NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.
NEW FEATURE
Cobalt PtaaS + DAST combines manual pentests and automated scanning for comprehensive applications security.

Cultivating a Start-up Culture with Values

Last year, I found myself in an unusual situation. My boss Jacob Hansen, Cobalt's CEO, asked me if I wanted to lead the People function at…

Last year, I found myself in an unusual situation. My boss Jacob Hansen, Cobalt’s CEO, asked me if I wanted to lead the People function at Cobalt. The thing is, I’ve worked as a cybersecurity practitioner for 15 years. Granted, I’m very passionate about people — that’s why I created the Humans of InfoSec podcast — but I’ve never actually worked in Human Resources before.

At the time, Jacob realized we were really onto something. The company had found product/market fit. Our impact on the industry was only growing. The most important thing for us was to focus on our people, which meant elevating Cobalt’s People function to be a world-class organization. To do this, we needed to build an environment that cultivated personal and professional performance, growth, and happiness. In order for Cobalt to be successful in the near and long term, we needed to attract, acquire, and retain great talent.

It was a challenge I was excited to take on.

An Unusual Role: Security + People

In Cobalt’s early days, we were just a ten-person team based in a converted apartment in the Mission district of San Francisco. Our co-founder Jakob Storm sanded the floors himself. Jacob Hansen regularly took out the trash. With a team so small, there wasn’t a need to establish formal values. We were forming them — and living them — day-to-day.

As Cobalt grew from eight to 50 people, it was easy to keep nearly everyone involved in the hiring process. We could ensure new hires contributed positively to our community. Although we didn’t have formal values, we recognized the attributes that aligned with our culture. We had a vague sense of our values, and were intrinsically interested in candidates who felt the same. But how well can gut intuition scale as a company continues to grow? As it turns out, it can’t.

Growing our Culture from 50 to 100

When I began my new role as Head of People, I asked our people operations manager for a book recommendation. She recommended Yuval Noah Harari’s Sapiens, a compelling account of humanity told through biology and history. In his book, Harari asserts that humans can create and maintain culture through 1:1 relationships until a group reaches about 100 people. After that, something more tangible is needed to support and enforce cultural values. At the time, Cobalt was preparing to grow from 50 to 100 people. We realized it was time to write down our values in order to help us make decisions when recruiting, promoting, and transitioning.

Observable Culture and Values

Jacob and I didn’t sit down and write these values out of thin air. We took a different approach.

All of Cobalt meets twice a year for kickoffs. When we were roughly 50 people last January, we met in Miami. At the end of our sessions, Jacob asked everyone to stand in a circle. One by one, he called about a dozen employees into the middle of the circle. Then he invited everyone to share Cobalt values they believed that person demonstrated. So what were some of the attributes that people chose?

culture_1-1
Robert Kugler

For our Security Operations Manager Robert Kugler, Cobalt employees love his enthusiasm and contagious optimism. He is willing to get his hands dirty and do what needs to be done. He is collaborative. He’s also strategic with his time and consistently seeks to improve using automation.

culture_2-1
Julie Kuhrt

For our Content Manager Julie Kuhrt, her positive attitude is deeply appreciated. She takes initiative, has tremendous energy, and cares deeply about her work. Her strong work ethic and dedication is unparalleled. She takes responsibility and holds herself accountable.

culture_3-1

Wolfgang Becker

For our Senior Software Engineer Wolfgang Becker, we appreciate his humility. He is a great listener, but he stands his ground and is not a pushover. He expresses gratitude and follows through.

culture_4-1

Marion Sornette

For our Senior Customer Success Manager Marion Sornette, we respect her structured and systematic approach. She is humble, but hardworking and motivated. Customers love her. She makes things happen.

From the session, it was clear that we thrive as a community. Cobalt’s employees respect and admire each other. They have glowing things to say about their colleagues. But how could we pick apart and distill these observations into core values? In Cobalt fashion, I wrote down all the things people were saying, collected them into a Google Sheet, then invited the rest of Cobalt to contribute.

Together, we established four core values at Cobalt: humble learning, lead with grit, quality at speed, and One Cobalt.

culture-3

Humble Learning

At Cobalt, we are humble learners. What we did yesterday may not work tomorrow, so we approach problem solving with a creative growth mindset. We understand that occasional failure is part of a natural learning process when trying something new. We humbly seek to learn from subject matter experts, mentors and advisors. We believe that everyone has something to contribute. Where we have skills and experience, we share our knowledge generously and patiently with others.

Lead with Grit

We lead with grit. We know that achievement comes from a strong work ethic and relentless execution. We do not quit when the going gets tough. We are committed to high integrity — we do what we say, and we say what we do. We take responsibility and get things done. Our leaders are in the trenches with us. We find solutions, not problems. We innovate and make things happen. We own our results and create our success.

Quality at Speed

We produce quality at speed. Our customers and pentesters inspire our high standards. We set goals, make plans, and follow through. Our success measures and action plans are transparent and SMART. Our questions, decisions, and actions are data-driven and KPI-focused. We seize opportunities. We know that there is no time to waste. We say no to what is not important, and deliver the right results at the right time.

One Cobalt

Finally, we know that when we collaborate, we can make 2 + 2 equal 10. We respect our colleagues and we value each person’s unique contribution. We genuinely believe in the Cobalt vision and care deeply about our customers, pentesters, and colleagues. We recognize the critical importance of each constituency to Cobalt’s continued success. We celebrate team wins and show gratitude for one another. We lift each other up.

Demonstrating Values

Establishing values is only the first step in the process. It’s one thing to establish values. It’s another thing entirely to embody them. In order to truly scale culture, we needed to recognize key contributors. During our last company-wide kickoff in San Francisco, we awarded eight employees for their outstanding representation of our values at the manager and maker level. For each award, we invited colleagues to stand up and express their appreciation for the recipient. It culminated in a heartfelt expression of gratitude and encouragement across our community — from sales to engineering — and enhanced camaraderie among colleagues scattered across the globe.

culture_5-1

Ray Espinoza

Humble Learning

The Humble Learning Teacher Award went to our Director of Security, Ray Espinoza. He inspires others to learn, and in turn they understand they can learn from other employees as well.

culture_6-1

Elle Vee Johns

Customer Success Manager Elle Vee Johns won the Humble Learning Student Award for her eagerness to learn. She always asks questions and demonstrates an interest in learning more about her own career as well as Cobalt.

culture_7-1

Regina Andrade

Lead with Grit

Our Lead with Grit Leadership Award was given to Regina Andrade, our senior front-end engineer. She inspires others to rally to a cause. She is not afraid to take the lead on projects, and others naturally look to her for answers.

culture_8-1
Anton Alferov

Anton Alferov, our staff infrastructure engineer, won our Lead with Grit Problem-Solver Award. The award recognizes someone who is scrappy and creative when it comes to getting things done.

culture_9-1

Dragos Stanescu

Quality at Speed

Our Quality at Speed Delivery Award went to one of our technical program managers, Dragos Stanescu. He never fails to come prepared and is on point when it comes to his timelines.

culture_10-1

Marta Marco Buyolo

Marta Marco Buyolo, one of our top business development representatives, won the Quality at Speed Momentum Award. She kicked off her career at Cobalt strong and fast, and continues to gain speed and traction.

culture_11-1

Tina Zhang

One Cobalt

The One Cobalt Collaboration Award went to Tina Zhang, our business operations analyst. She is constantly willing to work cross-functionally, and goes above and beyond her job title to be there for her fellow employees.

culture_12

Anna McCaffrey

Finally, Anna McCaffrey, our people operations associate, won the One Cobalt Communications Award. She is extraordinary at communicating between teams and is always available to receive and answer questions.

Establishing values and recognizing contributions is only the beginning. As we scale One Cobalt to accommodate unprecedented growth, we will seek new opportunities to support our colleagues and ensure they thrive. In the end, our values are guiding principles to keep Cobalt such a great place to work.

Minimize risk efficiently and effectively with offensive security call to action image

Back to Blog
About Caroline Wong
Caroline Wong is an infosec community advocate who has authored two cybersecurity books including Security Metrics: A Beginner’s Guide and The PtaaS Book. When she isn’t hosting the Humans of Infosec podcast, speaking at dozens of infosec conferences each year, working on her LinkedIn Learning coursework, and of course evangelizing Pentesting as a Service for the masses or pushing for more women in tech, Caroline focuses on her role as Chief Strategy Officer at Cobalt, a fully remote cybersecurity company with a mission to modernize traditional pentesting via a SaaS platform coupled with an exclusive community of vetted, highly skilled testers. More By Caroline Wong
Then & Now: One Year Pentesting at Cobalt with Arif
Arif (@payloadartist) joined the Core last April and shared his experience of how things have been for him at Cobalt for the past year.
Blog
Apr 17, 2022