Detection at Scale

Nir Rothenberg is the CISO at Rapyd, managing security and IT for the soaring Fintech company, on a mission to ensure that the future of financial services will be democratized and secure.  Prior to Rapyd, Nir led information security in NSO Group, a well known cyber-intelligence company, where he was charged with protecting a high profile and high risk enterprise. Before NSO Group, Nir worked as a consultant, helping with some of Israel's leading companies to reduce risk and improve information security. Nir is very active in Israel's cyber startup scene, advising and partnering with many of them. In today’s episode, Nir and Jack discuss lessons learned in transitioning from an on-prem environment to cloud infrastructure, building a modern team, scaling at Rapyd, and tips to help organizations build a modern security team that’s capable of detection and response at scale.  Topics discussed: Nir’s unconventional path to becoming a CISO. How Nir’s mentality shifted in his transition from detection in an on-prem environment to cloud and the pivotal moment he realized he had to move to cloud or be left behind.  What Nir learned about threat detection at scale when he moved to Rapyd.  Why Nir is against SOCs and his alternate systems.  How Nir had to change his approach to detection at scale as Rapyd scaled. Cybersecurity nuances in the finance industry.  Three pieces of advice for leaders building a modern security team and who he sees succeed the most.  Keep in touch with Nir on LinkedIn at: https://www.linkedin.com/in/nir-rothenberg-5a6b48ba/

Joe Uchill is a Senior Reporter at SC Magazine — the leading trade publication for the cybersecurity industry. Prior to joining SC Magazine in 2020, Joe was a cybersecurity reporter at outlets including Axios and The Hill. Today’s episode is the first in our mini-series dedicated to interviewing leading cybersecurity journalists. Cybersecurity reporting plays an important role for practitioners, leaders, and the general public to understand recent breaches, latest malware trends, and best practices that can help us all stay safe on the internet. Our goal with this series is to help our audience learn more about who these journalists are and what it's like to be a reporter in this fast-changing industry. Topics discussed: How Joe began covering cybersecurity in 2015 and how the landscape has evolved over the past few years.  Joe’s favorite story he’s covered since he began covering the space in 2015. What motivates and excites Joe most about cybersecurity.  How Joe feels about the responsibility journalists have when it comes to keeping the public and security community informed.  What trends Joe feels people should be paying attention to when it comes to the future of cybersecurity. To keep up with Joe’s latest reporting, join him on twitter at https://twitter.com/JoeUchill

Aaron Zollman is the CISO at Cedar — a patient payment and engagement platform for hospitals, health systems, and medical groups that elevates the patient experience. Prior to Cedar, Aaron spent time in security at companies like Bridgewater, Palantir, and MUFG Bank, Japan’s largest bank.  In today’s episode, Aaron and Jack discuss lessons and tips to help organizations build a modern security team that’s capable of detection and response at scale.  Topics discussed: What Aaron learned as he transitioned from the public sector to the private sector.  How security tools have evolved over the time.  How Aaron’s background in software engineering contributes to his mindset when it comes to security. Aaron’s approach to building the security team from scratch at Cedar and how the strategy had to change in order to accommodate the growth of both data and employees. Why Aaron created the conference Fwd:cloudsec Three pieces of advice for leaders building a modern security team.  

Thomas Kinsella is the COO and co-founder of Tines — a no-code security automation platform that frees teams from manual work so they can focus on higher-value strategic work. In today’s episode, Thomas and Jack explore what it's like to transition from a security practitioner to a startup founder and how tools like Tines and Panther can be used to transform the way security teams operate.  Topics discussed: What Tines does (and what the name means). Reflecting on the stresses of dealing with major incidents while Thomas worked as a security practitioner at organizations like eBay and Docusign. Why frustration with the automation platforms available led Thomas and his co-founder to quitting their jobs to build the solution they wish they had. The risk of building — instead of buying security tools. The Tines use cases that Thomas finds the most surprising. How automation platforms and threat detection platforms should work together. What’s next for Tines as a company and how they help security members get the most out of their platform. 3 pieces of advice for any security operator working at scale. 

What does it take to shape an early-stage security project into a product that solves real problems?  Understanding your customers is a key first step. Knowing the personas who can use your product and the leverage they can get out of it, it's what ultimately brings value to security teams and even other teams that can seize their benefits. We had a great conversation with Joren McReynolds who is the VP of Engineering, IT and Security at Panther Labs. In today's episode he shares the experiences and lessons over the course of his journey at Facebook, Airbnb, and how they shaped his knowledge on what building a great product takes. Topics discussed: What led to the creation of osquery and why open source. What the progression was to build that as an MVP. Joren's approach to building the IR Team at Airbnb. How different Airbnb's cloud-based environment was from Facebook's. How Joren's past experience at Facebook influenced his work at Airbnb. Joren’s thought process around implementing security monitoring. What inspired StreamAlert. 3 pieces of actionable advice to security teams looking to excel in detection at scale.

Clint Gibler is the Head of Security Research for r2c, the company behind SEMGREP, a popular open-source static analysis security scanning tool used by teams all over the world. He joined r2c to help build and shape the future of AppSec; one that includes secure defaults along with lightweight enforcement of those defaults. In today's episode, Clint talks about SEMGREP, operationalization of tools for security teams, intersection between AppSec and D&R as well as tips to succeed in AppSec at scale.   More topics discussed in this episode: SEMGREP's origin story and benefits. The security startup creation pattern of recent years. Trend shift to developers operating security problems at scale. r2c's mission and products in addition to open source. How application logs are useful in detection and response. Type of vulnerabilities Clint is seeing more often. Application security developments he is most excited about. Other resources: tl;dr Sec Newsletter: tldrsec.com

Robin Smith is the Head of Cyber and Information Security at Aston Martin and he brings a fresh and unique voice to the security industry. He advocates for a lean, progressive security mindset where it's crucial thinking around processes to make sure that organizations are not unnecessarily wasting resources while committing to continuous improvement at the same time. Tune in to learn more about what lean security is, why Robin has always seen security as an asset, and how you can embed that value into your organization. Topic discussed in this episode: How Robin arrived in information security. Why he believes we need new voices in the industry. The time he wrote 'The Lean Information Management Toolkit'. Why he considers security as an asset and how to embed that value across an organization. What the concept of lean security implies. How lean security applies to security monitoring and detection. Desired outcomes for security detection platforms. Metrics for a lean security program. The approach of practicality when deploying technology. 3 Pieces of advice to succeed at effective detection at scale.

If you were building a detection program today, what would be your top resources to start with? As we head into a cloud-based future, the ability of handling increased data sets becomes crucial, teams need to have processes in place that cover the entire detection lifecycle, and develop skills necessary to help build, grow and improve a successful detection program. In today's episode, we had an insightful conversation with Snowflake’s Global Threat Intelligence and Detection Engineering Leader, Haider Dost and Senior Security Engineer, Daniel Wyleczuk-Stern where we discovered why data and being able to query that data is a critical first step. Topics discussed in this episode: Haider's and Daniel's background in security. The precursors and skills necessary to becoming an engineer. A high level approach to building strong detection teams. The importance of collecting and correlating log sources for a proper incident response. How to be proactive when building your detection baseline. What a detection lifecycle process is and why every team should have one. What the biggest challenges of building a detection program are. Why it’s critical that responders or analysts have a sense of ownership on the detections that are being built. How security teams at Fortune 500 and Silicon Valley companies differ from each other.

Have you ever thought you could find more assets in your network that you thought you would have? Do you have segments that haven't been scanned yet? Or maybe subnets that you have ignored? These and much more is what asset discovery brings to the table to any security team, helping to prevent the next big incident. In today's episode we sat down with Chris Kirsch, CEO and co-founder of Rumble and chatted about why covering the basics, like having a full inventory of your network with all the managed and unmanaged devices, is a best practice to secure any environment. Topics discussed in this episode: Rumble's founding story and background Why Rumble's engine is very benign to the network Where customers that migrate to Rumble come from Why vulnerability scanners don't tell much about what a particular asset is A two point approach for asset discovery in a cloud environment How customers use Rumble in a response style situation 3 Pieces of advice to succeed at asset management and device security in the future.

Why is SIEM an area of unease for so many security officers? To make detection and response successful, we need tools capable of upscaling the practitioners as well as equipping them to be successful. We need tools we can rely on. In today's episode, we had an inspiring conversation with J Wolfgang Goerlich, Advisory CISO at Cisco Secure. We discussed how trust is a determinant factor in building the security tools of the future, why so many CISOs lost trust over SIEMs and what we can do to rebuild it. Topics discussed in this episode: Wolf's role as advisory CISO. How we can use technology to solve business problems How CISOs perceive SIEMs today and security monitoring as a practice The investigative side versus the detection side of SIEMs How the detection personas have changed with the movement to the cloud Challenges of doing detection in the modern day The story of when Wolf worked in an open source project How Wolf advises CISOs on making a build versus buy decision How detection and response will evolve in the coming years 3 pieces of actionable advice to succeed with building effective detection programs at scale