When deciding to take a new job, one of the biggest concerns is often who you’ll be working for — not just the company itself, but the management and leadership team. What kind of manager will you have? Who is leading the organization from the top and what is their philosophy on learning and development? Will these people deliver all they promised during the interview phase?
In our latest installment of 5 Questions, Patrick McCormack, CrowdStrike® SVP of Cloud Engineering, talks about the three things he tries to provide every CrowdStrike engineer: autonomy, mastery and purpose.
Q: First things first, what do you look for in new candidates? Is experience in cybersecurity required?
That’s a really interesting question. CrowdStrike is a place for everyone. We have people with deep expertise in cybersecurity in areas like reverse engineering or writing detection algorithms, but actually, a lot of the work, particularly as it relates to the cloud and our sensor, is deep software engineering that is not concerned with security.
I didn’t have a particularly strong security background when I joined. But I brought a lot of knowledge and experience in building large-scale distributed systems in the cloud. So when we’re looking at hiring engineers — whether they are UI platform devs, cloud development engineers or kernel engineers working on the sensor side — they don’t necessarily have to know anything about security. I think this is an important point because engineers can be put off because they think they need to know about security to apply for positions at CrowdStrike, but for the most part, we are looking for world-class engineers regardless of their cybersecurity background.
Q: A lot of engineers might not be familiar with CrowdStrike. Why should they be interested in our company?
The thing I like most about working here is knowing that we’re protecting our customers. I’ve seen situations where we’ve had alerts go off late in the afternoon because we’re seeing a huge influx of detections from a particular customer. We realize that the customer has been targeted via email and people are clicking on malicious attachments. We’re registering all of those detections, but we can see that there’s nobody in the company that’s noticing, apart from their SOC (security operations center). The average user might be sending emails on a laptop as usual, and not even know that we’re at work protecting them from all this bad stuff that’s trying to run on the machine. That’s huge for me.
From a technology point of view, what we do here is incredible. We have kernel-level developers working on our sensor, we run a hybrid cloud backend over 4 geographic regions worldwide and we are architected to be up 24×7 with zero downtime. If you are interested in working at the kernel or OS level, or on massive async event-driven distributed systems, or on a state of the art UI and you also want your work to be important and impactful, then this is the place for you.
Q: So tell me a little more about the culture. What’s it like to work for CrowdStrike?
Culture is very important to us. Our internal mantra is “one team, one fight” and we live that every day. We foster a high-trust and high-autonomy work environment. We have a high bar for new hires so we don’t want to bring smart engineers on board and tell them “Okay, sit there and I’ll tell you exactly what to do.” We want them to tell us what to do. We encourage a free and open exchange of ideas and it does not matter if you are an intern or a senior engineer with 20 years of experience. A healthy organization is one where anyone can approach the leadership team or their teammates and say, “Hey, I see you’re doing something in a particular way. I’ve developed a system like that in the past and I think I can improve on what you are doing; let me tell you about it.” Everyone’s voice and opinion matters — we’re stronger because of our diversity of opinions and ideas.
There’s a refinement of self-determination theory that says that there are three things people want from every job: autonomy, mastery and purpose. This is something that as a leader I consciously think about, as we are scaling up the engineering organization. We try to give our engineers autonomy in their work so they take pride in what they do because they own their work.
We also keep people learning, which is the mastery part. I always want to be stretched in different directions, whether it’s technically — taking on new areas, looking at new ways of doing things or adopting new technology — or from a management and leadership position. I think most engineers, most people in fact, feel the same way.
Finally, there’s purpose, which we’ve talked about a bit already. I think that’s the one thing that everyone here really loves. We have a strong sense of purpose. We’re not trying to get people to tweet at each other or target people with ads—we’re protecting our customers and making the world a safer place. That may seem like hyperbole, but we protect computers in hospitals and if a doctor can’t access a sick patient’s records because of ransomware, that’s a very serious situation. Our engineers get a huge sense of satisfaction that we’re doing something that has a very strong sense of purpose.
Q: Tell me a little more about being a platform-based company. What do you and your team do day-to-day?
The platform group builds and operates “platform-as-a-service” (PaaS), which is used by product groups who are building customer-facing products. We build for scale and reliability and we cover everything from the sensor to cloud ingestion, data processing pipelines, services and libraries for building sensors and user interfaces. We don’t want each one of these product groups to have to figure out how to build and deploy cloud services on their own or how to scale them or make them robust. We provide that platform for them to plug into, and they can focus really on the business logic of what they’re building. Also, just to give you an idea of the scale we operate at, the cloud ingests and processes in near real time over four trillion security events a week.
I oversee both the tactical and strategic aspects of platform development and operations. Tactical means everything from running and operating our cloud product across the world, 24×7, at scale. This also means planning and executing on the delivery of new platform features over the next three to six months. When we look six months and beyond we are thinking about the new capabilities we need to build and also about existing systems that need to be revved to handle our growth. You always have to be thinking about the future because at our scale you can’t wait for an inflection point to start developing; by that time it’s too late and you’ll have hit a hard scaling limit.
Q: What do you like to do for fun outside of work?
Mostly hiking and reading. In fact, right now I’m in the middle of The Undoing Project by Michael Lewis. The Undoing Project is super interesting because it’s about how people make decisions and common errors in decision-making. In addition, I am reading a book about Roland Barthes, as well as Practical TLA+ .
Are you interested in working on Patrick’s team at CrowdStrike? Head to our Resource & Engagement Portal at GopherCon 2020 where you can find out how to meet our team and talk all things cyber: https://www.gophercon.com/page/1623781/crowdstrike
Not attending GopherCon? check out the CrowdStrike Careers page to learn more about our teams, our culture and current open positions.
- Access resources to help you ensure the security of your organization and remote workers by visiting the CrowdStrike COVID-19 resource webpage.
- Learn about the powerful CrowdStrike Falcon® platform and how cloud-native cybersecurity protects your organization, no matter where your employees are located.
- Get a full-featured free trial of CrowdStrike® Falcon Prevent™ and learn how true next-gen AV performs against today’s most sophisticated threats.