About

Hi! I’m Jonathan.

jcran

I’m a well-informed technical information security expert based in Austin Texas. I’m passionate about information security in general and assessment in particular. I strive to understand clients’ information security challenges and deliver elegant solutions.

2021+ – Mandiant We were acquired by Mandiant in August 2021 after only a few months as a standalone entity. Now, we’re continuing to build within the larger Mandiant organization.

2020-2021 – Intrigue After founding Intrigue and raising a 2M seed, we set out to build the world’s best Attack Surface Management product, on top of the established intrigue Core OSS engine.

2018-2020 – Kenna Security As Head of Research for Kenna Security, I worked with a cross functional group, digging into the future of vulnerability management and analytics. Kenna takes a data-first approach and is leading the market in risk-based vulnerability management.

2013-2018 – Bugcrowd I took an early stage (~#7, first in the US) role with Bugcrowd, driving the future of modern application security in the Enterprise. We built and delivered a highly effective security assessment solution for applications, powered by incredible hackers from around the world.

2012-2013 – Pwnie Express I served as CTO and platform lead for Pwnie Express, an Information Security startup developing products and solutions for Security Service Providers, Government and F500 organizations. During my tenure we released 6 new products, garnered thousands of customers, and raised seed and (later, an) A round of 5.1 million.

2010-2012 – Rapid7 Metasploit  I joined the newly formed Rapid7 Metasploit team to spearhead the development of a dedicated quality assurance team for both the commercial and open source projects. Metasploit remains one of the largest open source Ruby projects in the world, and a critical tool to the pentesting and security communities. Along the way my team provided the bedrock for 75+ high-quality Metasploit releases in just 2 years.

2007-2010  – Rapid7 Professional Services  I joined as a penetration tester in 2007 and threw myself into the work, learning everything I could about security assessment and penetration testing. I quickly moved into a team lead position, mentoring and building a world-class, world-wide security assessment team. Over the course of 3 years, we conducted assessments and penetration tests for Fortune 500 clients around the globe.

2003-2007  – Iowa State University I took a job as a helpdesk technician, but quickly moved into process improvement, and later into the lead Windows administrator position for one of the largest colleges within the University. As an administrator of both student and staff machines, we dealt with many early attacks and worms such as Sasser, Blaster and others. This position provided a foundational set of knowledge for the security-focused positions i would later take on.