Supporting the Security Community - Why I Joined Rapid7

Last updated at Mon, 24 Jul 2017 15:50:16 GMT

Hey SecurityStreet!

I wanted to say hello, as I am new to the Rapid7 team - and excited to be working with you.

Three Things

• Who is this 'Trey guy'
• Why Rapid7?
• What are you doing? (… which is all I want to talk about!)

'Who?'

By way of introduction, my name is Trey Ford and I am joining the R7 team as Global Security Strategist, after serving as General Manager at Black Hat for the last two years. I will continue working on the Black Hat Review Board, and may announce a couple of other board memberships shortly.

I've had a longtime passion for the security community and a continuing aspiration to work closely with security researchers. That dream became real for me at Black Hat. Prior to that, I built an Incident Response team at Zynga, Product Management at McAfee, served in various roles at WhiteHat Security, and helped build a professional services team at FishNet Security.

Outside of work, I love food, riding motorcycles, and flying small aircraft (I finally got to fly my dad's 1964 Mooney - an accomplishment I have been working toward since 2009.)

While currently based in San Francisco, my wife and I will be relocating to Austin in early April.

Track me down on Twitter (@treyford) - let's connect and let me know how to help!

'Why?'

After leaving Black Hat I've spoken with many companies doing neat things, many of which sounded extremely attractive. Those who have chosen InfoSec have chosen well, we are in an amazing industry with a lot of opportunity. I sought a place that would feel like home, where we share a passion and mission. Black Hat gave me the honor and privilege of working closely with security researchers, and I wanted my next role to take this line of work to another level.

In the past few years, Rapid7 demonstrated commitment to those contributing to the open source Metasploit Framework. Rapid7 Labs was created, a research division headed up by HD Moore. They have released numerous research reports identifying potential areas of risk, working with CERT/CC, helping people protect themselves as much as possible. Last year, Rapid7 Labs launched Project Sonar, an open data initiative designed to help security professionals apply research findings to their own environments.

Rapid7 takes the community very seriously – hence creating my role – the team really wants to make researchers and the broader community safer. They focus on education in their research efforts, helping the public understand risk, as well as how to protect themselves, and creating free tools to assist. Their investment in security researchers is serious - Rapid7 is actively working with legal experts on creating and improving protections for security researchers; a project I look forward to joining.

All of this said, I am well aware that this work has sometimes been over-shadowed by stories about the early days of R7 sales, and I had my own experience and concerns with those perceptions. Rapid7 was one of the first firms I spoke with after departing Black Hat, and over the last seven weeks I have vetted the organization and opportunity. After a long discussion with HD, I opted to visit corporate HQ in Boston. In meeting with Corey, Kara, and the rest of the executive team, I learned about how they have evolved the business and made some amazing (non-trivial) changes.

The leadership team at Rapid7 has impressed me with their integrity. They have a heart-felt desire to engage, empower, protect, and invest in the information security community. Rapid7 is building something I want to be a part of.

'What'

Which brings me to what I will be doing. I will be jumping in to help build the educational piece. Shedding light on security trends, news, and research to help those potentially affected understand the implications. I will be working closely with the researchers internally to get the word out about their work.

I also want to work closely with external researchers and community members. We believe that collaboration across the security industry is critical to drive security into the broader community and higher up the priority list for both individuals and organizations. Security research is crucial, and we want to make sure that people understand why, and value and act on the information they are receiving. A part of this is establishing that security research is supported and protected from a legal point of view.

I'll be representing the interests of the community internally here – setting that agenda for collaboration, so if you have ideas for working together, please let me know.

I expect you to call upon me when you see something that needs attention.

I will do my best to call upon you to tell me/Rapid7 how to do a better job across the board.

It may not be my fault, but it will become my problem

I believe what we do as a community is important.

I believe what we are building as an industry matters.

I am thankful to Rapid7 for the opportunity to continue serving.

~trey