Skip to main content

Team Building @ Riot

Back in early July 2015, on a uniquely dry Thursday evening, the Riot InfoSec team ran a small meet-up at our new Dublin office as I previously mentioned here.



The goal of the event was to engage with the local security community, several of whom are also huge League players as I noticed by negative KDA :'( My main memories of the gaming that night being constantly head-butted away by 60 minute Alistair (also spamming his heal) and an extremely fed, axe-wielding and catching Draven, killing at will.

As a team, we felt that the event went well and it seems to have been well received by those who attended. My talk was about the lessons that I have learned from hiring a team into Riot Engineering, which is the first time I've ever had the opportunity to build a team from scratch. It's not only be incredibly educational and exciting, but also humbling as I've had phenomenal support from so many folk in both the Dublin and LA :)



Given there's probably quite a bit of context missing from my talk (if you only look at the slides here) followed the format below:

  • Who I am and who Riot Games are
  • Set context on Riot, League of Legends and the security challenges we face
  • Levelling up the team
    • How I went about it
    • What mistakes I made
    • How I learned
    • That "exciting" feeling when you interview a game-changer
    • How we've improved the process and continue to improve through
      • being data-informed
      • conscious of bias
      • training
      • incorporating practical elements
    • Team (alignment)
In addition to the presentations, we also showed off some tools that we've written to help raise that security bar.



Given we are a diverse team, split across multiple countries and timezones, with different backgrounds, alignment is a challenge because we are all ultimately remoties. As a result, we are always thinking of how we can improve in terms of communication, collaboration and yes, alignment. We took the opportunity with the open-evening event to bring over many of our North America-based InfoSec team to

  • hang out for the week
  • deliver some cool awareness and social hacking presentations to the Riot Dublin office
  • build a lego deathstar (yes, a deathstar :) )

Sadly, one of our Darth figures was stolen and taken back to St Louis by a malicious insider :(




All feedback on the slides is greatly appreciated.

Hopefully the next meet-up will be in early 2016. If there's anything in particular you'd like to hear about at the next meet-up, let us know (@markofu or @davidrook).

If you want to help level the team up, we're still hiring (multiple locations), so please reach out!!!
Labels:

Comments

Post a Comment

Popular posts from this blog

LinkedIn Emails

Receiving mails via LinkedIn is an interesting experience. For example, how many folk actually personalise "contact requests" - from what I see, less than 1%. I typically try to because I think it shows some thought has gone into the request and it's friendly, but then "manners" on the Internet is a very different thing to the real world, right ;-) Anyway, to the point of the blog post. In early November (2012), whilst I was preparing my Security Onion presentation for IrissCon  (why did I bother when my MBP died on-stage), I received a very interesting and personal email via LinkedIn. The email came from a "Senior International Belief Instigator" (let's call him the SIBI - to save me typing) at Riot Games and the email was literally awesome, it hit many of the key points that you'd hope for in a recruiter email but it also had a wonderful tone. In my ignorance, I knew of League of Legends but not Riot (yes, I am embarrassed by that). I r...
9 comments
Read more

WAF versus DPI Firewall

This is a question, I've frequently been asked in recent years and in the last month, o n one of the internal mailing lists, in my old company, the following question was posted – In simple terms, what tasks is a Web Application Firewall (WAF) able to do that a Deep Inspection Firewall can't and why ? by one of my colleagues. Many of you may be surprised (I know I was initially) but this question still comes up an awful lot. Having answered the email (as a warning, I went into a lot of detail and plugged the awesome Security Onion ), I was requested to write a technical blog on the subject, but as I left the company soon after, the blog was never published. Therefore, to save me answering the question again, I thought I’d publish it so I can just reference the link in future J
6 comments
Read more

Doing The GSE

So, as many folks know, I went to Orlando towards the end of March to attempt the GSE lab. Both before and afterwards, I received several questions about the GSE :) Therefore, instead of destroying my fingers and typing multiple individual respones, I figured I'd write a short blog on my experiences with the lab section, whilst my thoughts on the written section can be found here . Apologies, this post started off short. Firstly, let me say, that once I overcome the initial nerves (I was bricking it on the first morning), I had a great time. @Chris_Mohan and @asho_relaxo both told me that I'd have fun but I didn't believe them (in fairness, they're not trustworthy characters). Most folk enjoy the first day the most, but I loved the second morning, it was a blast, especially when you come back to that problem that you couldn't figure out and then you nail it :)
6 comments
Read more