Protecting our customers’ information is of utmost importance to us. Our Security Team works with researchers to ensure all vulnerabilities submitted to us are reviewed and actioned. We appreciate security researchers who help us keep our employees and customers safe by reporting vulnerabilities that may exist on our platform. If you believe you have discovered a possible security vulnerability, please help us to fix it as quickly as possible by submitting your findings in accordance with our disclosure policy below
I’m the CISO of the Photobox Group and we are currently hiring for a Head of Application Security to join our amazing team. Please share this post and Job Description with your network and with who you think would be a great match for our project and culture. Although we will always make a choice based on talent and fit, I would love to get more candidates from diverse backgrounds, namely women.
I came across this blog by Seth Godin years ago about ‘understanding the critical path’ and there was a great few sentences at the end that read: ”…delaying the critical path by one hour at the beginning of the project is the very same thing as delaying the entire project by an hour at the very end. Rush early, not late. It’s cheaper that way, and better for your peace of mind, too.
With every new joiner to a team, the team dynamic changes. In my experience, there are two types of joiner; Those who sit back and observe and plan their strategy, using what they’ve learned about people and processes in the business Those who hit the ground running, who already have an idea of what they want to implement and can’t wait to get stuck in. Let’s call the first type the observer; while they may seem slower to nudge the needle and make changes, their decisions are informed, strategic, and considerate to others.
Incident handling processes @ Photobox This weeks musing is born out of some small degree of pain. At least it was week 3 in my new role as Head of Detect before I had to deal with a flurry of incidents, a period that is currently being referred to as ‘the baptism of fire’. As I didn’t burn, I guess by Medieval standards this means I am (or am not) a witch, depending on your point of view.
Managing information about risk management at Photobox Group I’ve spent my first few weeks at Photobox Group (awesome team, great company, lots of fun btw) getting my head around - and marvelling - at how we manage information about risk, vulnerabilities and incidents in JIRA. One of the biggest challenges I’ve seen across companies in the last 10 years is how information (aka: corporate memory) is recorded / managed / linked in order to understand or uncover relationships and dependencies.
I joined Photobox Group Security at the start of May. This is the first in a series of blogs where I’ll detail some of the work I am involved in. It’s been a whirlwind few months at an awesome company and one of the things that continues to excite me about internet companies, is the speed at which we can deliver change. Given the amount of data breaches over the last few years, one of the first things I wanted to discover was how well we were protecting our customer passwords.
Our group of companies provide an incredible service for our customers, we work in a special space for them, helping them create something unique; a snapshot of a time and a place perhaps, the capturing of a memory, the gift that shows someone else how much they care for them. They trust us to be there for them and to protect those magical and intimate moments, it’s something we are proud to take very seriously.
How can you help with the Group Security recruitment process? Group Security is currently recruiting for a number of new senior positions as well as short-term contractors. We really need your help; the best candidate could be someone you already know, who you feel will be an amazing fit for the role, for our culture, and for the work we’re trying to do in Photobox Group Security. We’re asking you to reach out to your social network, either in person, by retweeting or via a blog post with this information.
How does it work? The flow is simple and, if you want it to be, fast. Apply for the post and complete the challenges that we set you. Impress us with those and we will invite you to an OWASP working session, where we get to meet you face to face. If we work well together you will be invited to a formal interview. Why challenges? Why are we asking applicants to take up the various challenges and provide all this extra information before we even meet?