Skip to main content

Team Building @ Riot

Back in early July 2015, on a uniquely dry Thursday evening, the Riot InfoSec team ran a small meet-up at our new Dublin office as I previously mentioned here.



The goal of the event was to engage with the local security community, several of whom are also huge League players as I noticed by negative KDA :'( My main memories of the gaming that night being constantly head-butted away by 60 minute Alistair (also spamming his heal) and an extremely fed, axe-wielding and catching Draven, killing at will.

As a team, we felt that the event went well and it seems to have been well received by those who attended. My talk was about the lessons that I have learned from hiring a team into Riot Engineering, which is the first time I've ever had the opportunity to build a team from scratch. It's not only be incredibly educational and exciting, but also humbling as I've had phenomenal support from so many folk in both the Dublin and LA :)



Given there's probably quite a bit of context missing from my talk (if you only look at the slides here) followed the format below:

  • Who I am and who Riot Games are
  • Set context on Riot, League of Legends and the security challenges we face
  • Levelling up the team
    • How I went about it
    • What mistakes I made
    • How I learned
    • That "exciting" feeling when you interview a game-changer
    • How we've improved the process and continue to improve through
      • being data-informed
      • conscious of bias
      • training
      • incorporating practical elements
    • Team (alignment)
In addition to the presentations, we also showed off some tools that we've written to help raise that security bar.



Given we are a diverse team, split across multiple countries and timezones, with different backgrounds, alignment is a challenge because we are all ultimately remoties. As a result, we are always thinking of how we can improve in terms of communication, collaboration and yes, alignment. We took the opportunity with the open-evening event to bring over many of our North America-based InfoSec team to

  • hang out for the week
  • deliver some cool awareness and social hacking presentations to the Riot Dublin office
  • build a lego deathstar (yes, a deathstar :) )

Sadly, one of our Darth figures was stolen and taken back to St Louis by a malicious insider :(




All feedback on the slides is greatly appreciated.

Hopefully the next meet-up will be in early 2016. If there's anything in particular you'd like to hear about at the next meet-up, let us know (@markofu or @davidrook).

If you want to help level the team up, we're still hiring (multiple locations), so please reach out!!!

Comments

Popular posts from this blog

Being a Support Engineer @ 10gen - Part 1

There's a mis-conception around the role of a "Support Engineer".  As a clue, it's not what Urban Dictionary   says   - A person whose job is to answer calls from customers of a small- to large-sized company...... They are teathered to a their desk all day via phone headset........ phone jockeys usually hate their jobs.......they are are paid well enough..........until they completely burn out, and hate everyone.   and doesn't always involve this - Image Source: http://half-bakedbaker.blogspot.ie/2009/11/cannoli-and-broken-computer.html As you can see  here , there's lots of open roles in  10gen  and more specifically with 10gen, in  Dublin . I thought I'd write this quick blog to explain what Support Engineers actually do and why I joined 10gen as a "Support Engineer". I could be wrong but didn't Google come up with term " Site Reliability Engineer " to do away with the stigma associated with being a...

WAF versus DPI Firewall

This is a question, I've frequently been asked in recent years and in the last month, o n one of the internal mailing lists, in my old company, the following question was posted – In simple terms, what tasks is a Web Application Firewall (WAF) able to do that a Deep Inspection Firewall can't and why ? by one of my colleagues. Many of you may be surprised (I know I was initially) but this question still comes up an awful lot. Having answered the email (as a warning, I went into a lot of detail and plugged the awesome Security Onion ), I was requested to write a technical blog on the subject, but as I left the company soon after, the blog was never published. Therefore, to save me answering the question again, I thought I’d publish it so I can just reference the link in future J

Being a Support Engineer @ 10gen - Part 2

So back in July, I wrote a blog post talking about my experiences being a so-called "phone jockey", i.e. a support engineer, for 10gen. For those cynics out there, it wasn't written by HR, modified by marketing or requested by management or anyone in our recruiting team - I wrote it off my own back because I've a tendency to do things off my own back I wanted to explain what being a "support engineer" actually meant and more specifically, what it entailed in a small, innovative, fun company like 10gen I now have somewhere to point people too when they ask my what life as a "support engineer" in 10gen is like to get kudos within 10gen and please management When I wrote the blog post, I intended it to be a once-off (why would anyone agree to writing a multi-part blog series) but I was encouraged to at least write a second post by @francium and she's very cool so I let it slide and agreed!!! One of the ideas that I had was talking ...