Articles tagged with "Careers"
Credit: Photo by Eric Prouzet
140,000 People Have Been Laid Off, What’s Next
This post is a collaboration between me, Joe Basirico, and one of the best tech recruiters in the industry, Ellen McGarrity. You can learn more about Joe on this website. Throughout you can read Ellen’s take, in her own words in blue text Ellen has spent her 18-year career focused on recruiting in the software tech industry at both large (Microsoft, Amazon, Salesforce) and small (Tableau, Highspot) companies. She has recruited candidates at all levels, domestically and internationally. Originally based out of Seattle, she now lives in the Bay Area with her husband and 2 daughters. A hiring manager and a recruiter’s guide to getting hired.
Read more >>
Credit: Daniel Cheung @ Unsplash
Part 1 - My First 100 Days in ProdSec at a Series E Startup
After working in the application security consulting industry for nearly two decades and helping to solve my clients’ most difficult challenges, it was time to put what I used to tell others into practice. These are my lessons from the first 100 days. I’ve created security teams, bug bounty programs, set up tooling strategies, hiring plans, and more. I thought I’d hit the ground running and start making an impact on day 1, or at least day 99, while I made some impact early I had a lot to learn. As I passed my 100th day I learned so much about what makes a successful product and a successful product security team. In this article I’ll walk you through the successes, challenges, and failures I’ve faced in my transition from seasoned security vendor to Senior Director of Product Security at Highspot .
Read more >>
Credit: Kroll Historical Maps
A Traveler's Method of Learning Technology
My favorite thing about my career in security consulting has been the constant opportunity to learn new topics. Security weaves itself through every aspect of software, and software is everywhere. The phone in your pocket, the bluetooth chip in your headphones, your automobile, and the SCADA systems you rely upon every day execute millions of lines of code on your behalf. The idea that each of those systems gives me the opportunity to gain new knowledge is truly exciting. It can also be daunting when there is always so much to learn.
Read more >>
A Conversation With the Father of Public Key Infrastructure
In today's post, I'd like to introduce you to Loren Kohnfelder, an old friend of mine. I met Loren at Microsoft in the late 90's when we were tasked with the herculean task of improving the security of Internet Explorer. It was an exciting and harrowing time, and while it is amazing to think about how far we've all come, it is also surprising to realize how many of the security challenges we struggled with twenty years ago are still with us today.
Read more >>
Getting to Yes
In this post I want to try something new. Rather than writing an article, I’ll capture a dialog between Joe and I as we discuss a topic that interests us both. On Joe’s recommendation, I recently read Getting to Yes , written by Roger Fisher, William Ury, and Bruce Patton for the Harvard Negotiation Project. The book is nearly thirty years old, but it has been continuously updated and it still contains lessons worth learning. As I read the book I found that I was already using some of the techniques, but there were many more that either I hadn’t been exposed to or that I was employing only partially, and as a result I was being less effective than I could be. Even more importantly, the book taught me an overall framework for thinking about negotiation that I can now use to improve both my personal and professional life.
Read more >>
Defcon - There Has Never Been a Better Time to Get Into Security
I just returned from the 27th Defcon security conference. I’ve been attending for the last 12 or so years and it has been interesting and fun to see the conference grow and mature. Once intimidating due to the homogenous attendees, lewd contests, and a “Try Harder” mantra, it has now evolved into a great place to learn and meet new people. Each year I speak at, or attend, a handful of security conferences. These range from the massive RSA Conference, where you can find hundreds of security vendors spending hundreds of thousand of dollars to hawk their latest security appliances, to small locally run, open source conferences that are run by engineers for engineers.
Read more >>
Can Security Training Change Lives?
I had the opportunity to spend a few days at a security conference last month, in which I talked with hundreds of people in the information security community about their fears, concerns, hopes, and plans. One thing that stood out to me was the sheer optimism and joy that most of the conference attendees brought with them. They were not there (only) for the swag or the cocktail hour or the chance to be away from their day jobs for a few days. The vast majority were there because they loved their jobs, believe in what they are doing, and wanted to learn more so they could bring that knowledge back to do their jobs even more effectively.
Read more >>