Mission: To democratize security for all organizations.
We do this by being easy, effective, trustworthy, and enduring.
Exciting news! On August 2, Cisco announced the intent to acquire Duo Security.
Would you like to bring your whole self to work? Interested in opportunities at Duo?
Check out our open roles! http://glassdoor.com/slink.htm?key=vMC2b
We're the most loved company in security. Come build with us.
Building a better future.
At Duo, you have an opportunity to build products that address one of the biggest global business challenges faced today.
Our team is what makes Duo special. Every day you'll work beside leaders in their field rocket scientists to coders to designers.
We're in high-growth mode, that means a lot of opportunity for growth and development (and of course some chaos at times).
We also believe that a thriving personal live is the key to a successful team, and take our commitment to work-life balance seriously.
In August, some of the Labs team chatted on an AMA on Reddit. One of the most common questions we got was, “How did you get started in infosec, and how do I get started?”
Our most common answer within the team was, “Hacking video games!”, which drew some much-deserved ire from our fellow gamers. But beyond that, we all got our start in different ways with different specialties. Two of our senior Labs hackers shared their stories:
My first real hacking experience was on the family Apple ][, which had a modem. I used my Dad’s X.25 account to start exploring systems by trial and error. A lot of systems had splash screens that would say things like “use ‘guest’ and ‘password’ if you don’t have an account” or some other instruction to allow access. Encountering systems that didn’t have this message required accounts and passwords you’d have to just guess. I actually had no idea this was considered “hacking.” In the process of looking around on various systems and local BBSs, I stumbled into the underground.
That helped immensely, as I’d really gotten into breaking copy protection on floppy disks for pirating software. I developed this interest because my dad was in what was, in essence, a warez group as part of his job. There was plenty of info on this on various BBSs, but the best info was on the hacker BBSs.
Back then, for some lost reason I used a different handle on every system. As it turns out, Operation Sundevil missed me, probably in part because of this habit. I eventually settled on the handle “Simple Nomad” when I got onto Hacker’s Haven in the 303 area code, and stuck with that.
Between USENET, IRC and security conferences, way back last century I eventually met in-person many hackers I knew, including Dug Song. I was there when security companies starting snarfing up hackers and forming research departments, where I met Steve Manzuik. Eventually, everyone got all serious and the fun was sucked out of security research — until I found out from Steve that Duo was hiring and wanted to put the fun back into hacking. Yay!
As a little kid, I was already annoying my parents by taking apart things like our TV and VCR, but I didn’t get my first computer until I was around 10 years old. This was back in the 8086-and-5 ¼-inch-floppy-disk days. In my small town there were only two or three other kids that had computers, but we immediately began comparing high scores to our favorite games.
Very quickly this turned into, “Who can cheat the best at our favorite games?,” and we pooled our money together to buy whatever game we were interested in and then attempted to copy it. Even back then, software companies would attempt to protect their titles from piracy, but I quickly learned that I was pretty good at figuring out ways around it, even building a hardware device that plugged into the floppy drive controller that helped in some of the more extreme cases.
It wasn’t long before I discovered a few hacking-themed BBSs, which led to finding some of the amazing text files back then from old phreaking groups like Legions of Doom. This further sparked my interest, and I read every text file I could get my hands on. Back then, I’d actually print them up on my dot matrix printer so I could read them offline.
My first job out of high school was in IT, but I always maintained an interest in all things security and hacking. In the 90s, I met a hacker who back then was the person to talk to about hacking Novell Netware systems, which I was working with a lot in my job. We ended up getting along and learning from each other until one day he told me about an open position on one of the early research teams — BindView RAZOR. I jumped at the chance to take my first real security job, and since then I haven’t looked back. Incidentally, this hacker was a much younger Simple Nomad, whose story you just read.
For me, the best way I learned and gained the skills that I use in my job today was by spending a lot of time reading and experimenting with technology. Obviously, in this day and age, one has to be careful to not cross any lines when experimenting, but luckily we have the ability to run virtual environments to use as targets, rather than real-world systems.
The common thread here, and in most of our individual stories, is a desire to tinker and try to break things to better understand them. That, combined with being a part of a hacker community that educates and supports n00bs, helped our security researchers ultimately find similar paths that have converged at Duo, where they’re doing awesome things like finding serious vulnerabilities in Windows OEM, playing with public Wi-Fi, and attempting the first Push authentication from the boundary of space.
Have questions? Interested, but you need inspiration for a project? Stuck on a step of your n00b projects? We had a blast doing the AMA, and we’d love to keep the conversation going with you at community.duo.com.
Want to work at the forefront of technology with a company that supports some of the largest and fastest growing organizations in the world? But you're in an early stage of your career? No worries!
Learn how the Duo Internship Program can give you a jump start. View all of our opportunities: duo.com/careers.
I have been working at Duo Security full-time (Less than a year)
From the begging of the recruiting process it was clear that Duo was different from other places I have applied. The recruiting staff impressed me with their speed of follow up, willingness to answer all my questions, and setting expectations on how the process would work. Alissa Hebert was a pleasure to work with and made me feel like I was the only person she was recruiting, which I doubt was the case. From there I had great phone interviews with the Director of Corporate Security and Senior Manager of Security Operations. I was pleasantly surprised that both of them reserved at least half of the interview for my questions and concerns. They really wanted to make sure I understood the role and was comfortable with the job. Finally the on-site interviews was a fantastic experience and I left feeling even if I didn't get the job my time onsite was invaluable to my professional growth.
The values at Duo are not an afterthought but guiding principles that are baked into everything from the hiring process to the products. It is so refreshing to work with such a diverse, supportive, and talented group of people. I have received more valuable feedback from my peers at Duo then in my previous 15 years of working combined.
The biggest challenge for me at Duo is the size of the organization. Historically I have worked in small organizations(<50 people) as a consultant and making the leap to being an employee has taken some time to get used to.
Advice to Management
The people, values, and a democratizing security product are what makes Duo an awesome company and a joy to work for. As long as management keep that in mind I see good things in our future.
I applied online. The process took 2 weeks. I interviewed at Duo Security (London, England (UK)) in December 2016.
This has been by far the best interview process I've ever been part of and I was planning to write a positive review regardless of whether I had an offer or not. I applied through the website on a Thursday, received an e-mail to set up a call with the recruiter the following Monday, and two weeks after that first call I had an offer!
Linda, the internal recruiter, is efficient, kind, smart, supportive, honest, down-to-earth, and has just made it such a pleasure to deal with Duo from start to finish - any company who needs to make a good first impression on candidates should just work on cloning her, really. Right from the start we set clear guidelines on how best to work together throughout the process (open communication, transparency on other job offers, approachability, open feedback loops) and I can't stress enough how nice it was to work like that.
Everything was well-organised and I always felt like whoever I was speaking to actually cared about what I was looking for in a job, rather than just trying to find out whether I ticked their boxes. I met with various people in the Customer Success department (both US & UK), as well as others in the London office, so was able to get a well-rounded view of what working at Duo would be like. You can definitely see and hear that everyone who works there is excited to be part of Duo and shares common goals and values, but was also honest when I asked what would potentially put someone off joining Duo (answer was generally "people who aren't used to a start-up environment may take a while to adapt" - very fair). Also - the hiring manager was SO helpful in the phone call when I asked what I could study to set myself up for success in the role if I moved forward, and took the time to take me through the most relevant parts of the documentation on the website. Really refreshing when I thought he would just throw a few words and topics at me with an "off you go" approach...by far exceeded expectations already.
All in all - can't wait to get started!
Tech Hiring Commitment
Helping to train, hire and promote more technology workers
Has programs that support a diverse and inclusive workforce
Pay Equality Pledge
Committed to paying equitably for equal work & experience
Social Responsibility Pledge
Formal programs or foundation to give back to communities