NopSec story starts in Michelangelo Sidagni's home kitchen table back in 2008. At that time he left a successful career as a Director of Security Services for a Security Value Added Reseller in lower Manhattan to continue successfully performing penetration testing and vulnerability analysis for financial sector organizations and banks. The name "NopSec" came to convey the dualism between "good" and "bad" in security: "nop" or "no-op" is a computer instruction that takes up a small amount of space but specifies no operation. The computer processor simply moves to the next sequential instruction. The no op is included in most assembler languages. It is the assembly language instruction used by hackers to move the stack without performing any operation to a desired address where they can inject their "shellcode". "Sec" stands for security and obviously is the "good" part of the equation to prevent intrusions.
After the existing penetration testing customers started demanding increasing automation and sophistication to the penetration testing projects, an initial R&D and developing team was put together to come up and code the Unified VRM platform.
Unified VRM SaaS solution was launched to an initial number of customers in 2011. We keep adding modules to satisfy customers' growing need for detection, prioritization, and mitigation of the growing number of security vulnerabilities.
How do we hire
The candidates are pre-screened through an initial round of phone interviews. Depending on which role we are hiring for, we follow the following paths:
- Software engineers: we give them a coding challenge to complete at home and then we invite them into the office to speak with our developers and comment their own results. Usually this face-to-face interview is pretty important. The last step will be an interview with senior management which revolves around motivation and compensation.
- Penetration Testers: after an initial round of phone interviews, remotely or in the office we invite them to hack into a sample private testing network we set up. After this exercise we can gauge their ability to successfully compromise targets.
- Sales and Marketing associates: We conduct a regular interview face-to-face to gauge their ability to go hunt and close business as well as market NopSec products.
- Data scientists: we discuss past projects in the data science field, tools used, results, result visualization. We also assess their ability to code in python.
The following are NopSec's key corporate values:
- Customer Centric: A business is only as good as its customers. We are 100% committed to customer satisfaction, and work closely with our customers throughout the innovation process to ensure we are building solutions that meet their need to solve real-world information security problems.
- Intellectual Curiosity: NopSec thrives on pushing the innovation envelope and encourages intellectual curiosity and passion among our employees. Cybercriminals work swiftly which is why we embrace the principle, "Think Like a Hacker," in everything we do.
- Accountability: We hold ourselves accountable, whether managing customer expectations, developing new products, anticipating new threats, or growing our business. We say what we mean, match our behaviors to our words, and take responsibility for our actions.