“Life at ForAllSecure” is a Q&A series dedicated to our growing company.
For this month’s profile, we talked with Robert Vamosi, Director of Product Marketing at ForAllSecure and the host of our popular podcast, “The Hacker Mind”.
Robert joined ForAllSecure in 2020 and is based out of northern California. He is celebrating three years with the company this month.
I'm responsible for communicating what our product, Mayhem, does and how customers get value from it. That involves talking to customers on how they use Mayhem, and talking with our engineering team about new features.
It also involves looking at competitors to see how they’re positioning themselves in the market, how we compare to the products that are currently out there, and how we are different. And in general, I drive the creation of content that describes the functions and uses of our product.
I started out as a writer. I was a journalist at ZDNet, hired basically to cover the security space, and then ZDNet became CNET. In journalism, you get moved around a lot, but I was fortunate in my entire career at ZDNet and CNET to stay within the security space.
I've continued to write ever since. I’ve published articles for PC World, Forbes.com, and other similar publications. But I decided to move away from pure journalism.
You reach a point in journalism where you can only rise so high. I was already senior editor, and I was like, “What can I do next?” And it just seemed like journalism was going through a weird transition back then. It still is. Somebody from an IOT startup reached out to me and said, “How would you like to work as a Product Marketing Manager?"
So I became a Product Marketing Manager for an IOT startup. While I was doing that, I wrote my first book on IOT security. I also got my CISSP certification, because I wanted to show people that even though I started as a journalist, I actually understand information security. And now I have this credential after my name to prove it.
I also co-wrote a book with Kevin Mitnick.
From there, I moved around to other companies as a Product Marketing Manager, always trying to stay as close to cutting edge technology as possible.
Chaotic. I have marketing goals, and I'm intent on producing new content that showcases our product, of course. But I also often get brought into other things by sales, or CS, or engineering. They'll ask me to work on something for them as well.
So, it's kind of like a newsroom in that I come into the day thinking I'm going to do X, and by the end of the day, I've done X, Y and Z. And I actually like that. Some people don't like the disruption, but I do, because it’s challenging. If it was the same old, same old every day I would get bored.
That one's an easy one. Probably The Hacker Mind Podcast.
When I considered joining ForAllSecure, a podcast was actually one of the things I asked for. Marketing had already come up with the name and a few other elements of it. They just didn't know how they were going to execute it.
When I joined, they wanted to release a podcast episode every quarter. I said, “Oh, heck no, let's do it every two weeks.” And we've done that ever since. For three years, every two weeks, I've pushed out an episode. There are over 70 episodes now, and it's on the Spotify Top 50 Tech podcasts list.
If you listen to the first twelve episodes or so, I interviewed a lot of people from ForAllSecure, because I was struggling to find people to interview. I had committed to releasing an episode every two weeks, and it's like, how do you feed that machine? And so, while I was getting up and started, I was reaching out to almost everybody, including coworkers.
But I'm actually at a point now where people reach out to me and ask if they would be a good guest on the podcast. The most recent episode I did was on a different type of operating system. I interviewed Michael Coden, a professor at MIT. I’d never met him before—he just reached out to me cold. And I was like, “Yeah, let's talk.” And I'm glad I did, because he's really a cool guy, and he goes back to the early days of when the C programming language was created.
Yes, I've managed to host a podcast at almost every job that I've had, even going back to CNET. It was called The Security Bytes Podcast. We did it every week, and it was a new thing, but that's what CNET was doing—at the time they were pioneering video, they were pioneering everything.
The subject matter. I get to interview some very interesting people. I try to find researchers who are doing direct vulnerability research and talk to them about that. Oftentimes, they're doing fuzz testing. Oftentimes, they're doing things that ForAllSecure is doing, so it's very nice to tie that back in, but I just like meeting different people in the hacking world.
People—and I mean it in the sense that we are resource lean.
I like startups. I like small communities. I like knowing the people that I work with really well, as opposed to a large company. On the other hand, we just haven't had enough people to do some of the things that would have been great to do at the time.
So, I think one of the biggest challenges is just, you know, we're doing five things. Can we do six? And oftentimes we can't—yet. We're growing right now, which is great. As the company grows, this challenge is lessening.
So, this is going to sound nerdy and weird, but I actually go out and look at competitors' websites, and I challenge myself to find the FUD on their website.
FUD is an acronym for fear, uncertainty and doubt. Oftentimes, people will use FUD to scare you into doing something.
So, I try to find something that they're saying on their site that I know isn’t true. And I know it's not true, because I can go to their public documentation, and I can look through it. And let's say, they say that they can “make toast and put a pad of butter on it for you every time”. I can be like...there's no mention of toast...and there's no mention of butter anywhere in your documentation, so I know you're making this up.
So anyway, I find it challenging because it reinvigorates me and motivates me to not do FUD here and define better ways of expressing the stuff that we do.
Since I became a Product Manager, I’ve moved to a few different companies. I started with an IOT company, and then I went to work another application security company prior to ForAllSecure.
As I transitioned, I actually found that I was moving away from when I liked. I liked working with hackers. I liked working with researchers, and I was getting really far afield. Despite being at an application security company, I was sitting in a corporate office, and I wasn’t doing anything security-related, which was really hurting me.
So, what I like about my job here is that I get to work with hackers. I get to work with researchers. I get to work with people in the industry, and that primacy is really important to me.
Within this company, we have people that have done some really cool things. Winning the cyber grand challenge—that is awesome. And knowing the people that go to the capture the flag competitions at DefCon every year—that's also been really awesome.
So that's helped me grow professionally, because security evangelism is very important. Translating important issues into something your parents’ generation can understand is hard but absolutely necessary. I like taking complex technology and explaining it in simple terms, accurately. I like talking to people who say they have two factor authentication enabled on their apps. Why? “So I don’t get hacked.” I like to think that maybe some of the stories I’ve written contributed to that general knowledge somehow.
I've been here long enough that I've seen us go from almost no culture to having a culture. I think we're in a really good space now; we have very good people on our teams throughout the company.
We have people that have worked for both large and small companies in their past, and they're bringing those experiences in. And so it's less homogeneous than it was before. You know, all of us come from very different backgrounds, and I think that’s a good thing. That’s what any organization needs to go forward and grow, is to bring a diversity of backgrounds together.
I really feel like it's still early in defining what our culture is. I do think that we have that drive and that hunger—in the engineers that I talk to, in the CS team that I work with, even in the Sales team, we all feel like we have a good product, and so we want to get it out there. And that's a good place to be for any company—to have a lot of different people within the organization, all pulling for the same thing.
But you know, the other part of it is that, when I look around at other companies, a lot of them are just repackaging existing technologies. I really like that we have created something that is very unique. I like the challenge of working with that uniqueness and trying to make it something that people know about and want.
Well, I have a non-traditional background. I started in journalism. I don't have a computer science degree. I don't have an engineering degree or background, and yet I'm in product marketing. I do have a CISSP certification.
I guess for someone looking to get into this space, I would recommend getting some kind of certification. On the other hand, don't spend too much time getting certifications. Get some experience that focuses on a product and shows that you know exactly how the products are made. You don't have to code it yourself—you just have to know how it's done.
And also, if you want to be a Product Marketing Manager or director someday, you should really like hanging out with engineers. They are the people that I interface with the most in the company. Not everybody likes that. Engineers are engineers. If you find that odd, then there's probably another role for you somewhere else in the company. But I actually like hanging out with product managers and engineers.
I'm an avid runner. I've run thirteen marathons. Right now, I'm doing a lot more 10Ks, just because I don't have the training time that I used to have, but I really love running.
I got all excited about the Boston Marathon a couple weeks ago. I follow the top runners in the world on social media. I know about the five big marathons throughout the year.
So that's the thing that I do outside of work. It's healthy. And it creates a good work-life balance, because I can get away from devices and just run.
So I actually recently bought an electric vehicle. It's been interesting, because now I have what they call “range anxiety”. Instead of a gas gauge telling you that you're at half a tank, it tells you you've got 120 miles. What does that mean? You have to figure out miles you have to go before you’re able to charge the car again.
Then there’s all the different types of ways that you can charge your car. So, if you plug it in at home, it takes like 55 hours. If you plug it in at a charging station, it can take six hours. And if you can find one of the rare superchargers, it can be under an hour. So, it's been interesting learning about this process.
My EV is very much a computer on wheels. There's no undercarriage to the car. It's really weird in that sense because, you know, obviously there are motors and moving parts inside, but you don't have all the grease and oil and stuff that you have on a gas car.
I'm actually on IMDb—that's a great party trick to pull out. I am featured in a documentary film on the history of hacking called Code 2600. I was at Black Hat Washington D.C. in 2010 when the director came into the press room looking for a spokesperson to who could tie together some of the other interviews he’d gotten with Jeff Moss, Bruce Schneier, and others. So if you type my name into IMDb, I show up as myself.
Thank you for subscribing!