Below, find a brief history of my endeavors.
2022+ – Google … Mandiant was acquired into Google Cloud in October 2022. The mission to deliver world-leading attack surface visibility and control continues.
2021-2022 – Mandiant Inc … Intrigue was acquired by Mandiant in August 2021 after only 8 months. We (the Intrigue team) integrated into Mandiant Advantage and set upon the task of delivering our service to tens of thousands of organizations. Mandiant was acquired by Google in 2022.
2020-2021 – Intrigue Corp… In 2020, I founded Intrigue as an answer to a nascent opportunity in the Attack Surface Management space, raising funding from a diverse set of backers to execute on the opportunity. With a small but highly effective team of startup players, we set out to deliver the world’s best Attack Surface Management product, on top of an open (as in open source) core. Intrigue was acquired by Mandiant in 2021.
2018-2020 – Kenna Security … Taking a step back into the technical after a few years of building and leading teams, I joined Kenna Security as Head of Research. Our team worked with as a cross functional group, digging into the challenges of vulnerability management and analytics and delivering insight and applied research that was key to organizational success. Kenna’s data-first approach and early lead in the risk-based vulnerability management space was a great opportunity to define a market. Kenna was acquired by Cisco in 2021.
2013-2018 – Bugcrowd … I joined Bugcrowd as the first employee in the US, driving the nascent bug bounty space and delivering a consumable, modern application security service in the Enterprise. Working in a variety of roles, I led a team that built and delivered a highly effective customer-oriented service, powered by incredible hackers from around the world.
2012-2013 – Pwnie Express … I served as CTO and platform lead for Pwnie Express, an Information Security startup developing products and solutions for Security Service Providers, Government and F500 organizations. During my tenure we released 6 new products, garnered thousands of customers, and raised seed and (later, an) A round of 5.1 million. Outpost24 acquired Pwnie Express in 2019.
2010-2012 – Rapid7 Metasploit … I joined the newly formed Rapid7 Metasploit team to spearhead the development of a dedicated quality assurance team for both the commercial and open source projects. Metasploit remains one of the largest open source Ruby projects in the world, and a critical tool to the pentesting and security communities. Along the way my team provided the bedrock for 75+ high-quality Metasploit releases in just 2 years. Rapid7 IPO’d in 2015.
2007-2010 – Rapid7 Professional Services … I joined the small services team at Rapid7 in 2007 as a penetration tester and threw myself into the work, learning everything I could about security assessment and penetration testing. I quickly moved into a team lead position, mentoring and building a world-class, world-wide security assessment team. Over the course of 3 years, we conducted assessments and penetration tests for Fortune 500 clients around the globe.
2003-2007 – Iowa State University … My first real IT position – I took a job as a helpdesk technician, but quickly moved into process improvement, and later into the lead Windows administrator position for one of the largest colleges within the University. As an administrator of a college of over 300 staff and faculty, my team dealt with many challenging support cases and security threats. This position provided a foundational set of knowledge for the positions i would later take on.
Jonathan Cran 