Mission: To democratize security for all organizations.
We do this by being easy, effective, trustworthy, and enduring.
Exciting news! On August 2, Cisco announced the intent to acquire Duo Security.
http://glassdoor.com/slink.htm?key=vQIr0
Making Security Simple Means Making Security Effective
Our mission is to be the worldwide leader in secure access for companies of all sizes. Duo Security protects organizations against data breaches by ensuring only legitimate users and appropriate devices have access to sensitive data and applications - anytime, anywhere.
Duo was founded with the belief that security can only be effective if it is easy to use. Through that vision, Duo has built a world-class security platform that is actually enjoyable to use. Duo supports thousands of customers and millions of users in organizations like Accenture, Boston Medical, Emblem Health, Facebook, Tanium, Toyota, Twitter, Virginia Tech, Yelp and others, and enjoys the highest NPS score in the industry. Duo was founded by CEO Dug Song, and CTO Jon Oberheide, two respected pioneers in the security community. The company has offices in Ann Arbor, San Mateo, Austin and London.
Skateboard. Guitars. Mohawks. Owl Costumes.
At Duo you'll find them all - but these are not what defines our culture.
Our products are based on empathy. This approach allows us to really understand our client's needs. To listen to them. To achieve our mission of supporting their mission. That applies to our people, too.
What makes Duo special is the inclusiveness of our team. All ideas, backgrounds, and approaches are welcome - and encouraged. We share a deep passion for the work we do, and for each other.
We also believe that to do your best work in the office you need to have a robust life outside of it. This belief shapes our policies, our benefits, and how we treat our team.
We're the most loved company in security. Come build with us.
Building a better future.
At Duo, you have an opportunity to build products that address one of the biggest global business challenges faced today.
Our team is what makes Duo special. Every day you'll work beside leaders in their field rocket scientists to coders to designers.
We're in high-growth mode, that means a lot of opportunity for growth and development (and of course some chaos at times).
We also believe that a thriving personal live is the key to a successful team, and take our commitment to work-life balance seriously.
In August, some of the Labs team chatted on an AMA on Reddit. One of the most common questions we got was, “How did you get started in infosec, and how do I get started?”
Our most common answer within the team was, “Hacking video games!”, which drew some much-deserved ire from our fellow gamers. But beyond that, we all got our start in different ways with different specialties. Two of our senior Labs hackers shared their stories:
My first real hacking experience was on the family Apple ][, which had a modem. I used my Dad’s X.25 account to start exploring systems by trial and error. A lot of systems had splash screens that would say things like “use ‘guest’ and ‘password’ if you don’t have an account” or some other instruction to allow access. Encountering systems that didn’t have this message required accounts and passwords you’d have to just guess. I actually had no idea this was considered “hacking.” In the process of looking around on various systems and local BBSs, I stumbled into the underground.
That helped immensely, as I’d really gotten into breaking copy protection on floppy disks for pirating software. I developed this interest because my dad was in what was, in essence, a warez group as part of his job. There was plenty of info on this on various BBSs, but the best info was on the hacker BBSs.
Back then, for some lost reason I used a different handle on every system. As it turns out, Operation Sundevil missed me, probably in part because of this habit. I eventually settled on the handle “Simple Nomad” when I got onto Hacker’s Haven in the 303 area code, and stuck with that.
Between USENET, IRC and security conferences, way back last century I eventually met in-person many hackers I knew, including Dug Song. I was there when security companies starting snarfing up hackers and forming research departments, where I met Steve Manzuik. Eventually, everyone got all serious and the fun was sucked out of security research — until I found out from Steve that Duo was hiring and wanted to put the fun back into hacking. Yay!
As a little kid, I was already annoying my parents by taking apart things like our TV and VCR, but I didn’t get my first computer until I was around 10 years old. This was back in the 8086-and-5 ¼-inch-floppy-disk days. In my small town there were only two or three other kids that had computers, but we immediately began comparing high scores to our favorite games.
Very quickly this turned into, “Who can cheat the best at our favorite games?,” and we pooled our money together to buy whatever game we were interested in and then attempted to copy it. Even back then, software companies would attempt to protect their titles from piracy, but I quickly learned that I was pretty good at figuring out ways around it, even building a hardware device that plugged into the floppy drive controller that helped in some of the more extreme cases.
It wasn’t long before I discovered a few hacking-themed BBSs, which led to finding some of the amazing text files back then from old phreaking groups like Legions of Doom. This further sparked my interest, and I read every text file I could get my hands on. Back then, I’d actually print them up on my dot matrix printer so I could read them offline.
My first job out of high school was in IT, but I always maintained an interest in all things security and hacking. In the 90s, I met a hacker who back then was the person to talk to about hacking Novell Netware systems, which I was working with a lot in my job. We ended up getting along and learning from each other until one day he told me about an open position on one of the early research teams — BindView RAZOR. I jumped at the chance to take my first real security job, and since then I haven’t looked back. Incidentally, this hacker was a much younger Simple Nomad, whose story you just read.
For me, the best way I learned and gained the skills that I use in my job today was by spending a lot of time reading and experimenting with technology. Obviously, in this day and age, one has to be careful to not cross any lines when experimenting, but luckily we have the ability to run virtual environments to use as targets, rather than real-world systems.
The common thread here, and in most of our individual stories, is a desire to tinker and try to break things to better understand them. That, combined with being a part of a hacker community that educates and supports n00bs, helped our security researchers ultimately find similar paths that have converged at Duo, where they’re doing awesome things like finding serious vulnerabilities in Windows OEM, playing with public Wi-Fi, and attempting the first Push authentication from the boundary of space.
A great resource to get your feet wet in infosec is Diogo Felix’s Awesome Infosec list. That list’s Related Awesome Lists section links to various specializations and related concepts.
Have questions? Interested, but you need inspiration for a project? Stuck on a step of your n00b projects? We had a blast doing the AMA, and we’d love to keep the conversation going with you at community.duo.com.
Want to work at the forefront of technology with a company that supports some of the largest and fastest growing organizations in the world? But you're in an early stage of your career? No worries!
Learn how the Duo Internship Program can give you a jump start. View all of our opportunities: duo.com/careers.
I have been working at Duo Security full-time (More than a year)
Pros
- Big company security/small company perks (close with coworkers, no dress code, flexible hours)
- A product and mission people care about and have pride in
- A focus on learning and growth
- Don't get micromanaged
- Career path opportunities
Cons
- Life has been so good here, people's expectations is a little out of whack with what to expect from a workplace (high expectations)
- Like any tech product company, innovation needs to stay high or the whole thing becomes irrelevant
Advice to Management
- Focus on innovation
- Continued focus on work/life balance
Helpful (13)
Application
I applied online. The process took 2 weeks. I interviewed at Duo Security (London, England (UK)) in December 2016.
Interview
This has been by far the best interview process I've ever been part of and I was planning to write a positive review regardless of whether I had an offer or not. I applied through the website on a Thursday, received an e-mail to set up a call with the recruiter the following Monday, and two weeks after that first call I had an offer!
Linda, the internal recruiter, is efficient, kind, smart, supportive, honest, down-to-earth, and has just made it such a pleasure to deal with Duo from start to finish - any company who needs to make a good first impression on candidates should just work on cloning her, really. Right from the start we set clear guidelines on how best to work together throughout the process (open communication, transparency on other job offers, approachability, open feedback loops) and I can't stress enough how nice it was to work like that.
Everything was well-organised and I always felt like whoever I was speaking to actually cared about what I was looking for in a job, rather than just trying to find out whether I ticked their boxes. I met with various people in the Customer Success department (both US & UK), as well as others in the London office, so was able to get a well-rounded view of what working at Duo would be like. You can definitely see and hear that everyone who works there is excited to be part of Duo and shares common goals and values, but was also honest when I asked what would potentially put someone off joining Duo (answer was generally "people who aren't used to a start-up environment may take a while to adapt" - very fair). Also - the hiring manager was SO helpful in the phone call when I asked what I could study to set myself up for success in the role if I moved forward, and took the time to take me through the most relevant parts of the documentation on the website. Really refreshing when I thought he would just throw a few words and topics at me with an "off you go" approach...by far exceeded expectations already.
All in all - can't wait to get started!
Interview Questions
Tech Hiring Commitment
Helping to train, hire and promote more technology workers
Diversity Commitment
Has programs that support a diverse and inclusive workforce
Pay Equality Pledge
Committed to paying equitably for equal work & experience
Social Responsibility Pledge
Formal programs or foundation to give back to communities
