Detection at Scale

Thomas Owen is CISO at Grafana and an advisor to startups who helped build the security team at Snyk and is especially excited about fostering conversations around ethics, sustainability, mental health, and inclusivity. 

A cloud-native, innovative and strategic security leader with a blend of people, policy and technical experience and a strong product affinity, Thomas and Jack discuss how to build a team from the ground up, the attributes of a modern security team, how to gauge value of security, and his advice for practitioners around basic hygiene. 

Topics include: 

• How Thomas builds functions from the ground up 
• How to think about functional areas from very early on in the team 
• Practical applications of using GRF for security and the elements that should be looked at 
• The three biggest challenges with modern data security
• The pros, cons, and use cases of open source in security at scale 
• The difference between engineers building features and products solving problems 
• Modern security: telemetry, analysis, and what do you do about it
• The ROI of security and how to gauge value 
• Latest trends in high-scale monitoring 
• Why ‘enabled autonomy’ is critical in a modern security team  
• 3 pieces of actionable advice for practitioners looking to succeed at detection at scale 

Keep in touch with Thomas on LinkedIn: https://www.linkedin.com/in/thomas-rhys-owen/?originalSubdomain=uk

Mike Saxton is Technical Director of Defensive Cyber Operations at Booz Allen Hamilton. His primary focus is on implementing technical solutions to protect against vulnerabilities, exploit software or hardware, data threats and other emerging risks that may threaten critical system operations. 

Not only an endurance athlete and classically trained musician, Mike is a long time proponent of detections as code and in today's episode he and Jack discuss everything from getting started on your detection journey, to broader cloud security adoption, the use of open source in government, and more! 

Topics include: 

• How Mike went from the healthcare field to cybersecurity 
• Where the government is in their shift to the cloud 
• The zero-trust model and broader security adoption in the cloud space  
• Where Mike thinks most teams start in their detection journey
• Mike’s positive thoughts on closing the cybersecurity skills gap and how interviews for detection at scale competency  
• The usage of open source there is in government 
• How acquisition and new leadership is changing cybersecurity products and frameworks in government 
• Why it’s critical to find a niche when working in cybersecurity 
• His advice to get outside your comfort zone and not just push yourself, but push the industry as a whole

Keep in touch with Mike on LinkedIn at: https://www.linkedin.com/in/mikesaxton/

JJ Agha is the CISO at Compass, the largest real estate brokerage in the US, and previously spent over four years as VP of InfoSec at WeWork, along with time as a security engineer at Vimeo and Priceline. 

Having worked for and advised for multiple startups and Fortune 500 companies he enjoys the challenge of building security teams and maturing programs and disciplines within an organization while embracing and learning new technologies.

In today’s episode, Jack and JJ discuss how he builds his team, buy vs build, what he expects from a modern SIEM, and more! 

Topics include: 

• How JJ went from changing his degree nine times, to a help desk analyst to discovering cybersecurity and entering the industry with Northrop Grumman and Edgecast 
• How JJ thinks about the human element of security when it comes to running a team and being a CISO 
• What Ikigai is and how the mindset can empower security professionals 
• Building vs buying and the projects JJ’s security team is working on 
• What JJ is looking for in a modern SIEM 
• JJ’s focus on Relentless Iteration and his mission to constantly improve and iterate security programs 
• How JJ balances the cost of his detection program with the needs of his security team 

Keep in touch with JJ on LinkedIn at: https://www.linkedin.com/in/jonathanagha/

Kathy Wang is the CISO at Discord, an internationally-recognized malware expert who has researched, developed, evaluated, and operationalized various solutions for detecting and preventing client-side attacks used by advanced persistent threats (APT). 

As a security executive and leader, Kathy has a strong background in project management, research, and business development. She has worked in government, commercial, and technology startup environments, and currently advises security services/products startup companies.

In today’s episode, Jack and Kathy discuss the talent pool in cybersecurity.

Topics discussed in this episode:

• What made Kathy want to go from researcher to security leader 
• The impact remote work and remote teams has had on cybersecurity teams 
• What Kathy looks for when hiring security professionals 
• Why transparency and multi-modal communication is mission critical for cybersecurity teams 
• How attacks have changed in the past 5 years 
• The tools Kathy is paying most attention to 
• What she enjoys most about working in security 
• Kathy’s advice for security professionals, especially early in their career 

Keep in touch with Kathy on LinkedIn at: https://www.linkedin.com/in/kathywang/

Nir Rothenberg is the CISO at Rapyd, managing security and IT for the soaring Fintech company, on a mission to ensure that the future of financial services will be democratized and secure. 

Prior to Rapyd, Nir led information security in NSO Group, a well known cyber-intelligence company, where he was charged with protecting a high profile and high risk enterprise. Before NSO Group, Nir worked as a consultant, helping with some of Israel's leading companies to reduce risk and improve information security. Nir is very active in Israel's cyber startup scene, advising and partnering with many of them.

In today’s episode, Nir and Jack discuss lessons learned in transitioning from an on-prem environment to cloud infrastructure, building a modern team, scaling at Rapyd, and tips to help organizations build a modern security team that’s capable of detection and response at scale. 

Topics discussed:

• Nir’s unconventional path to becoming a CISO.
• How Nir’s mentality shifted in his transition from detection in an on-prem environment to cloud and the pivotal moment he realized he had to move to cloud or be left behind. 
• What Nir learned about threat detection at scale when he moved to Rapyd. 
• Why Nir is against SOCs and his alternate systems. 
• How Nir had to change his approach to detection at scale as Rapyd scaled.
• Cybersecurity nuances in the finance industry. 
• Three pieces of advice for leaders building a modern security team and who he sees succeed the most. 

Keep in touch with Nir on LinkedIn at: https://www.linkedin.com/in/nir-rothenberg-5a6b48ba/

Joe Uchill is a Senior Reporter at SC Magazine — the leading trade publication for the cybersecurity industry. Prior to joining SC Magazine in 2020, Joe was a cybersecurity reporter at outlets including Axios and The Hill.

Today’s episode is the first in our mini-series dedicated to interviewing leading cybersecurity journalists. Cybersecurity reporting plays an important role for practitioners, leaders, and the general public to understand recent breaches, latest malware trends, and best practices that can help us all stay safe on the internet. Our goal with this series is to help our audience learn more about who these journalists are and what it's like to be a reporter in this fast-changing industry.

Topics discussed:

• How Joe began covering cybersecurity in 2015 and how the landscape has evolved over the past few years. 
• Joe’s favorite story he’s covered since he began covering the space in 2015.
• What motivates and excites Joe most about cybersecurity. 
• How Joe feels about the responsibility journalists have when it comes to keeping the public and security community informed. 
• What trends Joe feels people should be paying attention to when it comes to the future of cybersecurity.

To keep up with Joe’s latest reporting, join him on twitter at https://twitter.com/JoeUchill

Aaron Zollman is the CISO at Cedar — a patient payment and engagement platform for hospitals, health systems, and medical groups that elevates the patient experience. Prior to Cedar, Aaron spent time in security at companies like Bridgewater, Palantir, and MUFG Bank, Japan’s largest bank. 

In today’s episode, Aaron and Jack discuss lessons and tips to help organizations build a modern security team that’s capable of detection and response at scale. 

Topics discussed:

• What Aaron learned as he transitioned from the public sector to the private sector. 
• How security tools have evolved over the time. 
• How Aaron’s background in software engineering contributes to his mindset when it comes to security.
• Aaron’s approach to building the security team from scratch at Cedar and how the strategy had to change in order to accommodate the growth of both data and employees.
• Why Aaron created the conference Fwd:cloudsec
• Three pieces of advice for leaders building a modern security team.

Thomas Kinsella is the COO and co-founder of Tines — a no-code security automation platform that frees teams from manual work so they can focus on higher-value strategic work. In today’s episode, Thomas and Jack explore what it's like to transition from a security practitioner to a startup founder and how tools like Tines and Panther can be used to transform the way security teams operate. 

Topics discussed:

• What Tines does (and what the name means).
• Reflecting on the stresses of dealing with major incidents while Thomas worked as a security practitioner at organizations like eBay and Docusign.
• Why frustration with the automation platforms available led Thomas and his co-founder to quitting their jobs to build the solution they wish they had.
• The risk of building — instead of buying security tools.
• The Tines use cases that Thomas finds the most surprising.
• How automation platforms and threat detection platforms should work together.
• What’s next for Tines as a company and how they help security members get the most out of their platform.
• 3 pieces of advice for any security operator working at scale. 

What does it take to shape an early-stage security project into a product that solves real problems? 

Understanding your customers is a key first step. Knowing the personas who can use your product and the leverage they can get out of it, it's what ultimately brings value to security teams and even other teams that can seize their benefits.

We had a great conversation with Joren McReynolds who is the VP of Engineering, IT and Security at Panther Labs. In today's episode he shares the experiences and lessons over the course of his journey at Facebook, Airbnb, and how they shaped his knowledge on what building a great product takes.

Topics discussed:

• What led to the creation of osquery and why open source.
• What the progression was to build that as an MVP.
• Joren's approach to building the IR Team at Airbnb.
• How different Airbnb's cloud-based environment was from Facebook's.
• How Joren's past experience at Facebook influenced his work at Airbnb.
• Joren’s thought process around implementing security monitoring.
• What inspired StreamAlert.
• 3 pieces of actionable advice to security teams looking to excel in detection at scale.

Clint Gibler is the Head of Security Research for r2c, the company behind SEMGREP, a popular open-source static analysis security scanning tool used by teams all over the world.

He joined r2c to help build and shape the future of AppSec; one that includes secure defaults along with lightweight enforcement of those defaults.

In today's episode, Clint talks about SEMGREP, operationalization of tools for security teams, intersection between AppSec and D&R as well as tips to succeed in AppSec at scale.  

More topics discussed in this episode:

• SEMGREP's origin story and benefits.
• The security startup creation pattern of recent years.
• Trend shift to developers operating security problems at scale.
• r2c's mission and products in addition to open source.
• How application logs are useful in detection and response.
• Type of vulnerabilities Clint is seeing more often.
• Application security developments he is most excited about.

Other resources:

tl;dr Sec Newsletter: tldrsec.com