Praetorian Reviews

Most of the negatives of my time at Praetorian came from experiences with clients, management, and the direction of the company (more on each below). Coworkers were always a joy to interact with, though that's not surprising - Praetorian tries to cultivate a certain personality type to match its desired culture, and that might raise concerns about diversity. It was at least almost entirely white men in my time at the company, though to their credit the recruiters were constantly fighting against larger industry demographics. I also wouldn't come here looking for a startup feel, really - a lot of the perks we've come to associate with startups in the bay area like a swanky office, foosball tables, and food are absent here. In all honesty, I felt like our office was actually kind of gross. At times it was like a college dorm. Turnover was a little high for its size, as well. During my time there were multiple instances of mass departures for various reasons, or people in prominent positions leaving without warning, like if some massive fight had happened. It always left you in a lurch, feeling like Praetorian was imploding. It's a core tenant of the company to put the client first, which is fine. The issue is in the work that you're performing for clients - you'll have multiple clients at once, and often handling requests from past clients while trying to juggle current work can eat into your already scant time. Additionally, Praetorian has a bad habit of not pushing back on unreasonable client requests, or accepting work that is uninteresting while promising interesting work in the future that never really came. One of the worst examples would be overnight work for clients (work that needed to be done from say 8 PM to 5 AM for client reasons). These jobs happened a number of times, even after management assured we would no longer accept that kind of work. Other times, the hand-off from the sales team to the services team was nonexistent, leaving the engineer in an awkward position of not really knowing the work they needed to perform as well as they should. This was on top of issues like expected weekend interviews with potential candidates or some immediate development or tooling need that took priority over your client work. Management was another sore point for me. I can't count the number of internal projects or initiatives that we tried out to improve our processes, only for that to be abandoned within a few months. Management often had contradictory information between them, or the message being conveyed would alter radically after the CEO changed his mind. Team leaders looked out for their engineers as best they could, but it was a chaotic environment. During my time, there were some intended new upper level hires to combat this, but those new hires just never really materialized after multiple years. There also was a huge culture shift towards the corporate after Praetorian took on its series A funding from McKinsey, a company that gives me massive ethical concerns because of their ties to multiple international corruption scandals and authoritarian regimes. A lot of this culture shift came from trying to appease McKinsey as the investors. And then there was Nathan, the CEO. He's agreeable enough in person, a great public speaker, and a consummate salesperson. He's also fickle, moody, and stress-inducing at just about all times. I was never comfortable around him during my entire time at Praetorian, partly because of an incident involving him physically smashing office equipment in a rage. Read that line again. He actually took a hammer to something because he was angry. He would also sell ideas to employees that, in retrospect, might not have been the best thing to sign on to. There were times that I felt taken advantage of professionally, due to a pressure to agree to work or due to hyping up future prospects that never materialized. This is especially concerning for the fresh out of college hires that Praetorian tries aggressively to acquire, who might not know how to push back against unreasonable work amounts or ill-scoped projects. I never felt like the company was really going anywhere. Most of the day to day was spent on client work to keep the money coming in, with some major multi-year projects outside of that client work that just never produced anything inspiring confidence. Some major projects were worked on for so long without meaningful progress that it really made you question if things would ever actually see the light of day. Praetorian had an excellent track record with that day to day client work and with client satisfaction, but I had little faith in anything beyond that. Their stated goal is to "solve the cybersecurity problem," but that reality is it just felt like cheesy marketing buzz more than an actual possibility. Ultimately, I don't regret my time at Praetorian, but I don't think I'd recommend it.

I wouldn't recommend Praetorian to someone unless they are new to cybersecurity or aren't concerned about work-life balance or receiving great pay. The compensation is not as competitive as they claim since they only offer a base salary and stock options to buy shares at a set price, which will only become valuable if the company gets purchased one day or goes public. Effectively, you have a salary, and that's it. Overall utilization is around 85% on the security side without any quarterly bonuses being available, unlike other penetration testing firms, because becoming burned out from a high workload is the norm instead of something that is rewarded or respected if achieved. The interviewing process was extensive and, frankly, a little far-reaching for the low compensation offered. Nonetheless, it showed me that my technical skills are as solid as I knew they were since I aced all of their labs on reverse engineering, web app testing, x86 assembly, AD, and reviewing source code. They made me complete several interviews after watching an hour-long video and writing a response to it. Their process ensures that only those who are genuinely interested in joining move forward. There is a presenteeism aspect to the culture. You are expected to be online at all times from 9-5 PM during CT business hours; this place is not akin to other firms where you can work during your own hours, get your job done, and be fine as long as you complete your work on time. They will constantly watch your online status and report you to others if you want to work odd hours. To the people in charge at Praetorian, the appearance of productivity is just as important as productivity itself, but there is a catch. You'll be reprimanded if you send a delayed reply to a message because you are focused on working or skip pointless meetings where you neither receive nor offer value. Feedback is their G0D, to a fault. They place far too much precedence on feedback, even if it is inaccurate or one-sided. The CEO of Praetorian is passionate about the cybersecurity field. However, his priorities come across as misguided. He's focused on side projects, such as his podcast detailing the history of cybersecurity, rather than addressing cultural and process-related problems within employees' day-to-day work. Interviewing old hackers from the 90s, whom many staff members haven't heard of, has nothing to do with optimizing the functioning and morale of a company that is effectively a startup, yet he treats it as such. He seems distracted by the credentials and fake status associated with building connections with educational institutions for his side projects. After all, it is his prerogative since it is his company. I appreciated that he was a part of the interviewing process; however, this principle of direct communication with him did not seem available or approachable after I had joined. Considering his involvement with the hiring process, he was far more disconnected from the grievances and overall work completed by the services side than I had anticipated and would have preferred. His tunnel vision on the product side makes it seem like he is very eager for an exit before things are ripe. He is unaware of many pain points that *security* engineers experience. Regardless, I wish him the best of luck with his business because he seems committed. There is hypocrisy centered around the company's values. The (HR) department carries a patronizing attitude toward employees, pretending to be friendly and helpful while giving unsolicited advice irrelevant to the job. This behavior is common in cybersecurity, often leading to non-technical people talking down to technical people while not respecting boundaries. People get fired in public randomly without a stated reason, despite the company's value of "Default to Open." They only follow this value when they want to provide negative feedback to employees; they are extremely defensive if you direct criticism toward them or even say something deemed "negative" in a public forum that is not about them. Every now and then, employees see yet another mandatory meeting on their calendars because another executive has been fired. It seemed like a fear tactic to keep people on their toes, but it was counterproductive. Instead of treating departures as learning experiences and being open, they encouraged gossiping and theorizing about a person's termination. They try to combine this behavior with forced attempts to build a culture of comradery, but it doesn't work because of the stated dissonance. They want complete control over their staff's energy and time, even outside of work, perhaps due to the company's relatively small size. Their desire to oversee what I did in my free time outside of work is something I had a significant problem with. They call their consultants "Security Engineers" because it justifies the lack of input pentesters have on their projects and the outrageous utilization rate Praetorian enforces. I was never given the variety of work I expressed interest in when I joined. Instead of providing opportunities to work on sophisticated red team engagements, social engineering assessments, and internal pentests, they overloaded me with a ton of AppSec work as if I were one-dimensional or only interested in web apps. I would have preferred variety and made this clear upon joining, but perhaps not clear enough. Your only choice for your main Praetorian laptop is a MacBook Pro. There is no Windows option, which was annoying. But in many cases, you won't even be working on your main laptop. For every other project, you have to work on separate client laptops, onboard to their environments, and waste time on logistical issues. Working within other organizations' environments as contractors felt degrading because of the poor experience. It felt like I was working for another company, and Praetorian was just a middle-man flipping the price of my labor, which was the case. The work was unfulfilling. 1:1 calls with my manager and the "mentor" they assigned to me were far too frequent, recurring every week at the same time, reflecting their micromanagement attitude and lack of trust toward employees. Our meetings centered around climbing the corporate ladder and getting promoted because areas of dissatisfaction seemed set in stone and unchangeable. My manager was communicative and respectful; I had no problems with him whatsoever. Most of the practice managers are solid people. But there are far too many meetings on engineers' calendars. Random group calls, "donut chats," and other frivolous conversations are plentiful. 80% of them could be cut for efficiency's sake, and no value would be lost. Praetorian doesn't realize that the time pentesters spend in trivial meetings would be better used for client work or short breaks to work problems out subconsciously. I felt trapped when I worked here since they wanted to squeeze everything out of me. They wanted constant updates on where I was and what I was doing. As I said earlier, this is not a company where efficiency and job completion are the only things that matter; they want to ensure that your job extracts the entirety of your energy, even if it leads to misery. My Slack status had to be updated before I urinated, ate lunch, or walked around my neighborhood to avoid being called out by someone monitoring me. Being pulled into random meetings in the middle of the day when you're running on 3 hours of sleep after working all night was ridiculous and considered normal. This scenario happened to me on several occasions. It gradually led to a level of burnout and discontent I hadn't experienced before. It was an attempt to supervise remote work that went too far. Their organizational skills are poor. Practically every engagement has an access-related issue or communication problem that doesn't get solved by the Practice Manager or higher-ups before all of your time is gone. My frustrations with the organization and the fact that they hypocritically didn't follow their own principles ultimately led to my departure. A weight lifted off me after I left. Initially, I had trouble attributing my burnout levels to my job because of the awful malaise I experienced every day after barely getting any rest.