About AllThreats Security
We didn't set out to build a consulting firm. We set out to build the place we wished existed when we were analysts — one where practitioners are trusted, supported, and given every reason to stay.
Our Mission
AllThreats Security was founded in 2014 by Marcus Kwame and Dr. Priya Nair after they spent a combined 22 years responding to breaches at organizations that consistently undervalued the people doing the actual work.
The premise was simple: build a firm where the best practitioners in the industry would want to spend their careers — not just their early years before burning out or moving in-house. A decade later, our median employee tenure is 5.3 years. The industry average for cybersecurity consulting is 1.8 years.
We measure ourselves on outcomes — for clients, and for our people.
Our Story
Marcus Kwame (former Fortune 500 CISO) and Dr. Priya Nair (Carnegie Mellon CS PhD) co-found AllThreats Security with 12 analysts, a services contract, and a commitment to never treating people as billable units.
Launched 24/7 IR retainer program, deploying across 3 continents in the first year. First Glassdoor review goes live — 5 stars. The reviewer mentions their manager by name.
Growth funded entirely through revenue — no outside investment. Promoted 14 analysts to senior and lead roles in a single year. Launched the AT Scholarship Program for underrepresented students in cybersecurity.
When the pandemic forced contract delays, the executive team took voluntary pay cuts to preserve every analyst role. Remote work policy became permanent. Employee satisfaction scores increased.
Formalized internal training program with external certification prep, hands-on labs, and sponsored conference attendance. Over 2,000 external security professionals trained annually. Over 400 internal certifications funded.
Opened UK operations in response to client demand. Declined two acquisition offers from private equity firms. 600+ enterprise clients. 4.7★ Glassdoor. No plans to change what's working.
Culture & Values
We've watched too many companies post values on their website that evaporate under pressure. Ours are operational, not decorative. They determine how we hire, how we promote, and how we handle hard moments.
Every decision that affects our analysts is made by people who have done analyst work. No policy gets approved by someone who hasn't been in the seat. This isn't ideology — it's how we prevent the drift from "great place to work" to "typical consulting firm."
72% of senior roles are filled internally. We track promotion rates by team, by cohort, and by demographic — and hold managers accountable for developing people, not just delivering work. Your manager's performance review includes how their team grows.
Salary bands are published publicly before any candidate applies. Executive compensation is disclosed internally. When we make a mistake — in hiring, in delivery, in leadership — we say so. Our monthly all-hands includes a standing "what we got wrong" segment.
We have a 40-hour week policy with senior leadership enforcing it — not just recommending it. On-call rotations are compensated. Unused PTO is paid out. Our $500/month mental health stipend covers therapy, coaching, or whatever you need it to cover.
Post-incident reviews are blameless. We don't fire people for honest mistakes — we build systems to prevent recurrence. Security professionals who are afraid of consequences don't report near-misses. We can't afford that culture.
Our DEI council has a dedicated budget, a full-time director, and reports directly to Marcus. Executive team representation goals are public and tracked quarterly. ERGs have dedicated budgets, executive sponsors, and direct access to leadership.
Compensation & Benefits
We post all salary ranges publicly before the first interview. Every benefit detail is on this page. We don't believe in information asymmetry that favors us over you.
All compensation ranges published publicly. No "competitive salary TBD at offer." Analyst I: $75K–$95K. Senior Analyst: $100K–$130K. Lead/Manager: $135K–$165K. VP: $170K–$210K.
PTO accrues from day one. Unused PTO carries over (up to 30 days) or is paid out annually. Sick days are separate — they don't count against your vacation balance. Ever.
Per person, per year. No approval committee. Use it for certifications, conferences, courses, books, lab time, or any combination. Certifications passed earn an additional one-time $500 bonus.
One-time setup stipend for remote and hybrid employees, plus $100/month ongoing for internet and equipment. No receipts required under $50.
AllThreats covers 90% of employee premiums and 75% for dependents. Plans are disclosed in full before your offer. No surprises at enrollment. $500/month mental health stipend, separate from insurance.
No vesting cliff. No waiting period. 5% dollar-for-dollar match starting on your first paycheck. Immediate vesting. We think retirement saving shouldn't be a loyalty test.
For all parents — birth, adoption, or foster. Fully paid. No distinction between primary and secondary caregivers. Phased return-to-work program available.
We sponsor attendance at DEF CON, RSA, Black Hat, BSides, and other events — plus active encouragement and coaching for employees who want to speak. Your research is yours to publish.
What People Say
"I've been in this industry for 18 years. AllThreats is the first place where leadership genuinely asks what they can do for me — and means it. I've been promoted twice, attended four conferences on the company's dime, and my manager still checks in on my wellbeing, not just my metrics."
"I joined through the AT Scholarship program straight out of college. Marcus personally welcomed our cohort. Three years later I'm a SOC team lead with two certs fully paid for by the company. My manager blocked a client request that would have required my team to work 60-hour weeks. That's when I knew this place was different."
"The blameless post-mortem culture is real, not a slide deck. We had a near-miss last year that in any other firm would have resulted in someone getting fired. Here we did a two-hour debrief, updated three processes, and my manager thanked the team for catching it. I've never felt more comfortable speaking up."
Diversity, Equity & Inclusion
We publish our workforce and leadership representation data together, because a company that only shows total workforce numbers while hiding their leadership breakdown is sending you a message. Here's ours.
Programs With Real Resources
12-month paid rotational program (not internship) for underrepresented students. $65,000 annual salary during program. 89% full-time conversion rate. 14 active cohort members. Executive sponsor: Marcus Kwame, CEO.
Black professionals in security — 68 members across all offices. Dedicated $28,000 annual budget. Monthly executive breakfast with COO. Co-leads: Renata Osei (SOC Manager) and Jerome Thompson (IR Lead). Direct line to Marcus for policy concerns.
127 members. Annual salary equity audit with results shared at all-hands. Sponsorship program pairs junior women with senior leaders. $22,000 annual budget. Executive sponsor: Dr. Priya Nair, COO.
LGBTQ+ community and allies. 94 members. $18,000 annual budget. Healthcare benefits cover gender-affirming care — and have since 2018. Executive sponsor: Adriana Orellana, Sr. TA Partner.
Disability and neurodivergence — 52 members. Accommodation process takes 5 business days max. Dedicated $15,000 annual budget for accessibility tools and workspace modifications. No cost to employee.
$150,000 annual fund for cybersecurity education at underrepresented high schools. 3 full scholarships per year ($40,000 each). All employees vote on scholarship recipients. Applications open externally — not internal nominations only.
Leadership Team
Every member of our leadership team either started as an analyst or spent significant time doing the work before managing it. We don't hire executives to manage people they've never walked alongside.
Former CISO at two Fortune 500 firms before co-founding AllThreats. SANS instructor, DEF CON speaker, and one of the first 100 CISSPs. His operating principle: the CEO's job is to remove obstacles for the people doing the work.
CISSP · CISM · DEF CON SpeakerCarnegie Mellon CS PhD. Spent 8 years building detection systems before pivoting to building teams. Oversees all internal operations, HR, and the DEI function. Promoted 4 people to senior leadership in the last 18 months. Posts employee promotions personally on LinkedIn.
PhD Computer Science · CMUStarted as an IR lead. Promoted to Director, then VP. Leads all client-facing delivery, manages 90+ practitioners, and has never lost a client to a competitor. His team has the highest internal satisfaction scores in the firm. Active mentor in the AT Scholars program.
GCFE · GCIH · 8 years ATHas worked in cybersecurity recruiting for 9 years and joined AllThreats because the benefits were the only ones she could describe in detail at a dinner party. Hires exclusively for roles she believes in. PrideAT ERG executive sponsor. Responds to every candidate, regardless of outcome.
SHRM-CP · PrideAT SponsorAPT research and malware reverse engineering. Presented at DEF CON and Black Hat — both funded by AllThreats. Promoted to Senior at year 3, Principal-track designation at year 5. AccessAT ERG co-lead. Public about being neurodivergent; credited AllThreats accommodations as career-enabling.
GREM · FOR610 · DEF CON SpeakerStarted as an Analyst II. Promoted to Senior, then Lead, then Manager over 7 years — with AT funding every certification along the way. BLKST ERG co-lead. Her team has 0% voluntary turnover in the last 18 months. Regularly turns down recruiter outreach — publicly.
CISSP · GCIA · BLKST ERG Co-Lead