At CrowdStrike, every employee shares our mission to stop breaches. But that doesn’t mean that all of our people — even our senior-most engineers, data scientists and technologists — spend their days hunting threats and blocking zero-day exploits.
In this edition of 5 Questions, Tom Essebier, senior software engineer at CrowdStrike discusses how he helps make the digital world a safer place to live and work. (Spoiler: It’s not as a threat hunter!)
Do you come from a cybersecurity background?
No — and that’s not really unusual at CrowdStrike. I have worked in cybersecurity companies for a long time but not in roles that were directly involved with threat or malware analysis, crypto or related hard-core security tasks. I know the general principles of “Let us see if we can hack through this security protocol” or “abuse a system call to get privilege elevation” but I have never tried doing it — for work or entertainment — and I am not particularly interested in it.
If you’re unfamiliar with the cybersecurity industry, you may not realize that a lot of the work that happens day-to-day isn’t focused on security. It’s really more about data. At CrowdStrike, we collect a lot of data. We process and analyze all that data to determine if there is an indicator of attack (IOA).
It’s really exciting stuff for engineers and data scientists. Obviously, given our scale, the volume of data we work with needs to be restricted in some intelligent fashion. We have to figure out how to whittle the information down to something that we can feasibly send to the cloud to be stored. We have questions about how to make that data visible to people so that humans can access the information and use it to fight threats in real time and also forensically back in time. Basically, it’s a lot of plumbing and engine work that happens: engines that filter, engines that throttle, engines that store.
For people who are interested in working in cybersecurity, you don’t necessarily need a security background. If you’re a cloud engineer who knows about microservices and high-volume data processing but haven’t got a clue about what the latest zero day exploit is — don’t worry. The last part isn’t a requirement. You can learn what you need to know about the industry on the job.
What we’re looking for is people who are capable of dealing with extremes of any kind. How do you consume the least possible amount of CPU on a sensor so that it doesn’t interfere with our customers’ operations, but still gets the job done to protect them? What kind of algorithm and multi-thread locking infrastructure performs well for a lookup or counting operation on a 96+ core CPU system across Linux/Mac/Windows or one that works well in microservices sharded across thousands of servers? Extra points if we can use it on Android and iOS too.
The challenge is how to design a data-structure that can carry complex sets of information, be ontologically sound and survive version changes over a period of years, while being efficient to serialize in space and time and have C++/Go/Python/Java/C# language bindings. These are not security problems I am helping solve. Most of us build the engines and plumbing on top of which we are constructing a security solution. One that is already protecting a significant portion of the world — and it will only get better.
Do you still feel like your work is in line with the company’s mission to stop breaches?
Absolutely. There’s a continual effort across the engineering team to ensure that we have the fastest, safest, crash-proof software that we can put on people’s computers. This is what will save our customers, their data, their IP and their customers’ data from a breach.
Our goal is to save the world from adversaries — without breaking anything in the process. And what I mean by that is fulfilling the need to reduce the risk of breaches without increasing the risk of disruption.
Picture this: Where are our sensors running? They are in financial institutions, airlines, petrochemicals, government departments and so on. Many of the top enterprises in the world are running our technology on every one of their servers and endpoints. A nightmare scenario would be if all of them crashed at the same time due to a bug in our sensor. That can’t happen. A big part of a typical engineer’s job here is to make sure that doesn’t happen.
So going back to my earlier point, that’s got nothing to do with security. It’s about programming for safety and efficiency. It’s about making sure that things don’t break and that they can’t break. We have a lot of infrastructure set up to make sure that we achieve these goals — including staff with mathematics PhDs to formally prove things cannot go wrong where possible. We like to think that we leave no stone unturned.
That’s why our talent is such an important part of our company — because the work we do is so critical. We’re looking for engineers who get it, who have that attitude that they want to do the impossible. In fact, we need you.
What’s one thing you learned that surprised you while working at CrowdStrike?
I’m not as good a programmer as a thought I was.
No, seriously! We have a lot of really, really brilliant people working at CrowdStrike. You will run into people who are leaders in their field at a world-class level. And the hierarchy is very flat, which is great from a collaboration perspective. The whole team, the whole organization benefits from that brilliance.
But, the flip side is that some people who were at the top of the game in their previous organization may be surprised that they’re going to have to work hard to get to that level here. Don’t get me wrong, people are valued and recognized from day one. They’re excellent at what they do—that’s why we hired them. But, most of the time, even really good programmers will see that there are extremely talented people here. Not everybody finds that easy to take.
As for me, I find it fantastic! Because the culture here is so open. Everybody’s so helpful. You can learn so much and so quickly. I see it as a growth opportunity. I learn new things every day and I can grow in so many different directions here.
What do you do for fun?
I cycle. I do a 50 kilometer ride every Sunday — that’s 30 miles or so for the Americans. I’m part of a cycle group in CrowdStrike. We have jerseys and other paraphernalia, and people compare their bikes and setups.
That’s another great thing about our culture, we try to connect people based on interest. We have lots of special interest groups—like Slack groups for cat lovers and dog lovers. Our workforce is mostly remote so it’s a good way to get to know your team on a personal level.
If you had to give your time at CrowdStrike a headline, what would it be?
Tough question! “Living the dream,” maybe? From an engineering perspective, there have been so many positives and so many rewarding experiences. Yes, a lot of hard work and challenges too, but I feel really lucky to be part of this. Compared to other companies that I’ve worked for, the positives here really stand out. I have been lucky to have had quite a few jobs that I thoroughly enjoyed and worked with wonderful people over the years, but this company is taking things to another level. It’s the best job I’ve ever had.
- Does working for CrowdStrike sound interesting to you? Visit the CrowdStrike career page to learn more about our teams, our culture and current open positions.
- Access resources to help you ensure the security of your organization and remote workers by visiting the CrowdStrike COVID-19 resource webpage.
- Learn about the powerful CrowdStrike Falcon® platform and how cloud-native cybersecurity protects your organization, no matter where your employees are located.
- Get a full-featured free trial of CrowdStrike® Falcon Prevent™ and learn how true next-gen AV performs against today’s most sophisticated threats.