Author: Rapid7

Inside the Take Command Summit 2025 Agenda: What’s in Store for This Year’s Event?

The cybersecurity landscape is shifting fast—ransomware is evolving, AI is reshaping security operations, and regulations are becoming more complex than ever. Security teams are under pressure to outpace adversaries, manage risk, and defend against sophisticated threats.

That’s why Take Command 2025 is built to deliver the most relevant, actionable insights security leaders need to navigate these challenges. This full-day virtual event brings together top security minds—from Rapid7’s experts to industry analysts and frontline defenders—covering the strategies, tools, and intelligence to help you take command of your attack surface.

A pre-recorded message from Rapid7 CEO Corey Thomas is already live on our event site, providing an inside look at what you can expect from Take Command 2025, and how our global summit will help security teams stay ahead of emerging threats.See the full list of speakers and watch Corey Thomas’s message on the Take Command 2025 registration page.

A Glimpse Into This Year’s Key Themes

This year’s agenda is packed with deep-dive discussions, real-world case studies, and expert insights on the most pressing security topics today. Here are just a few of the key focus areas you can expect at Take Command 2025:

Understanding the Evolving Threat Landscape

Cybercriminals are always one step ahead—until you learn to think like they do. This panel discussion, led by Raj Samani, Rapid7’s Chief Scientist, will explore the latest attack methodologies, emerging ransomware tactics, and evolving adversary behaviors.

Raj will be joined by Trent Teyema, Founder and President of CSG Strategies, a former FBI Special Agent (SES retired), as they analyze real-world attacker techniques and share how security teams can leverage threat intelligence to anticipate and disrupt threats before they escalate.

Session: Inside the Mind of an Attacker: Navigating the Threat Horizon

AI & Cloud Security: Opportunities and Challenges

AI is transforming cybersecurity, but how can organizations implement it responsibly and effectively? Take Command 2025 will examine:

  • The future of AI-powered security operations—what’s hype vs. reality?
  • How SOC and MDR teams are leveraging AI to improve detection and response
  • Cloud security challenges and why cloud detection & response (CDR) is becoming a critical SOC capability

Thom Langford, Regional CTO at Rapid7, will host this discussion, featuring Ted Harrington, Executive Partner at ISE (the Company of Ethical Hackers). Together, they will explore how AI-powered, Zero Trust-based security models are changing how organizations approach risk and resilience, and what the next era of cybersecurity defense will look like in our ‘From Zero to Hero: Building the Perfect Defense’ session.

Exposure Management & Red Teaming: Proactive Security in Action

Security teams can’t afford to wait for attacks to happen. Implementing proactive security strategies are critical. Take Command 2025 will explore:

  • How red teaming is evolving to match today’s complex threat landscape
  • Real-world lessons from leading vulnerability management programs
  • Why organizations are shifting from traditional vulnerability scanning to proactive exposure management

Industry analyst Tyler Shields (ESG) and offensive security consultant Will Hunt (In.Security) will lead key discussions, sharing practical insights on prioritizing risk, testing defenses, and staying ahead of attackers.

With NIS2, DORA, SEC regulations, and other global mandates becoming more prescriptive, CISOs need to stay ahead of compliance changes—but these evolving policies also present an opportunity to strengthen security programs.

Sessions will focus on:

  • How regulatory frameworks are reshaping security practices across industries
  • Key compliance challenges for global organizations and strategies for staying ahead
  • The intersection of security, policy, and business risk—how to turn compliance into a competitive advantage

Sabeen Malik, Rapid7’s VP of Global Government Affairs & Public Policy, will help demystify cyber regulations, compliance challenges, and evolving data residency concerns in ‘From Chaos to Compliant: Demystifying Cyber Regulations’.

More to Come: A Full Day of Cybersecurity Insights

This is just a preview of the cutting-edge discussions, expert panels, and strategic deep-dives planned for Take Command 2025. Across the day, you’ll also hear from Rapid7’s own SOC experts, product leaders, and security researchers, who will provide real-world insights into:

  • What’s next for AI-driven security operations
  • How real-world attack simulations are changing security strategy
  • Inside the SOC: Expert stories from frontline threat hunters

Whether you’re a practitioner, security leader, or researcher, this event is designed to give you the insights and strategies needed to strengthen your security posture in 2025 and beyond.

Register Now to Take Command

Take Command 2025 is a free, global, virtual event happening on April 9. Don’t miss your chance to hear from security leaders and experts on the biggest challenges shaping the industry.

Register Now!

Building a High Performance Team in India: Meet Swami Nathan

Swami Nathan has a track record of building new teams from scratch for global companies. Through his experiences, he’s identified what it takes to build not just any team - but a high performing team that drives innovation and growth for business while propelling career trajectories for those who take the ride. His experience in breaking down silos in tech, driving optimization, and increasing developer & business agility make him the perfect fit to lead the Rapid7 team in Pune, India.

“In today’s world, innovation in areas like Artificial Intelligence and Machine Learning are fundamentally changing the technology landscape at a rapid pace. We need to think about ways to become more nimble in our products, our engineering, and in our ability to listen to our customers so we can stay ahead of the curve. At Rapid7, we want to be on the forefront of this evolution, so we can continue to deliver value to our customers and build a more secure digital future.”

Building excellence through collaboration

Rapid7's culture of collaboration, continuous improvement, and customer centricity provides the ideal environment for building exceptional teams. This environment creates unprecedented opportunities for those seeking to advance their careers and make meaningful contributions through their work.

“When you join a company, you are automatically part of a team. Becoming a high performing team requires a lot of work on the ground, and it’s a transformational journey every colleague  must participate in. Along the way, there is a unique opportunity for every person to uplevel their skills and their profile. The experiences and unique challenges you are going to have, with a company that has the right culture and support systems in place, in an industry where there is an incredible amount of innovation, create an opportunity that not many people have access to, in their careers.”

Characteristics of high-performing teams

Swami shares a few key characteristics that stand out among high performing teams.

They challenge limitations

Some teams have an imaginary boundary when it comes to what they can or cannot do. On a high performing team, there is no boundary to what is possible. Instead, they will question limitations and ask, ‘why not?’

They demand excellence.

As the team begins to grow, they will not accept a B or C level player to join their team. Instead of wanting to be the smartest person in the room, high performing team members actively seek out colleagues they can learn from and who will contribute to the high level of performance.

“There are a few natural side effects when these things happen. First, you improve talent density across your entire company. Green employees are ramping quickly and learning from experts. Seasoned employees are simultaneously coaching those around them, while continuing to uplevel themselves. Second, you drive engagement and collaboration. High performing teams are inspired by the people they work with. They get up in the morning and are motivated for the day ahead because they genuinely look forward to coming to the office and collaborating in person.”

Essential qualities for success at Rapid7

As Rapid7 builds our team, there are key qualities they look for in candidates. For engineers and developers specifically, Swami shares the characteristics he looks for.

Product ownership

Building a product requires a variety of teams who are experts at different phases of the process. Instead of caring solely about their own domain, it’s important for engineers to have a sense of shared ownership over what they are delivering to customers. Great developers may not know everything about QA and testing, but they care enough about what they deliver to understand their role in building a quality product.

Do they have a growth mindset?

The ability to learn and take feedback is essential, especially for those who are early in their career and have not yet developed their technical skills. Being brave enough to ask questions and challenge the status quo will lay a foundation upon which they can build their technical skills.

Impact Through Influence and Action

Having the ability to influence is oftentimes associated with hierarchy or title. Swami challenges this belief and shares that if you have a point of view, are well researched, and can speak intelligently to your stakeholders, these are the factors that determine impact, regardless of your title. A bias for action means that you are looking to take the next step. You are proactive in moving things forward, breaking audacious goals into smaller milestones and action items. If someone can possess these two abilities, Swami knows they are someone who is capable of driving incredible impact in their team, and across the business.

What drew him to Rapid7

Swami joins as the first official full time employee of Rapid7 in India. So what was it that inspired him to take this new role? He credits the experience he has with company executives, and a shared system of beliefs and values with his decision to take the helm in Pune.

“As I was talking with the CEO, and our executive teams, the topics we spoke about did not feel like a traditional interview. Instead, we talked about who we each were as people, and what Rapid7 stands for as a company. As those conversations continued, I was pulled into the culture very naturally. Having a new office in India be strategically tied to the mission and purpose of the business, and how it will help drive such a positive impact for our customers was something that was really inspiring for me.”

Beyond the executive team, Swami shares a common thread that speaks to the company culture and values in action. “My experiences with the executive team and with other leaders across different business areas are all very consistent in terms of how they envision the future of our business. People willingly share information and historical context on their area of expertise, which gives me valuable insights into what we are working to achieve, and what we need as we build our team. It’s not easy to build this kind of consistency in a global organization, so that has continued to impress me throughout my journey here.”

Why join Rapid7 in India?

“What we are looking to do at Rapid7 India is impressive. We are planning for rapid growth this year (which by the way, is less than 10 months!). We don’t want to just build an office in Pune to grow our company headcount - we’re focused on growing high quality talent in a way that enables us to have a positive impact on customers, and deliver to critical business needs. This is a transformational journey that you won’t have anywhere else. We’re thrilled to offer the chance to be one of the first team members in India, contributing to a high performing team, experiencing tremendous personal growth, and delivering critical products and services to our customers.”

Learn more about working at Rapid7 in Pune here.

Uncovering and Protecting Sensitive Data Across Cloud Environments with Exposure Command

Modern organizations grapple with the complex task of securing sensitive data in sprawling hybrid and multi-cloud environments. Due to insufficient visibility and governance, data is often misplaced, duplicated, or left exposed. This fragmented environment makes it difficult for teams to accurately assess data exposure risks, comply with stringent privacy regulations, and continuously track sensitive data across locations, owners, and usage.

Without a consistent, holistic view of where sensitive data resides and how it is managed, organizations face significant security, compliance, and operational risks. To solve this challenge and make sense of their data security posture, organizations typically start by discovering and gaining visibility into data stored across their IT estate and work to classify the type of data and associated risk of exposure.

Modern enterprises typically rely on various data classification sources, including CSP-native detection services (such as Amazon Macie, MSFT Defender for Cloud, or GCP Security Command Center), third-party DSPM tools, custom classification policies, or by manually tagging native cloud resources. When discrepancies arise, security teams face a critical question: Which classification should they trust and how can they manage these classifications efficiently at scale? To help solve this persistent challenge, we’re excited to announce sensitive data discovery and data-centric risk prioritization in Exposure Command, empowering teams to implement data-centric risk prioritization as a cornerstone of their security strategy.

Automated Data Classification Leveraging Existing Tagging Frameworks

With this update, Exposure Command offers teams the ability to ingest data classifications and findings from native data security services offered by cloud providers such as AWS Macie, Microsoft Defender for Cloud, and Google Cloud Security Command Center. This enhancement enables organizations to centralize sensitive data insights across their cloud environments, providing a unified view of data risks and exposures. By leveraging these integrations, security teams can automate data classification ingestion, enhance risk assessment, and take proactive remediation steps to secure sensitive information in their cloud infrastructures.

We don’t just stop at support for native services, however, as we also offer the ability to ingest tags directly, whether from the Cloud Service Provider (CSP) or via IaC templates such as Terraform. With automated cloud-native tagging, organizations can establish a single source of truth for data classification, ensuring that security teams can quickly assess and respond to risks tied to sensitive information.

By taking a tag-based classification strategy, organizations can:

  • Standardize classification across cloud resources with custom tag schemas for severity, data type, and compliance requirements.
  • Ensure consistency by automating tag propagation across related resources.
  • Leverage version control to track classification changes over time for audit and compliance purposes.

Infrastructure as Code Integration for Seamless Classification

Exposure Command makes it easy to implement and enforce consistent data classification directly within cloud infrastructure deployment workflows. With native Terraform resource tagging, automated tag inheritance, and customizable classification schemas, security teams can automate classification at scale. Version control ensures auditability and change tracking, helping organizations maintain a dynamic, risk-aware classification framework that evolves with their cloud environment.

Sensitive Data Discovery Meets Risk Prioritization

Exposure Command enables teams to take a data-centric approach to risk prioritization by incorporating insights into sensitive data exposures alongside Layered Context and Attack Path Analysis, ensuring that organizations focus on the risks that could lead to real-world breaches. By layering asset criticality, exploitability, and risk posture with insights into sensitive data exposure, security teams can focus on protecting crown jewel data assets.

Taking a Data-Centric Approach to Risk Prioritization with Layered Context

Layered Context is a multi-dimensional risk prioritization model that moves beyond traditional vulnerability management by integrating sensitive data insights, threat intelligence, and business impact analysis into a unified view of risk. Rather than prioritizing based solely on CVSS scores, this approach ensures security teams focus on the exposures that pose the highest real-world risk, not just those that appear severe on paper.

By layering in sensitive data awareness, Exposure Command allows teams to see not just which systems are vulnerable, but which ones expose high-value data whether it’s customer PII, financial records, intellectual property, or regulated information. This makes it possible to prioritize remediation based on both exploitability and potential business impact.

Uncovering and Protecting Sensitive Data Across Cloud Environments with Exposure Command

Understanding Paths for Lateral Movement and Unwanted Access to Sensitive Data

Attackers don’t just exploit vulnerabilities - they chain weaknesses together to reach high-value data. Exposure Command’s Attack Path Analysis goes beyond simply identifying risky assets; it maps how an attacker could move through the environment to access sensitive data. By visualizing lateral movement opportunities, privilege escalation paths, and gaps in data protection, security teams can preemptively block attack routes before they’re exploited.

Uncovering and Protecting Sensitive Data Across Cloud Environments with Exposure Command

Instead of just highlighting vulnerable systems, it maps how attackers could exploit weaknesses to access sensitive customer information, financial records, or intellectual property. This data-centric approach shifts remediation from a focus on CVSS scores to business impact-driven security, ensuring that teams address the most critical exposures first.

By revealing hidden exploitation paths, Exposure Command identifies chained vulnerabilities, lateral movement risks, and privilege escalation opportunities that could allow attackers to reach high-value data. A misconfiguration on a low-risk asset might seem harmless - until it's linked to a cloud storage bucket containing sensitive data. With attack path visualization, security teams can better understand attack scenarios, block lateral movement, and proactively shut down high-risk pathways before they can be exploited - moving from reactive patching to proactive breach prevention.

Why Data-Centric Risk Prioritization Matters

Traditional risk management often overlooks the nuances of sensitive data exposure, relying on static vulnerability metrics. By embedding sensitive data insights directly into risk prioritization workflows, Rapid7 Exposure Command shifts the paradigm to focus on what matters most: safeguarding critical data assets.

This approach ensures that security efforts are aligned with business priorities, enabling organizations to:

  • Protect customer and proprietary information.
  • Mitigate the risk of data breaches and non-compliance penalties.
  • Enhance collaboration between security, IT, and risk management teams.

Take Command of Your Sensitive Data Risks

With sensitive data discovery now part of Exposure Command, Rapid7 is empowering organizations to bolster their security strategies. Whether you're a financial institution safeguarding customer data or a healthcare provider ensuring patient privacy, this innovation provides the tools you need to protect what matters most.

Ready to elevate your risk management program? Learn how Rapid7 Exposure Command can help you integrate data-centric risk prioritization into your security operations.

Command Platform Innovations Eliminate Data Blind Spots Through Complete Visibility and Context-Driven Risk Prioritization

Rapid7 provides unmatched attack surface visibility through the Command Platform, helping security teams identify, prioritize, and remediate risk across hybrid environments. Surface Command is the only solution available that combines native external and internal scanning into a single unified view of your attack surface, enriched with telemetry from third party security and ITOps tools via more than 120 out-of-the-box connectors.

Exposure Command builds on this foundational attack surface visibility, layering on adversary-aware risk prioritization and integrated remediation workflows that make it easy for security teams to anticipate where attackers are going to target, pinpoint their most pressing exposures and act swiftly and collaboratively to address issues before they can be exploited.

Now, we’re taking this a step further with three key innovations designed to strengthen risk prioritization, streamline remediation, and ensure sensitive data remains protected.

Expanding Already Unmatched Attack Surface Visibility and Context to Sensitive Data

Sensitive data is a prime target for attackers, yet security teams often struggle to track where it resides and how exposed it is. Sensitive Data Discovery in Exposure Command delivers continuous visibility into sensitive data across multicloud environments, ensuring that security teams can proactively protect high-value assets.

With native ingestion from CSP security services like AWS Macie, GCP DLP, and Microsoft Defender, as well as Infrastructure-as-Code (IaC) tagging support, security teams can classify sensitive data from the start, eliminating manual, error-prone processes and improving data hygiene.

These insights feed directly into our risk scoring and prioritization methodology, with sensitive data insights woven directly into Layered Context and Attack Path Analysis, enabling teams to identify and focus on the exposures that put sensitive information at risk.

Improving Program Efficiency and Efficacy with AI-driven Vulnerability Scoring

The exponential growth of vulnerabilities has outpaced the ability of vendors and agencies like NVD to provide timely CVSS scores. This leaves security teams struggling to assess the severity of vulnerabilities, particularly with the volume of CVEs escalating rapidly. To bridge this gap, we’re introducing AI-driven CVSS scoring, a powerful capability that leverages an advanced machine learning model to:

  • Analyze vulnerability data from trusted sources and historical expert assessments
  • Generate accurate, intelligence-driven CVSS scores to fill in vendor and agency gaps
  • Feed into our Active Risk scoring model to help security teams cut through the noise and make informed decisions faster and with confidence

With this innovation, the accuracy of Active Risk scores have improved by 17%, ensuring greater consistency and actionable insights. The model’s predictive capabilities achieve a remarkable 87% accuracy in severity classification, making it an indispensable tool in today’s fast-evolving threat environment.

Streamlined Remediation with Surface Command and Remediation Hub

Security teams don’t just need to find risks. They need to fix them, and fix them fast, but it's usually not within their purview to actually take the ultimate action to resolve the issue at its root. Security teams often need to communicate with stakeholders across the organization - often on the infrastructure or DevOps teams - to convince them that there is a pressing risk that needs their attention.

Overcoming this burden of proof - because it’s often not a simple task to convince others around the organization to share your sense of urgency - can be challenging to say the least. In order to clear that hurdle, it requires irrefutable evidence with clarifying context to inspire action.

Our newly-expanded Surface Command and Remediation Hub integration ensures that remediation guidance is embedded directly within asset inventory and detail pages, eliminating the need to switch between platforms to gather and share the contextual information needed to address risk fast.

By deepening the integration between Surface Command and Remediation Hub, security teams benefit from:

  • Faster mean-time-to-remediate (MTTR) by bringing prioritized remediation guidance directly into the asset inventory and detail pages within Surface Command
  • Deeper asset context at the time of remediation, including insights from third-party security and ITOps tooling
  • Improved collaboration by providing security teams and stakeholders with enriched context for quicker decision-making

Ready to Take the Next Step?

Rapid7’s approach combines cutting-edge technology and comprehensive data insights to help organizations focus on what truly matters. By addressing high-impact risks and safeguarding critical assets, teams can reduce their exposure to threats while improving operational efficiency.

Rapid7’s enhanced platform capabilities empower organizations to modernize their risk management strategies. By integrating sensitive data insights, leveraging GenAI-driven prioritization, and expanding remediation workflows, we provide the tools you need to stay ahead of threats and proactively eliminate exposures across your entire attack surface.

This strategy also streamlines collaboration, enabling security, IT, and risk management teams to work together seamlessly with shared context and priorities. Ultimately, aligning risk management practices with real-world threats and business objectives ensures greater resilience and security.

Learn how Rapid7 can help you adopt a threat-aware approach to threat and exposure management. It’s time to transform your security strategy and protect what matters most.

Take Command | Rapid7’s 2025 Cybersecurity Summit: First Look at Our Speaker Lineup

Take Command Summit 2025 is shaping up to be one of the most impactful cybersecurity events of the year, bringing together Rapid7’s own security experts alongside leading industry voices for a full day of insights into today’s evolving attack landscape. This virtual summit will offer actionable strategies, real-world case studies, and expert discussions designed to help security teams take command of their defenses.

While we’ll be revealing the full agenda soon, we’re excited to share a first look at some of the key voices joining us this year to explore proactive risk management and offensive security strategies. These industry leaders will be part of a speaker lineup that includes Rapid7’s own security researchers, SOC experts, and product leaders, all focused on equipping security teams with the knowledge they need to outpace today’s adversaries.

Building a Modern Approach to Risk and Exposure Management

Tyler Shields, Industry Analyst at ESG, brings more than 25 years of experience in cybersecurity research, threat intelligence, and market strategy. As attack surfaces grow—spanning cloud, identity, data, and applications—security teams must shift from reactive to proactive risk management.

At Take Command 2025, he’ll explore how organizations can prioritize risk signals across diverse attack surfaces to build smarter, more proactive defense strategies. His session will provide a roadmap for understanding evolving threats and ensuring security teams focus on the most critical risks before they escalate.

Staying Ahead of Attackers with Continuous Red Teaming

Will Hunt, IT Consultant at In.Security, is a recognized expert in red teaming, penetration testing, and security training, having delivered workshops at Black Hat USA, Asia, and EU. As cyber threats evolve, static defenses and annual penetration tests are no longer enough—security teams need continuous testing strategies to stay ahead of adversaries.

At Take Command 2025, Hunt will join a panel of security experts to discuss how red teaming is evolving in response to expanding and increasingly complex attack surfaces and helping organisations stay ahead of adversaries. This session will explore how proactive testing is helping organizations identify and eliminate weaknesses before attackers can exploit them.

More to Come: A Full Day of Cybersecurity Insights

Take Command 2025 is more than just individual sessions—it’s a full day of expert discussions, deep technical insights, and strategic guidance from some of the best minds in cybersecurity. In addition to these featured speakers, Rapid7’s own security leaders, researchers, and SOC practitioners will provide critical perspectives on:

  • The evolving threat landscape and attacker mindset
  • How AI is redefining security operations and automation
  • Managing risk exposure across complex environments
  • Threat detection, response, and red teaming strategies

…and this is just the beginning! More speakers and sessions will be announced soon, covering the most pressing challenges facing security teams today.

Save Your Spot

Take Command Summit 2025 takes place on April 9, 2025, as a fully virtual, one-day event. Don’t miss the opportunity to hear from industry leaders, engage with Rapid7 experts, and walk away with actionable security strategies.

Register Now

Rapid7 Fills Gaps in the CVE Assessment Process with AI-Generated Vulnerability Scoring in Exposure Command

The National Vulnerability Database (NVD) announced in February 2024 that it would no longer provide common vulnerability scoring system (CVSS) scores for all CVEs. Due to resource constraints and an inability to keep up with the volume of newly-disclosed vulnerabilities, NVD shifted its focus to processing vulnerabilities more efficiently by relying on vendor-provided and third-party scores rather than scoring each CVE independently.

Many organizations rely on NVD’s CVSS scores as a consistent, centralized guide to measuring the potential risk of vulnerabilities. This is especially useful for teams that don’t have the resources to conduct their own in-depth vulnerability analysis given the pace at which new CVEs are cropping up.

To address this widening gap in vulnerability scoring and ensure our customers are making informed decisions with the most accurate understanding of their current risk posture we’re excited to announce the release of AI-Generated Risk Scoring in Exposure Command. By integrating an advanced machine learning model, Exposure Command supplements existing CVSS scores by providing AI-Generated Risk Scores for CVEs where NVD does not provide them, ensuring all vulnerabilities are provided an accurate score.

The need to evolve from traditional vulnerability management practices to continuous threat and Exposure Management

Moving beyond simple risk scoring methodologies is critical for modern vulnerability management teams to stay ahead of advanced threats. For many organizations, this means adopting a Risk-Based Vulnerability Management (RBVM) approach.

Put simply, this means incorporating not just a deep and accurate understanding of how risky a given CVE is in a vacuum, but also layering on additional context related to reachability and exploitability, asset criticality, and a real-world understanding of what threat actors are actively targeting in the wild. And how all these inputs relate to the organization's specific environment.

AI-Generated CVSS scoring in Exposure Command feeds directly into our broader Active Risk scoring methodology. More importantly, it empowers Rapid7 to produce predictive CVSS scores by analyzing vulnerability information and comparing with previous expert vulnerability analysis.

The model generates each vector individually, and once combined to form a score, results in 76% of these generated scores being in the correct severity classification. Combined with Rapid7’s Active Risk calculator, this increases to 87% of scores returning the correct classification. The remaining scores are never more than one classification out.

This insight will feed directly into and improve the overall accuracy of our Active Risk scoring models, as well as, ensure severity scores are assigned and provided to security teams faster than humanly possible, making your entire security program more resilient to external change.

By leveraging AI/ML to generate predictive risk scores, security teams benefit from:

  • Enhanced accuracy: Our expertly designed model trained on historical NVD data accurately provides CVSS scores.
  • Predictive scoring: Get immediate insight into the severity of newly-disclosed CVEs that are left unscored, without the need for manual aggregation and analysis.
  • Improved security posture: Ensuring all CVEs are assigned an accurate severity score, organizations are equipped with the necessary context to effectively prioritize remediation efforts and in turn strengthen their organization’s security posture.

This release represents a major step forward in our mission to provide industry-leading cybersecurity solutions. We expect these enhancements will significantly improve your ability to assess and manage vulnerabilities, giving you the confidence to stay ahead of potential threats.For more detailed information and implementation guidelines, please refer to the release notes. If you'd like to learn more about the Rapid7 AI Engine and how we’re leveraging AI across the platform, download the eBook today!

Interning at Rapid7 Prague: Meet Mko

Mkrtich Hovsepyan – most people call him Mko –  is an intern at Rapid7’s fast-growing office in Prague. He graduated from the luminous Charles University in Prague, and is currently a first-year master’s student in Artificial Intelligence there. He was in our first impressive crop of interns, and is sharing his experience as we gear up for our next wave of intern hiring.

How would you summarize your internship with Rapid7?

My internship as a Data Engineering Intern at Rapid7 was an enriching experience where I learned about the processes and pipelines of how data is processed and later utilized for Business Analytics and other spheres. Many people think data engineering is just about knowing SQL, but for me, SQL was only a small part of the role. I worked on projects that . allowed me to develop my skills in creating ETL processes and other data workflows. Most importantly, I honed my soft skills, and it was easy to do so because the team and management were very supportive.

What advice would you give your past self before starting your internship?

My advice would be to communicate with as many people as possible. Since your team might be working from different parts of the globe, it can become a bit challenging to connect when you don’t have common lunches or in-person meetings. Rapid7 offers opportunities like Insight Coffees to meet different kinds of people and enhance communication. Also, a friendly tip: try not to merge PRs on a Friday!

What support have you been given while at Rapid7?

I really liked that I was seen as someone worth investing in for the future. This meant my team let me try things on my own, giving me the chance to succeed and also to fail sometimes (and yes, there were a few “interesting surprises” along the way!). They knew that making mistakes is one of the best ways to learn and get better. I’m thankful to my teammates who spent a lot of time explaining the basic processes to me.

What has been your favorite experience while at Rapid7?

We were celebrating the first anniversary of the Rapid7 office in Prague, and there was a fun challenge to gather nine signatures from nine different people. The interesting part was that each person had specific characteristics you had to find - like someone working in a specific team, someone with a sticker on their laptop, or even someone whose shoe size is a prime number! It was a great way to meet new colleagues across different teams.

How would you summarize the culture in 3 words?

Open-Minded, Innovative, Transparent.

At Rapid7, we’re working to create a secure digital world for our customers, our industry, and our communities. We give organizations command of their attack surface with the most adaptive, predictive, and responsive cybersecurity platform – and meaningful, impactful partnership.

The Rapid7 office in Prauge opened in October 2023, and has quickly grown to support all areas of our business. Learn more and browse our latest job openings here: https://careers.rapid7.com/rapid7-in-prague

Take Command | Rapid7’s 2025 Cybersecurity Summit: Own Your Attack Surface on April 9

Save the date: April 9, 2025

Take Command is back. After a hugely successful event last year, Rapid7’s cybersecurity summit returns with another stellar lineup to equip security teams with the latest threat intelligence, expert insights, and real-world strategies to take control of an evolving attack landscape.

At Take Command 2025, leading security experts, practitioners, and Rapid7’s own research teams will break down the latest attacker tactics, showcase cutting-edge defensive strategies, and explore how AI, MDR, and exposure management are reshaping cybersecurity. Taking command means shutting down threats before they can disrupt your business, staying ahead of adversaries, and constantly refining your defences—and that’s exactly what this year’s event is all about.

Why Attend?

Expert Research and Intelligence

Gain insights from Rapid7 Labs, the curators of Metasploit and our renowned open-source community. Learn how to safeguard against emerging ransomware threats, state-sponsored tactics, and critical vulnerabilities with cutting-edge research you can act on immediately.

Inside the SOC & Real-World Security Insights

Go inside Rapid7’s always-on SOC and hear how security leaders are tackling attack detection, response, and board-level expectations. Learn from peers and industry experts about managing today’s cybersecurity challenges.

Take Command of Your Attack Surface

Discover how MDR, AI, and exposure management can help you proactively reduce risk and outpace attackers. Eliminate silos, enhance visibility, and take decisive action to secure your organization.

What’s on the Agenda?

Building on last year’s high-impact sessions—including “Ready and Resilient: Before, During, & After Ransomware Attacks” and “Control the Chaos: Building Resilient Cyber Defenses Through AI”—Take Command 2025 will deliver even more insights into today’s most urgent cybersecurity challenges.

This year’s event will focus on:

  • The evolving threat landscape – Understanding adversaries’ latest techniques and how to stay ahead
  • AI and security automation – How AI is transforming detection, response, and cyber resilience
  • Cloud security and MDR – Strengthening defences in modern, hybrid environments
  • Proactive risk and exposure management – Strategies to continuously assess and reduce attack surface risk
  • Security operations in action – Expert insights on threat hunting, red teaming, and real-world SOC strategies

Mark Your Calendar & Save Your Spot

Take Command Summit 2025 takes place on April 9, 2025. This one-day virtual event is completely free and designed to give security professionals the insights they need to stay ahead of attackers.

[Save your spot now]

To see what you missed last year, watch 2024’s sessions here.

Excellence in Leadership: CRN Recognizes Alex Page Among Its 2025 Channel Chiefs

For the third consecutive year, Rapid7’s Alex Page has been honored as a CRN Channel Chief, a testament to his unwavering commitment to driving growth, fostering innovation, and strengthening our global channel partnerships. CRN’s annual Channel Chiefs list showcases the top leaders throughout the IT channel ecosystem who go above and beyond to ensure mutual success with their partners and customers. This recognition highlights Alex’s remarkable leadership as well as the significant strides his team has made in collaboration with Rapid7’s channel ecosystem.

A philosophy that drives success

Alex’s channel philosophy is simple, yet powerful: Focus matters. By identifying and investing in the partners who best align with Rapid7’s goals and have the ability to deliver exceptional customer success, Alex and his team ensure a meaningful and impactful collaboration. This focused approach has not only delivered outstanding mutual results, it has also deepened the appreciation and trust we share with our partners.

Innovating for the future

An example of an impactful initiative led by Alex and his team in 2024 was Rapid7’s partnership with Comcast. This collaboration combines the advanced SecOps technology of Rapid7’s Command Platform with 24/7 SOC capabilities to provide superior threat detection and prevention for Comcast’s small, medium, and large enterprise customers. Through this innovative partnership, we have expanded our partner ecosystem as well as set a new standard for delivering world-class security solutions.

Looking ahead to 2025

As the channel landscape evolves, Alex and his team — supported by the greater Rapid7 organization — are doubling down on three key areas in 2025:

  1. Relationship focused approach – By focusing on the partners who will solve our customers’ problems, and forming deep relationships with each of them, rather than aiming for a breadth of partners with shallow connections, we will jointly acquire more customers and enable their long-term success.
  2. A unified partner experience – Many of Rapid7’s partners don’t fit cleanly into a single bucket. They’re not just a channel partner or just a service provider; they are many things to their customers. In 2025 and beyond, partners will be able to engage with Rapid7 and their customers in a variety of ways.
  3. Technical enablement and specialization – Partners are making it clear that they need to empower their technical resources more than ever before to meet the evolving security needs of their customers. By prioritizing technical enablement and helping our partners specialize in the many capabilities where Rapid7 technologies lead the market, we will ultimately drive even higher rates of customer satisfaction together, which leads to positive business outcomes for the customer, the partner, and Rapid7.

Shared growth through collaboration

Learn more about sales, technology, and partnerships with Rapid7 by visiting our Partners page.

Paying It Forward: Giving and Receiving Mentorship in Tech

I’ve never actually seen the 2000 romantic drama Pay It Forward, but the movie’s core idea has stayed with me since I first heard of it:

The best way to repay a favor or good deed is to do one for someone else. You ‘pay it forward,’ and ask that person to do likewise, creating an expanding web of positivity and goodwill.

Cliche as it may sound, it’s served me well over my career. I’ve had many roles over the past 20 years, starting as a junior engineer  and progressing into management. My own mentors and coaches shaped my experiences along the way, contributing to that growth.

In return, I try to do the same for others.

Mentorship vs. coaching

I want to briefly look at ‘mentorship’ versus ‘coaching,’ as they are often conflated. There is certainly overlap, but the approach and impetus differs.

Mentorship involves dedicated guidance and support over time. The mentee drives the relationship, the ultimate goal, and the current focus. The mentor maps a path to the goal, and offers personalized knowledge and experience on a one-to-one basis.

Coaching is a more structured approach,primarily driven by the coach. It normally involves specific skill or knowledge training, and often isn’t personalized; it can be extended to groups with minimal change.

I believe that successful learning relationships operate on a spectrum between mentorship and coaching. Particularly in tech, where so-called ‘hard’ and ‘soft’ skills carry equal weight, the focus is a sliding scale over time.

For this article, I’ll focus on the ‘mentor’ and ‘mentee’ roles for simplicity.

Why do people seek mentorship?

Mentee-mentor relationships are inherently transactional – and that’s okay! The mentee has a goal to achieve, and wants help to get there. So what’s in it for both parties?

For mentees, it’s fairly obvious:

  • Skills and experience growth
  • Career advancement
  • Increased profile and exposure
  • Personalized individual guidance


The mentor – wanting to be diligent and accurate with their guidance – sees their own skills and knowledge reinforced. Communication and teaching skills grow. Their ability to elevate others is advantageous for their own career aspirations.

It’s okay to feel good about this – it’s a good thing.

Mentorship and career growth

As you climb the ladder in your career, you will find yourself gaining:

  • The ability to handle increasing ambiguity, complexity, and scope
  • Knowledge and experience you can share with others

Obviously you also have to deliver value, but I see that as a function of the above, plus institutional factors. Your increasing capacity to navigate complex or ambiguous environments, paired with an advanced set of skills, is what propels you from  wide-eyed junior to seasoned veteran.

We’re all walking this path in some form. Juniors often need direction on what to do and how to do it. With more experience, there is less direction needed for ‘how’ and more focus on ‘what’ and ‘why.’ You start to own features and systems, and can guide others.

In higher roles, strategy comes to the forefront as you become more aware of business needs, customer requirements, and wider technical challenges. You’ve gone from ‘change this line of code’ to ‘increase this KPI by 20%’. Ambiguity, complexity, and scope all go up as a result..

In addition to changes in your deliverables, success also becomes measured by how well you can elevate others around you. At Rapid7, we look at leaders to be impact multipliers, meaning they have the capacity to drive impact not only in their own roles, but how they support those around them to be successful.

Additionally, you don’t have to wait to be in an official people leader role to have this kind of impact. Being a mentor and elevating others can happen regardless of where you are in your career journey.

Mentoring someone is an investment in the future. You chart a path to success, act as a role model, and in some ways shape the industry to come.

Getting started

Whether you’re looking to become a mentor – or seeking guidance as a mentee – the keys to getting started are relatively similar.

Seeking the right opportunities

  • Take stock of where you have existing relationships to build off of, and ask for guidance while sharing what your goals are for entering into a mentorship relationship. - Let your colleagues and manager know that you’re available. Sharing your goals with your manager can help incorporate your mentor experience into your personal development plan, and they may even have recommendations on how to get started. Colleagues can be great mentors/mentees, and may also be able to help point you in the right direction to connect with someone. Seek opportunities on Slack, Discord, and other community channels. Going beyond your current employer can expose you to different practices and philosophies that exist within the same field or area of focus.
  • Attend meetups and conferences to network and find opportunities. The goal of attending an event is often to gain knowledge and share best practices, so this is a great audience for you to find your mentor/mentee match.

Establishing guidelines and expectations

It’s important for both parties to agree on some foundational principles, which for me are:

  • Mutual trust and respect
  • Adequate investment of time, effort, and care
  • Fluidity and flexibility
  • Transparency, honesty, and accountability

Maintaining effective mentorships

Let’s look at some other factors to consider and watch for as the relationship evolves:

  • Don’t over-prescribe structure or get bogged down in note-taking – keep it light and fluid to encourage maximum flexibility.
  • There are no ‘stupid questions’ – don’t apologize as a mentee for asking!
  • Leave ego at the door – embrace honest feedback and mutual respect at all times.
  • Safety and trust are essential – but avoid getting too personal in ways that hinder your ability to be honest and open.
  • Mentorship is a vital tool for managers – but transparency can suffer when the mentee is also a direct report. Peer relationships without these power structures can feel ‘safer’ and encourage better transparency.

Conclusion

When it comes to mentorship, my core point is this:

Helping people is good, and you can (and should) do it.

As a mentor, you have the opportunity to shape someone’s career and experience while galvanizing your own skills and future prospects. Start today, in whatever form you can.

As a mentee benefitting from guidance and support in pursuit of your goals, try not to forget to pay it forward. Find someone to guide and help on their journey, as you yourself have been.