The Future of Security Operations

Aaron Cooper is the Security Operations Manager at TripActions with 20+ years of experience working in a variety of enterprise infrastructures. He specializes in managing and designing secure network environments to meet the needs of financial and corporate customers, managing security operations centers, designing and implementing highly secure and available data networks while maintaining HIPAA, SOX, and PCI compliance.  In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more!  In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more!    Topics in this episode include:  His journey from hardware, to a vendor, to healthcare, to banking, to a cloud first tech company – how security posture and challenges differ across industries and companies  Why it’s critical to understand the culture of the company to run a successful security team  Why the state of security today is in flux and how security teams are changing how and what they respond to  Why the ‘onion model’ no longer exists so it’s critical to put on your ‘black hat’  The tools and strategies that help Aaron with risk reduction and analyzing indicators  The one thing IT managers can do to maintain the uptime of their environment How Aaron works to prevent burnout among his team and what drives him to help his team succeed  How Aaron evaluates AI tools  How his major in psychology gives him insight into the minds of security analysts, how resilient they can be, and how to hold space for them  Resources mentioned:  Year Up: https://www.yearup.org/job-training/cyber-security Hunter: https://www.hunters.ai/

In our 10th episode of the Future of Security Operations, Thomas speaks to Jay Thoden Van Velzen, Multicloud Security Operations Advisor at SAP. Prior to Jay’s current role, Jay scaled the SecDevOps team from 5 to 25 team members across three continents and five countries and was the Initiative Lead for multiple security improvement programs for Multicloud across SAP.  Topics discussed in this episode: Understanding the scale and size of SAP and the unique security complexities the organization faces.  The state of security operations today.  How to overcoming the common challenges that security operations teams face today.   How teams can solve the talent gap in cybersecurity and how SAP tackles the problem.  Defining what SecDevOps is exactly.  Practical advice for those who are leading security operations at fast-growing organizations.  Why you may need to rethink your existing tooling to ensure its suitable for the public cloud.   What’s in store for the future of security operations. 

Today on the Future of Security Operations Podcast, Thomas speaks with Rebecca Blair, Manager of the Security Operations Center at Toast, an all-in-one point-of-sale and restaurant management platform for businesses in the food service and hospitality space. After working in a variety of different cybersecurity roles over the past decade, Rebecca joined Toast in 2021 as the first employee of their security operations center. On this episode, she shares lessons learned as she scaled the team along with her insights on what’s in store for the future of security operations.  Topics discussed in this episode: - The state of security operations today. - How to prioritize what needs to be done first when you are building a security operations team from scratch.  - How to measure the efficacy of your alerts to determine what’s worth keeping and what you should get rid of. - How Toast reduces the amount of manual time spent on tasks and how they keep their team happy and excited about the work they do. - How to develop and source cybersecurity talent. - How working towards an MBA has changed how she approaches security.  - Why Rebecca loves dashboards and why they are critical to her work.  - How Toast prioritizes mental health for their entire team.  - Tips for how to run a good purple team.  - What security operations teams will look like in the future.

On Today’s episode of the Future of Security Operations Podcast, Thomas speaks with Jason Barnes — the former Head of Global Security Operations at Netskope and current Senior Director at Charter Communications.  *Note: this episode was recorded in late May 2022, prior to Jason departing from Netskope*   Topics discussed in this episode: - How Jason describes the current state of security operations and how its evolved over the past 10 years.  - What Netskope’s SOC team is focused on and what Jason’s day to day look like.  - How Jason helps his team prioritize where to focus their time and resources.  - Jason’s philosophy around automation and the power it can bring to a security operations team.  - Tips for helping security operations team reduce the time spent on low value manual tasks (outside of automation).  - Jason’s prediction for what the future of the SOC will look like.  - How Netskope focuses on mental health and burnout and the resources the company offers to team members.  - #1 piece of advice for security operations leaders at fast-growing tech Resources mentioned: Jason’s blog: https://www.netskope.com/blog/author/jbarnes

Today on the Future of Security Operations Podcast, Thomas is joined by Jack Naglieri, CEO of Panther Labs, a cloud-native SIEM platform that alleviates the pain of traditional SIEM with detection-as-code, a robust security data lake, and huge scalability with zero-ops.  Topics discussed in this episode: - The challenges Jack faced while working on security teams at organizations like Yahoo and Airbnb.  - The difference between security at Yahoo and Airbnb.  - The origin story of StreamAlert - the open-source tool Jack built while working at Airbnb.  - How a VCs cold email eventually led to Jack founding Panther Labs and how they acquired their first customers.  - How Panther is different from traditional SIEM platforms.  - What you need to know about detection-as-code and security data lakes.  - Why teams need to focus on security — not operations.  - Lessons learned from Jack working closely with fast-growing sophisticated security teams that make up Panther’s customer base.  - What security operations will look like in the future.  - Why security teams must learn and embrace automation to deal with the challenges of cloud-scale security.  - What features are coming next from Panther Labs.  Resources mention on the episode:  Jack’s podcast: Detection at Scale  Jack’s blog post: From StreamAlert to Panther  Jack’s keynote releasing StreamAlert: USENIX Enigma 2017 — StreamAlert: A Serverless, Real-time Intrusion Detection Engine  

In our sixth episode of the Future of Security Operations Podcast, Thomas speaks with Niall Heffernan, Head of Security at Cygnvs, a former Senior Manager of Information Security at Informatica, and a Lecturer for BSc, HDIP, PGDip and MSc students studying in the Cyber Security streams at the National College of Ireland.  Topics discussed in this episode: Niall’s view on the current state of security operations and how it’s evolved over the past 5 years. What’s top of mind for Niall as he begins building a security operations team from scratch.  How to prioritize incidents and determining what detections can be ignored using automation.  What most security practitioners get wrong when they embark on bringing the power of automation to their security program.  Lessons that security can learn from software engineering.  How security changes when an organization goes public and why the stakes become so high.   What can be done to solve the security talent shortage gap. Niall’s #1 piece of advice for security leaders and and practitioners.  What’s in store for the future of security operations and why the traditional levels of security analysts will change. 

In our fifth episode of the Future of Security Operations Podcast, Thomas speaks with Dylan White, an Information Security Engineer at KnowBe4 — a leading security awareness training platform. Topics Discussed:  What KnowBe4 does and the problem they solve for organizations.  The most common lures hackers are using today to trick users.  Dylan’s favorite phishing test of all time — and why it was so effective.   How to build a culture that takes responsibility for security and why leaders need to make it clear it’s okay if mistakes are made.  How to make security more approachable for the entire organization. The state of security automation today and why Dylan is so excited about endless possibilities that automation makes possible for security teams. Manual and mundane tasks that Dylan’s been able to automate and free his team from spending (and wasting) their time on.   How automation has made his team 5x more effective.  What Dylan sees security practitioners get wrong about security automation.  Dylan’s advice for security leaders and how they can set their teams up for success with automation.   What’s in store for the future of security automation.

In our fourth episode of the Future of Security Operations Podcast,  Thomas speaks with Johannes Gilger— CEO and founder of urlscan, a URL and website scanner that enables users to take a look at the individual resources that are requested when a site is loaded. Prior to founding urlscan, Johannes was the managed the Threat Intelligence Automation team at CrowdStrike Topics discussed in this episode: What urlscan is and how it works. Why Johannes founded urlscan and why he thinks the security community is so collaborative.  Johannes journey that eventually led to founding urlscan and why he decided to leave Crowdstrike to focus his attention on urlscan.  How automation transforms security investigations.  What urlscan users get wrong about automation.  The #1 piece of advice Johannes has for security operations teams getting started with automation.  Tips for customer-facing brands to reduce their attack target size.  What future security challenges will look like in the years ahead and how organizations can use automation to get prepared for what’s next.

In our third episode, we speak with Maxime Lamothe-Brassard — CEO and founder of LimaCharlie, a security infrastructure as a service tool that gives security teams full control over how they manage their security infrastructure. Maxime’s unique perspectives come from a career in security, including Canada’s NSA, Google, Arc4dia, and the early days of Crowdstrike.  Topics discussed in this episode:  The problem LimaCharlie solves.  What endpoint hygiene means and lessons Maxime learned from working at Google.  How Maxime describes the state of security today.  Maxime’s philosophy for how cybersecurity products should be marketed and sold to customers.  How small improvements can lead to major change over time.  How better tools and great APIs can remove the “boring stuff” so security teams can focus on more exciting work.  Where Maxime sees security headed in the future.

In our second episode, we speak with Elastic’s Product Marketing Director James Spiteri, an experienced security practitioner turned product marketer with a passion for making security accessible and easy for anyone and everyone.  Topics discussed in this episode: Why James joined Elastic four years ago.  What Elastic is and the different use cases the company offers (Did you know every Netflix search uses their Elastic?).  How James has seen security operations evolve over the years and why the industry still faces the same data problem it faced five years ago.   What Elastic is doing to tackle analyst burnout and mental health including “shut it down days” two Fridays per month.  How Elastic leverages the power of no-code security automation.   The #1 piece of advice James has for security teams.