Category: News

The Security Internship

The-Internship-2013-movie-posterNote from Andrew Hay: This is a post written by OpenDNS Security Labs interns Kevin Bottomley and Skyler Hawthorne on their experiences working at OpenDNS.

Although neither of us have been working at OpenDNS for very long, the experience thus far has been very rewarding. We work at a company that serves as a gateway to the Internet for 50 million users daily that allows us to bring in our ideas and concepts, and implement them into the OpenDNS infrastructure.

Culture

The culture is alive and vibrant at OpenDNS. OpenDNS regularly hosts fun events, such as: hackathons; OpenLate meetups, where anyone can come to code in the OpenDNS basement late at night, and collaborate on cool projects; ToastMasters, which helps people practice and learn about public speaking; company sponsored sports outings; and yoga three times a week, on the roof.

Every Friday, the company has a “Town Hall” meeting in which our CEO, David Ulevitch, speaks to everyone about the company’s health and current events. The whole company is very lively at these meetings. Whenever there are new employees (which has been pretty often lately, as we are growing rapidly), a portion of the meeting is dedicated to the “Fresh Meat,” who stand up in front of the entire company and tell everyone three fun facts about themselves.

These all make for a fantastic work environment.

Benefits

Being an Intern on the OpenDNS Security Labs team comes along with some pretty cool benefits that you might not find at other startups. Lunches are catered three times a week, with Mondays and Fridays being from a different restaurant, and Wednesdays coming from a rotation of local food trucks. The fairs on these menus can range anywhere from pizza and pasta to pita and hummus. There is also the ever popular Waffle Wednesday where our Office Manager Adrian Rodriguez serves up homemade waffles with all the fixings to go along with them.

To compliment this, OpenDNS keeps two kitchens fully stocked from floor to ceiling with just about any snack and drink one could possibly want. Whether it be fresh fruit, artisan bread, or beef jerky, it’s there, and if it is not, all one has to do is ask and it will be soon.

While working here, you don’t have to feel confined to one location to get some work done. The office, a very spacious two story building that is in the midst of expansion, has numerous places where you can sit back and relax, whether it be the overly comfortable couches at either end of the building, or up on the rooftop to get some air with a pretty good view from it’s location in the heart of San Francisco’s SoMA neighborhood.

One of the best benefits would have to be that you are surrounded by highly intelligent peers on a daily basis. The backgrounds of the employees here go far and wide, from Ph.Ds in Graph Theory, to published authors of technical books. Hands-on experience is one of the best ways to gain knowledge, and you definitely get plenty of that at OpenDNS, with some great mentors to look up to and be inspired by constantly.

Cool Projects

Being at a small startup allows us the chance to wear many different hats, as Kevin would say. We’ve had the chance to work on many cool projects. Several of the projects have involved the OpenDNS Security Graph, which is a very large database of all IP addresses, domain names, ASNs, and their associated co-occurrences, internal security scores, etc. One project in particular was to add different sources of information about the domains being queried. Another involved writing APIs for the Security Graph in different programming and scripting languages.

Other projects have involved creating tools to automate the white and black listings of domains deemed to be either malicious or not to the internal servers, writing web scrapers to gather information to be analyzed so it can be added to our preemptive threat datasets, as well as document parsers to so that we can cover as much area as it takes to stay out in front of potentially harmful domains, ips, and urls.

Overall, these projects have been very fascinating and educational. We have learned a lot about internet security, and how OpenDNS manages to protect all of its users from malicious hosts. Most importantly, a benefit of working for a startup is that our contributions actually feel meaningful to the company. We look forward to our days ahead at OpenDNS, and all of the exciting projects they have planned for us.

Image source: http://www.dvdsreleasedates.com/movies/5748/The-Internship-2013.html

The post The Security Internship appeared first on OpenDNS Security Labs.

My AGC Roundup

I had the opportunity to attend the Tenth Annual West Coast Infosec & Technology Growth Conference put on by AGC Partners on Monday, February 24th. I wasn’t able to stay for the entire day but I was able to run into a few people who I hadn’t seen in a while, couldn’t remember meeting, and people I had only ever “met” on Twitter.

The panels are led by security industry experts, bankers, and investors with executives (or their designates) from various companies as panelists. What do they talk about you might ask? Well, the people leading the panel ask hard questions about the industry, threats, and opportunities. The majority of the panelists answer in a way that can be explained by the following tweet:

You’re the CEO of a company. I get it. You’re passionate about your company, its products, its accomplishments, and its “innovation”. That doesn’t mean, however, that you get to take the current mature market, completely dismiss it, and say “the way my company does it is the only way that matters”. Case in point:

Not only is this particular “way” 5, 10, or a “mythical factor of never”-years away, it presumes that people are willing to completely re-architect their compute environment, IT delivery strategy, and, well, business simply to operate in a cloud environment. As I tweeted during the event:


I stand by my statement that:


The biggest companies in the world are not going to throw everything into the “cloud bucket” tomorrow, next week, or whenever your fiscal year closes. The baby is certainly not getting thrown out with the bathwater so perhaps a migration-based, staggered adoption message is more palatable? Want to run your messaging by me? I’m happy to help.

Time for the next leap…Oh boy…

Quantum_Leap_(TV_series)_titlecardAs many of you have already heard from Hoff (industry cyber-herald and the Michael Buffer to my Wladimir Klitschko) I am actively transitioning out of my role at CloudPassage, Inc. and am looking for my next “leap”.

The problem with moving on is that the first thing everyone asks you is “what do you want to do?” and “change the world” is never the answer the they’re looking for. But it’s true. I want to go somewhere that I can make a difference for the company, its customers/stakeholders/employees, and society as a whole.

What is often the showstopper, however, is when the topic of “work eligibility” inevitably comes up. Fear not, as the US Government has qualified me as an “alien of extraordinary ability” (nanoo, nanoo!):

Alien of extraordinary ability is an alien classification by United States Citizenship and Immigration Services. The United States may grant a priority visa to an alien who is able to demonstrate “extraordinary ability in the sciences, arts, education, business, or athletics”, or through some other extraordinary career achievements. This type of visa is also known as “genius visa”.

That’s right, “genius visa”. My mom was very proud and told all of her friends 🙂

I guess the easiest thing to do is list what I love doing at a company to give people a sense of where my head is at:

Driving Change
I bring a wealth of strategic and tactical insight about the security industry to the table. As an industry analyst I provided technology vendors, private equity firms, venture capitalists, and end users with strategic advisory services – including competitive research, new product and go-to-market positioning, investment due diligence and tactical partnership, and M&A strategy. Through this work at 451 Research, I helped several organizations secure tens of millions of dollars in equity investment.

I am a tool (in the helpful sense). Use me to build something to delight and drive your business, customers, employees, products, services, and position.

I Like To Lead and Manage
I love helping a team succeed. I love removing roadblocks (as mentioned above) to success. You can only execute on so many good ideas yourself. Building the right team to help a team turn ideas into brand awareness and revenue is something that I’ve excelled at in the past…and love!

Applied Research
I love to find solutions to complex problems. I love to look at things in new ways that I believe will help society. I’m not a “hacker” in the traditional sense but rather a “problem hacker”. That’s not to say that I just think up crazy-cool stuff. I learn programming languages to develop tools to address problems.

To channel Vanilla Ice, if there is a problem, yo, I’ll solve it.

Helping Others
Ask anyone. I love to help people solve problems, address challenges, and remove roadblocks to success. It makes me feel good to know that I’m helping someone else succeed.

Public Speaking
I love to talk, present, educate, and learn from others. Some say I’m a pretty good public speaker. I’ve certainly presented at my share of international security conferences including the SOURCE Conference, ISC2 Congress, Infosecurity Europe, SANS What Works in Forensics and Incident Response Summit, SANS Network Security, Security BSides (a bunch of them), RSA Security Conference, Americas Growth Capital, and the joint iTrust and PST Conferences on Privacy, Trust Management and Security.

I like to present and (apparently) people like to listen to what I have to say.

I Right Gooder Than Most
I’ve written 2 books and contributed on 2 others. I’ve been told that I’m a “prolific writer” but I see myself as someone who can type fast, distill information easily, and dump what’s in my head to “paper” in a short amount of time. I can write marketing material, technical blogs, books, and more.

So that’s what I love to do. Let’s just highlight some of the things that I am not so that we’re all on the same page:

I Am Not A Corporate ‘Yes Man’
I’m a strategic thinker (sometimes to a fault) and should I see ways to optimize a process, increase productivity, or drive excellence I’m going to provide my input as an additional data point. If I see something, I’ll say something. I am not a blind-follower of orders. I also don’t expect that my input is “the only way” to address an issue. I provide data.

I Am Not A 9-5er
I look at 9am to 5pm as “core meeting hours” not “core working hours”. If I need to work long hours to address an issue I do it. It’s not uncommon for me to work 60+ hour weeks if I believe what I’m doing is important. I don’t watch the clock. There are problems to be solved. I realize that people have family and personal commitments. I try to work around them as best I can.

I Am Not A “Single-Serving Friend”
There was a time that I loved to fly all over the globe. Visit new cities, drive around them in my rental car, and sleep in a different hotel room each week. I actually don’t enjoy traveling that much anymore. It keeps me away from my wife, my dogs, and my comfortable couch. Travel, like everything, should be done in moderation. Living on a plane is no life for me.

I Am Not A “Hired Gun”
I do not want to be a consultant. In fact, my visa disqualifies me from operating in such a capacity. Short term projects just won’t work. My visa requires that the role I am filling is one that is as exceptional as the visa designation. I want to join a company that has strategic objectives that I can help them achieve and I want to feel like without me and my team, this cannot be accomplished.

There it is. I may come back and modify the above lists but for now, let’s run with it as is.

If you want to reach out to me, please do so via email at andrewsmhay [at] gmail [dot] com or reach out via Twitter at @andrewsmhay.

Please, no consulting/contracting opportunities or recruitment firms.

Scroll to top