Skip navigation
All Places > Rapid7 News > Blog
1 2 3 Previous Next

Rapid7 News

104 posts

One of the things I love about working at Rapid7 is how deeply this company embodies the concept of giving back to the Security Community. Whether it be discussing research on adversary analytics, attack methods for breaking out of sandboxes, or simply breaking into the industry - Rapid7 encourages its employees to actively participate in community events, both large and small. As a proponent of engaging with the Security Community, I'm very excited that my fellow employees continue to embrace giving back to the community through volunteerism, as well as presenting on interesting topics at this year's BSides Boston on April 15th.


As many are readily aware, Rapid7 is home to numerous passionate security professionals, several of whom give back personally – going well beyond all of their professional work. This year will be Patrick Laverty’s third year as a member of the BSides Boston organizing committee, in addition to his other organizing roles including both the OWASP Rhode Island chapter, and the DefCon 401 (DC401) group in Providence.  It has been a great pleasure working on the organizing committee this year with Patrick.


At this year's conference Patrick and I will be joined by several Rapid7 presenters who were fortunate enough to be selected to speak at the conference, including Bob Rudis, Kirk Hayes, and Justin Pagano.


Bob Rudis (@hrbmstr) will be giving a presentation titled Heisenberg Cloud: At-Scale Cross-Cloud Adversary Analytics. Bob will be talking about the research conducted from Rapid7’s Heisenberg honeypot program. He'll also be showing specific attack and connection profiles for the Mirai botnet. It will be a deep dive into the frequency and flavor of attacks across every region in six major cloud providers.


Kirk Hayes (@l0gan) is fresh off giving presentations at DerbyCon and BlackHat regarding his “MyBFF” tool, and now in Boston he’ll talk about methods he uses to break out of sandboxed environments. We may feel as though having the sandbox is keeping our users secure, but Kirk shows that it may just be a false sense of security. Find out how in Escaping Alcatraz: Breaking out of Application Sandboxed Environments.


Justin Pagano (@jp4gs) will be speaking on the “Breaking Into InfoSec” panel. As the Security Operations and Engineering Manager at Rapid7, Justin will be sharing tips, suggestions, and ideas on how to start your career in Information Security – whether you’re changing careers, or just starting out.


In addition to moderating the “Breaking into InfoSec” panel, I have taken up the role of Volunteer Coordinator and Student Advocate on this year’s BSides Boston Organizing Committee. This will be my second year as a volunteer at the conference, and I look forward to sharing my passion for helping others learn about information security in person. I'm fortunate to work for a company that encourages me to contribute to the community - they have been especially supportive of my recent work, the InfoSec Mentors Project.


Security BSides is an international, non-profit organization that hosts security conferences all around the world. The focus of BSides is to be a low-cost way to get people in the security community talking to each other and sharing what they know. This year’s BSides Boston conference will have four tracks, and is recording many of the presentations – so if you can’t make it on April 15th, you can check out the content at a later date!


Rapid7 is a proud sponsor of BSides Boston and several other Security BSides events.

Ring Ring! You’re in the Final!

It’s always nice to get a phone call letting us know that we’ve been shortlisted for awards – but when it’s five awards, we like those calls even more! Two of our products, and our company have reached the final stages for the Network Computing Awards, and of course we’d love it if you took a moment to vote for us please.


La La Land may have racked up the Oscar noms, but at the Network Computing Awards it’s looking good for LE LE Land! Image result for la la land

OK, so we might not quite have the fourteen nominations that La La Land has, but our Logentries (lovingly shortened to LE) product is a finalist in three categories: Best Picture, Best Soundtrack, Best Original Screenplay (or rather: IT Optimisation Product of the Year, Software Product of the Year, and The Return on Investment Award). To reach this stage in these categories is huge, and we’re very happy to be triple listed. If you’ve not yet experienced Logentries, I would highly recommend you take a look – it’s a pretty amazing product:

Imagine trying to put together a jigsaw puzzle, without an image of the completed puzzle, no idea of how many pieces are required, and to add to your woes the pieces are hidden all over the building. If you’ve ever had to trawl through multiple logs to try and work out what’s causing a problem, and you only have symptoms to work from – say a production server is running slowly – you’ll recognise the analogy. Logentries puts the answers hidden within your myriad of logs right at your fingertips. It’s simple to use, lightning fast, and you can create some very cool visualisations from your data too. Click here to learn more about how Logentries can revolutionise how you see your ecosystem.


Look out! Here comes the AppSpider, Man! Image result for spiderman

Whilst my tenuously linked movie reference here is no stranger to Oscar nominations either, I’m obviously referring to our AppSpider product, which is listed as a finalist in the Network Computing Awards, in the Testing and Monitoring Product of the Year category.

Web apps, and the plethora of technologies that power them, are growing at a crazy rate, presenting complicated security challenges for organisations. AppSpider crawls to the deepest, darkest corners of even the most modern and complex apps to effectively test for risk and get you the insight you need to remediate faster. It plays a key part in the SDLC, and allows DevOps to fix issues earlier in the cycle - resulting in a huge reduction in last minute delays caused by vulnerabilities being found late in the day.


You can read more about how DevOps teams using AppSpider can reduce stress and possibly live longer happier lives* here.


*Life lengthening not guaranteed, but your web app SDLC will be in a happier place for sure. Always read the label.


So many great movies, so little time….but which One should I Watch?

FINALIST 17.jpgThe Rapid7 movie, of course! Well, OK, we don’t have a movie length extravaganza of Rapid7 for you *yet* (cough, cough: Kyle Flaherty,),but we do have some pretty cool YouTube videos you can watch, plus a highly acclaimed podcast you should listen to. We’ve also been listed as a finalist for the One to Watch Company - hooray!


We’re pleased (read: overjoyed), humbled, and indeed chuffed (I had to get a Britishism in somewhere) to have received our finalist nominations, and very much looking forward to attending the event in London later this year.


If you could please take a minute to cast your votes for Logentries, AppSpider and Rapid7 that would be most wonderful of you – voting is open until March 22nd.


Click here to vote!

On Friday, January 27th, 2017, the White House issued an Executive Order entitled, “Protecting The Nation from Foreign Terrorist Entry into The United States.”  As has been well-publicized, the Order suspends some immigration from seven Muslim-majority countries — Syria, Yemen, Sudan, Somalia, Iraq, Iran and Libya — for 90 days, halts the refugee program for 120 days, and suspends the admission of Syrian refugees indefinitely. Since being issued on Friday, it has resulted in thousands of people being stranded and detained, away from their homes and families, and facing immense uncertainty over their futures.


Below is the response that Rapid7’s president and CEO, Corey Thomas, shared with media over the weekend:


“As a midsize company with a global customer and employee base, these actions increase fear, uncertainty, and the cost of running a business, without clearly articulated security benefits. I believe that this action not only risks serious harm to innocent lives, it also weakens the position of US companies over time, and thus weakens the US economy. I am supportive of thoughtful security measures that are clearly communicated and well executed; however, these executive actions do not meet that standard.


“We want to applaud and thank the Massachusetts senators and representatives that have taken a stand against this action.”


We hope for swift and positive resolution for all those adversely affected by this Order.

January 30th, 9AM: We’ll be joining Okta and Code42 for a breakfast brief to share what we’re seeing in security today. If you’re worried about the security of your cloud services, ransomware, or simply the top attack vectors attackers are succeeding with today, this is a must-attend event.


At Rapid7, we understand you’re inundated by the sheer amount of data you need to collect, prioritize, and use to make smart decisions. You may be familiar with us from our vulnerability management solution, Nexpose, and Metasploit, the pen-testing framework which needs little introduction. What’s new is that from our continued research of the attacker and working closely with security teams like yours, we’ve also released incident detection and response solutions used by hundreds of global orgs today.


I’m sure you’re familiar with “Detection, not just Prevention,” and the need to reliably detect across the entire Attack Chain. Still, infosec teams are spending more than ever on monitoring and detection, yet fail to detect pen tests or stealthy attacker behavior like the use of stolen credentials or lateral movement. In our presentation, Sam Humphries and I will give a refresher on the top attack vectors behind breaches today, and then share the Rapid7 approach to incident detection and response.




This includes the data sources we value and ingest (e.g. Active Directory, cloud services, endpoint logs), as well as how this data powers the user behavior analytics and deception technology in our technology and services.


Whether you’re an overworked, multiple-hat team of one, or you’re at a leading Security Operations Center, we’d love to see you there!


Get additional details and RSVP here:



In the meanwhile, if you’d like to learn more about our Incident Detection & Response offerings, start with our Solutions Page, or check-out our 3-minute video of InsightIDR, the SIEM you’ve always wanted.

In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build their PCI Approved Scan Vendor offering.  PCI was just a few years old and merchants were struggling to achieve and document full compliance with the highly proscriptive Data Security Standard.  Our goal was to find that classic sports car blend of style and power: a vulnerability assessment solution that was as streamlined and easy to use as possible, but robust enough to significantly improve the customer's security.  In other words, an ASV service that could meet the needs of a large multi-national enterprise as well as the small franchise owner just learning how to spell IT.  After looking at all the alternatives, Coalfire selected Nexpose for its high-end performance and ease of interoperability to build around, all at a price point that kept us competitive.


The Coalfire scanning solution has gone by many names since its first ASV certification: Surefire Compliance, ARM PCI RapidScan, Coalfire RapidScan right up to today's CoalfireOne℠ scanning platform.  But through all of it, Nexpose was under the hood making it go, with the power and reliability of a GM LS Series 6.0L or an AMC 4.0 straight-six.  Sorry, that might be taking the analogy a bit far (and letting my car geek show), but the point is, we never had to worry if the scan was going to run or if it was going to find the latest SSL vulnerability, it just did.  And that let us focus on the user experience which was always our plan.


CoalfireOne Powered By Nexpose.png

With our new ASV partnership, Rapid 7's ASV customers now get that “best of both worlds” pairing.  The same high confidence in scan findings they're used to, with the simplicity of CoalfireOne management.  Define your targets, set your schedule, review and dispute findings, and download your attestation of compliance -- all through the easy to use Web interface.  It's a little like a Shelby Cobra -- body by AC Cars, V8 by Ford.  Okay, I'm done.


Snakes Masquerading as Vines

Posted by sdutta Employee Jan 10, 2017

We spend a lot of time identifying trustworthiness in our day-to-day lives. We constantly evaluate trustworthiness in both the people that we meet and in the products and services that we decide to interact with.


Imagine that you’re like Tarzan in the jungle; you’re trying to navigate your way through products and services using the vines that hang in your path. Each vine either helps or hinders your path forward. Some are stronger than others and help you swing a far distance quickly and effectively (angel patterns). Others are actually snakes masquerading as vines. You reach out to grab hold and instead get bitten, releasing your grip and falling to the ground (Dark Patterns).


As a user swinging through the jungle of products and services, it’s easy to mistake a snake for a vine and end up lost on the ground. As designers, we need to do everything we can to make the vines of angel patterns obvious and remove the dark pattern snakes from the user’s path.



        (Credit: Michael Kriskovic)


Like any new relationship, using new software starts with a little bit of anxiety. In software products, this anxiety is felt the first time a user engages with your product. A product with clear and honest messaging with transparent communications can reduce such user anxiety. We call it an angel pattern. There are many such angel patterns to achieve trustworthy experience. Read the original article published in User Experience Magazine to learn how we apply these patterns.

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them.


In early 2014, we formally launched a program called Rapid7 Voice. It’s an advocacy program that enables our outstanding customers to build their personal brand while guiding Rapid7 innovation. The Voice program gives you the opportunity to become involved with Rapid7 at whatever commitment level is right for you. This program is a unique opportunity for Rapid7 customers to help influence product development and become more involved with the tools they are using. Participants also get the chance to network with peers, speak at industry events, and engage with other customers in mentorship roles.


To supplement the Voice program, we have VoiceUp, an online customer advocacy engagement hub which gives customers the opportunity to be the first to learn about Rapid7’s product roadmap and the power to influence innovation in VoiceUp-1.pngdevelopment. Members also get first access to news, content, and engagement opportunities. In the hub, customers can earn points for all their completed engagement “activities,” big or small, to redeem great rewards.


With both Voice and VoiceUp, the focus is not only to actively involve customers in the development of our products and services through their feedback and insights, but also to help them build a personal brand. Advocates are invited to participate in a variety of engagement opportunities to gain more experience and exposure within the industry.


Here are some examples:


There are countless ways to engage with us here at Rapid7, and we want every customer to have a great experience. Take it from these advocates:


“[VoiceUp allows me] to interact with Rapid7 in a way that not many other companies have [including] reading what others have written, additional awareness of security news articles on Rapid7, and learning about current events. Rapid7 seems to have a vested interest in using the information provided to benefit the users of VoiceUp. “

- Brian Haessly, IT Security Engineer


“You can’t complain about a product that allows you to have an input into it. It is nice to have a company as large as Rapid7 wanting to hear what the end user wants to say and not just building it the way the company wants with the "that's the way it is" attitude.”

- Eric Pirolli, IT Security Analyst at The University of Toledo


“I’ve joined Rapid7 VoiceUp hub so I may have an opportunity to be involved in something bigger than myself. I feel I am part of an evolving industry that is meant to help and protect. I have had an opportunity to speak with the product team, been part of a webcast, and engaged with other security professionals. But my biggest reason to stay an active member of VoiceUp is to help others.”

- Jack Voth, Sr. Director of Information Technology at Algenol Biotech


If you want to join these Rapid7 Advocates and get involved, visit to read more about the program and sign up today.

With the end of the year comes the annual "best of" awards season, and cybersec is no different. This year, Rapid7 has been nominated for 10 awards at the Cybersecurity Excellence Awards! It's up to you, the practitioners and folks in the trenches, to vote for your top choice in each category and choose a winner.


To help recognize our people and products, we could use your help in voting. Each category is listed below and ready for you to vote on. Simply log in (or register) on the Cybersecurity Excellence Awards website and then for each category, visit the links below and click the big green thumbs up near the top to vote:


Cybersecurity company: Rapid7:


Cybersecurity product or service:


Cybersecurity professional:


Cybersecurity team:



Thank you for your support!


Want to share with others? Don't forget to share on social using the buttons below.

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas with 12 days of blog posts on hacking-related topics and roundups from the year. This year, we’re highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them.


Are you a busy Information Security professional that prefers bloated web applications, fancy interactions, unnecessary visuals, and overloaded screens that are difficult to make sense? No…I didn’t think so!


Being a designer, I cringe when I see that sort of stuff, and it’s something we avoid at all cost at Rapid7. You don’t even have to be a designer to dislike it. My mantra mirrors that of Derek Featherstone, who said “Create the minimum viable interaction by providing the most valuable piece of information for decision-making as early as possible.” And focusing on good design is the gift I bring to you this HaXmas!


To bring you this gift, I am always learning about new ways to solve the problems that you and your teams face on a day-to-day basis. That learning comes from many sources, including our customers, books, webinars, blog posts, and events. One notable event this year was the aptly named An Event Apart, held in Boston.


An event what? 

An Event Apart is a tech conference for designers and developers to learn,and to be inspired by, the latest design trends and coding techniques that improve the way we deliver applications. While other conferences tend to focus only on design, this conference does much more by bringing a variety of topics under one umbrella, including coding, web and mobile app design. To that end, every speaker at An Event Apart is pretty famous in our world—it was great to see them in real life! Three days and twelve presentations later, my head was swimming with ideas. But the most important themes I brought away were to:

  • Design the priority
  • Speed it up
  • Be more compassionate


Let’s look at each of these concepts one-by-one and see how they apply to the way we designed InsightIDR, Rapid7’s Incident and Detection Response tool, which allows security teams to detect intruders earlier in the attack chain.


Design the priority

At the conference, Ethan Marcotte, the father of Responsive Design, said “Design the priority, not the layout”. Ethan mentioned this because designers tend to consider the layout of an application screen first. Unfortunately, this approach has a tendency to throw out the signal-to-noise ratio. Jeffrey Zeldman agreed with Ethan when he said, “Design your system to serve your content, not the other way around.” This concept has really come to the forefront with the Mobile First approach from Luke Wroblewski, who argues that "Mobile forces you to focus".


Well, I argue that you do not need to be mobile to focus! This concept is just as important on a 27” screen as it is on a 5” screen. As we design InsightIDR, we design the priority, not the layout, by helping our customers focus on the right content. As you can see on the InsightIDR design to the left, the KPIs are placed in order of importance, with date and trending information, allowing our customers to prioritize their next actions as they protect their organizations. This results in a better user experience, and time saved for other tasks.


Speed it up

According to Jeffrey Zeldman, the applications we build need to be fast. Very. Fast. Commonsense, I hear you say, and I agree completely. But that’s no easy thing when you are collecting, analyzing, and sorting the amount of information that InsightIDR captures. Can we sit back and start to think that our customers would understand if it takes a few seconds for a page to load? Not at all! Yesenia Perez-Cruz, design director at Vox Media, suggests that organizations need to better plan for a more strategic way to decrease the file size of web application pages, while concurrently increasing load times. We have taken Jeffrey’s and Yesenia’s message to heart, as we strive to ensure the pages and content within InsightIDR load as quickly as possible, so you can get your job done faster.


Be more compassionate

Being compassionate by standing in the shoes of the people we design for might seem like a no-brainer. After all, the ‘U’ stands for ‘User’ in my job title ‘UX Designer.’ Yet, some designers do not take the time to actually speak with the people they are designing for. But at Rapid7, I speak with customers about their security needs through our customer voice program on a regular basis. The customers that have signed up for the program have a say in the features we design, and they get to see those designs early so they can, in effect, co-design with us by letting us know how to modify the designs to make them more effective. Only then can I and the rest of the UX team at Rapid7 truly design for you. In this respect, as Patty Toland, a regular An Event Apart speaker, says “Design consistency isn’t pixels; it is purpose.”


Wrapping up

At Rapid7, I am always learning about design, about our customers’ needs, and about the future of information security. So, if you are in Boston and hear someone on the T softly say “Create the minimum viable interaction by providing the most valuable piece of information for decision-making as early as possible,” that will probably be me as I go to work.  On a more serious note, if you have not done so already, make sure you sign up for our Voice Program to see what’s in the works, and have a say in what we do and how we do it. Here are a few links to that program if you are interested:


Rapid7 Voice:

Rapid7 Voice email: Rapid7Voice [at] rapid7 [dot] com

I look forward to speaking with you in the near future, as we work together to design the next version of InsightIDR!


Thanks for reading, and have a wonderful HaXmas!

Kevin Lin, UX Designer II




Image credits:

First image: An Event Apart (©, @heyoka)

Second image: insightIDR

Happy Holidays from Rapid7

Posted by aefountain Employee Dec 21, 2016

As 2016 comes to a close, we wanted to pause and reflect on what a great year it’s been connecting with our customers, partners and the community. We at Rapid7 wanted to reach out and say thank you and best wishes for the holidays and have a happy New Year.


Please enjoy this special video sharing the tale of "The Hacker Who Stole Christmas," narrated by Bob Rudis.


This time of the year is often seen as a time for giving thanks. At Rapid7, we are continually thankful for our community – the customers, partners, employees, experts and open-source contributors – who engage with us every day. Our community also includes the places where we live and work and, since one way to show thanks is by giving back, we decided that everyone in the Company would take a day in October to show our support and love for our communities.


#Rapid7GivesBack Day was on October 20, 2016 and every single Rapid7 office across the globe closed so our amazing employees (our Moose) could participate in service projects within their communities. These projects ranged from fall cleanups to painting to donation drives to charity fundraisers to supporting open source communities to volunteering at animal shelters and providing meals. We do amazing things when we partner together and this allowed our team to share that energy and give back to our communities across the globe. Giving back is our way of saying thank you to our communities.


Here’s some of the ways we thanked our communities on #Rapid7GivesBack Day and what our Moose had to say about the experience:


Boston and Cambridge Headquarters

Our Boston and Cambridge Moose partnered with TUGG to find several different volunteer opportunities across the city. Here are some of the organizations volunteers supported on #Rapid7GivesBack Day:

  • Ethos -  a private, not-for-profit organization that promotes the independence, dignity, and well-being of the elderly and disabled.
  • The Gavin Foundation – an organization that offers specialized adolescent residential, community, educational and diversion programs to respond to the needs of youth affected by drug and alcohol abuse, and their families.
  • Josiah Quincy Elementary School - a Boston public school based in Chinatown serving over 800 kids k-5. Nearly 80 percent of its students are low income and over half are English Language Learners.
  • United South End Settlements – USES works to build a strong community by improving the education, health, safety, and economic security of low-income individuals and families in and around Boston's historic South End/Lower Roxbury.
  • Mass Audubon Society in Mattapan - the mission of Mass Audubon is to protect the nature of Massachusetts for people and wildlife.




Alexandria Office

The Alexandria office included an amalgam of Moose from the office and those from around the D.C. area. This group helped support New Hope Housing and the Gartlan House which provides permanent supportive housing for chronically homeless adult men. The team assisted in yard clean up at the house and felt the experience was a great way to volunteer in the area.



Austin Office

Half of the office went to the Austin Animal Center where volunteers helped walk dogs, play with cats and kittens and through Meals on Wheels to community members. Austin Moose found the experiences great for getting out of the office to give back and have suggested volunteering much more often throughout the year!helped make treats for all the animals. The other half of the office helped deliver nutritious meals and human connection through Meals on Wheels to community members. Austin Moose found the experiences great for getting out of the office to give back and have suggested volunteering much more often throughout the year!


Belfast Office

Belfast Moose split into several groups to give back to several local charities including Action Cancer, Cancer Focus, NI Hospice, Simon Community and Assisi Animal Sanctuary. The group gave back by static cycling for charity, organizing donated items, painting and helping with animals, the team kept busy and supported several different organizations in one day.




Dublin Office

The Dublin office helped support CoderDojo, an open source, volunteer led community orientated around running free non-profit coding clubs for young people. With impeccable timing, #Rapid7GivesBack day fell during Europe Code Week 2016 and the Dublin team was able to partner with CoderDojo to help further develop the community platform and content including pushing forward some core projects.




Los Angeles Office

The Los Angeles office volunteered at the LA Food Bank which provides food for children, seniors, families and individuals in need. Together, the team sorted 25,173 pounds of food – the equivalent to 20,893 meals. That prep work helped the

Los Angeles 5.PNG

Food Bank staff get ready to deliver meals the following week. In sharing their experience, the team noted that it was a very humbling experience with regard to understanding how many don’t have food and how difficult it is to prepare donations to make sure those who need the support can get it. It was a long day of physical labor but incredibly rewarding knowing that the work would help someone in need later.



Reading Office

The Reading office volunteered at Whitley Park Primary School and helped rebuild a play area for kids. The team helped repaint fences and picnic tables, plant gardens, rake leaves and clean up the space. After a physical day of work, the team agreed it was a great use of time and a good experience to do something charitable for the community. The school shared its appreciation and gratitude and invited Rapid7 Moose back any time to help out.


Reading (6).JPG




Singapore Office

Moose in the Singapore office ran a donation drive within the company to give pre-loved belongings to the Salvation Army. Items were collected over the course of two weeks and were delivered on #Rapid7GivesBack Day. The team appreciated being able to re-purpose items that would help someone else.


Singapore (4).jpg



Toronto Office

Toronto Moose supported Free Geek Toronto by collecting donated electronics to either dispose of E-Waste properly without damaging the environment or refurbished to get youth into tech. Part of Free Geek Toronto’s mission is to promote social and economic justice, focusing on marginalized populations in the Greater Toronto area by reducing the environmental impact of e-waste through reuse and recycling and increasing access to computing and communications technologies. The team helped collect donations by reaching out to friends, family and other businesses in the area. The team appreciated the opportunity to support this local organization that helps give more youth access to technology and open source software.





Remote Moose

Our Moose without an official Rapid7 home base participated as well. Projects included community clean up, running charity races or volunteering with local organizations. The effects of #Rapid7GivesBack Day were felt anywhere our Moose are located.





We may have celebrated a little early in the year with #Rapid7GivesBack Day, but we give thanks every day for the partnerships we have – both for the individuals and the places that make our community.


For more photos from #Rapid7GivesBack Day, visit our Facebook album or check out this video.

Editor's Note: This is a guest post from Mike Perez, Implementation Engineer for Cryptzone.


Since my initial introduction to Rapid7’s UNITED Summit customer conference in 2015, I had been looking forward to the opportunity to attend again. The conference is a mixture of good fun, great food, and excellent content in my hometown of Boston at a vibrant venue (the Seaport Hotel).  The event covers Rapid7’s product line and how the offerings can help their customers.  However, in my opinion, Rapid7 does a decent job of ensuring that the conference is not a straight product pitch but provides insight into relevant topics affecting the information security professional; topics such as: crisis communications management, incident response strategies, and bug bounty participation considerations, to highlight a few from this year.


The event starts off with a chaotic free for all that’s open to the general public: Rapid Fire, which might be described as part InfoSec security buzzword bingo, part drinking game and part serious discussion.  Deliberately controversial or hyper pertinent infosec topics are chosen by a moderator and argued by the panelists pro or con, regardless of their actual viewpoints, with the loser (by audience applause), taking a drink.  With Josh Corman, Dave Kennedy, Chris Wysopal and Chris Nickerson as panelists and Jen Ellis moderating, the 60 minutes went too quick with winning argument gems like “Bug Bounties are the equivalent of walking into a bar and offering $100 to anyone who can perform open heart surgery on me with a buck knife.”



Dave Kennedy of TrustedSec


The theme of the conference this year was Empowered, which was highlighted by the conference talks as well as by the opening and closing keynotes.  General McChrystal was a great speaker with a message that he indicated was hard won after many setbacks in the field: Leadership can no longer be the old model of one individual taking information, analyzing and then providing direction.  This model proved to be too slow during his campaigns and according to the General, was taken advantage of by his adversaries.  The new model needs to be more like a gardener: planting, weeding, caring, and feeding to allow subordinates sufficient autonomy to further the institutional goals. He indicated operations could not have a top down structure anymore - but rather, a team of teams with distributed knowledge is needed.


The conference itself had three tracks - Threat Exposure Management (TEM), Incident Detection & Response (IDR) and Research.  There’s too much to cover in each track so I’ll only be hitting some of the highlights from my perspective.


In the IDR track, I was drawn to “An Analytic Response to Advanced Threats & Malware (Threat Hunting)” by Tim Stiller.  Threat Hunting is assuming that there has been or there is an ongoing intrusion or malicious activity, then looking for signs of the activity by searching for anomalies.  Tim spoke about three components: User, Host, & Processes (“UHP”) and needing to know their normal states so that anomalies stand out.  Example considerations for each respective domain are:


USERS - What users are on the network? What are “normal” login dates, times, locations, etc?

HOSTS - What hosts are they accessing?  How often are these hosts accessed?

PROCESSES - What processes are users running on those hosts? How often are these processes accessed?


Using the UHP model, Tim took us through an example event where a user was logging in from outside of the United States for the first time.  While this event in and of itself would raise the profile of the event, the Incident Response team would look at the Hosts being accessed and what kind of Processes and the classification of data being accessed.  In other words, UHP looks at the totality of the event and does not rely on one factor for Incident Response reaction to an event.


In the Research track, Katie Moussouris’ “When Bug Bounties Attack!” was a cautionary but ultimately encouraging

discussion of the considerations and preparations needed before participating in a bug bounty program. Katie discussed the three categories of preparedness for companies: Basic, Advanced and Expert.  Some of the characteristics Katie indicated exhibited by each stage of preparedness are below.


BASIC - Executive support at a minimum is needed, with a defined method to receive vulnerability reports, and an established internal bug database to track fixes to resolution.  This group has the ability to receive vulnerability reports in a verifiable format (webpage or signed email).  Incentives which might be appropriate at this level: SWAG, with a promise of no legal action for bug bounty submitters.


ADVANCED -  This stage has an established policy and process for addressing vulnerabilities according to ISO29147 and ISO30111, with dedicated security tracking.  Tailored, repeatable communications strategy for each audience, including partners, customers and media.  At this level, organizations use root cause analysis to feed into their software development lifecycle.  Incentives which might be appropriate at this level: Organization actually pays for serious vulnerabilities.


EXPERT - This group uses vulnerabilities and root cause analysis, ISO 27034 as well as the characteristics of the Advanced group.  They have structured information sharing programs with coordinated distribution of remediation methods.  For example, Microsoft has a partner network with antivirus members to notify them of patches and bug signatures.  Real time tracking telemetry of active development is evident.  An understanding of their adversaries and the ability to create a disruptive market for them for bug purchases.  At this level to keep your developers, don't create perverse incentives by overpaying for bounties.


For the closing keynote, Chris Nickerson waxed philosophical about leadership, freedom of choice, and recognizing one’s own influence and attitude on how one handles difficult situations. 


Regarding influencing one's own attitude towards an unpleasant situation, Chris gave the example of taking a walk thru a torrential rainstorm with a friend who was getting increasingly agitated at getting soaked.  Instead of lecturing his friend to lighten up, Chris simply asked him ‘Is it the rain that’s hurting you and making you mad, or is it just you?’.  On the topic of leadership, Chris emphasized that the purpose of the powerful is to give power to the powerless.  This means that leaders should allow subordinates to take information, digest and then have the freedom to choose the corresponding action, without being “bullied” into a decision by datasets or co-workers.  Chris called it “decisions vs. freedom of choice”, where leaders should empower co-workers to make decisions counter to possibly bad data.


The above is just a small sliver of the presentations and topics offered at UNITED Summit.  I’ve helped organize various conferences across the U.S. and can appreciate the hard work that goes into ensuring an event has great content, opportunities to network (“hallwaycon”) and runs smoothly. UNITED Summit does a great job in all of these aspects.


Mike Perez is an Implementation Engineer for Cryptzone, a global provider of dynamic, context aware network, application and content security solutions and is a board member of OWASP Boston. He has experience in organizing conferences in four different states and two countries and has taught ‘Offensive Countermeasures: The Art of Active Defense’ at Black Hat Europe.



For more information on UNITED Summit, or to register for UNITED 2017, visit

This post is a Q&A with John O’Donnell, Director of Sales at Rapid7. For more information about career opportunities with Rapid7, visit



Q: What separates Rapid7 from other security or software companies in the area?

A: The diversity we have here separates us from the competition. Our teams are created by integrating people from all walks of life and then submerging them in the ever-changing and exciting cybersecurity industry. The belief is that you will change your career five times in life and once you move into your second career your goals often shift to loftier financial goals. However, without the proper experience it can be hard to make that transition and achieve those goals. Rather than focusing on direct experience, Rapid7 has created a work environment where people create a mosaic. So no matter what dream you were following before, we help our employees grow together to create success together.


Unlike other companies that are challenged by slower growth, Rapid7 has more opportunities for its employees to grow and further their careers. We have a 90 percent promotion rate from the Business Development Representative (BDR) program to Account Executive roles and are proud to say that nine out of 10 current managers started as either an AE or in the BDR program.


Q: What kind of advantage can someone expect to have starting in Q4 or the end of the year at Rapid7?

A: By starting in Q4, you can be in a position to ramp up more quickly and experience more volume of activity during the busiest time of the year. While some may be reluctant to start at the end of the year because of the anticipated learning curve, by starting in Q4 you have the opportunity to hit the ground running, go through the enablement program and be part of the excitement during a peak time of year. Essentially, you’ll be able to shadow and align with peer members of the Rapid7 sales team and collaborate on many opportunities as businesses close out the year and finalize their investment in cybersecurity software.


Additionally, you’ll get more exposure as the team builds out the strategy and sets goals for the new year. This will allow you to understand the expectations for Q1 while also having gone through training and being exposed to the busier time of year. By the time you attend the global sales kickoff in Q1, you’re already trained and have the opportunity to make the most of a full year. By investing your time to training during Q4 you’re really investing in your career and creating the opportunity to have a significant financial impact at the end of the sales year. The possibility of something happening (like a bonus or a deal coming in) could have someone waiting forever, but there comes a time when you need to close the door, open a new window and look forward.


Q: What can a new Account Executive expect during the initial ramp up period?

A: The enablement program at Rapid7 is split into a few weeks of training. The first two weeks are classroom training where Rapid7 specialists from other departments give lessons that focus on sales methodology to product line information to the overall competitive and industry market. The next few weeks are meant to expand on the classroom training by focusing on heavy collaboration and role playing to get comfortable speaking to products and services. The final two weeks are spent getting involved in day to day tasks with managers, directors and team leads. However, training is ongoing at Rapid7 with leaders providing industry updates, marketplace trends and skills sharing.


Q: How does Rapid7 support new AE's to help ensure success?

A: In addition to ongoing enablement and training, each new hire is assigned a mentor – someone that’s separate from the enablement team, manager or director. Your mentor will meet with you throughout the day and have an end of day meeting to review overall successes, challenges and outlook for the next day. Outside of the daily mentor meetings, there are scheduled one-on-one meetings with managers or team leads for coaching sessions as well as regular team meetings to talk through successes and challenges. Because we focus on getting new AEs ramped up quickly and efficiently, most new hires are able to close their first deal within 60 days.


Q: How are territories broken out for new AE's and what does a typical day look like?

A: We’ve developed a scoring system to make sure territories are properly defined based on the number of prospects and past experiences with Rapid7. Territories can be entire states or cities within, but the scoring metric makes it fair for all team members. On a typical day, the team starts with either a team meeting, training or industry perspective during the morning session. After that, the team goes into reviews with security engineers for meetings or calls scheduled for the day. The rest of the day consists of following up with current customers, prospects and opportunities they are currently engaged. The focus is to help our clients understand the technology, industry and making sure they are comfortable with creating a meaningful partnership with Rapid7.


Q: What attributes do the top performing AE's at Rapid7 have?

A: Our top performers have an entrepreneur mentality and approach their territory as their own individual business within Rapid7. The most successful people here get submerged within the security community. They attend networking events and focus on understanding the industry to provide clients with cutting edge insight on what the bad guys are doing to influence the space and how Rapid7 technology and services can provide value to their business. The top performers are the true definition of a rock star: they are able to perform, have a huge fan base and their dedication and passion to keep that fan base happy is second to none.


In my opinion, the most successful AEs at Rapid7 have the drive not to fail. They are passionate about their career and their lifestyle. They are looking to work hard and have the understanding that through that hard work they will advance their career and achieve their goals.


Building personalized and exceptional customer experiences

At Rapid7, we strive to give you, our customers, a personalized and exceptional experience every time you interact with our organization, our products, and our services. This is what we refer to as the "Customer Experience". In order to clarify what this term means, Don Peppers from the Peppers & Rogers Group defines the Customer Experience as “the totality of a customer’s individual interactions with a brand, over time”.


We are all customers
In our daily lives, we are all customers. We would all like our experiences with every organization to be personalized, seamless, and exceptional. Yet, whenever we interact with an organization, I am sure that most of us have felt that we are interacting with many organizations in one, and that the right hand has never even met the left hand, let alone that they do not speak to each other. That’s a difficult obstacle for any organization to overcome, as each organization has many different individual employees interacting with many different individual customers. The downside for all of us is that we, as customers, have to deal with less than exceptional experiences.

Meanwhile, at Rapid7….

…while we strive to provide exceptional experiences, we know that we are not perfect. So, what are we doing about it? A lot actually! The first step is to define a strategy, so we have a vision and we know where to focus. Our strategy consisted of mapping out our customer’s end-to-end journey, initially at a high-level in the form of a Customer Experience (CX) Framework.


The model defined the start of the journey, namely where potential customers become aware of, and start initial engagement with Rapid7, our products and our services. Following this, the majority become actual customer’s where they start to use our products and services, and finally they evolve as customers. The latter, might be using multiple products together, or using our products and managed security services at the same time to ensure they are as secure as possible.


CX Framework 2.jpeg

Customer Experience Framework


Now that we had a high-level framework in place, the next step was to get a little more granular, and figure out what the touch points were within each of the AWARE, ENGAGE, USE, and EVOLVE phases of the journey. We mapped these out as:


TouchPoints2.jpegCustomer Experience Touch Points


Discovering experiences

With a CX framework and associated touch points in place, the next step is to find out what our customers experiences are. If customers’ interactions with a specific touch point is great, we want to make sure that does not change; if interactions could be improved, we want to make it much better.


The UX team found that the best way to discover our customers’ experiences was to collaborate with Evan Jacobs, Rapid7’s Senior Manager of Customer Marketing & Advocacy. Evan runs the Customer Voice program, which ensures that customers have a say in our product roadmaps. While this is a wonderful opportunity for our customers to let us know about the features and functionality that they want to see in our products, it is also a wonderful opportunity for us to learn more about our customers’ experiences.

UX Focus Groups

Some of the recent ways that Evan and the UX team collaborated to learn more about our customers’ experiences was by holding a series of focus groups. At UNITED, Rapid7’s annual customer conference, the User Experience team ran two focus groups. One of the focus groups looked at customers’ experiences around Nexpose Now, and how we can make that an even better experience. The other focus group concentrated on the end-to-end customer experience, whereby customers marked out which touch points they interacted with using the map above, and told us about those experiences.


UNITED focus groups.png

UNITED UX Focus Group


The UX team, as well as representatives from Product Management and Product Strategy, learned a lot about how customers’ journeys, what worked well, and what could be better. For example, customer’s mentioned that overall they were really happy with Rapid7’s Customer Success and Customer Support teams are one of big differentiators in our favor. We also learned that reporting from our products could be better. Some reports, such as the Top Remediation report, were really helpful in making our customers successful as it allowed them to prioritize on fixing the vulnerabilities that made the biggest impact on their organization’s security posture. Other reports, however, need more customization before they could truly be deemed useful.

Local User Groups

In addition to the focus groups at UNITED, we also holding local user groups. Within the past few days, we met with customers in Washington DC. Prior to that we met up with customers in Cambridge, Massachusetts and in New York City. Several other user groups are being planned across the US and Europe. Looking at the combined results of what we learn allows us to see patterns. This, in turn, allows us to deep dive on specific areas of the customer journey.


DC user group.jpg
DC user group



NYC User Group2.jpeg

NYC user group


We find that the user groups are not only a place for us to learn about customers’ experiences they are also beneficial for our customers, as have an opportunity to have a peer-to-peer discussion with other security professionals. Our customers also get to hear about the latest features and functionality in the product roadmap, so they can influence the development of those features prior to release.


Want 'in'?

The best way to participate and to have your say, which will help us to build our products your way and to ensure you have the best experience possible with Rapid7, is to become part of the Customer Voice program. It just takes a few seconds to sign up, and the benefits will far out weight those few seconds! We look forward to speaking with you soon about your feature and functionality requests and about your experiences with Rapid7!


Thank you for reading!

Ger Joyce
Sr. User Experience Researcher



In November of 2013, I got an email from a Rapid7 Talent Scout saying she thought I’d be a great fit for a “unique opportunity” they had.  It had many of the same elements as other recruiting emails you receive and promptly ignore. I didn’t ignore it, however, despite the fact that I actually loved my current job, boss, and co-workers.


Maybe it’s because her email was well-written and hinted at something big that was coming soon from Rapid7 (but forced me to take a call with her learn more).  Maybe it’s because, working in Boston, I knew Rapid7 was always ranked as a “Top Place to Work” every year.  Maybe it’s because, working in the cybersecurity industry for many years, I knew Rapid7 was the rare combination of well-established but still enjoying hyper-growth – and considered one of the “cool kids” in a cybersecurity market that’s exploding (projected to be $170b by 2020).


I’m not sure of the exact reason why I took the initial call to learn more, but I can tell you exactly why I took the job; I’ve never met so many smart, competitive, well-qualified, and fun-loving leaders as I did during my interview process.


The fact that I was going to be on the team that would become the tip of the spear for the most important thing Rapid7 was working on – entering a new market within security which is projected to become 60% of the average company’s security spend – was icing on the cake.


Three years later, we’re a real force in this critical emerging market within cybersecurity – Incident Detection and Response.  We’re already seeing massive growth, yet we’ve only begun.  The plan is to build on our early successes and amplify it, in large part by making major investments in people.


How often do you find a startup that’s growing within an extremely well-funded and established company? Somewhere between hardly ever and never. Enjoying the benefits of startup culture and earnings without the risk is rare indeed.

If you want to be a part of this truly “unique opportunity,” please feel free to reach out to me!


Ready to learn more now?  Visit our careers page to check out opportunities now and be sure to check out the video below.