A Strong Foundation

By Chris Elbring
A Strong Foundation

Since starting Anvil, and adding our first partner, Vincent Berg, in February 2017, a whole heck of a lot has changed. We have grown, added more employees, added Kim Bauer as another partner and continued building infrastructure to support a larger professional services firm. I recently spent some time reading through old blogposts like 4 Tenets3 Basic Differentiators and our original Introducing Anvil Ventures. If you thought this next line would read “And, wow have things changed”; I am happy to report that while we look very different and have had success in meeting our growth goals, at our core, the same principles are driving us as a firm.

Culturally, we have embraced being an employee-owned and directed firm that is always looking to improve and accepting iterative change as part of how we do things. We spend time measuring and analyzing our ability to improve in ways that are commensurate with our financial wherewithal. I call it “keeping balanced” and this concept really works for our team. Anvil is also developing programs that align with this idea of “this is where we are” and, based on that, these are things we can do: including personnel matters like size of training budgets, plans for introducing new incentive plans, building new programs for diversity and mentorship. These are all good things; but like any good thing, they have to remain balanced by the delivery of quality work product so that we can continue to do them.

The language that we use and ways that we describe what it is that we care about has matured and become more representative of those issues. To do so we have introduced The Four Cs that represent our core values.


When I think about areas where we have spent a fair amount of time internally talking about how to make an impact that is at a level commensurate with our ability, the initial steps of our diversity program are an excellent example. While it has taken a bit to get firmed up, we are excited about the recent announcement of our first Conference Scholarship and the path we are on for our programs to support these initiatives.


We also now have a couple years of working with some of the best and brightest technology firms who are developing the tools and systems that are driving innovation and setting the standard for 2020 and beyond for the third-party information security pen testing programs. Many of our customers and partners are working on security and thinking about ways that this still relatively nascent segment can grow to better integrate with existing process and the ever-changing landscape of developing new technology and the quest to connect pretty much everything to the internet.

Anvil has grown, made progress and added more folks who are helping us on our path. Our core values have remained steady. We are looking at the future, embracing the change and trying to do a little good along the way.

We are looking for like-minded people with strong morals, strong information security skills and a desire to help bring about positive change in an amazing industry. If you have comments or just want to let me know what you think about what we are doing, contact us. If you are ready to embark on a new exciting career, send your resume to us at careers@anvilsecure.com.

About the Author

Chris Elbring is Managing Partner and CEO of Anvil Secure. Prior to founding Anvil, Elbring worked as CEO and CTO of a startup security software development firm, President of a boutique, regional security consulting firm, an independent technology and security consultant, Director of Software Development of a mobile, biometric firm and most recently as Senior Vice President of Research and Delivery at IOActive, Inc.


awstracer - An Anvil CLI utility that will allow you to trace and replay AWS commands.

awssig - Anvil Secure's Burp extension for signing AWS requests with SigV4.

dawgmon - Dawg the hallway monitor: monitor operating system changes and analyze introduced attack surface when installing software. See the introductory blogpost

nanopb-decompiler - Our nanopb-decompiler is an IDA python script that can recreate .proto files from binaries compiled with 0.3.x, and 0.4.x versions of nanopb. See the introductory blogpost

ulexecve - A tool to execute ELF binaries on Linux directly from userland. See the introductory blogpost

usb-racer - A tool for pentesting TOCTOU issues with USB storage devices.

Recent Posts