- Develop a world class, research and development company
- Change and protect the world.
Five years later, these are still GRIMM’s guiding principles.
To us, world class is directly linked to talent density. We have high standards for ourselves, and our workforce, and do not compromise. Our interns, most junior engineers, and our most senior engineers are passionate to help businesses succeed. Information Technology and the security that assures its delivery are enablers to businesses. And, we work as a team. “Individually, we are one drop. Together, we are an ocean.” – Ryunosuke Sator
Exuding excellence at a security assessment services firm means consistently looking to find the bugs - in software, processes, and the workforce - if it can be done with a computer, we’ll try to do it! Changing and protecting the world may be a tall order, but it’s what keeps us motivated and focused.
To this end, GRIMM does its best to educate our clients and the general public by demonstrating security issues - by showing, not just telling. GRIMM’s 3PO and Howdy Neighbor have become #hackercon favorites. While we love providing our hacker colleagues all over the globe fun and challenging CTF-like competitions, we also think these demonstrations are key in providing non-security people with enough tangible evidence of why whole industries need better security strategies. Automotive and transportation, Internet of Things (IoT), industrial control systems (ICS) - all the things that private citizens rely on daily, all with potential privacy and safety implications. Our Founder is known not only for founding GRIMM, but he is a Co-Founder of the ICS Village, which is non-profit that brings education and awareness of ICS security to a conference near you!
Additionally, we do our best to consistently help the researcher community strive for excellence. Adam Nichols’ #notquite0dayfriday, in which he posts write-ups for vulnerabilities and their impact to GitHub (after reporting them to the vendor) is a consistent hit. GRIMM also contributes patches to open source security research software such as angr/Driller, Honggfuzz, delta debugging and more. Sharing research is what makes the entire community grow, and we urge our colleagues to do so as well! Additionally, helping the young security researcher community get the critical hands-on-the-keyboard skills they need to be powerful and effective the minute they enter the workforce is something we’ve been passionate about for years. To do this, in 2017 we launched HAX, a program in which we partner with undergraduate security clubs with the purpose of fostering friendly competition and collaboration with lots of hands-on-the-keyboard practice. Mentoring students is something we’re very passionate about, and we believe it’s our responsibility to help do whatever we can to prepare future cybersecurity generations before they enter the workforce.
If we can’t train cybersecurity personnel before they enter the workforce, after many years of developing custom courseware for clients, we likely have just the training for you and your workforce! From Windows Vulnerability Research and Exploitation training, automotive exploitation and security, IoT or ICS security, we’ve trained both government and commercial customers practically monthly over the past three or so years.
In addition to being known for demos and training, we’ve made a big difference in the overall security posture for our clients. By conducting security assessments of an organization’s network, system, application, or embedded devices, we’ve saved clients money, reputational loss or embarrassment from breach, and forged strong long-term (repeat!) partnerships. If you want to take your security posture to the next level, consider contacting us for our vulnerability research and development or reverse engineering capabilities!
Despite our logo, we’re really a friendly bunch! We pride ourselves in being both helpful to our customers, and to the security community. GRIMM’s a family - we work hard and play hard together, as you’ve seen in a number of our pictures. We thought for this special five year anniversary blog, we’d leave you with a few fun stories and pictures of GRIMM throughout these past five years.
Aaron Carreras said: “Some of the best times we’ve had have been on the road (attending conferences) with our unique displays (3PO, Howdy Neighbor, Drone Hacking, etc.). A memorable time was when Lisa, Tommy, Tim, ACorn, and I attended the inaugural Wild West Hacking Fest in 2017. When we got there and began setting-up our displays, one of the other vendors/displayers in the room was overheard saying, “oh man, GRIMM is here, they have the coolest stuff,” thus implying everyone else’s (including theirs) was less cool! Additionally, due to Christine’s help dressing us up, we definitely won the show for best dressed vendor!”
Brian DeMuth said: “ I came to GRIMM because I was looking to come to an environment that inspired passion. At GRIMM that really drives innovation. My fundamental belief in what an environment should be line up to GRIMM’s stated company beliefs:
- Innovation: break the rules
- Passion: believe in what could be
- Humility: only the mission matters
- Capacity: learn, share, ask!
- Agility: change is constant
I desired to bring the lessons I had learned from start-ups to large companies to bear for a company I could be passionate about. To enable growth all while allowing our culture to flourish - it’s not a simple task as I have seen first hand in past companies, but something I care a lot about.”
Matt Carpenter said: “I joined GRIMM a bit ahead of schedule…my previous position was Snowdenized (funding cut in the wake of the Snowden disclosures) and I was ready to be done with the defense contractor I was at. Bryson and I planned to work together, it was just about 6 months early. Bryson took me in and gave me a place to create awesome. Awesome product, awesome tasks, and awesome team. I love to hack. I love to innovate and tear things apart. I love to learn and digest new information and gain understanding. And I love to do it with people I can trust, people I can count on, and people I call friends.”
Tiffany Williams said: “I came to GRIMM right out of college at RIT - it’s my first real job in the workforce. When I was making the decision about where to work, GRIMM’s culture spoke to me. It allows me the flexibility to travel a lot, and “work where I work best” which is occasionally in Buffalo, NY, where I grew up. A company that supports my ability to spend quality time with my family, while also working, is important to me. Additionally, I really like the team I’m working on – we’re friends, not just coworkers.”