The Future of Security Operations

This week on The Future of Security Operations podcast, Thomas is joined by Prima Virani. Prima is a security engineer who worked across industries as varied as oil and gas and Fintech before becoming Principal Security Engineer at Twilio. With over a decade of experience spanning infrastructure security engineering, incident detection and response, and forensics, she's also shared insights at countless security conferences around the world, including SecTOR Canada and Agile India. In this episode, Prima and Thomas discuss: - The unique challenges of working in forensics - Her transition to detection and response and cloud security - Building a security detection framework at Segment - Reducing mean time to resolve through automation - Using data to prioritize which processes should be automated - Merging teams and technologies when Segment was acquired by Twilio - Joining the securing platform engineering team at Twilio - Designing a challenging and varied career in security - The influence of mentorship on career growth - Democratizing security through knowledge sharing - How security will change in the next five years The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security Where to find Prima Virani:  Twitter: https://twitter.com/secnerdette?lang=en LinkedIn: https://www.linkedin.com/in/primavirani/ Twilio: https://www.twilio.com/en-us Where to find Thomas Kinsella:  Twitter/X: https://twitter.com/thomasksec LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Resources mentioned: Hosting Fleet on AWS EKS by Prima Virani: https://segment.com/blog/hosting-fleetdm-on-aws-eks/ Fleet Device Management: https://fleetdm.com/ In this episode: [02:22] Prima's introduction to cybersecurity career opportunities as a teenager [06:30] The shift from forensics to detection and response [09:15] Gaining experience in vulnerability and patch management, and network security [14:15] Building a security detection framework at Segment using SOCless [18:10] Using automation to reduce alert noise and improve response times [20:30] The impact of automation on security team burnout [22:50] Merging security teams, practices and technologies during Twilio's acquisition of Segment [25:30] Moving to the securing platform engineering team at Twilio [27:40] Growing her knowledge of AWS, Kubernetes and GCP [32:40] Prima's plans to embrace machine learning in detection engineering [34:20] The importance of mentorship and knowledge sharing in career growth [37:30] Prima's all-time favorite projects, including hosting FleetDM on AWS EKS [39:36] The future of security operations through Prima's eyes [42:01] Prima's advice for security practitioners [43:58] Connect with Prima

On this episode of The Future of Security Operations podcast, Thomas is joined by Andrew Santell. Andrew is an experienced security leader who worked for the U.S. Navy for over a decade before moving into the private sector. In 2021, he founded the Security Operations program at Netflix, and recently, he joined edge cloud platform Fastly, where he is the Director of Security Operations and Cyber Defense. In this episode, Andrew and Thomas discuss: - Navigating the unique challenges of the Navy, from log management to prioritization - Making the leap from the Navy to tech - Building a security operations team and program from scratch at Netflix - Red teaming phishing response playbooks at Netflix to test their effectiveness - Recognizing the value of good processes - Why teams should design processes first, automate later - Creating a feedback loop between teams at Fastly - How “shifting left” has helped Andrew’s team reduce vulnerabilities - Using automation for risk assessment at Fastly - Andrew’s approach to incidents like the Log4J vulnerabilities  - Why growth in the vendor market is a good thing for practitioners  - Why automation should be a requirement, not just a best practice - What advancements in AI mean for threat detection - The importance of risk-based decision-making - The potential of self-remediation  - Why good security leadership starts with taking care of your people The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://tines.com/solutions/security Where to find Andrew Santell:  LinkedIn: https://www.linkedin.com/in/ajsantell/ Fastly: https://www.fastly.com/ Where to find Thomas Kinsella:  Twitter/X: https://twitter.com/thomasksec LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Resources mentioned: Google’s SRE handbook: https://sre.google/sre-book/table-of-contents/ Netflix’s 2018 blog post on SOCless: https://www.linkedin.com/pulse/socless-detection-team-netflix-alex-maestretti/ In this episode: [02:05] Andrew’s career journey so far [05:35] The unique requirements of working in the Navy [09:12] Risk-driven decision making [11:11] Self-assessing phishing response controls and mitigations at Netflix [14:28] Andrew’s decision to leave the Navy and his transition to the private sector [16:12] Comparing approaches to security at the Navy and in tech [19:26] Breaking free of bad processes [23:20] Broadening roles to include pen testing, application security, and vulnerability management  [27:27] How Andrew approaches automation at Fastly [31:56] Protecting Fastly’s infrastructure [33:57] How SecOps has changed and where it’s going next [40:18] Embracing automation for vulnerability management [42:45] Taking care of your people as a security leader [44:56] Making engineering and automation part of prioritization [47:19] Connect with Andrew  

To kick off season 5 of the Future of Security Operations podcast, Thomas is joined by Mandy Andress. Mandy is the Chief Information Security Officer at Elastic, a leading platform for search-powered solutions, and has more than 25 years of experience in information risk management and security. Before Elastic, Mandy led the information security function at MassMutual and established and built information security programs at TiVo, Evant, and Privada. She also founded an information security consulting company with clients ranging from startups to Fortune 100 companies. In this episode, Mandy and Thomas discuss: - Her move from accounting to security  - Why she was drawn to Elastic's employee-centric culture - How her role at TiVo in the early '00s shaped her view of privacy - Switching from a technology-first to people-first approach to security - Recognizing the human factor in incident response  - Embracing asynchronous operations on dispersed teams - The importance of bringing your authentic self to work  - Staying technical as you move into leadership - How she puts her law degree to use as a CISO - Balancing compliance and overall security posture - Collaboration and knowledge sharing within the CISO community - Elastic's approach of knowledge sharing by default - How prioritizing analyst time will be critical in the future of SecOps - Adopting an infrastructure-as-code approach - Balancing between proactive security measures and reactive responses - Building a culture of security across the organization - Tips for surviving in security operations in tech The Future of Security Operations is brought to you by Tines, the platform that powers some of the world’s most important security workflows. https://www.tines.com/solutions/security Where to find Mandy Andress:  LinkedIn: https://www.linkedin.com/in/mandyandress/ Elastic: https://www.elastic.co/ Where to find Thomas Kinsella:  LinkedIn: https://twitter.com/thomasksec Twitter/X: https://www.linkedin.com/in/thomas-kinsella/ Resources mentioned: Surviving Security: How to Integrate People, Process & Technology by Mandy Andress: https://www.amazon.co.uk/Surviving-Security-Integrate-Process-Technology/dp/0672321297 Mandy’s 2001 BlackHat talk on wireless LAN security: https://www.youtube.com/watch?v=XtT2Ta87uow Elastic’s blog: https://www.elastic.co/blog In this episode: [01:57] Moving from accounting to security   [02:43] Finding a company with strong vision, culture and business foundations  [05:26] Working in network security in the early days of TiVo [07:05] What’s changed in security since 2001? [09:20] A career-long fascination with the human factor in incident response  [10:30] Embracing empathy in her leadership style [12:25] Finding a workplace where you can be your authentic self  [16:10] Exercising her technical muscles [17:45] The decision to study law [21:18] Balancing compliance and overall security posture [23:35] Knowledge sharing in the CISO community [24:22] Elastic's policy of being "radically transparent" [29:20] The future of security operations  [31:29] How her security team works with product engineering [34:03] Adopting an infrastructure-as-code approach [35:01] Building a culture of security across the organization [38:09] Her advice for others working in security in a high-growth organization [41:50] Baking off security products in her home lab [44:37] Connect with Mandy

In this episode of The Future of Security Operations podcast, Thomas interviews industry veteran Dmitriy Sokolovskiy. Dmitriy is a founding member of (ISC)2 Eastern Massachusetts Chapter, and has over 25 years of experience in the security industry, having led teams at Putnam Investments, CyberArk, and, most recently, Avid. He’s a mentor and advisor to several successful startups and sits on the advisory board of companies like Audience 1st. On this episode of The Future of Security Operations, Dmitriy discusses: His early career journey from IT support to security. Getting comfortable “losing sales on purpose” and building a cloud security program from the ground up at CyberArk. Running product security at Avid, where the customer base included Oscar-winning film editors and Grammy-winning sound engineers.  A particularly memorable mistake - how Dmitriy accidentally rerouted every employee’s emails to his inbox on the first day on the job, and what that experience taught him. Learning to measure and communicate the security team’s ROI to senior leadership, with guidance from the team at Okta. Why he believes we need a new word to describe the cybersecurity industry. Dmitriy’s thoughts on the role security practitioners will play in fifth-generation warfare.  Note: this episode was recorded before the October 2023 attacks in Israel and Gaza.  Resources: LinkedIn

In this episode of The Future of Security Operations podcast, David Seidman joins Thomas to discuss their career to date and what they have learned along the way. David is currently Head of Detection and Response at Robinhood, an online brokerage firm with a mission to democratize finance for everyone.  David has almost 20 years of experience in software and security, having worked for huge names like Microsoft, Google, Salesforce, and now Robinhood.  Topics include:  David’s entry into security and their 10-year tenure at Microsoft.  Dealing with the public’s and media’s interest in security incidents at global organizations like Microsoft, Google, and Salesforce. The changes that came with David’s move from large-scale organizations to Robinhood and the difference in operations and threat actors that they have seen.  David’s detection strategy and how they approach the kill chain model.  How David manages to keep on top of their technical capabilities while also keeping the mental health and performance of their team as high as possible.  The lessons David has learned so far in their career about creating a culture of safety and high morale for SecOps teams.  Decreasing friction around prioritizing between good business and good security operations. How David describes the state of security operations today.   The challenge of false positives and ways to address the stress and burnout that come with them.  The need for executive stakeholder communication skills as an incident responder.  Where David sees security operations and incident response going in the next five years.    Resources: LinkedIn  

Jeff Moss, Senior Director, Information Security at Incode Technologies, discusses his transition from engineering to product security, the evolution of product security over the last five years, reducing the attack surface within the industry, scaling security for startups, tips for prioritization of initiatives, and combining the technical and business aspects of management.

Rebecca Harness, VP and CISO at Quickbase, discusses her career journey and building a strong security culture. She explores securely engaging with partners and vendors, combating human error with automation, and the evolving SecOps landscape. Rebecca also highlights the potential of generative AI in collaborating with SecOps teams.

Josh Kamdjou, CEO of Sublime Security, discusses the evolving email threat landscape and the need for better tools. He shares his journey in security, highlights the types of business email compromise fraud, and explains Sublime's approach to product development. The podcast also explores successful defense strategies, future trends in security operations, and Sublime Security's plans for the next year.

In this season’s finale of the Future of Security Operations podcast, Thomas chats with Yinon Costica, Vice President of Product and co-founder at Wiz, the leading cloud infrastructure security platform that enables organizations to identify and remove the most pressing risks in the cloud. Yinon has more than 15 years of experience leading cybersecurity product development teams, with expertise in the cloud security market. Yinon started his career as a software engineer at the Israel Defense Forces (IDF). After this, he was the VP of Adallom, a leading cloud access security broker, until they were acquired by Microsoft in 2015. At Microsoft, he led the Cloud Security Group product organization for four years before co-founding Wiz. Topics include:  Yinon’s journey, starting with the Israel Defense Forces, and how it led to his introduction to cybersecurity.  The decision process behind building Wiz and how the original idea for the company changed and developed during this time.  Yinon’s view on the changing landscape of security over the last 20 years and how it has become a C-level discussion.  Measuring how mature your company’s security operations are and the process of wider teams becoming more proactive about security. The self-serve model of security used at Wiz and how companies can employ this to create a more secure environment across the enterprise.  Approaching the challenge of gaining Fortune 100 customers when running a start-up and what it takes to build an enterprise-grade product.  The specific challenges that those who are leading security teams in fast-growing tech startups face when approaching the cloud. Stepping back to find toxic combinations in your organization that need to be remediated first when evaluating levels of prioritization.  What the security operations landscape will look like in five years and how the self-serve model will fit into this.  Some lessons Yinon has learned from the close relationships that the Wiz founding members have built up over the last 20 years. Taking steps to overcome the issue of diversity and bias in the security space. Resources: LinkedIn

In this episode of the Future of Security Operations podcast, Thomas chats with Morey Haber, Chief Security Officer at BeyondTrust. BeyondTrust is a worldwide leader in Privileged Access Management (PAM), focused on addressing the most urgent cybersecurity challenges, including zero trust, ransomware, cloud security, and more. Morey has more than 25 years of IT industry experience, has authored four books, is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud-based solutions and regularly consults for global periodicals and media.   Topics include:  Morey’s journey in cybersecurity, starting almost 20 years ago in a software action team. The cultural and perception shift that vulnerability management and security operations have undergone over the past 20 years. The challenges modern security operations face due to identity-based risks increasing in a remote working world.  The exploitable flaws seen in two-factor authentication (2FA) and multi-factor authentication (MFA) identification.  How BeyondTrust specializes in privileged access and least privilege to ensure the integrity of all transactions.  The differences with implementing security disciplines in the cloud.  How Morey stays on top of the latest issues and threats in the cybersecurity world.  The importance of self-discipline when it comes to mental health and overcoming the risk of burnout, and how managers can best support this.  Some of the most memorable security incidents Morey has come across.  Morey’s stance on what security teams should be wary of when it comes to ChatGPT.  What cybersecurity might look like in five years’ time with advances in AI taken into consideration.    Resources: LinkedIn: https://www.linkedin.com/in/mjhaber/