Today’s blog will be a continuation of our core value series. In our first blog, we discussed our core value of partnering with our clients and today we are going to focus on our next one: Striving to be the Best. We will follow the same format as the last one, first focusing on what it means to strive to be the best, but then detailing what specific actions we take that are tied to that goal. Finally, we will wrap up the blog with a quick section on what that means for you.
Striving to Be the Best
At Triaxiom, we don’t want to settle for mediocre. Sure, we could probably be a very successful company by accepting “good enough”, but we really want to be more than good. We want to be the best we can possibly be. This applies to everything we do. We want to hire the best talent, and as such, our hiring process is more involved and takes longer to find someone who meets our standards. Additionally, we want to make sure we are delivering the best in our penetration tests from the perspective of technical excellence. This is accomplished through our extensive training process, detailed methodologies, QA process, and quality control processes. With all this in mind for goals, we have no desire to be a large company and would prefer to stay small and specialized. You won’t see Triaxiom opening its 5th office or making the Fortune 1000 because that is not why we started this company. We started this company to be the best we can and we feel we are better positioned to do that with a smaller team that is extremely well-trained and specialized.
Actions That Demonstrate This Core Value
Here are some of the specific actions we take to accomplish this:
- Hire The Best – We intentionally take our time when we are hiring. We are only building a small team, so therefore, each member of that team plays a critical role. As such, we want to make sure we are very intentional with our hiring process and that those we hire we can trust. We are willing to accept a longer lead team for our hiring process in order to closely control quality.
- Training – It is very important for us to have a great training process in place. We do this in a number of ways. First, we take our entire team to an industry conference each year. Last year, we took on DEF CON and had a blast. For 2020, we are thinking Wild West Hacking Fest is a front-runner. In addition to a major industry conference, our engineers are encouraged to attend local conferences. We push them to go to at least one, but many are attending 3 or more local conferences every year. Internally, we have a dedicated training day each quarter to learn from each other and hone our methodologies for testing. Finally, we encourage our employees to get industry recognized certifications and continue to sharpen their tool-sets. As you will see from the sample biographies of our engineers that you get in our proposals, all of our engineers have multiple industry-recognized certifications and maintain a passion for learning.
- On-the-Job Training – We also do a lot of on-the-job training. This allows us to share knowledge and improve skillsets in real world scenarios while maintaining consistency and controlling quality across all engineers. All of our engineers will first shadow an engineer performing an assessment. Then, once they are comfortable, we will have them perform an assessment under heavy supervision. After that, once the team feels they are proficient to perform an assessment without any help or hints, they will be approved. For our best engineers on each type of assessment, they get upgraded to instructor and teach others how perform that particular type of assessment at a high level. However, even our best engineers will occasionally have “check rides” where their performance on a test will be evaluated by their peers.
- QA Process – Finally, we have an extensive QA process that we go through for every test we perform. This is conducted by a separate but still qualified engineer. We think it is important that we have no less than two sets of eyes on every project and customer environment to make sure nothing is overlooked. The QA engineer does more than simply check documentation produced, going back to validate documented findings and reviewing evidence, scans, and notes to look for stones unturned. This is a vital part of making sure every project is the best it can be.
What This Means For You
Our dedication to be the best information security firm means that you can expect the best results. Our tests will be comprehensive, based off the real-world threats you are most likely to encounter, and completed in a professional manner with a high standard for technical excellence. Hopefully, by having such a rigorous test performed, you will be able to sleep better at night knowing you are more secure or at least what risks are out there. If that sounds good to you, let’s get started.