Hi.

The last two months have been a whirlwind 🌪️ for me. I was a walking ball of FUD and nerves for a while, but I think I’ve emerged a better person. Let’s go for a little journey!

New Job!

In early January, I decided to leave Trimarc. I had already been looking around at various openings for a few months just to see what was available, but it took the layoff of a few co-workers before I decided to really go for it.

I reached out to some friends to see what was available and was quickly pulled into interview cycles at six different companies. By the end of January I was down to just three companies, and I’d received a written offer from one of them. Written offer in hand, I put in my notice at Trimarc.

I received a written offer from a second company soon after. I pulled myself out of the third company’s process when I realized I really don’t want to do pre-sales work. Don’t get me wrong, I think I could do it well and the money can be REALLY GOOD, but I’m just not built that way. With two VERY competitive offers in hand, I spent a full four days considering what was best for me and my family.

The two titles were:

  1. Principal Security Consultant. Main activity would be performing Active Directory Security Assessments (ADSA), but I would also perform some cross-functional activities working with research, incubation, engineering, product, and marketing. I’d also be expected to bring a fresh set of eyes to the ADSA process to see how it coule be improved.
  2. Director, Security Research. I would start as an individual contributor (IC) and first hire in a new research division at a well-known AD-related company. Along with research, I was expected to do speaking and training engagements - both internal and external. I would have no direct report at first, but over time I would be expected to build a new team of researchers around me.

It took me a full four days to decide because each role had its pros and cons. The consulting role would be a fairly direct transition from what I was already doing @ Trimarc, while the research role would be a big change. The consulting role was less straight pay but bigger bonus than the research role. I would remain an IC as a consultant, while I would eventually become a manager in the research role. The research role would have tons of freedom, but the consulting role would have a pre-existing structure.

Ultimately, I decided on the consulting role. While I think I could be a manager, I’m not sure I have the passion for it at this time. I would’ve been expected to bring on the first 1-2 hires in my first year, but I feel like I still have at least 4-5 years of IC work in me before I focus on managerial stuff. Additionally, I felt like I would have a much larger base of super-smart people to work with in the consulting role.

So, on February 7, I signed the offer letter to become a Principal Security Consultant @ Semperis as a member of the Breach Preparedness & Response team! I’m team member #8 and brought the team to 50/50 US/European-based. I started a couple weeks ago, and it has been wonderful so far. I’ve met many new and exciting people, and I have already learned so much. Seriously, there’s so much talent at Semperis in so many different areas. I can’t wait to grow here. #ForceForGood

New MVP?

In mid-January, I received an email with the subject line “You’ve been nominated for the Microsoft MVP program”. I thought this was a phish until I confirmed its legitimacy with the person that nominated me: Eric Woodruff of ericonidentity.com fame. He promises he didn’t nominate me just to get me over to Semperis.

I reached out to a few MVPs I knew to get tips on how to maximize my chances of being selected. It turns out there’s no magic formula, and the application process is… a lot. One friend said “if Eric really wants you to join Semperis, he should offer to fill out the application for you.”

The application process isn’t exactly hard, but it’s long. Microsoft wants to know about all the community outreach you’ve done in the last 12 months. “Outreach” includes things like blogs, open-source contributions, forum posts/comments, webcasts, podcasts, conference talks, conference organization, and mentorship. Obviously, they want to know how these activities relate to Microsoft products and services.

I’ve done all of those in the last 12 months, so I had a lot of work ahead of me. About 6 hours into the process, I thought “do I even really want this thing?”

Finally, I got approval to submit my application from Trimarc, and the waiting game began.

On March 1, I woke up to an email from Microsoft with the subject “Congratulations on your Microsoft MVP award”. I again thought it was a phish, but I dug a bit further.

It’s real! 🤯 I was selected as an MVP in “PowerShell” and “Identity & Access”!

I’m still digging through all the benefits of the program, but every MVP I’ve chatted with has been very supportive and very willing to help navigate the system. It was especially fun to be able to introduce myself to other Semperian MVPs during Thursday’s MVP breakfast!

Stay tuned for an explanation of how you too can become an MVP. But until then, the entire process can all be boiled down to “help the community”. If you’re doing that frequently, it’s only a matter of time.

Till next time, friends! 👋