Skip navigation
All Places > Rapid7 News > Blog > Tags new-hires
1 2 3 Previous Next

Rapid7 News

108 Posts tagged with the new-hires tag
Bob Rudis

Why I'm Joining Rapid7

Posted by Bob Rudis Employee Nov 23, 2015

I am admittedly reticent to talk about myself, as I try to let my actions and accomplishments speak louder than any boisterous cacophony. However, this really isn’t about me, it’s about being able to work with an outstanding team of professionals who truly want to make a huge difference in the world of cybersecurity and make it harder than ever for our adversaries to achieve their goals.


For those who do not know me, I have a multi-decade background helping enterprises manage risk and defend against cybercriminals and am co-author of the book Data-Driven Security. I’m also on the Board of Directors for the Society of Information Risk Analysts and the Advisory Board for SANS Securing the Human. Most recently, I’ve been leading the team that produces the annual Verizon Data Breach Investigations Report.


It’s About the Future

But, this also isn’t really about the past, it’s about the future.


When I had the opportunity to hear the vision that Corey, Tas, HD and (really) the entire Rapid7 organization has for the company I knew I had to be a part of it. Since its founding back in 2000, Rapid7 has repeatedly demonstrated both a commitment and capability to craft security data and analytics solutions that help organizations of all shapes and sizes reduce risk and detect, thwart and—when necessary—recover from cyberattacks.


As I learned more about our mission to infuse even greater data-driven capabilities into our tools and services, the possibilities for success seemed almost endless.


It’s About the Company

By “company,” I mean the collection of individuals that come together to make Rapid7 what it is. I personally know many outstanding individuals who work at Rapid7 and have seen their passion for what they do every day. Their excitement and commitment to excellence was just too compelling to stay away any longer.


It’s About the Challenge

I am a firm believer that the principles, tools and techniques of “data science” are the critical components in our quest to turn the tide on our attackers. Rapid7 already applies tested, foundational security analytics practices in our solutions. My goal is to use the wealth of rich data sources (it truly is staggering) and keen security domain and engineering knowledge that exists across the entire organization to enhance existing capabilities in our current offerings and develop new, innovative (and, dare I say revolutionary) data-driven products and services that I know will raise the bar for the entire industry.


It’s About You

I have always been extremely impressed with Rapid7’s commitment to the community. Not just the community of customers, but the cybersecurity community writ large, with our support of conferences; our continual development and distribution of open source tools/data; and, our vocal support and demonstrated actions to ensure researchers have the freedom and tools to help us defend our organizations without encumbrance.


As we discover and develop new security data science capabilities, we’ll also be sharing these innovations with the community, enabling you to continue to meet the challenges that come with defending organizations in this complex and challenging world.


So, why did I join Rapid7? I joined it because our vision matches my passion, our team is absolutely outstanding and our commitment is as strong as our capabilities.


- @hrbrmstr

How I Got Here

     Hey there! My name is Mo. I'm currently an intern here at Rapid7 working in the Austin office as part of the Metasploit team. If you came here expecting a deep understanding of Metasploit, this blog post isn't the right place. If you ARE interested in knowing what it's like to being a small town college student working at a leading firm in security engineering, then keep reading!

     Everyone used to tell me that every mistake and failure was a push in the right direction, but that was pretty hard to believe when you're two weeks away from graduating college and you still don't have the faintest clue as to the next step.

     I had been applying to positions since January of this year. One interviewer had told me that my passion was overwhelming and that I'd quickly bore in the position, another said my experience was impressive but not what they were looking for, and the one place where I did have a chance closed the position before I was able to assume the role. It was almost as every unsuccessful application and interview was another step on the journey down the road of misadventure.

     I was at the end of my rope when I had heard from various places about an opening at a place called Rapid7. They were looking for someone with a knack for security and some Ruby experience, so I figured why not. I had a love for security and a growing interest in ruby among other programming languages, so I figured I'd reach out via Reddit (yes, you read that correctly). At first, the recruiter had told me that same thing I had heard countless times — I was "too green" and inexperienced for the opening, however there was an internship opportunity available at the company. Although I was a little scared knowing all internships end, I realized I needed some experience and figured I could learn a few things. So I tightened up my resume and submitted some code on GitHub hoping for the best but expecting the worst. A few days later, I found out I had landed an interview. Excited and nervous, I realized I couldn't interview with a company I knew nothing about. As I typed "Rapid7" in on google, I immediately saw "metasploit" come up on auto complete and suddenly realized where I had just gotten an interview — the Metasploit team (insert fanboy freakout here).

     I'm going to fast forward a bit since it's obvious as to the outcome of the interviews.

One Month Later

     I've been working as a functional member of the Metasploit team since the week I arrived. I say functional because I'm not simply gawking as the people next to me work or watching over their shoulders taking notes (which I do occassionally do) — I've been making commits and reviewing code similar to the full-timers on the project. Although I'm not at their level of productivity, I am making steady progress. Every morning at 10AM, we all get the chance to talk about what we are working on while getting some feedback from our peers. It's a great feeling, getting together in a group and talking about the cool stuff you're working on. It's even better when everyone is genuinely interested in seeing you succeed. That happens every day here at Rapid7.

     My first assignment had me doing some YARD documentation for a few of the modules in Metasploit. To all the non-believers who skip on documentation, you better get to it. As an open-source project, Metasploit is composed of thousands of modules developed by hundreds of contributors. Additionally not all people who contribute to the project stay with the project, so it's important to leave behind something comprehensive that other people understand. While it doesn't sound exciting, writing the documentation was a more involving task than meets the eye. In order to see how certain parts of the module worked, I had to test them individually. This gave me a great opportunity to see how everything in Metasploit interacted with each each other. It also served as a great way to get my mind thinking in Ruby again. Here's a link to the pull requests for the YARD docs if you're into that kind of thing:

YARD Documentation for Fuzzer.rb by MSadek-r7 · Pull Request #5599 · rapid7/metasploit-framework · GitHub

YARD Documentation for EXE.rb by MSadek-r7 · Pull Request #5615 · rapid7/metasploit-framework · GitHub

     This month I've been able to get my feet wet and hands dirty doing some bug fixes and adding some features to Metasploit. My second week had me looking at problems in different languages like Python and PHP — I even got to land my first pull request. That basically means I got to add something to the Metasploit framework which is being used by the world's leading security experts. Here’s the link:

Land #5632, mozilla_reduceright nil fix · rapid7/metasploit-framework@1c5abec · GitHub

     Pretty sweet. I’ve also had the chance to dedicate some time and learn some new stuff. Wei "_sinn3r" Chen, one of the exploit developers on the Metasploit team, gave me a crash course on assembly, debuggers, and exploit development. Essentially, we used a known vulnerability in an old, FTP client for Windows XP and used a debugger to follow the program in execution. this allowed monitor the vulnerable process and create an attack tailored to its weakness. I should also note that neither of these weeks would be possible without Git. Half of my first week was solely devoted to setting up and fine-tuning my Metasploit development environment while my second week was more about using Git and GitHub properly.

Where I Am Now

     Well I'm still alive and kicking. Despite what I've been told on the Metasploit IRC channel, no one has tried bugging my computer( to my knowledge). The guys here have been pretty welcoming to me here at Rapid7 and have given me the opportunity to learn outside of the work environment. I was able to give a lightning talk at an AHA! meeting about research I had previously done in school and have been going to other group meetups where members of our team give their own talks.  It's encouraging to see that so many members of the team are still very involved with giving back to the local community as well as the open source community. Although I am a bit shy when it comes to participating in the IRC channels, I've been opening up more and will be doing more to help out and exude more presence in the community.  

      I've also been assigned my own independent project to work on during my time here as well. This is probably most exciting since I won't just be able to say I got to work at Rapid7, but I'll have something with my name on it to prove that my time here was not only valuable to me, but the the company as well.

     These descriptions don't even begin to tap the surface on many of the individual side lessons I've gotten from other colleagues in the office, including the importance of locking your workstation before walking away from it. I'll try and list a few of them now just to give you an idea of my experiences so far. I've been able to:

  • Learn the basics behind encryption and key signing
  • Discover new Metasploit utilities I didn't know existed (and some that don't...yet)
  • Meet highly regarded professionals in the InfoSec community
  • Ask EVERYONE questions about ANYTHING ( i.e is egyp7 really egyptian )
  • Be mindblown by all the snacks in the kitchen
  • Experience donutting secondhand**

**Donutting is a ritual where a silly victim leaves their unlocked computer unattended, which is then used by someone in the vicinity to send a mass email to the office promising donuts. Promises are taken very seriously at Rapid7, as are donuts.

In Summary

So If you're one of those people who saw the beginning of this post and was like "No, why do interns talk so much", this is for you. It took me 67 failures to get the one success that made the entire journey worth it. I get to learn about and work on a product that is making waves in the security community with some of the most intelligent and talented people I know (and don't know). Best part is that all these people care about what they do and push each other to their own limits. Sure, I've had to dodge a nerf dart or two and I may have to lock my computer in fear of being a victim of the donut, but overall I'm having a great time on this team and at this company.

This blog post is long overdue as I joined Rapid7 in November 2014 and immediately started plugging away at building new services and augmenting customers’ capabilities to perform effective threat detection and incident response.


Before getting into the seemingly never ending reasons why I decided to join Rapid7, understanding my background will help understand some key motivations. For the last four and a half years, I worked for Mandiant (now FireEye) in the Managed Defense business unit. I was fortunate enough to be the first full time endpoint threat analyst on staff when the organization was just spinning up in January of 2010. Through various roles in the organization including threat detection/incident response analyst, threat assessment manager (think CRM for breached customers), and manager of the operations support team I found a great deal of satisfaction in helping customers through some of the most stressful and trying times - the dreaded breach.


Prior to my time in Managed Defense, I was fortunate to land a role at Aol where my team and I were responsible for bringing application security principles into the existing SDLC. During that time, I performed a lot of community outreach, was involved with many external groups including OWASP and NoVAHackers, and generally had a blast helping Aol and the community with (at the time) emerging threats in the web application space.


The prospect of moving to Rapid7 came when my good friend (and now colleague) Josh Feinblum, VP of IT Security, connected me with Nicholas J Percoco, VP of Strategic Services. Nick and I had a number of conversations about his vision for Strategic Services and specifically in a space that I am very passionate about - threat detection and incident response. Hearing how Nick's vision included tid bits like "world-class", "customer focused", and "innovative" immediately peaked my interest and the only thing I could think about was how I could help Rapid7 and Strategic Services build these services.


Now, for some specifics...


The Team

I cannot say enough about the Strategic Services team. Every day since I've joined, this team continues to blow my mind. Whether spitballing new services with Nick, refining deliverables with Maranda, talking medical devices with Jay, philosophizing with Wim, IoT things with Mark, UserInsight with Guillaume, or the latest threats with Mike - this team is truly world class. I've had the opportunity to interact with the rest of Rapid7 and this company really understands how to close the gaps in the security space.



I have been fortunate enough to spend a great deal of time with the Rapid7 leadership team. During my interview process, I was thrilled to discuss product strategy with Lee, people strategy with Christina, and services roadmap with Mike. Since joining, I've had the opportunity to discuss threats and response with Corey and finding that the way that I think about the topic are already reflected in the highest levels of leadership at Rapid7.


Unique Opportunities

Rapid7 has given me a unique opportunity to re-think how we go about dealing with threat actors. Not only have I been given the trust to build a new and significant business line, but I also get to leverage some cutting edge thinking that has been going into the UserInsight platform for a year prior to me joining the company. It is very difficult to find the exact recipe for success for revolutionizing an entire practice, but I'm confident that Rapid7 has found the right combination.


People First

Many companies use the "people first" or "people are our most important asset" tag lines, but very few show this resolve through their actions. In the short time that I've been part of the company, I've lost count of how many times I've not only seen the concept reinforced from leadership in concept, but also in reality. Rapid7 truly understands that its greatest assets are the people who live and breath the mission, vision, and values and deliver superior products and services to their customers.


In closing, I joined Rapid7 because I truly believe in the mission and cherish the recognition that a group of smart and dedicated people can move earth and oceans to influence the direction of an entire business.


To engage in conversations, you can find me @wadew on Twitter, or Wade Woolwine on LinkedIn. I look forward to hearing from you!

Wim Remes

Why I joined Rapid7

Posted by Wim Remes Feb 13, 2015

I'll start by admitting that this blog post is a little overdue. I started at Rapid7 on December 1st of last year and I have literally hit the ground running. That's no excuse for being late but a good indicator that I have landed in the right place. I'm not the kind of person that changes jobs on a whim (no pun intended) so I'm happy to go in a bit more detail on why I joined Rapid7 and why I'm so excited about this.


I've been in this business for almost 18 years now and enjoyed doing security architecture, developing and running Managed Security Services, doing penetration testing, working as a security analyst, getting to the nitty gritty on application security ... you name it, I've done it. I've also been involved in numerous community events and initiatives: co-organizing the BruCON conference in Belgium, working on projects like PTES (the Penetration Testing Execution Standard) and being a volunteer board member at (ISC)2 for the past 3 years. You could say that I'm an idealist, hence I often think about where security in an enterprise environment should/could go and what the ways are to get there. Being able to do that with and at Rapid7 just makes it more awesome.


"Security is what we practice, but Risk is the language we choose to communicate" -- this probably describes best how I look at what I do on a daily basis. It should be no surprise that I wasn't impartial to what Nick Percoco started to build with the Strategic Services team at Rapid7 last year. When Nick agreed that it was time to bring Strategic Services to EMEA, the decision to join was not a difficult one.



The team I'm allowed to join is composed of excellent professionals all focused on helping our clients to engineer security into their critical business systems and processes. I am nothing short of impressed with the knowledge and expertise we all bring to the table and the way we share that with our clients. We have a growing team that is passionate about making our clients and each other better.



Rapid7 has been a leader in its own right for quite a while. What excites me specifically is the clear vision of our leadership team on the security industry and what Rapid7 should do. This allows the Rapid7 teams, whether they are working on products or delivering services, to be excellent. Vision and drive is contagious, no doubt, and the foundation that Corey and his team have laid, makes me confident that we will not only be successful but also keep pushing the envelope on interesting problems our industry struggles with today.



This sounds like a negative thing, but it isn't. If there is one thing that makes me happy to wake up in the morning, it's a problem. Preferably a difficult one. Being able to attack hard problems on a daily basis keeps me challenged and on edge. Rapid7 provides an environment where I can work with like-minded people to identify and solve problems. In the first place with our clients but by extension also with and for our community and industry. What is there not to like?



I'm specifically excited to be introducing Rapid7's Strategic Security Services in this region. Unlike any other territory, security leaders in EMEA face a unique set of challenges. Whether they are rooted in complex regulatory requirements or the diversity that defines our region, I believe that our team is ready to support security executives in their battle against today's threats and to help them build efficient and reliable security programs. No matter what vertical or business they are in.


In closing, I joined Rapid7 because this endeavor matches what I am passionate about. Being able to work for an organization that shares my passion is, for me, the cornerstone of professional development and I'm beyond excited to be here for the long haul.

Jay Radcliffe

Joining the Rapid7 Team!

Posted by Jay Radcliffe Employee May 29, 2014

If I was asked to pick one word that encompasses the reason I decided to join Rapid7 as a Security Consultant and Researcher it would be community.  After seeing two of my colleagues, Trey Ford and Nick Percoco, join the ranks of Rapid7 over the last several months I knew that something special was happening, and curiosity being what it is, I started to do some research into what Rapid7 was about. Sure, there are all the wonderful technology they provide and the range of security products they offer, but having been in the industry for more than 15 years, I was looking for something that separates Rapid7 from the others, who also offer great technologies and security services.  One of the first things I discovered was a sense of community fostered within the ranks of Rapid7. Christina Luconi, who refers to herself as “Chief People Officer,” has an impressive record for creating a working environment that fosters creativity, success, and a healthy lifestyle; these are things that are important to have in a workplace,  but it can be difficult to all of them find in one place.   After talking with Trey, Nick, and others from the Calvary organization (, I knew that Rapid7 was building a healthy working community for its people and is working on reaching out in an effort to help establish this balance in the larger community of Infosec, and I wanted to be a part of this process.  Throughout the interview process, the importance of participation in conferences and events like local B-Sides gatherings was emphasized; this appealed to me, as I have a background in public speaking and love presenting at conferences, and also see these venues as opportunities to expand that sense of community and work to help establish this balancing act of work and life. Often the community and presentations take a secondary or tertiary role in a company, as such activities often present as a cost.  Conference and other presentation opportunities, however, are also the primary way that knowledge is transferred in our community, and Rapid7 is clearly supporting the growth of our community in supporting attendance and participation in these areas.  Finally, Rapid7 was very encouraging of my continued research in the area of Medical Device security and safety.  As a patient and user of this technology, making the world a safer place has become one of my passions; emerging technologies in the medical world are often ill-equipped for the dangers that the interconnected world faces, and we need spokespeople to draw attention to these dangers.  As a diabetic, who depends on these interconnected devices to live, I find myself as an advocate in this arena. It doesn’t stop there: the infosec community needs advocates of safety across this new world of embedded computers that are effecting and controlling our physical world.  I see Rapid7 wanting to support and lead the worldwide community, I see it as a place of advocacy, and as a personal community to support my endeavors. For all of these reasons, I am excited and thankful to join the team and make our world a better place. 




Today I am announcing that I have joined the Rapid7 team as Vice President of Strategic Services. This is a brand new position leading a brand new team within the company. I’ll be located in Chicago building a global practice to provide Rapid7’s clients with a new and unique set of services to enable their security executives and teams to make strategic decisions to dramatically improve the ways they solve the problems they face today and will face in the future.


I made the decision to join Rapid7 after meeting and having great discussions with the team that Corey Thomas has built. I met people who were passionate about helping their customers, who are excited about the company, and energized by the opportunity they had to drive the security market in a direction that we all want to see it go – one that is focused on building sets of solutions and services that will provide trustworthy and actionable information to the people who need it most.


To me, the most important aspects of a job are the culture and people that support it. Trey Ford ( treyford) introduced me to the Rapid7 team just a few weeks ago. He raved to me about how incredible the people were and how exited he was at being part of the team. After several phone calls and a trip to Boston, I realized that he wasn’t exaggerating. I met a team that was completely aligned in their goals and mission while extremely conscious of ensuring that the individuals on their teams enjoyed the work they do and the environment in which they work.


I am also very passionate about security community involvement. From Rapid7’s support of community events, such as the Security BSides events, to the development of Metasploit, to their efforts working to preserve security research, I am excited to be joining an organization that sees community support as a vital part of their success, not just an add-on effort.


Now comes my recruiting pitch: If you are interested in working with me and getting in on the ground floor of something very unique and exciting, please reach out. My team will be made of people who can wear multiple hats, are passionate about security, and enjoy inventing solutions to complex problems. We’ll be advising clients on strategic direction, helping them with technical issues, and also incubating solutions for Rapid7’s early adopter clients that will solve problems where no solutions exist in the security marketplace today.


The last several months I have been on a journey to understand what truly drives my interests and passion. Today, I am excited to be able to call Rapid7 home.