Co3 Systems Is Hiring

At the beginning of the year, I announced that I’d joined Co3 Systems as its CTO. Co3 Systems makes coordination software — what I hear called workflow management — for incident response. Here’s a 3:30-minute video overview of how it works. It’s old; we’ve put a whole bunch of new features in the system since we made that.

We’ve had a phenomenal first two quarters, and we’re growing. We’re hiring for a bunch of positions, including a production ops engineer, an incident response specialist, and a software engineer.

Posted on June 20, 2014 at 2:19 PM18 Comments


Nick P June 20, 2014 3:11 PM

I’m glad you linked to that video. Now I actually understand what your company does haha. It’s a great IH offering. I’ll remember it if any local companies ask me about that kind of thing.

Mike the goat June 20, 2014 6:21 PM

Well, I am interested but not sure if I’d be the right fit as I am nowhere near the competency level of Bruce Schneier! On an unrelated note, I’m actually seriously looking at moving to the SF Bay Area. Without going into too much detail on a public forum I’m actually stuck in another country at the moment after the telco I was formerly working at as head network operations engineer collapsed due to mismanagement by the company execs post GFC, and extricating yourself is far easier said than done when you’ve put down roots in the local community, but I am now more than ready to go. If anybody has a position for a sysadmin, sys analyst, pen tester/auditor, etc. I have a pretty diverse range of skills and am very flexible. [end shameless plug]

Wael June 20, 2014 6:42 PM

@Mike the goat,
Stop by me in the Bay area — If you’re not pissed, that is;)
I’ll buy you a cup of coffee.

Mike the goat (horn equipped) June 20, 2014 9:03 PM

Wael: unless you’re referring to the UK English colloquialism, as in pissed = intoxicated? so Wael are you calling me an alcoholic or merely stating I have anger management issues? ;-). Your posts are too cryptic for a caprine.

Wael June 20, 2014 9:15 PM

Oh, no! Meant “mad”. Impress me and contact me directly — If you do that, I’ll talk to you about SF.
Me? Too cryptic? I was askig you about this — I gave up. And since you did not reply, I guess it must be a lewd text 🙂

Mike the goat June 20, 2014 10:00 PM

Wael: I’ll do my best. 🙂 Regarding the digest, I wasn’t the one responsible for the first posting, only the subsequent which you correctly guessed.

Wael June 21, 2014 2:30 AM

@Mike the goat,
I guessed because I recognized your writing style, not because I knew what you hashed… But it’s ok 🙂

ArkanoiD June 21, 2014 7:30 AM

Nice, but since I do not see a price list on the site, I am pretty sure it is way too expensive for an average company living “below security poverty line”.

Nick P June 21, 2014 10:56 AM

@ Wael

“Impress me and contact me directly”

You didn’t seem impressed when I showed I could do that? Should I give him a hint? 😛

Clive Robinson June 21, 2014 12:42 PM

@ Mike the Goat,

If you intend to impress you need a start point, there is a patent place to start 😉

Wael June 21, 2014 2:29 PM

@Nick P,

You didn’t seem impressed when I showed I could do that?

You can find anything you want, and you already set the bar a while back — Google comes to you for help with difficult searches — although it took me a couple of iterations to explain what I meant. When I said contact me directly, I was talking about a solution to this problem. My published email address is rarely monitored. Last time I looked at it, my storage quota was approaching the limit. I literally have thousands of emails I haven’t read.

Should I give him a hint? 😛

Nope! @Clive Robinson gave a hint that may or may not help 😉

Nick P June 21, 2014 3:36 PM

@ Wael

I forgot how much credit you gave me on that. My bad. Yeah Google helps but it’s mainly how I mentally connect keywords and use them. And Clive’s hint is practically cheating it’s so good.

FNU LNU June 22, 2014 11:51 PM

You guys looking for any turncoat black hats?

Have a single conviction for computer fraud.

Mike the goat June 23, 2014 10:29 AM

Wael: I agree, Nick is particularly talented at using Google to its fullest potential. Fullest? My grade school English teacher would chide me at such lazy use of the language. I shall try and do the same.

John Campbell June 23, 2014 1:19 PM

Looking at the video… and the whole user interface.


Back in the early 1990s I worked supporting/extending a system called “MedTake”, designed for bedside charting within an acute care environment.

When you throw a lot of fancy crap on a screen it wastes time.

Data entry needs to be fast, simple… and easily corrected.

Taking one’s hands off the keyboard for mousing is a BAD idea.

(shakes head)

I didn’t get past the “incident entry” because it’s a clunker.

IMHO many companies– including the one holding me captive– like “ticketing” systems to track activity. Instead of ticketing systems, companies looking to maximize engineer productivity should be looking towards a CLINICAL paradigm rather than a financial paradigm. (I’ve joked that ticketing systems are effectively an insurance company’s view of the medical service process rather than a clinician’s.)

It looks like the work might be fun– and use some creative juices– but Baahstahn isn’t much competition for Tampa Bay.

Especially thinking about JANUARY.


Mike the goat June 23, 2014 2:37 PM

John: I don’t know anything more about the product than was described in the video Bruce posted but it appears to be – basically, a trouble ticket system modified to have an emphasis on security compliance matters and run as a service. The interface doesn’t seem all that terrible, and it would make sense to an organization that has to deal with the occasional incident and has generalized IT administration staff essentially doing incident response work. The particular value I see in it is that – by the looks of things co3 already has frameworks for the relevant legislated requirements. Unless you have specific training in incident response and the disclosure requirements for your specific industry then I see the guidance provided by such a service as being very helpful.

Re fast data entry – perhaps an ‘advanced’ user interface for bulk entry, or a way to import data in some fashion might be helpful, but I don’t think that is the market segment they are aiming for – again, just going by a quick look. If you were having to deal with 100+ incidents or similar events per year then I imagine that you’d be tracking things in-house anyway (and should probably look more at mitigation :).

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.