Skip navigation
All Places > Rapid7 News > Blog > Tags events
1 2 3 Previous Next

Rapid7 News

108 Posts tagged with the events tag

UNITED 2016 will feature several pre-conference activities. So if you can’t spend a full day in one of our training sessions, consider an intensive instead.


Just what are these “intensives” you speak of?

Intensive sessions are 3 hours long, highly interactive, and come at no additional cost to your UNITED registration. They provide a chance to learn from top security experts as they dig into a specific topic. Class size is capped at a small number, to maximize time with the instructor, and you’ll get 3 CPE credits for attending.


What topics will be covered?

You can choose one of the following four sessions (full descriptions available on the website):

  1. Planning, Building and Testing an IDR Program
  2. Leveraging Custom Content
  3. Incident Response and the Enterprise Investigator
  4. Risk Analysis in the Trenches


How is it different from a training session?

Both trainings and intensives pair you with experts for a security deep dive. The difference is that intensives are much shorter – just 3 hours – and free of cost.


I’m in! What do I do?

Awesome, but you’ll want to act fast, since space is limited. Start by registering for UNITED via the website; as part of registration, you’ll be asked to select an intensive. (Note that in order to do this, you will not be able to register for any trainings.)

When you think about fall in New England, the visions that should flow through your head are gorgeous foliage, cool autumn nights... and the evolution of incident detection and response technology. That’s right, it’s time we start talking about UNITED 2016, Rapid7’s annual user conference held in Boston (this year it’s November 1-3).


This UNITED, we have a major initiative to help you cut through the industry noise, acronyms, and buzzwords around IDR. That is why this year’s IDR track will combine what we’ve learned from our red and blue teams, Rapid7 research, and technology in tangible stories and techniques you can bring back to home base.



A slice of what you can expect:

  • Free access to a 3-hour intensive: Planning, Building, and Testing an IDR Program. Led by Wade Woolwine and Jordan Rogers, this covers the groundwork for fast action before a breach occurs by planning an efficient and coordinated response.
  • Tales from the Cloak: A combination of our Pen Testing and Incident Response teams will analyze their engagements – what themes are they seeing? How does this impact you today?
  • Data Science: Rapid7 research findings and our progress in detecting threats never before seen in the wild
  • The Insight Platform: Rapid7’s vision for Incident Detection and Response, sharing the attacks we’ve caught that other security stacks…didn’t.


We’ll touch on the top attack vectors behind breaches: compromised credentials, malware, and phishing, and the latest developments in detecting them today. UNITED 2016 is a time for all of us to refresh, inspire, and collaborate with the rest of the Rapid7 family.


Now that you know what to expect, tell me what do you want? What do you need? Is there a topic you’d like to hear more about? Now is the time to let us know, because UNITED is your event!


Join us – registration details & more here.


The first ever Rapid7 User Group is coming to Boston! On May 19th, we're bringing together Rapid7 customers from the Boston area to give them a chance to connect with local peers and members of the Rapid7 products, engineering, user experience, and integrations teams - for free!


Attendees will learn about product and security tips and tricks, and the latest and greatest features in Nexpose. They'll also get the chance to discuss challenges and network with like-minded peers throughout a full afternoon of learning and discussions.


Local to Boston? Space is limited - learn more and reserve your spot now!

Not in the area? Keep an eye out for more user groups like this one in the coming months!

Rachel Round


Posted by Rachel Round Employee Apr 1, 2016

Have you been wondering about the theme for UNITED 2016? Well, for those of you who’ve been on the edge of your seats (and didn’t pick up on it from the title of this blog post), the theme of this year’s conference is EMPOWERED. Cue thunderous applause!


You should probably be as excited as this guy:



In all seriousness, while conference themes may not exactly have you waiting with bated breath, at Rapid7 we’ve put a lot of thought into how attendees can get the most out of UNITED. Our goal is to make every keynote, breakout, and panel session count, by providing actionable content that instills confidence – so that you walk away feeling motivated and inspired (dare I say….empowered??) to take security to the next level.


Check out the website, where you can register for the conference and also view the agenda, which will be live in the coming weeks:

Our customer conference, UNITED, will be jam-packed with trainings, keynotes, networking events, and breakout sessions designed to help security professionals be more confident in their daily jobs. Registration is open! Sign up by March 31 and you’ll qualify for the early bird special.


Not sure whether UNITED is for you? Don’t take our word for it – here’s what some of our customers have to say (click the image to be redirected to YouTube):

YouTube screengrab.JPGUNITED 2016 will take place in Boston and run October 31 to November 2. Check back for more updates in the coming weeks as we announce the theme, agenda, keynote speakers, and more! In the meantime, if you have a topic that you think would be of interest, feel free to propose a talk via the CFP.

The memory is a fickle beast. Perhaps this past RSA Conference was my 14th, or my 8th, or 7th…hmmm, they often run together. In truth this Conference has become such an ingrained part of my life that my wife often jokes about becoming a “RSA Widow” the week of the conference, and then dealing with my “RSAFLU” the next week. Well this year was different team, this year SHE got sick upon my return, along with two of the kids. Oh karma, that was just deserved. And while the fridge is now full of Tamiflu, the thoughts of RSA have been locked up in a very full brain.


Much like a house filled with feverish deep coughs, the RSA Conference was also brimming with deafening noise. It was if the Moscone decided to pipe in a sound machine, if a sound machine shouted intermittently at you:


“User Behavior Analytics”

“machine data analytics”

“Turbocharge your SOC”

“The perimeter is dead”

“The perimeter is alive”

“SIEM is dead”

“SIEM is alive”

“SIEM integration IDR powered by analytics and machine learning”


Listen, after nearly two decades doing security marketing my empathy engine is high for what we are all facing right now, it’s hard to break through the noise. Although the security marketing community often rests on their laurels (more in a future post) they are working very hard to provide the folks walking that floor with knowledge, not simply about the latest product, but research that can fuel their program, use cases to tailor their teams, and of course MatchBox cars to take home to their children (won my vote for best give-away).


That was certainly true with the Rapid7 presence, but first a bit of industry perspective.


Where Security Is Going in 2016

The amount of opinions circulating the floor of RSA on the direction of security is as abundant and colorful as the buses that routinely just missed running me over each morning during my walk from Fisherman’s Wharf to the Moscone. Talking to the analyst community however you do sense some prevailing themes. Some of which seemed to percolate after leaving the show floor.


Meeting with folks from Gartner, Forrester, IDC, Frost & Sullivan and even the team at the Center for Internet Security (CIS) a few common themes rose to the top:


Behavioral analytics will drive iterative intelligence

This is not a new theme per say, certainly not for us having been a leader in user behavior analytics for a few years, but there is more emphasis. You have all this data now at your fingertips, the real challenge is figuring out what one of my old colleagues would call ‘the right data right’ methodology, and doing it in a way where your security team doesn’t need to actually be doing that data munging to get results.


Not much on IOT

Going into RSA, if you could bet on such things, I would have guessed this to be the biggest buzzword. Fortunately it wasn’t, mainly because teams are still trying to digest things like IDR and EDR…they don’t need another acronym just yet. Sure this is a sexy story and we have some awesome research in this realm, but businesses are still focused on implementing a true IR program.


Identity is the new perimeter

A constant theme through many demos and sessions was the fact that identity is now the new perimeter. Hmmmm, sounds familiar. Oh right, it is familiar, just coming up time and again because of the bifurcation of entry points.


Policy drives business

One of the great aspects of RSA growing is the number of folks coming in from overseas. When you speak to the companies doing business mainly in the EU, one topic came up time and time again: The upcoming GDPR (EU) privacy policy that will dramatically impact all of our businesses. Heads up, there is a two-year grace period upon enactment, but it’s time to focus on how you will comply.


Does this sh*t work…for me?

After the event Anton Chuvakin had a great post with his musings around the conference, and I’ll just use his exact words from the beginning of his post:

A lot of the tools firmly target the “security 1%-ers”, NOT the mainstream. They can only be utilized by people with large, experienced teams that already operate a lot of security products, even if the vendor is subtly inclined to make the opposite impression. This is fine, of course, but where does it leave the rest of the organiztions? In “firewalls + SSL [+ AV]” world?


Very, very few of the vendors seem to be bothered to think of “Does this shit work and is it cost effective?!!”, especially compared to all the other stuff you can buy.


In my mind this hits on a lot of the SIEM talk over the recent months. It's NOT about whether SIEM is dead or not, and if that is the way you are messaging you aren't listening to your customers. What it is about is providing companies for what they are asking for, and that's not only the traditional log search and compliance capabilities of a SIEM, but also the incident detection & response the should come from the ability to analyze that data (and more). My colleague Matt hit on this eloquently last year in his post "Whether or not SIEM Died, The Problems Remain".


More folks have been sharing their thoughts as they emerge from the RSAFLU, so list yours or your favorite in the comments.




Finally, what were we up to at RSA?


This was my inaugural journey with the Rapid7 team at RSA, and it was a doozy. Not only where we showing off our InsightIDR solution for incident detection and response, but we of course had demos of Nexpose, Metasploit, and AppSpider. Our journey as a business is at an exciting moment as we see our products and our Insight Platform providing companies with solutions that come together to bring them confidence and control that they not only can see the vulns and detect the incidents, but take complete action to move the needle of risk and exposure.


Our team was not only slinging research, demos, and even a customer use case in the booth, we were also speaking on stage throughout the event:


  • Magen Wu, Hackers Hiring Hackers—How to Do Things Better
  • Tod Beardsley, Makers vs. Breaker: On Exploit Development and Software Engineering
  • Rebekah Brown, What Has Your Threat Intelligence Done For You Lately?*
  • Jen Ellis, Security Thunderdome Debate! Tough Topics Edition


BSides San Francisco

  • Matthew Hathaway, Reverse Engineering the Wetware: Understanding Human Behavior to Improve Information


Security CERT Vendor Conference

  • Jen Ellis, Security Researcher Perspectives


And some of those same people found the time to get themselves on television, sly @TodB.


And no Rapid7@RSA recap could be complete without mention our annual RSA party. For years I’ve attended as a guest, and it was once again a fantastic gathering of our friends in this community, not to mention a surprise appearance from old school rap greats ‘The Sugar Hill Gang”. Leaving you with a photo from that great night and let us know your thoughts on RSA overall.




- @kyleflaherty

Last year was the first year we had a number of Rapid7 folks formally speaking at South-by-SouthWest (SXSW), the massive tech/music/culture conference in Austin, TX. Both Nick Percoco and Jay Radcliffe were official presenters and delivered phenomenal talks, which you can read about here in a blog from last year.


We had such a great experience last year, that we wanted to do it again—and to our delight, SXSW invited us back! In fact, several members of Team Rapid7 will be making official presentations about infosec, IoT, and the many other fascinating challenges our industry faces at SXSW this weekend. So if you are a SXSW badge holder and want to hear more, don't miss these sessions:


Internet of Things: Just Someone Else's Computer? — panel includes Jen Ellis (@infosecjen), VP Community & Public Affairs

Friday, March 11, 5 - 6pm, JW Marriott Salon 5

Follow the conversation online with the hashtag #whoownsit

The Internet of Things not only enables new technological possibilities; it forces us to confront and upend assumptions we have about our devices, our property, and our persons.

Embedding networked computers in a wider range of objects--not just tablets and phones, but cars, wearables, medical devices, appliances, and homes--generates data about consumers, and gives control over how the devices work and the data they generate to people outside the consumer's home.

Our laws and behaviors are built around personal control of personal property. But now that those devices are "smart," they can have "loyalties" to people other than their owners, in their code and in the law.


Cyber Survival for Startups and Entrepreneurs — Nick Percoco (@c7five), VP Strategic Services

Sunday March 13, 12:30 - 1:30pm, Hilton Austin Downtown, Room 400-402

Follow the conversation online with the hashtag #SXSWCyber

Developing great technology ideas, building your MVP and raising capital comes easy for many tech entrepreneurs launching their "next big thing". Unfortunately, as many organizations find out, attackers always seem to have the upper hand against startups with limited resources and no dedicated security staff to protect them. This session will dive into the world of cyber crime with early stage companies as the focus. We'll discuss the various types of adversaries you're likely to face, how they will attack, and what they will steal along with innovative techniques you can immediately use to defend yourself and your startup from an event that can quickly result in an exit of the wrong type.



An Internet of Junk — Tod Beardsley (@todb), Security Research Manager

Sunday, March 13 - 3:30 - 4:30pm, Austin Convention Center room 9ABC

Follow the conversation with the Twitter hashstag #IoTsec

The Internet of Things continues to invade our lives, encasing us in cocoons of interconnected touchscreens and LEDs. Despite appearances, all of these devices are sophisticated, general-purpose computers, and as such, come under the scrutiny of security researchers.

This talk will address the growing "Internet of Junk," a metastasizing mass of unpatched computers on public and private networks, and examine the "anti-patterns" demonstrated around today's vulnerability handling practices for all sorts of embedded devices.


In addition to these great presentations, on Saturday, March 12, Kyle Flaherty (@kyleflaherty), our VP of Solutions Marketing, will be speaking at the Movers & Shakers Summit at Stubb's BBQ, starting at 10am. It is an invite-only event, but you can request more information and RSVP here: W2O Group SXSW 2016 Movers & Shapers Forum Tickets, Sat, Mar 12, 2016 at 10:00 AM | Eventbrite

allaboard.jpgIf you think about the goal of the interview process, it’s about getting to a point somewhere down the road where both sides (candidate and company hiring) can say “this works for me,” and then come to an agreement of terms. That’s it, boiled down to its most simple form. And not unlike many Talent Acquisition leaders, I’ve been spending a lot of time thinking about how to make that simplest form come to life for the majority of our interactions while keeping quality high.


It’s easier said than done.


In the case of Rapid7, we focus more on cultural fit than specific skills, which can take some time to get right. We look for super smart, good attitude/high aptitude, focused, collaborative listeners who connect with our core values and we challenge them daily and move quickly – sugar coat this and you can end up with people who don’t fit or worse yet, are caught off guard after starting and realize they’ve made the wrong choice. DISASTER. We’re doing better in this process and continue to look for the right balance, but decided the time try something new was now.


(Image above shows the café before everyone showed up – out of respect for our guests’ privacy, we didn’t want to post photos during the event.)


Why not just throw it all out there and see who engages?

Okay, that’s a little bit dramatic, but it does describe our thinking for the Employee Referral and Networking night, which we had at our Boston office on August 12 – an event all about honesty, conversation, feedback and direct sharing but without the pressure of an interview. Don’t be mistaken – you hear some of the terms above, and no doubt an interview comes to mind; however, the event was meant to be anything but that and done so quite deliberately.


From the start, participants from the Rapid7 side understood that there was to be no mention of specific roles unless our guest requested, the focus of the interactions was to be driven by what our guests deemed to be important (if that meant jobs, then so be it). Also, if we didn’t have the answer, we tracked down someone who did — no bullshitting.


In addition, the questions from our speaker panel were meant to share personal stories about how certain leaders connected with the organization and what they did to help others (hires within their org) connect in their own unique way.


In my view there are 3 keys to a successful networking event for those of us on the recruiting side:


  1. No BS: Your guests are in process or considering a career move and want information – do whatever you can to provide that information, address concerns, and above all be honest about opportunities in your organization's overall offering.
  2. Hold on the pushy recruiter routine: There is a time to gather hot buttons and push hard for a close. The Networking event is not it. Recruiters should be facilitators, troubleshooters, seen but heard less than others from the organization who are in attendance. Your time will come – sit back for a bit
  3. Lead with your most important resources: Employees with a particularly strong social presence? Industry leader? Leading work that resonates with your target audience – build the event around them, get them sharing their story, get others their with perspectives on their story.


I personally learned a lot from holding this event.

First, our employees – free of specific talking points and jobs to sell — embraced the opportunity to have a few drinks and chat about their roles, what it is about Rapid7 that they have stuck around for, and most importantly, their view of the talent needed to take this organization forward.

Second, our guests shared that the bare minimum of presentations and a formal agenda allowed them to engage as they wished worked for them.

We missed an opportunity in not providing a tour of the site – we were trying to be respectful of those working during the event, and this represents a lost opportunity. Next time, we’ll start later and offer tours.

Otherwise, overall it was an event with good food, great beer, better conversations — all in an attempt to try something different.