Cultivating Q2

By Kim Bauer
Cultivating Q2

When I began looking for my next professional adventure, I wanted to make sure that I ended up in a place that was an accurate reflection of the values and beliefs that I hold dear. One of the things that attracted me to join Anvil was that the company had spent quite some time considering, and discussing, their core values. I felt this process, and the involvement of the team in that process, was a step in the right direction, as well as it being a representation of a company looking to make positive change and impact. Without getting into the details of ALL of our core values, I want to focus on one that resonates with me deeply and personally: Anvil Cultivates.

At Anvil the definition of cultivation stretches beyond the business expansion by focusing on strengthening and improving our employees, as well as the wider security community. If you want to learn more about Anvil’s other core values, stay tuned and keep reading this blog for updates. For now, I want to tell you how we have been growing our garden in 2019 (so far) and, more specifically, this past quarter.

Our growth is focused on the types of business we do well and the type of work our consultants enjoy. Internally, we have developed programs to help our team grow as individuals. We have established a professional development path, as well as dedicated time and budget for training for each employee. We are an employee-owned company with an Employee Stock Incentive Plan, and we encourage everyone to participate with an ownership mentality. We emphasize transparency and communication so that every employee understands what we are doing, why we are doing it, and how their contributions help us achieve our goals.

With the momentum that is there in expanding the business, we took a step back and looked at our existing branding and decided it was time to look a tad more mature. We have updated our logo, changed our color palette, created brand guidelines and re-skinned our website. We are excited to have a slightly more representative look-and-feel for our firm. We preach being professional so having something aligning more closely with said message brings all this full circle.

We continue to build out our customer base and expand the company footprint. To support our growth, we have opened an EU subsidiary in Amsterdam, The Netherlands, allowing us flexibility to hire and build the business in that region. While it has not traditionally been a target for us, the EU market is projected to grow in the coming years. Perhaps more importantly, the area has incredibly talented and capable individuals, whom we now have a vehicle for employing as we move forward.

Looking back stateside, we have grown our technical team with the addition of two engineers this quarter. They bring with them their knowledge of penetration testing, code review, cloud expertise, and a ton of research ideas. As we’ve continued to grow and hire, we have had the pleasure of chatting with lots of talented security engineers. Unfortunately, the opportunities we had did not always fit what they were seeking, or the timing was not right. However, we know we will see and chat with them again, and in many cases about future opportunities within Anvil.

The growth of our team has made us think about how to share knowledge, grow skill sets, and continue to work smarter. This has led to some tool development that has helped with our projects and thus led us to think about how to share with others in the community. Our belief is that good technical information is something that should be shared. We believe that if we all work together, we can collectively come up with some great ideas and a community that improves on how we work, interface, support one another, and, ultimately, build more secure (and safer) products. To that end, we have started to share the code for several tools on GitHub, as well as added an overarching resources page on our website. You can find our Github repositories here and the resources at the top in the menu.

Personally, for me, the last six months have fulfilled my desire to take my career to the next level. I have had great support from my co-workers at Anvil and have been learning new skills, refreshing my development skills, and continuing to flourish in my obsession with process and organization. I see my personal growth as a mirror of Anvil’s growth and am excited to continue on this path.

If my personal journey sounds interesting, understand that at Anvil, we take time to talk to our people, learn about what makes them happy and we build plans around that and in support of it. We are hiring people who love what they do, do it in a way that is morally and ethically sound and want a place to work where they are supported, appreciated and part of something bigger than simply being one of its parts. We want to change the world of information security consulting one person, be it an engineer, a salesperson, or a client, at a time.

About the Author

Kim Bauer has over 20 years of experience in the security and general technology industry. She started her career working in ISPs building out data centers, pivoted to designing infrastructure for high traffic web applications, has created security compliance programs, and provided customer support for product and service projects from small boutique to large enterprise. Kim’s specialty is to nurture and support small organizations experiencing rapid growth through formalization and maturity in process and procedure designed and modeled to ensure growth and success from a small firm to a medium-sized business.


awstracer - An Anvil CLI utility that will allow you to trace and replay AWS commands.

awssig - Anvil Secure's Burp extension for signing AWS requests with SigV4.

dawgmon - Dawg the hallway monitor: monitor operating system changes and analyze introduced attack surface when installing software. See the introductory blogpost

nanopb-decompiler - Our nanopb-decompiler is an IDA python script that can recreate .proto files from binaries compiled with 0.3.x, and 0.4.x versions of nanopb. See the introductory blogpost

ulexecve - A tool to execute ELF binaries on Linux directly from userland. See the introductory blogpost

usb-racer - A tool for pentesting TOCTOU issues with USB storage devices.

Recent Posts