Over the past year and more, we’ve lived through the most extraordinary, turbulent, and challenging times we’ll likely experience in our lifetime. Yet through all the uncertainty, our partners have continued to show determination, drive, and commitment, performing at an exceptional level.
With this said, it’s with immense pleasure that we announce today the winners of the Rapid7 Partner of the Year Awards 2021. All our category winners have achieved exceptional growth, demonstrating dedication and collaboration to the Rapid7 Partner Program throughout the year.
We’re very proud to share our complete list of winners. Please join us in congratulating them all.
International Awards
EMEA Partner of the Year: Softcat Plc
APAC Partner of the Year: Intalock Technologies Pty Ltd
International Emerging Partner of the Year: Caretower Ltd
International Best Customer Retention Award: Saepio Solutions Ltd
APAC Vulnerability Management Partner of the Year: RIoT Solutions
EMEA Vulnerability Management Partner of the Year: Orange Cyberdefense Sweden
APAC Detection & Response Partner of the Year: The Missing Link
EMEA Detection & Response Partner of the Year: Saepio Solutions Ltd
APAC MSSP Partner of the Year: Triskele Labs
EMEA MSSP Partner of the Year: Charterhouse Voice and Data
“We are proud of the relationship we have built with Rapid7 over the last two years, and they have become one of our key focus partners. To be awarded EMEA MSSP Partner of the Year in such a short space of time is a testament to our technical team and our commitment to Rapid7. As an integral component in our state of the Security Operations Centre, we only see this relationship going from strength to strength.”
North America Awards
Rapid 7 North America Partner of the Year: SHI International Corporation
“Thank you so much. With Rapid7 being a strategic security partner to SHI, we are excited to be receiving this award. I feel that this highlights the excellent relationship that we have, as well as some really great engagement we’ve seen between our sales teams. Security is an extremely important industry to SHI and our mutual customers. I am confident we will continue to see success when positioning Rapid7 solutions.”
– Joseph Lentine, Director – Strategic Software Partners, Security
North America Emerging Partner of the Year: GDT
North America Best Customer Retention Award: Optiv
North America Vulnerability Management Partner of the Year: GuidePoint Security
North America Detection & Response Partner of the Year: Sayers
“Being selected for this award is a special honor for Sayers. Ransomware preparedness is a cornerstone of the Sayers Cybersecurity Services portfolio. We couldn’t be more impressed with the professionalism and cutting-edge technology Rapid7 brings to the market. It was an easy decision to partner with Rapid7 for our Sayers Managed Detection & Response service offering.”
–Joel Grace, Sr. VP of Client Services
North America MSSP Partner of the Year: Edge Communications
“Edge Communications is honored to be named the Rapid7 North America MSSP Partner of the Year for 2020.
“Edge is proud of the strong collaborative relationship that we have developed with Rapid7, a cybersecurity industry leader. Edge delivers one the best Managed Security solutions available in the marketplace, due in part to utilizing Rapid 7 products which we believe exceed the best in class designation. On behalf of the entire Edge team, thank you Rapid 7 for your support, dedication, and partnership.”
– Frank Pallone, VP Information Security
Congratulations again to all our winners!
More about our partner program
The Rapid7 PACT Program is built to inspire our partners to grow with us and achieve mutual success through accountability, consistency, and transparency. By participating in the program, partners can offer powerful, industry-leading solutions to our joint customers, resulting in mutual success for all.
If you’re interested in becoming a Rapid7 partner, you can learn more here.
On the latest episode of Security Nation, we’re joined by Daniel Crowley, IBM X-Force Red’s Research Director — aka Global Research Baron (a title that delights Jen Ellis’s British sensibilities). Daniel tells Jen and Tod all about his team’s security research internship program, which gets undergrad and grad students involved in pentesting and other forms of research in real-world environments through a series of bootcamps. He also divulges some research project ideas for those looking to uncover vulnerabilities in hidden places — including your calendar invites.
Stick around for the Rapid Rundown, where Jen and Tod talk about DEF CON highlights, the Cyber Symposium non-findings, and — you guessed it — ransomware.
Daniel Crowley
Daniel is the primary author of the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. In the security industry since 2004, he is a frequent speaker at conferences like Black Hat, DEF CON, Shmoocon and SOURCE. Daniel also holds the noble title of Baron in the Principality of Sealand.
Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this third episode, Jeffrey is joined by Stephen Davis, a Technical Lead and Customer Advisor on Rapid7’s Managed Detection and Response team. Stephen shares a story about a phishing attack on an organization, possibly by an advanced persistent threat (APT) — insert spooky “dun dun dun” sound effect — through a malicious Excel document. Watch below to hear about how our MDR team caught this attack, lessons learned, and tips for how teams can stay ahead of these types of threats in their environment.
Stay tuned for future episodes of The Lost Bots! Coming soon: Jeffrey tackles deception technology — what it is, how you can use it, and why it matters.
In this episode of Security Nation, we’re joined (for the second time!) by Richard Kaufmann, CISO at Amedisys, a leading provider of home healthcare. He’ll tell us how his company’s aim to heal people at home coincided with hospitals filling up with COVID-19 patients — and how his role as CISO can help (cyber) secure that growing shift into home healthcare.
And stick around for our Rapid Rundown, where Tod spins a supply chain risk tale for Jen, specifically the drama surrounding the PyPI repository bug.
Richard Kaufmann
“It is now safe to turn off your computer.” For most of us, this simple message in the late 90’s was a reminder that the operating system processes had stopped and the circuits carrying all of the ‘1’s and ‘0’s were ready to be powered off. For me, it was my first foothold into the information-security arena. Starting at defacing that iconic .JPEG and advancing into running information-security teams across finance, healthcare, and manufacturing organizations, I’ve tried to remove a little bit of entropy in the world via simple solutions to complex problems.
A problem well defined is a problem half solved. In an environment where threat landscapes, frameworks, and shareholder value are constantly changing, the ability to fall back on the fundamentals of logic and computing has become a rare commodity. I like to work with those who have a similar appetite for challenging norms and thinking creatively. This methodology has manifested itself by creating a dialogue between executive non-technical leaders and the boots-on-the-ground engineers that keep enterprises safe from cyber threats. Currently, I’m focused on transforming the approach to cybersecurity within healthcare. By disrupting the “cult of security,” we can increase the quality of patient care, protect the privacy of the data those individuals entrust us with, and innovate for a more effective future.
My daughter is my biggest fan; I enjoy long walks with heavy backpacks; and that inner voice inside my head sounds just like David Goggins.
-Richard Kaufmann, Chief Information Security Officer, Amedisys
Welcome back to The Lost Bots, a new vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this second episode, Jeffrey sits down with Dan Martin, a lead product manager for our platform at Rapid7, to discuss Extended Detection and Response (XDR). They cover what it is, different approaches to XDR (open, hybrid, and native), and some tips for how teams can start to evaluate which solution and approach are best for their organization.
Stay tuned for future episodes of The Lost Bots! Coming up next: Jeffrey breaks down a war story with a member of our Rapid7 MDR SOC team, where they’ll talk about lessons learned and best practices for staying ahead of threats in your environment. You don’t want to miss it!
In this episode of Security Nation, we’re joined by Philipp Amann of Europol. Jen and Tod chat with Philipp about No More Ransom, a Europol-lead effort to combat ransomware by providing technical means to unlock encrypted drives, covering dozens of ransomware kits from Alpha to Ziggy, as well as working with a bunch of countries’ national police forces around the world. Oh, and here’s a spoiler: NMR estimates they’re responsible for saving almost 1 billion dollars in ransom demands over its 5-years-and-counting run. Amazing! NMR also:
Features 121 decryption tools addressing 151 ransomware families
Has been downloaded approximately 6 million times
Saved victim orgs approximately $900 million in unpaid ransoms
Tod and Jen then lament the COVID-19 situation in Las Vegas (stay safe and healthy out there, everyone!) and chat about the latest NTLM attack technique, dubbed PetitPotam. And new on the blog this week: show notes! Just head to the bottom of the page for all the references you could ever want.
Philipp Amann
Philipp Amann is the Head of Strategy at the European Cybercrime Centre (EC3). EC3 Strategy is responsible for assessing and acting on relevant trends and threats related to cybercrime and cybersecurity. Other key areas of responsibility include managing EC3’s industry advisory groups, prevention and awareness, and capacity building.
Philipp has worked in various fields; these include the financial sector, global disarmament, international investigations, and on issues related to safety and security in cyberspace, all topics about which he cares deeply.
Show Notes
Philipp Amann Head of Strategy at European Cybercrime Center
No More Ransom, an incredibly useful self-serve library of ransomware crackers
Need some specific guidance on what to do if you suffer a ransomware attack? Check out NMR’s publication!
In this episode of Security Nation, we’re joined by Brian Honan of BH Consulting. Jen and Tod chat with Brian about his experience as a founder of Ireland’s first CERT, the continuing scourge of ransomware, and cyber warranties. They also go beyond all of the recent salacious breach headlines, discussing the need to highlight successes and positive happenings in cybersecurity.
And stick around for our Rapid Rundown, where Tod and Jen talk about the under-the-radar WifiDemon vulnerability affecting iPhones and iPads.
Brian Honan
Brian Honan is CEO of the cybersecurity and data protection firm BH Consulting, and he is recognised internationally as an expert on cybersecurity. He has acted as a special advisor to Europol’s Cybercrime Centre (EC3), founder of Ireland’s first CERT, and sits on the advisory board for several innovative security companies.
Brian is the author of several books, and regularly contributes to various publications. For his contributions to the cybersecurity industry, Brian has been awarded the “SC Magazine Information Security Person of the Year” and was also inducted into the Infosecurity Hall of Fame.
Want More Inspiring Stories From the Security Community?
As any sales professional knows, working for an organization where your growth and development are supported is key — not to mention selling a product you believe in and a company mission you can get behind.
We talked with five of our North America Account Executives to hear firsthand about how Rapid7 has supported their career growth and learning, why they would recommend Rapid7 as a great place to work, and notable deals they’ve had the unique opportunity to work on and close.
Justin Wait Account Executive, 2.5 years with Rapid7Erica Villareal Account Executive, 2.7 years with Rapid7Yunus Bhuiyan Enterprise Account Executive, 4.5 years with Rapid7Gabriella Starkey Account Executive, 2.7 years with Rapid7Elisa Rascia Account Executive, 3 years with Rapid7
How has Rapid7, your managers, and/or your peers supported and encouraged your career growth?
“There are so many dynamic ways in which my managers and peers have encouraged and supported me throughout my career here at Rapid7. My management has constantly coached me on ways to fine-tune my strengths and challenged me to develop areas that need work. They’re always ready to spend 1:1 time with me to talk through scenarios, build confidence in my abilities, and enable me to run my business in the way I see fit. They listen, ask, and implement my feedback proactively. They also don’t hesitate to commend me in front of their peers and their own leaders. Most importantly, they give me time to focus on life outside of work, to focus on my family and to mentally decompress. This is true across the leadership chain and is a priority of theirs, which is very rare in organizations.” – Yunus Bhuiyan
“There is a ton of support at Rapid7 to further career development. Our People Strategy group is really proactive about reaching out to the company to make sure people know they exist and that they exist for us. I had someone from People Strategy reach out to me and put time on my calendar to get introduced and have a casual conversation about my future goals. She helped put a lot of things into perspective and has been a huge supporter getting me to my 5-year plan at Rapid7.” – Elisa Rascia
“My peers have been incredibly supportive during my tenure at Rapid7. Having started as BDR at Rapid7, I have remained close with a few team members despite being on different teams covering different territories today. It’s awesome to know that my peers are experiencing the same challenges as me and generally at the same time, too! We all cheer each other on and also have a good amount of healthy competition with each other.” – Gabriella Starkey
“We have a pretty tight team in the Austin office. At any given time, I have relationships with not only the sales team but our engineers, production, and pen testers due to the close proximity we’ve been able to work together in. I’ve had the opportunity to learn from every aspect of the company and grow with that holistic experience.” – Erica Villareal
What is the most notable deal you’ve closed that you’re proud of? How did you leverage your manager? What internal teams did you work with?
“My Director has a lot of catchphrases, but ‘Win together’ is a big one, and this deal couldn’t have been a better example as I worked with our BDR team, my Sales Engineer, CSM team, and my manager. Throughout the sales process, I had to loop in the CSM team to provide a specific customer reference based on industry, size, IT team, and geolocation, which helped seal the deal. We had to win this deal a few times: first, with the technical team members who’d be hands on (an easy win, thanks to my engineer!), and then with the board. With some help from my manager, we were able to secure some additional savings, as well as talk candidly with some of the financial decision makers on competitive differences, which won the deal the second and final time.” – Elisa Rascia
“My most notable deal was a perfect example of the ‘process’ being done right. We highlighted the value of MDR and aligned to what the customer was looking for throughout the entire sales cycle. I utilized my manager in that I was given the gold standard for how to run the deal and just needed to execute on that plan. I also utilized my manager to help stay organized and quarterback a successful POC. This was also my first ‘go-round’ with legal, and my manager was instrumental in navigating that process. We worked with the engineers, TEM counterparts, and legal during this deal.” – Gabriella Starkey
Why would you recommend Rapid7 as a great place to work and grow in your career?
“I’d recommend Rapid7 as a great place to work because the opportunity it presents for growth, both in your career and personal life, are unmatched. The culture Rapid7 has cultivated is perfect for someone who is highly motivated. Everyone wants to see each other grow and succeed. You truly have as many resources at your disposal as you need.” – Justin Wait
“If you’re looking for a place where you’ll be able to be your genuine self, be surrounded by highly intelligent and caring people who bring the best out of you and root for you, be a part of a global mission, continuously strive to be better and challenge convention with the supporting ecosystem to accomplish this, I wouldn’t look any further. There’s a certain energy you feel as part of Rapid7 that I haven’t really felt elsewhere. I’ve grown personally and professionally in ways I didn’t foresee — in large part because of my time here. I’ve also had opportunities within the company that I wouldn’t have had anywhere else; in fact, I’ve been encouraged to take risks to challenge myself in so many different ways. We’ve been building something amazing, and it is a great feeling to truly have an impact and be appreciated for it.” – Yunus Bhuiyan
“Starting off as a BDR allowed me to challenge myself and learn the ropes of a complex security industry. The program is extremely organized and successful and set me up for a career as an AE at Rapid7. I will take the skills I learned from the BDR program and apply them for the rest of my life. The greater Rapid7 culture is also one of growth and inclusion.” – Gabriella Starkey
Welcome to The Lost Bots, a new vlog series where Rapid7 resident expert and former CISO Jeffrey Gardner (virtually) sits down with fellow industry experts to spill the tea on current events and trends in the security space. They’ll also share security best practices and trade war stories with the Rapid7 SOC team. The best part? Each episode is short, sweet, and to the (end)point – so you gain insights from the industry’s brightest in just 15 minutes.
For this inaugural episode, Jeffrey sits down with Rapid7 Insight Platform SVP Pete Rubio and IntSights Cofounder and CPO Alon Arvats to discuss how teams can successfully leverage external threat intelligence to identify and mitigate lurking attacks. They tackle the “what”, “why”, and “how” of external threat intelligence. They also share how security teams can effectively put external threat intel into action and what behaviors and telemetry are the most useful to find advanced threats.
Stay tuned for future episodes of The Lost Bots! For our second installment, Jeffrey will be back to discuss a topic we’ve all been hearing a lot about in recent months: Extended Detection and Response, or XDR.
In this episode of Security Nation, we’re joined by Jonathan Cran. We wade into uncharted territory with Jonathan, as he claims the title of Security Nation’s first repeat guest! He returns with an update on rapidly growing pandemic side project, Intrigue, which turned into a real attack surface management company with real funding and real customers!
Stick around for our Rapid Rundown, where Tod and Jen pointedly do not talk about the Kaseya breach and PrintNightmare, but instead, the Monpass breach and just how many certificate authorities you are implicitly trusting today.
Jonathan Cran
Jonathan Cran is a 20-year information-security veteran and expert. Based in Austin, Texas, his career has focused on security assessment, with leadership roles at Rapid7, Bugcrowd, and Kenna Security. He founded Intrigue Corp in 2019 to help enterprise customers map, monitor, and manage their attack surfaces. Intrigue provides proven, data-backed methods to stay ahead of threats.
Want More Inspiring Stories From the Security Community?
Starting a new job at a new company can be daunting, particularly during a global pandemic. With interviews via Zoom, onboarding gone remote, first days at home instead of in a brand new office, and so many other shifts since the onset of the pandemic, switching jobs and companies is probably not something most would even consider. While this may seem to be the case for many, we’ve welcomed many new employees to our team around the globe since March 2020!
Interested in learning why these individuals chose to make a job change during these uncertain times and how Rapid7 made the decision a no-brainer? Read on to find out from a few of our Belfast-based Software Engineers!
Thomas Franklin, Software Engineer II, Joined Rapid7 September 2020Lauren Quinn, Software Engineer II, Joined Rapid7 November 2020Danielle Topping, Senior Software Engineer, Joined Rapid7 September 2020Niall O’Hagan, Lead Software Engineer, Joined Rapid7 January 2021
Q: Where did you hear about Rapid7?
“Having worked in a few companies around Belfast, Rapid7 was a name you heard of frequently (especially any of those companies which cared for cyber security) — but I had little insight into what they actually did (outside of maybe metasploit). Rapid7 in Belfast was always a name which is well respected and recognised as a great place to work (I use the analogy of how it is common to see “ex-” employees from Company X, Y and Z — but rarely will you see an ‘ex-Rapid7’ employee, as when you join Rapid7 you will be hooked from Day 0!)” – Thomas Franklin
“I think the first time I heard about Rapid7 would have been many years ago when they hosted a Women Who Code event I attended in their Belfast office. Since then I’ve seen them sponsor many more events, and have had a few friends start working here over the years.” – Danielle Topping
“I knew a few people that currently work at Rapid7 but I’ve also been part of the Belfast IT Market longer than I care to remember and they’ve always been seen as a positive place to work.” – Niall O’Hagan
Q: What attracted you to apply/work for Rapid7? (if you started during the Pandemic, why did you feel comfortable making a career change to work here)?
“Rapid7 felt like a startup company (even though it isn’t) which drew me towards it. I didn’t want to be just another employee. During my interview process I could tell that everyone I spoke to seemed really enthusiastic and excited for their work which is something I was honestly craving.
Changing jobs during the pandemic was actually a lot easier than people think. I found that doing my interviews via zoom was much less intimidating. I also didn’t have to worry about the daunting task of walking into a brand new office on my first day. I had the exact same setup as my previous job, just with different people on the other end of the zoom call. The team at Rapid7 made my enrollment as simple and straightforward as possible. Plus, a member of my team from my previous job joined Rapid7 on the exact same day as me.” – Lauren Quinn
“Predominantly the high regard that Rapid7 holds in the Belfast Market as a great place to work — I knew it was the kind of place that people stay at for years and that’s always a good sign. I never really saw the current working-from-home situation as a barrier to the move, we’ve all adapted at this stage and as it turns out the onboarding was seamless.” – Niall O’Hagan
“There were a few reasons why I was drawn to Rapid7. The first was the actual work that they do in cybersecurity. With the pandemic, even more areas of our lives had to be moved online. And with that, obviously, came more vulnerability to hacks, and other attacks. In all honesty, cybersecurity wasn’t an area that I had much knowledge in, and with all the changes that were happening it emphasised my desire to change that, and to learn.
The other side of that was what I was hearing on how Rapid7 were treating employees during the pandemic. They were one of the first companies in Belfast to send employees to work remotely. I’d heard through a friend about them making psychologists available at global Town Halls, who employees could submit anonymous questions to. I thought this was a great indicator of how they cared for the people that were working here, and that gave me the confidence to start during the pandemic, while everyone was still remote.” – Danielle Topping
Q: Why would you recommend Rapid7 as a great place to work for your next opportunity (regardless of the industry you’re coming from)?
“I may be biased as I am a huge dog lover, but joining for #puppies-and-stuff alone is well worth the move! Where you can get daily updates on dogs such as:
In all seriousness, Rapid7 is in one of the most exciting industries, where we are constantly in a position to be ahead and working on exciting technologies. If exciting technology does not interest you, then the culture should! Rapid7 has a captivating culture which is refreshing to see as everyone is true to our core values!” – Thomas Franklin
“Rapid7 genuinely cares about every single employee’s experience. They want everyone to succeed and grow their skills and their career. Everyone I have met cares about the work they are doing and are working hard to achieve their goals. Having people like that to look up to is irreplaceable.” – Lauren Quinn
“The biggest positive for me so far at Rapid7 has been the people that I’m working with, and their patience and willingness to help. Starting a new job remotely was a slightly daunting thought. But from day one, my teammates were available for overviews, help with setup and all questions that have come up along the way. I’ve also had the opportunity to work with some people outside my team, and every time it’s been the same experience where folk are very willing to help, and are open with their time. I’m excited to get into our amazing new office, to get to spend proper time with them all.” – Danielle Topping
In this episode of Security Nation, we’re joined by Don Spies and Kim Grauer of Chainalysis. They discuss the relationship between ransomware and cryptocurrency and how Chainalysis leverages unique characteristics of the latter to combat the former.
Stick around for our Rapid Rundown, where Tod and Jen discuss a newly discovered, very old crypto vulnerability (and by crypto we mean encryption!), as well as take a look at election security news here in the wake of literally hundreds of audits of polling results.
Kim Grauer
Kim Grauer is the Director of Research at Chainalysis, where she examines trends in cryptocurrency economics and crime. She was trained in economics at the London School of Economics and in politics at Oxford University. Previously, she explored technological advancements in developing countries as an academic research associate at the London School of Economics and was an economics researcher at the New York City Economic Development Corporation.
Don Spies
Don Spies is the Director of Strategic Initiatives for Chainalysis, where he works with federal agencies to address their cryptocurrency needs. This includes fighting terrorism, enforcing sanctions, and detecting money laundering. Previously, Don held various roles at the U.S. Department of the Treasury. He also spent 13 years as an Intelligence Officer in the U.S. Army Reserve.
Want More Inspiring Stories From the Security Community?
Black History Month is a time for every person, from all different backgrounds to honor and celebrate the achievements of Black and African Americans in the U.S. and their impact on world history. In honor of Black History Month, we would like to recognize some of our amazing team members who have made an impact on our company culture, embody our core values, and exude excellence. We pride ourselves on creating a safe space for everyone to be their authentic selves. Hear what Black History Month means to them!
Junior Carreira, Service Desk Technician, Boston, MA
What does Black History Month mean to you?
Black History Month to me means an opportunity for the black community to reconnect with their heritage and ancestry while celebrating how our accomplishments and heroes have impacted our ways of being today. It means legacy and continuing to add onto that legacy. It also stands as a reminder of our resilience and that our fight isn’t over as long as we’re still here.
What is one thing that you feel people can do to effect positive change?
I believe that one of the biggest ways that people can make the world a better place is to recognize the humanity/life of others and to respect them for who they are.
Which film or piece of literature was most impactful or life-changing for you and why?
My high school unfortunately did not offer a lot of STEM courses, so I took a lot of arts and drama classes. I had a chance to discover a lot of literature that shaped my life today. One of those was a book called, “Freedom Is a Constant Struggle: Ferguson, Palestine, and the Foundations of a Movement,” by Angela Davis. It’s a collection of interviews, scholarly essays, and speeches that cover several different topics that are relevant today, such as Palestine, Ferguson, BLM and mass incarceration. The biggest impact this book had on me is that I learned about how important mass movements can be to effect positive change, and this also helped me learn how to work with others both in school and in life.
How did you get into cybersecurity?
I’ve always been interested in technology, specifically when it comes to cybersecurity. I got interested in it because my cousin was in the military and then transitioned to a security engineer. I remember asking him a bunch of questions at a young age, even though I never understood anything.
What was your path to Rapid7?
Prior to Rapid7, I had the opportunity to be part of the 2020 Hack.Diversity cohort, which allowed me to develop and grow my professionalism, leadership, communication, and many other skills. Developing these skills was essential and helped me through my interview process, during my internship, and even now as I continue to grow. Overall, being part of the Hack.Diversity cohort after graduating from UMass Boston with a major in IT created a path for me to Rapid7.
La-Qiana Perez-Saxon, Legal Counsel, Boston, MA
What does Black History Month mean to you?
Black History Month is a great time for every American to reflect on our past and present in relation to not only the plight, but also the contributions of Black Americans. While I think it is very important to remember the plight of Black people in America and the figures who pioneered change, I also think it is equally important for every American to learn and reflect on the contributions and accomplishments made by many Black Americans. This lack of knowledge is what I believe contributes to the “us vs. them” and “my country” mentality still plaguing our nation. It logically follows that if someone doesn’t see the person next to them as a meaningful contributor to an accomplishment, they will almost always have difficulty seeing that person as a rightful beneficiary of the resulting fruits.
What is one thing that you feel people can do to effect positive change?
I think education is truly the key. Black history should not be an optional education topic. Black history is American history, but has been either siloed, or presented as little more than a textbook footnote. This must end. It would be nice to get to a point where we can also ask non-Black individuals what Black History Month means to them, where Black people are truly seen and valued for their contributions to this great nation. Many of us grow up learning about Thomas Edison’s invention of the lightbulb but learn nothing about Lewis Latimer’s 1881 invention of the actual filament that made the lightbulb a success. Learning the role that Black people played in America’s speedy rise to world power will go far in improving the way many Black people are valued and still viewed today.
Which film or piece of literature was most impactful or life-changing for you and why?
Without pause, I have to say “The Allegory of The Cave,” by Plato. As an educated woman of color coming from a severely disadvantaged background, for more reasons than the obvious, I found this reading to be very insightful. It’s a great illustration (albeit fictional) of how a person’s environment can be one of the most powerful forces in forming who they are and how they see the world. Additionally, how without additional knowledge we give others the ability to manipulate us into believing what they will and seeing things as they do. Even more, it highlights the responsibility of those who are fortunate enough to break free from the bondage of the metaphorical cave and experience the splendor that is true freedom. Tim McGraw may have put it best: “When you get where you’re going, don’t forget to turn back around and help the next one in line.”
How did you get into cybersecurity?
At a time in the industry where cybersecurity was just at its infancy, my first job after leaving college was with a global internet service provider that happened to have a security department. My first role with the company was an Internet Abuse Investigator assisting local, state and federal law enforcement in tracking down people who would utilize the Internet in the commission of a crime. The things I witnessed and accomplished during my time in this role is what really got me hooked into cybersecurity, and ultimately what put me on a path to Rapid7.
Reuben Williams, Customer Advisor, Arlington, VA
What does Black History Month mean to you?
Black History Month (BHM) is a time to reflect on the struggles, as well as celebrating the resilience and achievements, made by black people. It’s a special period where I can slow myself down and really explore the rich history of people who look like me. It’s also a time when I am humbled and appreciative toward those who blazed the trails that we all now traverse. BHM is joyful and rewarding, understanding that we are all connected, and that BHM is everyone’s history—a history that can truly have a positive impact on the lives of everyone from every race.
What is one thing that you feel people can do to effect positive change?
Building a true dialogue is what first comes to mind. I’m a firm believer that in order to effect positive change, one must be open-minded, objective, and willing enough to listen to those with opposing viewpoints, with the mindset that something can be learned and achieved in such a dialogue.
Which film or piece of literature was most impactful of life-changing for you and why?
A film that has impacted me more than I expected is “Hidden Figures.” It’s a film that represents what I believe is an overlooked segment of the population when it comes to role models in film—black women. As a father of a daughter, it was very gratifying watching this film with her where examples of strong and intelligent women exhibited their determination to not allow barriers and challenges from different directions stop them from reaching their goals. These women are true heroes on the big screen as well as in life.
Terrica Byrd, VP, Change Management, Remote, U.S.
What does Black History Month mean to you?
To me, Black History Month is an opportunity for us to collectively remember and celebrate the sacrifices, contributions, and accomplishments of an amazing and often underappreciated group within our society. As someone who shares this history, it’s also a time of great pride and a call to action.
What is one thing that you feel people can do to effect positive change?
I think the one thing people can do to effect positive change is to embody empathy, personally and professionally. Empathy removes artificial barriers and encourages the desire to understand and meet the needs of others. I can’t think of anything more impactful.
How did you get into cybersecurity?
I had a very specific set of criteria that primarily focused on cultural fit, relevance, and a shared philosophy on organizational change. For me, relevance meant aligning with a global, technology-focused company. I wasn’t sure this really existed, but Rapid7 checked all of the boxes. The fact that it’s cybersecurity is icing on the cake! I feel very fortunate to do the work that I love for a company that I believe in and an industry that has no limits.
At Rapid7, our software engineers defend the digital world and design the future of security. With a supportive, collaborative team, immense learning and development opportunities to fine-tune and hone in on skills and knowledge, opportunities to work with innovative technology, and the pursuance of continuous innovation to achieve secure advancement for all, joining our team of Vulnerability and Risk Management software engineers is a no-brainer.
As we continue to build this team, we are looking for engineers who exemplify our core values and are passionate about making a positive impact on our customers.
Read on to meet and learn more about our North America VRM Software Engineering team, why they chose to bring their talents to Rapid7, and why you should, too!
Courtney Wood: Software Engineer II, VRM (Los Angeles)
Rapid7 is an amazing company to learn and grow your career. As someone who began my career at Rapid7, I was intimidated by my lack of cybersecurity knowledge. Fortunately, I joined a team full of passionate engineers who were more than willing to teach me about the cybersecurity landscape. The people at Rapid7 truly make this an amazing place to work. The VRM software engineering team is a bright, enthusiastic, and determined group of people who consistently exhibit a “never done” attitude. On top of that, they are a team that loves to have fun! Whether it’s KBBQ dinners, team-building activities, or just a competitive game of ping pong, there is always something exciting going on in the office.
David Castellanos: Manager, Engineering, VRM (Toronto)
Cybersecurity is a dynamic and ever-changing field that takes on the problems of an ever-connected world. Sophisticated cyber-actors and nation-states exploit vulnerabilities to steal information and money and are developing capabilities to disrupt, destroy, or threaten the delivery of essential services. At Rapid7, we are tackling those challenges head on. We develop software solutions to help private companies as well as public institutions secure their information infrastructure. We develop a range of software solutions, from cloud-based services to on-premises software. We need engaged and committed software engineers who enjoy solving complex and often difficult problems to simplify security practices for our customers. We need creative people that can collaborate, challenge us, and help us grow and innovate. We offer a collaborative environment that will both challenge and help you (and us) grow together.
Pearce Barry: Manager, Engineering, VRM (Austin)
Enjoy “taking the offensive” with your work? Our Offensive Security teams build and improve a number of well-known, top-tier security applications, such as Metasploit Framework and Metasploit Pro. These teams also create exciting new security apps, like AttackerKB (The Attacker Knowledge Base). Working alongside the bright and curious software developers on these teams provides an amazing opportunity to learn and grow while helping make our customers more secure with your contributions. In addition, your impact has the potential to be felt even beyond our customers with the open source (Metasploit Framework) and open data (AttackerKB) nature of some of our projects!
Jimmy Cancilla: Lead Software Engineer, VRM (Toronto)
We are a full-stack team, and our work spans the technological spectrum. We offer opportunities that include UI development, building and managing cloud-based web services, as well as working with low-level network scanning technologies. We are a diverse team made up of an exceptional group of brilliant engineers who are eager and willing to share their knowledge. By joining the team, not only would you be bringing a unique perspective to the table, but you would also be able to expand your expertise and skills. Also, we have beer on tap in the office!
Richard Tsang: Manager, Engineering, VRM (Toronto)
Do you know about CVE-2013-4866? No? It details a hardcoded PIN in a Smart Bidet giving attackers access to the functionality of the toilet—discomforting to know. Unfortunately, InsightVM doesn’t scan for this, but for all the hundreds of thousands of other vulnerabilities out there, we work to understand and distill this information down into actionable steps that give our customers a peace of mind knowing which risks hide within their environment and what can be done to secure it. If you’re curious of all the various products in existence and ways we can harden (and weaken) security, join our InsightVM Coverage Team and learn of the craziness that is the reality of cybersecurity.
Interested in learning more and joining the herd? Check out our Software Engineer, VRM roles in North America today and read more about our technology in our blog!
Web applications have been growing in complexity over the past several years, while also becoming the preferred method for attackers looking to capitalize on emergent technologies. This is a trend that will only persist and evolve, so it’s crucial to extend your web application testing strategy to your development team’s practices and languages. We’ll say it simply: Managing your overall risk must extend to weaknesses in your web apps and APIs. This webcast will be offered live on two dates—please register by choosing the region closest to you:
Exploitation can happen anywhere across your attack surface, so it’s critical that your vulnerability risk management (VRM) program provides enhanced visibility into web apps as well as traditional on-premises and cloud infrastructure.
Join Forrester’s principal analyst for security and risk professionals, Sandy Carielli, and Hypertherm’s information-security manager, James Thompson, for our Feb. 11 webcast as they discuss:
Best practices and common challenges for a sound VRM strategy
Their thoughts on extending a holistic VRM approach to the application layer
How James uses both InsightVM and InsightAppSec to secure every layer of the modern environment
Why it’s so important to have mitigating controls in place for possible exploitation
And, if your team is considering an expanded presence in the cloud, your solution needs to eliminate as many blind spots across your environment as possible. Start gaining deeper visibility into potential real-time attacks and minimize their ability to create chaos in your world.
We hope to see you there!
NEVER MISS A BLOG
Get the latest stories, expertise, and news about security today.
Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space. We’re constantly investing in and improving InsightVM capabilities so our customers have no trouble seeing and proving value. That said, here’s our roundup of the new and improved features we’ve updated in Q4.
[NEW] Fewer false alarms and faster reporting with InsightVM’s new false positive investigation tool
You can now investigate vulnerability findings as potential false positives directly from your Security Console. If your investigation determines that the finding could indeed be a false positive, you can send the results to Rapid7 for analysis with just one click. For more details, see our help documentation and blog post.
[NEW] Improvements made to the Goals and SLAs wizard
We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler. Instead of following a four-step process, we’ve gotten it down to three: use, sort, and define your data, establish the conditions you want to meet, and save your goal using our three-step wizard. This new context-sensitive workflow allows you to create meaningful goals faster and with fewer steps. For more details, see our help documentation and blog post.
[NEW] Creation of Insight Platform accounts for non-admin users
The Rapid7 Insight platform provides data collection, visibility, analytics, and automation to establish a shared point of view between security, IT operations, and DevOps teams. Insight platform accounts are now available for non-admin users of InsightVM. This allows access to InsightVM through insight.rapid7.com. To complete the activation process, check out our help documentation. At the conclusion of this activation process, your Insight account will be used to authenticate your access to InsightVM’s cloud capabilities.
[IMPROVED] More dashboard controls for admins
Administrators now have full visibility on all user-created dashboards in their organization and can delete them if necessary. Simply navigate to the Dashboard Library to see a list of InsightVM dashboards created by other users. The ability for Admins to now delete user-created dashboards eases the pain of managing dashboards across the organization. This is especially beneficial for if an employee leaves – you’ll now have an easy way to manage/remove orphaned dashboards. For more information on managing dashboards in InsightVM, see our help documentation.
[NEW] New Snyk vulnerability content for container assessment
We know many development teams these days are taking advantage of containerized software applications that may contain all of the necessary code, runtime, system tools, and libraries needed to run an application. Despite the benefits of efficiency from a development standpoint, containers may present risks that are often difficult for security teams to identify. This can be attributed to multiple factors, including how fast things change in containerized environments and the types of packages found within these environments.
InsightVM now integrates with Snyk, a leading provider of software composition analysis (SCA) in containerized applications. Snyk provides deep visibility into Open Source Software (OSS) vulnerabilities. With this new integration, InsightVM can consume Java vulnerability content from Snyk Intel Vulnerability DB. No customer action is needed to leverage this integration. Behind the scenes, InsightVM is consuming content from Snyk, building vulnerability checks around this content, and delivering it as checks within the Container Security feature in InsightVM. For more details, see our blog post.
[NEW] Scope and schedule reports with the new report creation wizard
We’ve made it easier to collect, analyze, and report InsightVM data all in one place. Using our Report Creation Wizard powered by Query Builder, you can create customized reports and opt to run recurring reports on a schedule. You can share directly with stakeholders to help you communicate about your work and gain insight into your organization’s vulnerability management program. For more information, see our help documentation.
[NEW] Audit logging for Custom Policy Builder
As organizations continue to harden their policies through customizations, it becomes extremely important to keep track of all these changes, because these customizations may significantly impact an organization’s overall compliance. You can now configure Custom Policy Builder to send audit logs that capture every policy update implemented by your users. These audit logs record which changes were made to a policy, when those changes were applied, and who was responsible for them. Use this new functionality to allow another user or an auditor to view the change history of any policy when needed. For more details, see our help documentation and blog post.
Not an InsightVM customer? Watch a demo of our award-winning vulnerability management solution.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
![[Security Nation] Daniel Crowley on Running a Cybersecurity Internship](https://blog.rapid7.com/content/images/2021/08/security_nation_logo-1.jpg){kind=logo}
![[Security Nation] Daniel Crowley on Running a Cybersecurity Internship](https://blog.rapid7.com/content/images/2021/08/Daniel-Crowley.jpeg)
![[The Lost Bots] Episode 3: Stories From the SOC](https://blog.rapid7.com/content/images/2021/08/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpg)
![[The Lost Bots] Episode 3: Stories From the SOC](https://play.vidyard.com/rsZ9K24A4WTaHncmaZv4rr.jpg)
![[Security Nation] Richard Kaufmann on Cybersecurity in Home Healthcare](https://blog.rapid7.com/content/images/2021/08/security_nation_logo.jpg){kind=logo}
![[Security Nation] Richard Kaufmann on Cybersecurity in Home Healthcare](https://blog.rapid7.com/content/images/2021/08/Richard-Kauffmann-headshot-4.jpg)
![[The Lost Bots] Episode 2: Extended Detection and Response (XDR)](https://blog.rapid7.com/content/images/2021/07/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.jpg)
![[The Lost Bots] Episode 2: Extended Detection and Response (XDR)](https://play.vidyard.com/C2QcUKrdYhmdVD8Sja9Ymt.jpg)
![[Security Nation] Philipp Amann on No More Ransom](https://blog.rapid7.com/content/images/2021/07/security_nation_logo-2.jpg){kind=logo}
![[Security Nation] Philipp Amann on No More Ransom](https://blog.rapid7.com/content/images/2021/07/Philipp-Amann---Headshot.JPG)
![[Security Nation] Brian Honan on creating Ireland's first CERT](https://blog.rapid7.com/content/images/2021/07/security_nation_logo-1.jpg){kind=logo}
![[Security Nation] Brian Honan on creating Ireland's first CERT](https://blog.rapid7.com/content/images/2021/07/Brian-Honan-4.JPG)
![[The Lost Bots] Episode 1: External Threat Intelligence](https://blog.rapid7.com/content/images/2021/07/-The-Lost-Bots--Episode-1--External-Threat-Intelligence.png)
![[The Lost Bots] Episode 1: External Threat Intelligence](https://play.vidyard.com/CWfxAaUmZV248bvr4yKaK2.jpg)
![[Security Nation] Jonathan Cran on demystifying startup funding for security companies](https://blog.rapid7.com/content/images/2021/07/security_nation_logo.jpg){kind=logo}
![[Security Nation] Jonathan Cran on demystifying startup funding for security companies](https://blog.rapid7.com/content/images/2021/07/Jonathan-Cran-Headshot-6.jpg)
