Praetorian Reviews

I wouldn't recommend Praetorian to someone unless they are new to cybersecurity or aren't concerned about work-life balance or receiving great pay. The compensation is not as competitive as they claim since they only offer a base salary and stock options to buy shares at a set price, which will only become valuable if the company gets purchased one day or goes public. Effectively, you have a salary, and that's it. Overall utilization is around 85% on the security side without any quarterly bonuses being available, unlike other penetration testing firms, because becoming burned out from a high workload is the norm instead of something that is rewarded or respected if achieved. The interviewing process was extensive and, frankly, a little far-reaching for the low compensation offered. Nonetheless, it showed me that my technical skills are as solid as I knew they were since I aced all of their labs on reverse engineering, web app testing, x86 assembly, AD, and reviewing source code. They made me complete several interviews after watching an hour-long video and writing a response to it. Their process ensures that only those who are genuinely interested in joining move forward. There is a presenteeism aspect to the culture. You are expected to be online at all times from 9-5 PM during CT business hours; this place is not akin to other firms where you can work during your own hours, get your job done, and be fine as long as you complete your work on time. They will constantly watch your online status and report you to others if you want to work odd hours. To the people in charge at Praetorian, the appearance of productivity is just as important as productivity itself, but there is a catch. You'll be reprimanded if you send a delayed reply to a message because you are focused on working or skip pointless meetings where you neither receive nor offer value. Feedback is their G0D, to a fault. They place far too much precedence on feedback, even if it is inaccurate or one-sided. The CEO of Praetorian is passionate about the cybersecurity field. However, his priorities come across as misguided. He's focused on side projects, such as his podcast detailing the history of cybersecurity, rather than addressing cultural and process-related problems within employees' day-to-day work. Interviewing old hackers from the 90s, whom many staff members haven't heard of, has nothing to do with optimizing the functioning and morale of a company that is effectively a startup, yet he treats it as such. He seems distracted by the credentials and fake status associated with building connections with educational institutions for his side projects. After all, it is his prerogative since it is his company. I appreciated that he was a part of the interviewing process; however, this principle of direct communication with him did not seem available or approachable after I had joined. Considering his involvement with the hiring process, he was far more disconnected from the grievances and overall work completed by the services side than I had anticipated and would have preferred. His tunnel vision on the product side makes it seem like he is very eager for an exit before things are ripe. He is unaware of many pain points that *security* engineers experience. Regardless, I wish him the best of luck with his business because he seems committed. There is hypocrisy centered around the company's values. The (HR) department carries a patronizing attitude toward employees, pretending to be friendly and helpful while giving unsolicited advice irrelevant to the job. This behavior is common in cybersecurity, often leading to non-technical people talking down to technical people while not respecting boundaries. People get fired in public randomly without a stated reason, despite the company's value of "Default to Open." They only follow this value when they want to provide negative feedback to employees; they are extremely defensive if you direct criticism toward them or even say something deemed "negative" in a public forum that is not about them. Every now and then, employees see yet another mandatory meeting on their calendars because another executive has been fired. It seemed like a fear tactic to keep people on their toes, but it was counterproductive. Instead of treating departures as learning experiences and being open, they encouraged gossiping and theorizing about a person's termination. They try to combine this behavior with forced attempts to build a culture of comradery, but it doesn't work because of the stated dissonance. They want complete control over their staff's energy and time, even outside of work, perhaps due to the company's relatively small size. Their desire to oversee what I did in my free time outside of work is something I had a significant problem with. They call their consultants "Security Engineers" because it justifies the lack of input pentesters have on their projects and the outrageous utilization rate Praetorian enforces. I was never given the variety of work I expressed interest in when I joined. Instead of providing opportunities to work on sophisticated red team engagements, social engineering assessments, and internal pentests, they overloaded me with a ton of AppSec work as if I were one-dimensional or only interested in web apps. I would have preferred variety and made this clear upon joining, but perhaps not clear enough. Your only choice for your main Praetorian laptop is a MacBook Pro. There is no Windows option, which was annoying. But in many cases, you won't even be working on your main laptop. For every other project, you have to work on separate client laptops, onboard to their environments, and waste time on logistical issues. Working within other organizations' environments as contractors felt degrading because of the poor experience. It felt like I was working for another company, and Praetorian was just a middle-man flipping the price of my labor, which was the case. The work was unfulfilling. 1:1 calls with my manager and the "mentor" they assigned to me were far too frequent, recurring every week at the same time, reflecting their micromanagement attitude and lack of trust toward employees. Our meetings centered around climbing the corporate ladder and getting promoted because areas of dissatisfaction seemed set in stone and unchangeable. My manager was communicative and respectful; I had no problems with him whatsoever. Most of the practice managers are solid people. But there are far too many meetings on engineers' calendars. Random group calls, "donut chats," and other frivolous conversations are plentiful. 80% of them could be cut for efficiency's sake, and no value would be lost. Praetorian doesn't realize that the time pentesters spend in trivial meetings would be better used for client work or short breaks to work problems out subconsciously. I felt trapped when I worked here since they wanted to squeeze everything out of me. They wanted constant updates on where I was and what I was doing. As I said earlier, this is not a company where efficiency and job completion are the only things that matter; they want to ensure that your job extracts the entirety of your energy, even if it leads to misery. My Slack status had to be updated before I urinated, ate lunch, or walked around my neighborhood to avoid being called out by someone monitoring me. Being pulled into random meetings in the middle of the day when you're running on 3 hours of sleep after working all night was ridiculous and considered normal. This scenario happened to me on several occasions. It gradually led to a level of burnout and discontent I hadn't experienced before. It was an attempt to supervise remote work that went too far. Their organizational skills are poor. Practically every engagement has an access-related issue or communication problem that doesn't get solved by the Practice Manager or higher-ups before all of your time is gone. My frustrations with the organization and the fact that they hypocritically didn't follow their own principles ultimately led to my departure. A weight lifted off me after I left. Initially, I had trouble attributing my burnout levels to my job because of the awful malaise I experienced every day after barely getting any rest.

When there's a lot of projects, there's no downtime and engagements overlap. It's typical to work more than 40 hours weeks even though management say they try to plan schedules to have gaps between engagements. There's no clear metrics to see how you're doing besides peer reviews and client feedback because you can't be expected to find critical vulnerabilities in every project. Some just don't have anything or the scoped is too limited. When there's not enough client projects coming in, then that's even worse. On one hand, management will say they're preemptively cutting costs and reducing benefits to brace for economic downturn, but people don't have to worry about layoffs. On the other hand, people will quietly get let go every quarter if quarterly targets aren't met.