I joined Kenna Security two years ago as their Principal Security Engineer not long after my friend JCran joined as the Head of Research. In the last two years, while building the security team, I have stayed deeply involved with the research team, and from time to time, some of that research was made public:
- Fifth of Docker Containers Have No Root Passwords
- Google calls Home Hub security claims ‘inaccurate’ (😂)
I always enjoyed being a practitioner and helping secure systems and software hands-on, so I had what I considered a perfect role that allowed me to do that and be as involved in research as time allowed. Then last month, JCran moved on to focus full time on intrigue.io, and it left me with a professional quandary of what my next move should.
I have always loved security research, and after initially being hesitant to move away from a practitioner role into a full-time research role, after a few discussions with Ed Bellis, it became clear that the position would be an excellent fit for my skills and a fantastic career opportunity.
With all that being said, I am happy to announce I am starting my transition to Director of Research at Kenna Security over the next few weeks.
What does that mean logistically? It means I will be 100% focused on bringing actionable data to Kenna’s customers with an admittedly blue team slant to help improve an already industry-leading product. I will also be spending a lot more time writing and releasing open source security tools and blogs. One of the most important new aspects will be talking to practitioners to understand where their vulnerability management systems are failing them and what would make their lives easier. You should expect a lot more content here, on my GitHub profile, and on KennaResearch.com as I get started.