CJ Cox //
ADVISORY: The techniques and tools referenced within this blog post may be outdated and do not apply to current situations. However, there is still potential for this blog entry to be used as an opportunity to learn and to possibly update or integrate into modern tools and techniques.
Joining a new organization is always a little intimidating, being amongst a group of crack hackers in a top-notch small company only squares the stress. On the bright side, even the boss, will often say, “Sometimes I feel like the dumbest person in the room.” This frequently happens during the review of some magic move a pentester has pulled to reveal a new zero-day finding in a routine test. It’s both refreshing and reassuring to know I’m not alone and everyone’s ego’s in check.
It’s exciting to see what a group of amazing people with skills that rival those of great surgeons can achieve, but it’s also fascinating to work with our customers. As the Solutions Engineer (John also isn’t big on specific titles) I spend a lot of time with the customers. You’re a crack group of people, smart on security and wanting to do the right things. It like the very best doctor/patient relationship; a good medical team with a smart and motivated patient and you get some amazing results.
As the new guy (I started last month) I found it quite easy to get through a call where the customer was presenting their problem because they knew their environments and they had a good idea of where they were trying to go. Perhaps because the customers are so smart and so knowledgeable they often wonder why they can’t speak directly to a pentester. The short answer is, “Pentesters are busy slicing it up!” When one is available I almost always have a ride along. The deeper answer is that like the surgeon, those specialists are expensive and in high demand. As the Solutions Engineer, I’m more of a general practitioner, my purpose is diagnosing and clarifying the customer’s problems. I make a quick diagnosis and then start focusing on general solutions. If needed we pull in the specialists to verify the prognosis or dig into the depths of the issue.
When a customer doesn’t know exactly what they need to improve their security health, I can guide the discussion to diagnose what services and specialists are going to provide the best result. Security triage is my specialty and I look forward to working with the patients (customers) and creating a healthier business and security environment.