ITA Spotlight: Geoff Robinson, Managing Consultant, Carve Systems
Monday, September 21, 2020
Posted by: Abbey Kwiat
Geoff Robinson, Managing Consultant, Carve Systems
How did you get started?
Many engineering organizations struggle to integrate security into their SDLC while maintaining development velocity. Carve was created to provide modern security services to customers who want to move beyond penetration testing.
In 2011, that looked a lot different than it does today. Mike, Jeremy, and Max had come through traditional penetration testing companies and saw a clear gap and a way to better serve customers. We started with a couple of core customers in telecom, mobile, and IoT and started delivering services earlier in the development cycle and working directly with the engineering teams.
We’ve grown through referrals and word of mouth. We have a fantastic customer base who have been with us for a long time, and a small number of strong industry partners who share our philosophy on security services and customer service.
What problem do you solve and how do you solve it better than the competition?
Our clients need to know that their products are free of major security flaws, that their own customers’ data is secure, and that they have expertise they can count on to develop and improve the technology supporting their core business.
A traditional approach in this space is based on so-called penetration testing: hiring an outside firm to attack a system prior to (or after!) public release and report all the vulnerabilities. This can have shortcomings, especially because it is relatively expensive to fix flaws late in the product development cycle.
Carve prefers to partner with clients throughout product development, working alongside engineering teams to solve security issues before a line of code is even written. Yes, we will test and assess the finished product, but we will also make it less likely that you will have security flaws in the first place.
Are you headquartered in Chicago? What made you choose Chicago? If you are not headquartered in Chicago, what made you open an office here?
Carve is headquartered in midtown Manhattan, but that doesn’t mean the majority of our team is there. Denver and Chicago are the other cities popular with our consultants (who can be anywhere).
Carve has several clients based in Chicago and the Midwest. Chicago’s deep experience with industry and agriculture, and the technology innovation happening in these sectors, make it a strong fit for Carve’s IoT expertise. We have made a conscious effort to be present and part of the community, and it has now been a home for us for years.
What are the biggest challenges you face as you scale your business?
Consulting scales linearly. But as we gain size, we can specialize in more areas. That has been a real win, with our consultants able to spend their non-billable research time going deep on certain technologies. That translates into one individual being able to support the entire team on engagements when those technologies show up in client systems.
What’s the coolest perk Carve System’s office has?
Maximum flexibility. Carve is a remote-first office, with consultants working across North America. This lets our high-performing technical experts balance their lives as they need to and gives them long periods of deep concentration. In normal times, there’s also plenty of opportunity to travel to client sites across the globe. These are great perks to be able to offer to our experts, and is a reason so many talented folks are working here and not somewhere else.
The whole company also gets together twice a year, often in a retreat setting somewhere on the continent, to socialize, share expertise, and guide the firm.
How has your company culture evolved as Carve has grown?
Cybersecurity has a natural counter-culture element, and that is true at Carve too. But it is paired with pride of craftsmanship – we love that we can use our expertise to help our customers be good stewards for everyone in the digital sphere.
As Carve has grown, we have put systems in place to help us manage projects, communicate effectively, and collaborate. These are necessary as the head count goes up, and we take pride in our management practices, too. That ultimately helps us be effective. The trick for us has been to automate the boring stuff without automatically making Carve boring and stuffy.
How does Carve Systems interact with the Chicago community?
Chicago is home for many of us. We are involved in the local tech ecosystem, including at ITA and the Chicago Connectory. We have attended ThotCon, Chicago’s hacking conference, in recent years, and sponsored high schoolers interested in technology and security there. One of our consultants will be presenting at THOTCON 0xB, whenever the pandemic allows us to gather again. Hopefully in 2021!
What is Carve’s core industry or vertical served?
We joke that our best customers are the ones who actually wanted to hire us! But in reality, that is true – we take great pride in our work and customer service, and our most successful customers are really looking for something more than just checking the box when it comes to security services.