JJ Agha is the CISO at Compass, the largest real estate brokerage in the US, and previously spent over four years as VP of InfoSec at WeWork, along with time as a security engineer at Vimeo and Priceline.  Having worked for and advised for multiple startups and Fortune 500 companies he enjoys the challenge of building security teams and maturing programs and disciplines within an organization while embracing and learning new technologies. In today’s episode, Jack and JJ discuss how he builds his team, buy vs build, what he expects from a modern SIEM, and more!  Topics include:  How JJ went from changing his degree nine times, to a help desk analyst to discovering cybersecurity and entering the industry with Northrop Grumman and Edgecast  How JJ thinks about the human element of security when it comes to running a team and being a CISO  What Ikigai is and how the mindset can empower security professionals  Building vs buying and the projects JJ’s security team is working on  What JJ is looking for in a modern SIEM  JJ’s focus on Relentless Iteration and his mission to constantly improve and iterate security programs  How JJ balances the cost of his detection program with the needs of his security team  Keep in touch with JJ on LinkedIn at: https://www.linkedin.com/in/jonathanagha/

Kathy Wang is the CISO at Discord, an internationally-recognized malware expert who has researched, developed, evaluated, and operationalized various solutions for detecting and preventing client-side attacks used by advanced persistent threats (APT).  As a security executive and leader, Kathy has a strong background in project management, research, and business development. She has worked in government, commercial, and technology startup environments, and currently advises security services/products startup companies. In today’s episode, Jack and Kathy discuss the talent pool in cybersecurity.   Topics discussed in this episode: What made Kathy want to go from researcher to security leader  The impact remote work and remote teams has had on cybersecurity teams  What Kathy looks for when hiring security professionals  Why transparency and multi-modal communication is mission critical for cybersecurity teams  How attacks have changed in the past 5 years  The tools Kathy is paying most attention to  What she enjoys most about working in security  Kathy’s advice for security professionals, especially early in their career    Keep in touch with Kathy on LinkedIn at: https://www.linkedin.com/in/kathywang/

Nir Rothenberg is the CISO at Rapyd, managing security and IT for the soaring Fintech company, on a mission to ensure that the future of financial services will be democratized and secure.  Prior to Rapyd, Nir led information security in NSO Group, a well known cyber-intelligence company, where he was charged with protecting a high profile and high risk enterprise. Before NSO Group, Nir worked as a consultant, helping with some of Israel's leading companies to reduce risk and improve information security. Nir is very active in Israel's cyber startup scene, advising and partnering with many of them. In today’s episode, Nir and Jack discuss lessons learned in transitioning from an on-prem environment to cloud infrastructure, building a modern team, scaling at Rapyd, and tips to help organizations build a modern security team that’s capable of detection and response at scale.  Topics discussed: Nir’s unconventional path to becoming a CISO. How Nir’s mentality shifted in his transition from detection in an on-prem environment to cloud and the pivotal moment he realized he had to move to cloud or be left behind.  What Nir learned about threat detection at scale when he moved to Rapyd.  Why Nir is against SOCs and his alternate systems.  How Nir had to change his approach to detection at scale as Rapyd scaled. Cybersecurity nuances in the finance industry.  Three pieces of advice for leaders building a modern security team and who he sees succeed the most.  Keep in touch with Nir on LinkedIn at: https://www.linkedin.com/in/nir-rothenberg-5a6b48ba/

Joe Uchill is a Senior Reporter at SC Magazine — the leading trade publication for the cybersecurity industry. Prior to joining SC Magazine in 2020, Joe was a cybersecurity reporter at outlets including Axios and The Hill. Today’s episode is the first in our mini-series dedicated to interviewing leading cybersecurity journalists. Cybersecurity reporting plays an important role for practitioners, leaders, and the general public to understand recent breaches, latest malware trends, and best practices that can help us all stay safe on the internet. Our goal with this series is to help our audience learn more about who these journalists are and what it's like to be a reporter in this fast-changing industry. Topics discussed: How Joe began covering cybersecurity in 2015 and how the landscape has evolved over the past few years.  Joe’s favorite story he’s covered since he began covering the space in 2015. What motivates and excites Joe most about cybersecurity.  How Joe feels about the responsibility journalists have when it comes to keeping the public and security community informed.  What trends Joe feels people should be paying attention to when it comes to the future of cybersecurity. To keep up with Joe’s latest reporting, join him on twitter at https://twitter.com/JoeUchill

Aaron Zollman is the CISO at Cedar — a patient payment and engagement platform for hospitals, health systems, and medical groups that elevates the patient experience. Prior to Cedar, Aaron spent time in security at companies like Bridgewater, Palantir, and MUFG Bank, Japan’s largest bank.  In today’s episode, Aaron and Jack discuss lessons and tips to help organizations build a modern security team that’s capable of detection and response at scale.  Topics discussed: What Aaron learned as he transitioned from the public sector to the private sector.  How security tools have evolved over the time.  How Aaron’s background in software engineering contributes to his mindset when it comes to security. Aaron’s approach to building the security team from scratch at Cedar and how the strategy had to change in order to accommodate the growth of both data and employees. Why Aaron created the conference Fwd:cloudsec Three pieces of advice for leaders building a modern security team.  

Thomas Kinsella is the COO and co-founder of Tines — a no-code security automation platform that frees teams from manual work so they can focus on higher-value strategic work. In today’s episode, Thomas and Jack explore what it's like to transition from a security practitioner to a startup founder and how tools like Tines and Panther can be used to transform the way security teams operate.  Topics discussed: What Tines does (and what the name means). Reflecting on the stresses of dealing with major incidents while Thomas worked as a security practitioner at organizations like eBay and Docusign. Why frustration with the automation platforms available led Thomas and his co-founder to quitting their jobs to build the solution they wish they had. The risk of building — instead of buying security tools. The Tines use cases that Thomas finds the most surprising. How automation platforms and threat detection platforms should work together. What’s next for Tines as a company and how they help security members get the most out of their platform. 3 pieces of advice for any security operator working at scale. 

What does it take to shape an early-stage security project into a product that solves real problems?  Understanding your customers is a key first step. Knowing the personas who can use your product and the leverage they can get out of it, it's what ultimately brings value to security teams and even other teams that can seize their benefits. We had a great conversation with Joren McReynolds who is the VP of Engineering, IT and Security at Panther Labs. In today's episode he shares the experiences and lessons over the course of his journey at Facebook, Airbnb, and how they shaped his knowledge on what building a great product takes. Topics discussed: What led to the creation of osquery and why open source. What the progression was to build that as an MVP. Joren's approach to building the IR Team at Airbnb. How different Airbnb's cloud-based environment was from Facebook's. How Joren's past experience at Facebook influenced his work at Airbnb. Joren’s thought process around implementing security monitoring. What inspired StreamAlert. 3 pieces of actionable advice to security teams looking to excel in detection at scale.

Clint Gibler is the Head of Security Research for r2c, the company behind SEMGREP, a popular open-source static analysis security scanning tool used by teams all over the world. He joined r2c to help build and shape the future of AppSec; one that includes secure defaults along with lightweight enforcement of those defaults. In today's episode, Clint talks about SEMGREP, operationalization of tools for security teams, intersection between AppSec and D&R as well as tips to succeed in AppSec at scale.   More topics discussed in this episode: SEMGREP's origin story and benefits. The security startup creation pattern of recent years. Trend shift to developers operating security problems at scale. r2c's mission and products in addition to open source. How application logs are useful in detection and response. Type of vulnerabilities Clint is seeing more often. Application security developments he is most excited about. Other resources: tl;dr Sec Newsletter: tldrsec.com

Robin Smith is the Head of Cyber and Information Security at Aston Martin and he brings a fresh and unique voice to the security industry. He advocates for a lean, progressive security mindset where it's crucial thinking around processes to make sure that organizations are not unnecessarily wasting resources while committing to continuous improvement at the same time. Tune in to learn more about what lean security is, why Robin has always seen security as an asset, and how you can embed that value into your organization. Topic discussed in this episode: How Robin arrived in information security. Why he believes we need new voices in the industry. The time he wrote 'The Lean Information Management Toolkit'. Why he considers security as an asset and how to embed that value across an organization. What the concept of lean security implies. How lean security applies to security monitoring and detection. Desired outcomes for security detection platforms. Metrics for a lean security program. The approach of practicality when deploying technology. 3 Pieces of advice to succeed at effective detection at scale.

If you were building a detection program today, what would be your top resources to start with? As we head into a cloud-based future, the ability of handling increased data sets becomes crucial, teams need to have processes in place that cover the entire detection lifecycle, and develop skills necessary to help build, grow and improve a successful detection program. In today's episode, we had an insightful conversation with Snowflake’s Global Threat Intelligence and Detection Engineering Leader, Haider Dost and Senior Security Engineer, Daniel Wyleczuk-Stern where we discovered why data and being able to query that data is a critical first step. Topics discussed in this episode: Haider's and Daniel's background in security. The precursors and skills necessary to becoming an engineer. A high level approach to building strong detection teams. The importance of collecting and correlating log sources for a proper incident response. How to be proactive when building your detection baseline. What a detection lifecycle process is and why every team should have one. What the biggest challenges of building a detection program are. Why it’s critical that responders or analysts have a sense of ownership on the detections that are being built. How security teams at Fortune 500 and Silicon Valley companies differ from each other.