28 Aug, 2018

The nVisium Difference

by Amy McElroy

Why would you want to work for nVisium? This time around, we decided to ask some of our own to help explain why.


The nVisium team is constantly researching the security of new tech stacks and discovering new security vulnerabilities and ways the find them through ongoing R&D initiatives. “Current, modern tech stacks and teammates who are always exploring and digging into new technologies” peaks Principal Consultant, Kevin Cody’s interest. We’ve all had our fair share of mundane applications using legacy code (Cordova anyone?), but nVisium seeks out new and interesting technologies for our consultants to work with. Containers? Cloud-Native? IoT? Go? Swift? React? Yep….we’ve worked with them all, and the list keeps growing.


We believe that the top-tier work we deliver to our clients starts with hiring the right mix of constantly learning, passionate, and dedicated employees. The “group of talented folks and everyone’s willingness to help each other out” drew Senior Consultant, Rich Grimes, to join the nVisium team. Kevin Cody enjoys the “non-egocentric mentality” and working with an “incredibly talented group of folks who approach security with a developer-first mindset.” I am personally amazed by the talent at nVisium. I’ve now been here four years and not a day goes by when I’m not learning something new about application or cloud security from the folks on our team.

The nVisium team at a recent team event after successfully conquering The Escape Room.

The nVisium team at a recent team event after successfully conquering The Escape Room.


As a non-technical person, I am beyond grateful for the constant information sharing and #collaboration that comes alongside working with some of the smartest folks in the software security space. Jonn Callahan, one of nVisium’s Principal Consultants, who leads our Cloud Security Practice, agrees that he loves nVisium’s “culture of sharing whatever you may be working on or learning.” The constant knowledge sharing between consultants and the team’s willingness to help each other out in any way possible allows for continuous learning and growth opportunities. Whether it be an internal hackathon or new technologies that a client has brought to the table, it’s the collaboration that helps us work well as a team.


Along with the innovative technologies come a range of even more interesting clients. Rich Grimes, said one of his highlights is “getting to perform assessments for startups to Fortune 500 companies.” As Kevin Cody commented, “nVisium works with a diverse group of clients across many different verticals who are implementing cloud-native, containers, IoT, Mobile, and new web stacks.” A very diverse client base helps keep the work engaging and the consultants in a constant learning mentality.


The diverse group of clients and technologies nVisium works with fuels our unique approach to security. nVisium understands that every organization is different and don’t believe in a “one size fits all” approach to software security. Rather, we thrive in creating #custom security solutions that complement our client’s culture and existing processes. As Jonn Callahan mentions, “nVisium has varied specializations across team members and service offerings.” nVisium utilizes our expertise across a diverse range of technologies to provide unique security solutions that are both low friction and high value to every one of our clients.


As development processes are moving away from Waterfall to Agile and even DevOps, nVisium focuses on helping security keep up with the fast-paced world of software development. An annual security assessment isn’t enough for many organizations, so the nVisium team works with a number of our clients on a #continuous basis. Whether we’re doing a differential security assessment as part of the deployment process, or helping our clients build security automation into the CI/CD and DevOps processes – we don’t believe in walking away after a one-time assessment. “nVisium thrives on being a trusted security partner for all of our clients and in many cases part of the actual team,” shared nVisium’s Project Manager, Hanny Flint “I am even in many of my client’s Slack security channels.” nVisium encourages constant conversations and information sharing to help our clients seamlessly integrate security into the SDLC.


We all know that consulting often comes with the stigma of Monday-Friday travel and living out of a hotel—yuck. Though we do travel some for Instructor Led Training and onsite assessments, nVisium’s Chief Strategy Officer, David Lindner, states that “nVisium’s travel requirements are on the extreme low-end for most traditional security consultancies out there (less than 20%…seriously).” Don’t get us wrong. We do value onsite time and face-to-face interaction with our clients. Circling back to #collaboration, nVisium’s consultants love sitting down with our clients’ dev-teams during a scrum meeting or getting to white-board as part of a secure architecture review. Getting to have in-person conversations with our clients serves as a great baseline allowing nVisium to continue to develop and implement custom security solutions moving forward (remotely :-D).


When we aren’t traveling, you can most likely find us working from our couches (or maybe a home-office). In order to hire the top talent, we allow our consultants to work from whatever location they please (in the continental US). So where are our consultants based? We have folks from Iowa to Maine (and many places in-between). We’re hiring and would love for you to join us from your couch (wherever home-base is). nVisium understands the importance of having a healthy work-life balance, so what better way than allowing all of our employees to work remotely.


Though we also don’t expect you to sit on your couch all day—nVisium’s CEO, Jack Mannino, believes that: “As a company culture, we’ve always encouraged our team to take care of themselves. We pay for perks like gym memberships and fitness costs, and a significant amount of the nVisium team takes advantage of it each week. We encourage our team members to build time into their day for a workout or another method to recharge, whether it’s before work, at lunchtime, or somewhere in the afternoon to break up the day. Our consultants block off their fitness time as needed on their calendars, so other team members know to respect their ‘me’ time.” nVisium understands the importance of work-life balance and encourages our employees to take whatever time they need to put life first, whether for a workout, children’s soccer game, or family vacation—we want you to take whatever time you need.


Jonn Callahan, said it best, that the “nVisium team has deep ties with the security industry as a whole.” We’re always working to drive new standards, ideas, engineering cultures and tools (open-source tooling). We’ve had folks involved in leading up both the web and mobile OWASP Top 10 and OWASP SAMM projects, but also have released a number of open-source projects and tools to better the security community. Not only does the nVisium team speak and train at some of the top security and development conferences (Blackhat, Defcon, AppSec USA, AppSec EU, Rubycon, RailsConf, SANS, LASCON, GrrCon, DerbyCon, RSA…you name it). But nVisium also sets aside a Paid-Time-Off and an expense budget for each consultant’s personal growth and development. Whether you’re taking a training course or just attending a conference to learn about a new technology or development methodology, nVisium encourages our consultants to utilize the training budget every year to maximize each person’s career growth and development.

Jonn Callahan (on the left) teaching conference-goers at PyCon in Portland, OR how to pick locks.

Jonn Callahan (on the left) teaching conference-goers at PyCon in Portland, OR how to pick locks.

As the nVisium team continues to take on securing new technologies and clients, we’re looking to grow our team. If you have a passion for software and cloud security and joining a team who puts #CurrentTech #Coworkers #Collaboration #Clients #CustomTailored #ContinuousSecurity #ConsultingWithoutTravel #CouchOffices #CompanyCulture #Contributors first–we’d love to chat about joining the nVisium team!