Alpine Security Core Values
Ability to change as required and still maintain effectiveness in a dynamic environment.
Example: In the middle of a penetration test we discover you are already compromised. Our adaptability allows us to quickly and easily shift focus from a penetration test to incident response.
Embracing a respectful and positive outlook towards our clients, team members, family, friends, etc.
Example: As penetration testers we typically uncover holes in your environment and often deal with political situations. No one enjoys hearing their environment is insecure or has already been compromised. Our attitude helps us effectively work with your team in a sensitive, respectful, and positive manner.
Ability to clearly and effectively communicate.
Example: We write many reports and present findings over WebEx sessions. It is vital we clearly and effectively communicate penetration test results to executives as well as technical personnel. If you can't understand our findings or solutions, what's the point of the penetration test?
Example: We teach cybersecurity boot camps and hands-on technical training. To effectively train, we must communicate clearly and in a way that is received by the student. Not everyone learns in the same manner. Some people have a specific learning style, such as auditory, visual, or kinesthetic. We adapt our messaging to match the recipient.
Belief that abilities are not predetermined and can be developed through dedication and hard work.
Example: Our abilities, intelligence, talents, and traits are not static. Effort and persistence pay off and make us better penetration testers, trainers, communicators, and team members.
An outstanding book on this subject is Carol Dweck's Mindset: The New Psychology of Success
Attention to Detail
Ability to focus on specifics without losing sight of the big picture.
Example: We are about to launch a SQL Injection exploit against a target's web application. It's critical we type in the correct IP Address so we don't mistakenly exploit the wrong system.
Example: One of our team members is performing active reconnaissance using nmap. We ask them to perform a null scan, using the -sN switch. They use -sn instead, which is a ping scan. Case matters.
Taking responsibility for all aspects of our life.
Example: We are teaching a Malware Analysis course and have an issue with one of the virtual machines. We don't blame the operating system, virtualization platform, or anything else. We step up and take ownership of the problem until it is resolved.
A fantastic book on this subject is Jocko Willink and Leif Babin's Extreme Ownership: How U.S. SEALs Lead and Win
Ability to quickly and effectively learn new skills.
Example: During a penetration test we come across a brand new vulnerability on a Tomcat server. We quickly research the new vulnerability, devise an exploit, test the exploit, then come up with a plan to exploit the Tomcat server.