate vulnerability findings as potential false positives directly from your Security Console. If your investigation determines that the finding could indeed be a false positive, you can send the results to Rapid7 for analysis with just one click. For more details, see our help documentation and blog post.

What’s New in InsightVM: Q4 2020 in Review

[NEW] Improvements made to the Goals and SLAs wizard

We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler. Instead of following a four-step process, we’ve gotten it down to three: use, sort, and define your data, establish the conditions you want to meet, and save your goal using our three-step wizard. This new context-sensitive workflow allows you to create meaningful goals faster and with fewer steps. For more details, see our help documentation and blog post.

What’s New in InsightVM: Q4 2020 in Review

[NEW] Creation of Insight Platform accounts for non-admin users

The Rapid7 Insight platform provides data collection, visibility, analytics, and automation to establish a shared point of view between security, IT operations, and DevOps teams. Insight platform accounts are now available for non-admin users of InsightVM. This allows access to InsightVM through insight.rapid7.com. To complete the activation process, check out our help documentation. At the conclusion of this activation process, your Insight account will be used to authenticate your access to InsightVM’s cloud capabilities.

[IMPROVED] More dashboard controls for admins

Administrators now have full visibility on all user-created dashboards in their organization and can delete them if necessary. Simply navigate to the Dashboard Library to see a list of InsightVM dashboards created by other users. The ability for Admins to now delete user-created dashboards eases the pain of managing dashboards across the organization. This is especially beneficial for if an employee leaves – you’ll now have an easy way to manage/remove orphaned dashboards. For more information on managing dashboards in InsightVM, see our help documentation.

[NEW] New Snyk vulnerability content for container assessment

We know many development teams these days are taking advantage of containerized software applications that may contain all of the necessary code, runtime, system tools, and libraries needed to run an application. Despite the benefits of efficiency from a development standpoint, containers may present risks that are often difficult for security teams to identify. This can be attributed to multiple factors, including how fast things change in containerized environments and the types of packages found within these environments.

InsightVM now integrates with Snyk, a leading provider of software composition analysis (SCA) in containerized applications. Snyk provides deep visibility into Open Source Software (OSS) vulnerabilities. With this new integration, InsightVM can consume Java vulnerability content from Snyk Intel Vulnerability DB. No customer action is needed to leverage this integration. Behind the scenes, InsightVM is consuming content from Snyk, building vulnerability checks around this content, and delivering it as checks within the Container Security feature in InsightVM. For more details, see our blog post.

What’s New in InsightVM: Q4 2020 in Review

[NEW] Scope and schedule reports with the new report creation wizard

We’ve made it easier to collect, analyze, and report InsightVM data all in one place. Using our Report Creation Wizard powered by Query Builder, you can create customized reports and opt to run recurring reports on a schedule. You can share directly with stakeholders to help you communicate about your work and gain insight into your organization’s vulnerability management program. For more information, see our help documentation.

[NEW] Audit logging for Custom Policy Builder

As organizations continue to harden their policies through customizations, it becomes extremely important to keep track of all these changes, because these customizations may significantly impact an organization’s overall compliance. You can now configure Custom Policy Builder to send audit logs that capture every policy update implemented by your users. These audit logs record which changes were made to a policy, when those changes were applied, and who was responsible for them. Use this new functionality to allow another user or an auditor to view the change history of any policy when needed. For more details, see our help documentation and blog post.

What’s New in InsightVM: Q4 2020 in Review

Not an InsightVM customer? Watch a demo of our award-winning vulnerability management solution.

Watch Now