Wednesday, July 20, 2011

Mandiant's Tweetfest - Working for Mandiant Q/A

Mandiant Tweetfest
For those that missed the Mandiant Q/A session on July 20th 2011, I tried to grab all the questions and answers as they came in. If I missed anything let me know and I will add to the list. Questions have been modified and combined as needed to keep a concise flow and to remove twitter speak if needed.
A quick thank you to the Mandiant Team that handled this:

Questions that got answered:
Q. Do you need a red team experienced consultant in the Boston area?
A. Mandiant does proactive work. 

Q. How does Mandiant handle a person with a military leave of absence? Some companies match pay some dont ? The potential paycuts I would face if I got mobilized or activated are too substantial to consider
A. We don't match pay, however we do allow you to use your paid leave 

Q. What are the key skill sets that you look for in a new InfoSec Specialist? Any tool/application/os knowledge that you look for?
A. forensic analysis, IR experience, malware analysis, networking/operations, and software development are a few examples. Entry level candidates need: passion in security, strong technical background, & unparalleled motivation to work hard and learn 

Q. Roughly what % travel is expected from your consultants? About how much of that would be in-area vs. out of area?
A. Travel varies per engagement &type of work, but can be anywhere from 10-60% at times, depending on work avail & personal preference.

Q. What are the guidelines for employees, is it true M requires clearance
A. A security clearance isn't required to work at Mandiant, about half carry one. 

Q. What are the typical work hours? M-F 9-5 or do they rotate?
A. As an emerging company M-F 9-5 not normal. Hours vary by position and project, but not 40 hr/week. Work hours depend on job type and current engagements. Consultants vary, product are more regular, MCIRT between.

Q. For a prospectives outside of the job area do you offer relocation services? Do you consider "entry level" pos from out of area? Relo isn't feasible for lots of #dfir types, obviously
A. We do not typically offer relocation. We do consider entry-level from out of area 

Q. dress code please ;) shirt and ties or MMA friendly
A. Dress code varies w/role. Consultants on site tend to wear suits. Product is more relaxed. MCIRT is biz casual.

Q. What's it like to work Mandiant as a product engineer?
A. Glorious. build cool stuff. 

Q. What about side coding projects?
A. Yes. Innovation opportunities abound. 

Q. Do consultants work out of an office or can work remotely (e.g. for those not on a coast)? 
A. Only Midwest office today is my house in Mpls; some staff commute to office/work remote.  

 Q.  What is the culture? Is Mgmt open to new ideas, personal growth, volunter? How? Do they Support Conference attendance? Edu? Certs?
A. As mgmt, I'd say open innovative, hard working. Certs don't match growth experience of working here. Culture is open. We're a small company with lots of interaction. If you have a good idea someone will listen. We do have edu programs and support vol efforts. For my team, I support sec cons as a way to interact with peers and dev skills. Certs aren't as high a priority. 

Q. Will Mandiant offer training for new hire/entry level position? What are the expectations for entry level? 
A. Entry level software/quality engineers: CS degree, live2code, drink caffeine, like to make things, smart. *Mandiant mentions training in other questions asked

Q. What quals/certs if any do you look for in an entry-level sec position? 
A. Mandiant is more likely to see a cert as a way to focus interview questions; we don't use certs to vet candidates 

Q. How can someone searching jobs know which job(s) allow remote work since they all list a location?
A. Case by case RT  Fresh noobs usually need to work in-office.

Q. And what about degrees? What 4-year degree is sought after the most? 
A. An entry-level Mandiant applicant participates in an open source project, or who did security in school, is #FTWDegrees for me indicate interests you've had, not necessarily skill set. For example, we don't all have CS degrees 

Q. What type of team members does Mandiant look for? People who know their skills, are able to travel?
A. Travel & skills are needed- but motivation for security & work ethic are important too 

Q. With the amount of talent Mandiant does the company offer a "mentoring" program where noobs can learn for the veterans?
A. Mentoring styles depend on biz line. In MCIRT we have different levels of analysts, so mentoring is built-in. And the student is sometimes the teacher, as well. Everybody can learn something. 

Q.  Innovation opportunities abound. - give examples? how much time a month can be allocated to research?
A. Not a set allocation, Take initiative, demonstrate skill, have impact, get more oppty. 
Depends how much sleep you get. I have a toddler. 

Q. What sort of Digital Forensics, Incident Response cases does Mandiant do? All intrusions, or do you also do insider threat, inappropriate use, CP, malware, etc? 
A. On the MCIRT side, we focus more on intrusions, but care about whatever the customer considers to be highest risk 

Q. People generally get to pick what they consider "right tools for right job" (software, hw, etc) or is it centrally managed? 
Is fairly loosely managed, tech-wise. Still, certain roles are expected to be able to use certain tools, eg MIR. Experts pick tools w/reason, though is managed. We also use our own products. 

Q. What technical skils are needed to move into a manager lvl position?
A. Strong foundation in tech consulting More skills == more customer/coworker confidence in you. People skills count.

Q. Any particular past employment you look for? military, or specific consulting companies?
A. Not necessarily For MCIRT I like to see people with enterprise tech security team experience, or consulting, or CIRT backgrounds. We're looking for all backgrounds- operations, military, LE, consulting, dev, intel-as long as u bring the passion & skills 
Mandiant hires many vets, but we hire many people with no military experience and most customers are non-mil too. For software engineers looking for passion writing software. Could be demo'd via many backgrounds. 

Q. Does familiarity with Mandiant tools help increase the value of a prospective applicant?
A. Doesn't hurt, doesn't hurt. Definitely not a sole qualifier though.  

Q. Any project/work on mobile security/ future platform?
A. Yes We definitely have "other platform" work going on 

Q. What % of your work is for non-defense clients? Outside of .mil + related .com. 
A. Tricky stats. Maybe half? Depends on the bad guys. Depends. '08 was big for card fraud. '09-10 more APT work. Future? Ask bad guys. 

Q. Canadian opportunities? Will there ever be? 
A. You never know

Q. When does the narwhal bacon?
A. At Midnight.

Q.  What type of offensive work or research is being done by your people?
A. You'll see Mandiant credited in security advisories occasionally. Not always. 

Q. For consultants what is the breakdown of office face time, versus telecommuting versus travel?
A. It depends for consultants what is the breakdown of office face time, versus telecommuting versus travel

Q. Are there teleworking options for MCIRT? 
A. Please apply to the jobs you will see posted online. More arriving soon. We consider remote workers on a case-by-case basis. 

Q. Speaking of that, what's the dress code when not customer facing?
A. Product engineer dress code: as expected at google/facebook/anyothertechshop.

Unanswered questions:
How well do you need to know Encase to work a forensics case for mandient?
What kind of interaction does management have when employees come up with potential business devel? None/willing to listen/etc
Are there opportunities for transfer to european office for US employees?
Would a Computer Forensics I certificate from CSUF be equivalent to a CS grad?
How competitive are salaries?
If a cert is more to focus interview questions, what makes an entry-level applicant stand out? 
Companies want to max investments even in hiring, what is the employee vetting process? Standard certs acceptance background checks etc?  *Somewhat answered in previous questions.

Comments from the Gallery
Like to build UI? Want to build one that doesn't suck for a security product? Working hard Mandiant we need u. 
Also check out Mandiant 2nd annual conference on all things IR, Security, & interesting attack trends/methodology

Other Questions asked that where not answered but could be found on Mandiants Website:
At MANDIANT we strive to be different.  From how we work to how we play to how we hire.  Sure, we will tell you how we are like the other guys.  Our consultants have degrees from top universities; they carry multiple industry certifications; and have top government clearances.  Of course we offer comprehensive benefits — 100% company paid health and dental insurance, 401k with match, patent and publication bonuses, three weeks of paid vacation, eight days of paid sick leave and 11 paid holidays — the standard stuff. We will tell you that our mission — in the words of CEO Kevin Mandia  is "to be the strongest incident response, computer forensics and information security company. Period." We accomplish that 
by hiring only the most talented, passionate and specialized professionals throughout the security industry.

No comments:

Post a Comment