The Future of Security Operations Podcast is dedicated to empowering SecOps leaders to reimagine how their teams work so they can scale their security efforts and build a team that achieves more with less.
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Matt Muller, Field CISO at Tines. With over a decade of experience at companies like Material Security, Coinbase, and Inflection, Matt's got a strong track record of scaling SecOps teams, building threat detection and mitigation programs, and driving trust and safety initiatives. His knowledge impressed Thomas and the Tines team so much that they invited him to become the company's first Field CISO. In this episode: [02:41] The origins of Matt's insatiable appetite for all things security [04:05] Matt's path from business degree to Director of Trust at Inflection [07:07] Scaling Coinbase's security team from 3 to 50 [08:41] Addressing security's long-standing communication problem [10:55] Why “failure wasn't an option” when managing risk at Coinbase [14:14] What led Matt to a product role on Material Security's phishing protection team [17:31] Building what customers ask for vs. actually solving their problems [21:14] How Matt stays up to date with industry developments [22:35] Matt's favorite use cases for security automation [25:25] Matt's go-to automation best practices [27:33] Cutting through AI hype to drive meaningful adoption [30:32] How Matt keeps himself honest as a Field CISO [32:21] Why the traditional SOC is broken - and what needs to change [35:30] The role of diverse hiring in building a resilient security strategy [39:00] What security teams will look like in 2030 [41:35] How CISOs are evolving to become chief risk advisors to the business [43:30] Connect with Matt Where to find Matt: LinkedIn Building SecOps newsletter Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Blue Team Con Material Security's Ryan Noon on the Future of Security Operations podcast
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Travis Howerton, Co-founder and CEO of RegScale. Travis began his security career with roles at government and regulated organizations, including the National Nuclear Security Administration and Oak Ridge National Laboratory, before being inspired by inefficiencies in compliance processes to co-found RegScale. As CEO of RegScale, he oversees their Continuous Controls Monitoring platform, which enables rapid GRC outcomes for organizations like Wiz, Keybank, and the US Department of Energy. In this episode: [02:15] How an interest in computer science led Travis to pursue a career in security [03:20] Working in “the Major Leagues of cyber” at the National Nuclear Security Administration [06:20] Moving fast in highly-regulated environments [07:10] Securing the world's fastest supercomputer at Oak Ridge National Laboratory [10:30] Supporting digital transformation at enormous scale at Bechtel Corp [15:15] How outdated compliance processes inspired Travis to co-found RegScale [18:15] How RegScale acquired its first high-profile clients through "hustle and luck" [19:20] The challenges of building the first version of RegScale [21:15] Taking the pain out of compliance [23:20] The biggest GRC roadblocks teams are facing right now [25:10] Practical advice for moving the needle on your automation program [27:33] Eliminating redundancy and inefficiency in federal compliance programs [32:30] What's next for RegScale [33:45] The best applications of AI (and which decisions should "never" be made AI) [35:45] Navigating regulatory uncertainty when it affects your whole business model [38:40] What SecOps and compliance teams might look like in the future [40:20] What the best compliance teams do to build rapport with security, IT and other business functions [43:30] Why AI adoption is a risk-based conversation every organization should be having with their CISO [46:00] Connect with Travis Where to find Travis Howerton: LinkedIn RegScale Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: The CISO Society 2025 State of Continuous Control Monitoring Report
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Raymond Schippers. With 15 years of experience leading detection and response teams, Raymond is a seasoned security leader with high-impact roles at Check Point and Canva under his belt. He recently became co-founder of Huntabil.IT, a Melbourne-based company providing organizations with tailored advisory services to align with their unique threat landscapes and business goals. In this episode: [02:27] Landing his first security internship at Siemens as a teenager [03:18] Reflecting on some state-sponsored attacks he encountered while working IR at Check Point [04:45] Working with government partners to attribute and dismantle APTs [08:10] The challenges of remediating threats for anonymized customers [09:30] What inspired Raymond's move from Check Point to Canva [10:35] Building Canva's blue team during the company's phase of hypergrowth [12:40] Rethinking the interview process to prioritize diversity in hiring [18:02] Proven strategies for reducing burnout and alert fatigue in IR [21:09] How Raymond's team used automation to scale security operations at Canva [23:16] The state of AI in security - and its most effective use cases [28:53] What inspired Raymond to found Huntabil.IT [31:09] Raymond's approach to working with non-profit organizations [39:15] The under-reported threats that could reshape the future of SecOps [44:06] Anticipating the biggest challenges security teams will face over the next five years [46:42] Connect with Raymond Where to find Raymond Schippers: LinkedIn Huntabil.IT Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Cyber Threat Alliance Raymond's talk on avoiding team burnout at BSides Perth
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Dane VandenBerg. Dane's 16-year security career includes product-focused roles with vendors like Qintel and more recently, Microsoft, where he was Principal Technical Specialist supporting the development of their security copilot. He's also spent a lot of time in fintech, serving as Vice President of Information Security at Prime Trust and, currently, Senior Director of Security Operations at Circle. In this episode: [02:05] How Dane went from researching women's health and animal cloning to public relations to security [06:25] Why security teams are still fighting the same battles they were 15 years ago [09:24] How Dane's vendor-side threat intel work shapes his thinking as a SecOps leader [12:00] What's working - and what's not - about how companies approach threat intelligence today [12:51] Why threat intel should be an in-house function, not just a reporting feed [15:30] What motivated Dane to move into the finance and crypto industry [19:30] How parenthood reshaped the way Dane thinks about risk [22:50] Tips for encouraging employees to report their security concerns [26:00] What a great security-vendor customer experience look like - and what too many vendors get wrong [29:10] The security tools and solutions Dane is most excited about right now [32:45] Balancing the hype and potential of security copilots [38:30] What cyberattacks might look like five years from now [41:30] Connect with Dane Where to find Dane: LinkedIn Circle Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: National Cyber Forensics and Training Alliance
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Josh Lemos, CISO at GitLab. Throughout his 15-year career in security, Josh has led teams at ServiceNow, Cylance, and Square. Known for his expertise in AI-driven security strategies, Josh is also a board member with HiddenLayer. He drives innovation at GitLab with a relentless focus on offensive security, identity management, and automation. In this episode: [02:05] His early career path from mechanic to electrical engineer to security leader [03:35] Josh's philosophy on hiring and mentoring, plus his tips for creating networking opportunities [05:30] How he applies technical foundations from his practitioner days to his work as CISO [07:40] Building product security at ServiceNow from the ground up [10:40] “Down and in” versus “up and out” - adopting a new leadership style as CISO at Square [12:17] Josh's experience as an early AI and security researcher at Cylance [16:15] What's surprised Josh most about the evolution of AI [18:50] Why Josh calls today's models “AI version 1.0” - and what he thinks it will take to upgrade to version 2.0 [22:45] The LLM security threats Josh is most worried about, as a board member with Hidden Layer [26:30] “Expressing exponential value” - what excited Josh most about becoming CISO at GitLab [27:45] Why GitLab prioritizes “intentional transparency” [32:45] How GitLab automates and orchestrates its Tier 1 and Tier 2 security processes [34:10] How GitLab's security team uses GitLab internally [37:35] The secret to recruiting, hiring, and managing a remote, global team [39:45] The importance of in-person collaboration for building trust and connection [41:45] Downsizing, bootstrapping, and problem-solving: Josh's predictions for the future of SecOps [46:10] Connect with Josh Where to find Josh: LinkedIn GitLab Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: GitLab's Security Handbook GitLab's GUARD Framework Netskope's security blog Jobs at GitLab Haroon Meer
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Mark Hillick, CISO at Brex. Mark's experience in the security industry spans more than two decades. He started out as a security engineer at Allied Irish Banks before advancing through companies like MongoDB to become Director and Head of Security at Riot Games. His book, The Security Path, features over 70 interviews with security professionals on their career journeys. In this episode: [02:06] His early career journey - from a mathematics background to building early online banking systems [03:32] What's kept Mark excited about security for over two decades [04:40] The compound benefits of growing within a company over time [07:20] Mark's leadership style - defined by transparency, directness, and genuine care for his teammates [12:45] Communicating the business trade-off between risk and return [16:45] Reflecting on the team's response to major incidents at Riot Games [21:00] The unique challenges of securing gaming platforms [26:30] How Mark approaches strategy and planning in the fintech space [28:08] The case for building strong, partnership-driven vendor relationships [31:13] Creating space for creativity - without spreading the team too thin [34:35] Empowering his team to speak openly - even if it means calling him out [36:35] The inspiration behind Mark's books Digital Safety for Parents and The Security Path [40:20] Connect with Mark Where to find Mark: LinkedIn Brex Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: The Security Path - click here to redeem a free copy for podcast listeners (first come, first serve) Digital Safety for Parents - click here to redeem a free copy for podcast listeners (first come, first serve) Mark's talk during his time at Riot Games in 2016
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Mollie Chard. Mollie's career spans 10+ years in technical SOC and leadership roles at organizations like the UK's Met Office, Capgemini, and OVO. She's recently accepted a new role as Head of Cyber Guidance & Monitoring at Ofgem, the UK's Office of Gas and Electricity Markets. A passionate advocate for diversity, she's also the Chief Advisor for Women in Cybersecurity UK and Ireland. In this episode: [02:00] Mollie's journey from arts graduate to security leader [04:00] Her previous role developing emerging security talent for CIS UK [05:00] Tips and techniques for hiring diverse talent [11:20] The problem with management being the default career path [15:25] The biggest tech mistake that budget-strapped companies make [19:23] Solving unique systems and operational technology challenges in the energy sector [21:30] The ethical considerations and impact of AI for security and other industries [27:30] Making space in boardroom discussions for diversity and how it can enhance resilience [32:00] How to stay aligned when working with remote or dispersed team [35:00] What Mollie thinks cybersecurity will look like in five years [37:00] AI as a threat to human cognitive abilities within and beyond security [42:40] Connect with Mollie The Future of Security Operations is brought to you by Tines, the orchestration, automation, and AI platform that powers some of the world's most important workflows. Where to find Mollie: LinkedIn Medium Substack Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Capslock Bootcamp UK Department for Work and Pensions's Disability Confident employer scheme More career growth tips from Mollie on the Trident Talks podcast
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Joe McCallister. Joe's journey in security is truly unique - in less than a decade, he pivoted from selling BMWs to his current role as Senior Manager of Cybersecurity Operations at The Trade Desk. He's also led impactful initiatives in risk management, threat hunting, and incident response at Synoptek. In this episode: [02:18] Transitioning from selling BMWs to leading a security team [06:14] Moving from practitioner to manager and leaning into the role of the "communications guy" [09:52] Balancing security team priorities with company goals [11:40] The threats that keep Joe up at night [14:06] How The Trade Desk's rapid growth has affected day-to-day operations [16:10] Ensuring security stays top of mind for other business units [19:32] Practical tips for strengthening collaboration with IT and other teams [22:13] Joe's approach to hiring and building a resilient team [26:30] Enabling his incident response team to thrive, even when he's not there [30:58] Joe's top three leadership principles [33:22] Tips for salary negotiation, both as a practitioner and a manager [39:58] Navigating imposter syndrome and anxiety [42:37] How AI is fueling Joe's optimism for the future of SecOps [44:29] Connect with Joe The Future of Security Operations is brought to you by Tines, the orchestration, automation, and AI platform that powers some of the world's most important workflows. Where to find Joe: LinkedIn Rocky Mountain Information Security Conference (May 28 - 30, 2025) Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Colorado=Security Annual Salary Surveys & Resources
The Future of Security Operations podcast is back for a sixth season, and, to kick it off, Thomas is joined by Christofer Hoff. Christofer has over 30 years of experience in network and information security architecture, development, engineering, operations, and management, including security leadership roles at Bank of America, Citadel, and Juniper Networks. He's currently Chief Secure Technology Officer at LastPass, a unique role that combines the duties of CSO and CTO, while also serving on the board at FIDO Alliance. In this episode: [02:00] How blogging landed Christofer his first couple of jobs in security [06:50] Taking a more holistic approach to security through collaboration [09:40] Rebuilding LastPass's security org from scratch [12:03] Reflecting on incidents - what LastPass did right [16:12] Communicating with customers and the broader community during incidents [20:15] Navigating tech debt as a security leader [23:55] The biggest challenges AI has produced for his team [25:16] How LastPass uses an AI working group for decision-making [29:00] The evolving challenges of browser security [35:05] Passkeys, passwords and the future of secure authentication [41:40] Tips on hiring and structuring effective security teams [46:47] How LastPass creates efficiency through automation [50:38] The biggest changes he'd like to see in security [54:44] Connect with Chris The Future of Security Operations is brought to you by Tines, the orchestration, automation, and AI platform that powers some of the world's most important workflows. Where to find Christofer Hoff: LinkedIn Chris's Rational Survivability blog Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Chris on Google's Cloud Security Podcast LastPass Security Incident Summary
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Brent Deterding. Brent has over 25 years of experience in security, both on the vendor side and now as a security leader. He spent a big part of his career with cloud-native security analytics platform SecureWorks, and he's currently the CISO of Afni, a global provider of contact center solutions in the U.S., Philippines, and Mexico. Brent and Thomas discuss: - His unconventional path to becoming a CISO - Building a security team with zero attrition - Removing the burden of stress in incident response - Strategies for risk prioritization - Facing off against cybercriminal group Scattered Spider - Why prioritization and leadership are among security's biggest challenges - Being dubbed "the happy CISO" after reporting high levels of job satisfaction - Brent's four security non-negotiables - The right way to approach CISOs as a security vendor - Measuring success when you're metrics-averse - What the SOC will - and should - look like in five years The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world's most important workflows. https://www.tines.com/solutions/security Where to find Brent Deterding: LinkedIn: https://www.linkedin.com/in/brent-deterding/ Afni: https://www.afni.com/ Where to find Thomas Kinsella: LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Twitter/X: https://twitter.com/thomasksec Tines: https://www.tines.com/ Resources mentioned: How to connect with me as a vendor by Brent Deterding on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:7146566282128076800/ In this episode: [01:56] Brent's unconventional path to becoming a CISO [04:10] Finding the right fit at Afni [06:09] Separating his identity from his job and removing the burden of stress [10:22] Why Brent sees risk prioritization and leadership as security's biggest challenges [13:02] Brent's first steps as CISO at Afni including deploying MFA across 10,000 employees [16:29] Going up against threat group Scattered Spider [17:43] Brent's custom risk frameworks [23:03] Measuring success as someone who's metrics-averse [26:19] How Brent developed his unique leadership style [29:13] Supporting his team to do their best work [31:55] Brent's tips for security vendors [36:07] Using AI for resilience and protection [39:20] What security could and should look like in five years [42:53] Connect with Brent
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Nicolas Chaillan. Nicolas is a security leader who has held several high-profile roles in US federal agencies including Chief Software Officer for the US Air Force and Space Force, Special Advisor for Cloud Security and DevSecOps at the Department of Defense (DOD), and Special Advisor for Cybersecurity and Chief Architect for Cyber.gov at the Department of Homeland Security. He is also the founder of no less than 13 companies, including Ask Sage, a GPT-powered platform that brings Generative AI capabilities to government teams. Nicolas and Thomas discuss: - Building the US government's first zero trust implementation - Putting Kubernetes on jets and space systems - The challenges of bringing new technologies to the federal government - How the threat landscape will continue to evolve for US federal agencies - The biggest mistakes entrepreneurs make - How cross-team collaboration helped him create meaningful change at the DOD - The future of AI in security - The inspiration behind his AI-powered platform, Ask Sage The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world's most important workflows. https://www.tines.com/solutions/security Where to find Nicolas Chaillan: LinkedIn: https://www.linkedin.com/in/nicolaschaillan/ Twitter/X: https://twitter.com/NicolasChaillan Nic's YouTube channel: https://www.youtube.com/channel/UCt7jKHaxWS8W_4rcKGg7X9w Ask Sage: https://www.asksage.ai/ Where to find Thomas Kinsella: LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Twitter/X: https://twitter.com/thomasksec Tines: https://www.tines.com/ Resources mentioned: Making An Impact: Nicolas Chaillan, CEO Magazine: https://www.theceomagazine.com/executive-interviews/government-defence/nicolas-chaillan/ In this episode: [02:20] Becoming a self-taught coder at 7 and founding his first company at 15 [05:02] Shipping 187+ technology products as a founder, in verticals as varied as healthcare, retail and banking [07:08] The biggest mistakes entrepreneurs make [08:40] His latest product, generative AI platform Ask Sage [11:30] The challenges of bringing a new product to the US government [13:45] Building the first zero trust implementation in the government as Special Advisor for Cybersecurity at the Department of Homeland Security [15:20] Advocating for new technologies at federal agencies [19:40] Deploying Kubernetes on 50-year-old hardware on the F16 jet at the Department of Defense [22:02] Dealing with pushback and internal resistance to change [24:50] Recruiting internal help to establish force-wide DevSecOps at the DOD [29:00] Becoming Federal Chief Technology Officer at Qualys [30:30] Reflecting on the changes he implemented while working for the US government [33:12] Deciding which companies to work with as an advisory board member [36:40] How the threat landscape will continue to evolve for US federal agencies [40:50] TikTok as a channel for misinformation and national security weapon [44:18] Nicolas' predictions for the future of security [47: 10] Connect with Nicolas
In this week's episode of The Future of Security Operations podcast, Thomas is joined by George Griesler. George has been working in cybersecurity since 1997, when he assumed the role of Senior Network administrator at the United States Golf Association (USGA), eventually advancing to Director of Information Security. He currently serves as the Senior Director of Cybersecurity at the National Football League (NFL), where he works to secure events like the Super Bowl, which in 2024 was the most-watched telecast ever. George and Thomas discuss: - What security operations looked like in 1997 - Protecting the secrets of regulation golf equipment at the USGA - The shift in security and privacy needs at live sports events - Securing scents, flavors, and other chemical formulations at IFF - Preparing for Super Bowl LXXVIII in the wake of the MGM Resorts cyber attack - The Super Bowl threat profile, from scoreboard hacking to stadium credentials - Collaborating with cybersecurity experts from CISA, the FBI, Caesars Palace, and the MGM Grand. - Aligning security operations with physical security - The reality of working on high-pressure events - The benefits of knowledge sharing with other teams working on live sports events - The importance of relationship building across internal security teams: - The potential of automation, orchestration, and AI in incident response The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world's most important workflows. https://www.tines.com/solutions/security Where to find George Griesler: NFL: https://www.nfl.com/ LinkedIn: https://www.linkedin.com/in/georgegriesler/ Where to find Thomas Kinsella: Twitter/X: https://twitter.com/thomasksec LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Tines: https://www.tines.com/ Resources mentioned: A Cyberattack Shuts Down MGM Resorts In Las Vegas And Other Cities: https://www.forbes.com/sites/suzannerowankelleher/2023/09/12/a-cyberattack-mgm-resorts-las-vegas/?sh=c1b5096505c0 The 1,000-ton screen bringing Super Bowl LVI to the lucky fans inside the stadium: https://edition.cnn.com/2022/02/11/sport/super-bowl-lvi-samsung-infinity-screen-sofi-stadium-tech-spc-intl/index.html In this episode: [01:50] What infrastructure management and incident response looked like in 1997 [03:30] His projects at the United States Golf Association (USGA), including securing a golf handicap information network [06:05] Witnessing the digital transformation of live sports events [08:40] Securing flavors, scents and other chemical formulations at IFF [13:20] Building a threat model for large OT environments [15:30] Increasing security awareness and culture across the organization [17:45] Moving to the NFL [21:20] How George's team prepare for the Super Bowl [24:10] Partnering with cybersecurity experts at CISA, the FBI, and local partners in Las Vegas like Caesars Palace and the MGM Grand. [27:00] The Super Bowl's threat profile, from scoreboard hacking to stadium credentials to online identities of individual players [29:20] Inside the NFL's Super Bowl command centre [30:40] Ensuring the team is supported to handle high-pressure events [32:55] Knowledge sharing with security teams on other live sports events, from The Olympics to the World Cup [37:00] Reducing risk through collaboration across the security team [38:35] AI as a defender tool and attacker tool [41:50] The future of the SOC [43:15] Connect with George
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Adam Khan. Adam is a cybersecurity and technology leader with over 25 years of experience working at Fortune 500 companies. He has a proven track record of building and managing global security teams, leading engineering, infrastructure, application, and product, and is currently VP of Global Security Operations at Barracuda. Adam and Thomas discuss: - Building discipline and resilience by working on SRE teams - How a well-known DDoS attack changed his career path - Using automation to reduce alert fatigue - Strategies for plugging the security skills gap - The potential of AI-driven XDR - How cyber attacks are evolving in the age of AI - Lessons learned from researching the history of cybersecurity - Empowering teams to do their best work - Creating a culture of continuous learning The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world's most important workflows. https://www.tines.com/solutions/security Where to find Adam Khan: Adam's website: https://www.adamkhancyber.com/ LinkedIn: https://www.linkedin.com/in/adamkhan-cyber/ Barracuda: https://www.barracudamsp.com/ and sales@barracudamsp.com Where to find Thomas Kinsella: Twitter/X: https://twitter.com/thomasksec LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Tines: https://www.tines.com/ Resources mentioned: 2023 Global Cyber Threat Report by Adam Khan: https://www.adamkhancyber.com/post/2023-global-cyber-threat-report Adam's five-part cybersecurity history series on smartermsp.com: https://smartermsp.com/author/akhan/ DarkReading: https://www.darkreading.com/ BleepingComputer: https://www.bleepingcomputer.com/ In this episode: [02:10] Switching from site reliability engineering (SRE) to SecOps [03:40] How the DDoS attack on Amazon, eBay and Priceline in 2008 piqued his interest in security [04:37] Building discipline and resilience by working on SRE teams [09:05] Navigating Barracuda's acquisition of SKOUT [10:22] How growing companies can benefit from a external XDR platform [11:50] Prioritizing the alerts that matter most to customers [13:03] Using automation to enrich threat intelligence and root out false positives [14:50] The potential of AI-driven XDR [16:40] How cyber attacks have evolved as adversaries use AI tools like FraudGPT and WormGPT [19:30] Adam's three key takeaways from researching the history of cybersecurity [23:20] Strategies for tackling the talent shortage [25:15] Empowering teams to do their best work [28:10] How Adam stay on top of the latest security trends [31:35] The importance of making mistakes [32:20] Promoting a culture of blameless incident reviews [34:40] Predictions for the future [35:50] Connect with Adam
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Matt Johansen. Matt is a security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Alongside his day job as Head of Software Security at Reddit, he teaches companies how to protect against cyber attacks, and coaches entrepreneurs and CISOs that need help with infrastructure, application, cloud, and security policies. He also writes Vulnerable U, a weekly newsletter that talks about embracing the power of vulnerability for growth. Thomas and Matt discuss: - Moving from a large security team at Bank of America to a small one at Reddit - Embracing scrappiness and doing more with less - Overcoming sunk-cost fallacy - Why the 2014 Sony hack was a pivotal time for AppSec - Running the threat research centre at White Hat - What he looks for when hiring in AppSec, the SOC and beyond - His decision to start creating content about mental health in security - Moving past imposter syndrome - Renouncing superhero culture - Paved paths and guardrails, and what comes next after "shift left" - Lessons learned from Reddit's 2023 security incident - The power of automating incident response The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world's most important workflows. https://www.tines.com/solutions/security Where to find Matt Johansen: Vulnerable U newsletter: https://vulnu.mattjay.com/ Twitter: https://twitter.com/mattjay LinkedIn: https://www.linkedin.com/in/matthewjohansen/ TikTok: https://www.tiktok.com/@vulnerable_matt Reddit: https://www.redditinc.com/ mattjay.com: https://www.mattjay.com Where to find Thomas Kinsella: Twitter/X: https://twitter.com/thomasksec LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Tines: https://www.tines.com/ Resources mentioned: The Tech Professional's Guide to Mindfulness by Matt Johansen: https://www.mattjay.com/blog/the-tech-professionals-guide-to-mindfulness Matt's piece on developer experience in the Vulnerable U newsletter: https://vulnu.mattjay.com/p/vulnu-003-courage-quit Reddit's post on a February 2023 incident: https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/ Collaborative Incident Response Best Practices: Don't Rely on Superheroes by Matt Johansen: https://www.mattjay.com/blog/superhero-incident-response Threat modeling depression by Matt Johansen: https://www.mattjay.com/blog/threat-model-depression In this episode: [02:14] Going from long-time Reddit user to employee [04:50] Running AppSec at Reddit [07:30] Being the internet's punching bag and boxing gloves [10:30] Building a team from scratch at White Hat and lessons learned from the 2014 Sony hack [15:10] Matt's approach to hiring [21:15] His decision to create content about mental health in security [23:20] Turning his Twitter network into his IRL network [27:55] Moving past imposter syndrome [30:00] Tools for safeguarding your mental health in incident response [36:20] Preserving work-life balance for his teams at Reddit [39:15] Moving past "shift left", and paved path to production and guardrails [47:40] Lessons learned from a February 2023 incident at Reddit [51:20] Renouncing superhero culture [52:20] Automating incident response [54:12] Connect with Matt
This week on The Future of Security Operations podcast, Thomas is joined by Prima Virani. Prima is a security engineer who worked across industries as varied as oil and gas and Fintech before becoming Principal Security Engineer at Twilio. With over a decade of experience spanning infrastructure security engineering, incident detection and response, and forensics, she's also shared insights at countless security conferences around the world, including SecTOR Canada and Agile India. In this episode, Prima and Thomas discuss: - The unique challenges of working in forensics - Her transition to detection and response and cloud security - Building a security detection framework at Segment - Reducing mean time to resolve through automation - Using data to prioritize which processes should be automated - Merging teams and technologies when Segment was acquired by Twilio - Joining the securing platform engineering team at Twilio - Designing a challenging and varied career in security - The influence of mentorship on career growth - Democratizing security through knowledge sharing - How security will change in the next five years The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world's most important workflows. https://www.tines.com/solutions/security Where to find Prima Virani: Twitter: https://twitter.com/secnerdette?lang=en LinkedIn: https://www.linkedin.com/in/primavirani/ Twilio: https://www.twilio.com/en-us Where to find Thomas Kinsella: Twitter/X: https://twitter.com/thomasksec LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Resources mentioned: Hosting Fleet on AWS EKS by Prima Virani: https://segment.com/blog/hosting-fleetdm-on-aws-eks/ Fleet Device Management: https://fleetdm.com/ In this episode: [02:22] Prima's introduction to cybersecurity career opportunities as a teenager [06:30] The shift from forensics to detection and response [09:15] Gaining experience in vulnerability and patch management, and network security [14:15] Building a security detection framework at Segment using SOCless [18:10] Using automation to reduce alert noise and improve response times [20:30] The impact of automation on security team burnout [22:50] Merging security teams, practices and technologies during Twilio's acquisition of Segment [25:30] Moving to the securing platform engineering team at Twilio [27:40] Growing her knowledge of AWS, Kubernetes and GCP [32:40] Prima's plans to embrace machine learning in detection engineering [34:20] The importance of mentorship and knowledge sharing in career growth [37:30] Prima's all-time favorite projects, including hosting FleetDM on AWS EKS [39:36] The future of security operations through Prima's eyes [42:01] Prima's advice for security practitioners [43:58] Connect with Prima
On this episode of The Future of Security Operations podcast, Thomas is joined by Andrew Santell. Andrew is an experienced security leader who worked for the U.S. Navy for over a decade before moving into the private sector. In 2021, he founded the Security Operations program at Netflix, and recently, he joined edge cloud platform Fastly, where he is the Director of Security Operations and Cyber Defense. In this episode, Andrew and Thomas discuss: - Navigating the unique challenges of the Navy, from log management to prioritization - Making the leap from the Navy to tech - Building a security operations team and program from scratch at Netflix - Red teaming phishing response playbooks at Netflix to test their effectiveness - Recognizing the value of good processes - Why teams should design processes first, automate later - Creating a feedback loop between teams at Fastly - How “shifting left” has helped Andrew's team reduce vulnerabilities - Using automation for risk assessment at Fastly - Andrew's approach to incidents like the Log4J vulnerabilities - Why growth in the vendor market is a good thing for practitioners - Why automation should be a requirement, not just a best practice - What advancements in AI mean for threat detection - The importance of risk-based decision-making - The potential of self-remediation - Why good security leadership starts with taking care of your people The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world's most important workflows. https://tines.com/solutions/security Where to find Andrew Santell: LinkedIn: https://www.linkedin.com/in/ajsantell/ Fastly: https://www.fastly.com/ Where to find Thomas Kinsella: Twitter/X: https://twitter.com/thomasksec LinkedIn: https://www.linkedin.com/in/thomas-kinsella/ Resources mentioned: Google's SRE handbook: https://sre.google/sre-book/table-of-contents/ Netflix's 2018 blog post on SOCless: https://www.linkedin.com/pulse/socless-detection-team-netflix-alex-maestretti/ In this episode: [02:05] Andrew's career journey so far [05:35] The unique requirements of working in the Navy [09:12] Risk-driven decision making [11:11] Self-assessing phishing response controls and mitigations at Netflix [14:28] Andrew's decision to leave the Navy and his transition to the private sector [16:12] Comparing approaches to security at the Navy and in tech [19:26] Breaking free of bad processes [23:20] Broadening roles to include pen testing, application security, and vulnerability management [27:27] How Andrew approaches automation at Fastly [31:56] Protecting Fastly's infrastructure [33:57] How SecOps has changed and where it's going next [40:18] Embracing automation for vulnerability management [42:45] Taking care of your people as a security leader [44:56] Making engineering and automation part of prioritization [47:19] Connect with Andrew
To kick off season 5 of the Future of Security Operations podcast, Thomas is joined by Mandy Andress. Mandy is the Chief Information Security Officer at Elastic, a leading platform for search-powered solutions, and has more than 25 years of experience in information risk management and security. Before Elastic, Mandy led the information security function at MassMutual and established and built information security programs at TiVo, Evant, and Privada. She also founded an information security consulting company with clients ranging from startups to Fortune 100 companies. In this episode, Mandy and Thomas discuss: - Her move from accounting to security - Why she was drawn to Elastic's employee-centric culture - How her role at TiVo in the early '00s shaped her view of privacy - Switching from a technology-first to people-first approach to security - Recognizing the human factor in incident response - Embracing asynchronous operations on dispersed teams - The importance of bringing your authentic self to work - Staying technical as you move into leadership - How she puts her law degree to use as a CISO - Balancing compliance and overall security posture - Collaboration and knowledge sharing within the CISO community - Elastic's approach of knowledge sharing by default - How prioritizing analyst time will be critical in the future of SecOps - Adopting an infrastructure-as-code approach - Balancing between proactive security measures and reactive responses - Building a culture of security across the organization - Tips for surviving in security operations in tech The Future of Security Operations is brought to you by Tines, the platform that powers some of the world's most important security workflows. https://www.tines.com/solutions/security Where to find Mandy Andress: LinkedIn: https://www.linkedin.com/in/mandyandress/ Elastic: https://www.elastic.co/ Where to find Thomas Kinsella: LinkedIn: https://twitter.com/thomasksec Twitter/X: https://www.linkedin.com/in/thomas-kinsella/ Resources mentioned: Surviving Security: How to Integrate People, Process & Technology by Mandy Andress: https://www.amazon.co.uk/Surviving-Security-Integrate-Process-Technology/dp/0672321297 Mandy's 2001 BlackHat talk on wireless LAN security: https://www.youtube.com/watch?v=XtT2Ta87uow Elastic's blog: https://www.elastic.co/blog In this episode: [01:57] Moving from accounting to security [02:43] Finding a company with strong vision, culture and business foundations [05:26] Working in network security in the early days of TiVo [07:05] What's changed in security since 2001? [09:20] A career-long fascination with the human factor in incident response [10:30] Embracing empathy in her leadership style [12:25] Finding a workplace where you can be your authentic self [16:10] Exercising her technical muscles [17:45] The decision to study law [21:18] Balancing compliance and overall security posture [23:35] Knowledge sharing in the CISO community [24:22] Elastic's policy of being "radically transparent" [29:20] The future of security operations [31:29] How her security team works with product engineering [34:03] Adopting an infrastructure-as-code approach [35:01] Building a culture of security across the organization [38:09] Her advice for others working in security in a high-growth organization [41:50] Baking off security products in her home lab [44:37] Connect with Mandy
In this episode of The Future of Security Operations podcast, Thomas interviews industry veteran Dmitriy Sokolovskiy. Dmitriy is a founding member of (ISC)2 Eastern Massachusetts Chapter, and has over 25 years of experience in the security industry, having led teams at Putnam Investments, CyberArk, and, most recently, Avid. He's a mentor and advisor to several successful startups and sits on the advisory board of companies like Audience 1st. On this episode of The Future of Security Operations, Dmitriy discusses: His early career journey from IT support to security. Getting comfortable “losing sales on purpose” and building a cloud security program from the ground up at CyberArk. Running product security at Avid, where the customer base included Oscar-winning film editors and Grammy-winning sound engineers. A particularly memorable mistake - how Dmitriy accidentally rerouted every employee's emails to his inbox on the first day on the job, and what that experience taught him. Learning to measure and communicate the security team's ROI to senior leadership, with guidance from the team at Okta. Why he believes we need a new word to describe the cybersecurity industry. Dmitriy's thoughts on the role security practitioners will play in fifth-generation warfare. Note: this episode was recorded before the October 2023 attacks in Israel and Gaza. Resources: LinkedIn
In this episode of The Future of Security Operations podcast, David Seidman joins Thomas to discuss their career to date and what they have learned along the way. David is currently Head of Detection and Response at Robinhood, an online brokerage firm with a mission to democratize finance for everyone. David has almost 20 years of experience in software and security, having worked for huge names like Microsoft, Google, Salesforce, and now Robinhood. Topics include: David's entry into security and their 10-year tenure at Microsoft. Dealing with the public's and media's interest in security incidents at global organizations like Microsoft, Google, and Salesforce. The changes that came with David's move from large-scale organizations to Robinhood and the difference in operations and threat actors that they have seen. David's detection strategy and how they approach the kill chain model. How David manages to keep on top of their technical capabilities while also keeping the mental health and performance of their team as high as possible. The lessons David has learned so far in their career about creating a culture of safety and high morale for SecOps teams. Decreasing friction around prioritizing between good business and good security operations. How David describes the state of security operations today. The challenge of false positives and ways to address the stress and burnout that come with them. The need for executive stakeholder communication skills as an incident responder. Where David sees security operations and incident response going in the next five years. Resources: LinkedIn
In this episode of The Future of Security Operations podcast, Thomas speaks to Jeff Moss, Senior Director, Information Security, at Incode Technologies. Incode is the leading provider of world-class identity solutions for the world's largest financial institutions, governments, retailers, hospitality organizations, and gaming establishments. Jeff has over 10 years of experience in tech and IT, moving from project and program management in areas such as construction and IT into cybersecurity, where he quickly worked his way up to becoming CISO and Senior Director of Information Security. He has countless licenses and certifications, including Certified Information Systems Auditor with ISACA, and he also has an MBA. Topics include: How Jeff decided to make the move from engineering to product security. His less traditional path into cybersecurity leadership and how he worked his way up to CISO in such a short space of time. The evolution of product security over the last five years. The increased attack surface within the industry and how to reduce the risks. What Jeff has learned from scaling security for numerous startups. Tips for the prioritization of initiatives that Jeff has learned as part of his MBA and his years as a project and program manager. Jeff's approach to combining the technical and the business in his management. The shift in organizational structure with CISOs needing to report to the board and CEO. The proposed Securities and Exchange Commission (SEC) rulemaking in the US and what it means for the industry. What Jeff expects to see in security operations over the next five years. Resources: LinkedIn
In this episode of The Future of Security Operations podcast, Thomas chats with Rebecca Harness, VP and Chief Information Security Officer at Quickbase. Quickbase is a no-code database and application development platform that enables anyone to safely build, iterate, and integrate their applications. Rebecca has 25 years of experience in information technology and over 12 years of experience in security specifically. Over her career, Rebecca has launched two of her own companies; she's led numerous high-performing cybersecurity teams through the challenges of supporting cloud-first digital transformation strategies; and she's a board member of ISACA St. Louis. She also has a Master of Science in Information Security Engineering. Topics include: Rebecca's career journey from her start in IT to founding her first company, to becoming VP and CISO at Quickbase. The steps Rebecca takes to build a strong security culture within her teams. Balancing empathy and velocity as a CISO. The measures Rebecca feels best place SecOps teams to securely and safely engage with technology partners and third-party vendors. The inevitability of human error and how automation can help combat this. How Rebecca has seen SecOps evolve and the resource and skills gap being experienced across the industry and how this can be combated. How generative AI can be a key collaborator for SecOps teams. Where Rebecca sees the SecOps landscape going over the next five years. Rebecca's experience in the MSP space and how she feels MSPs will be affected by attacks becoming less commodified and more targeted. The measures Rebecca takes to ensure her teams don't burn out and remain passionate about their role. Resources: LinkedIn
In the first episode of this season of The Future of Security Operations podcast, Thomas speaks to Josh Kamdjou, founder and CEO of Sublime Security, the world's first open and adaptable email security platform, preventing email attacks using Detection-as-Code and behavioral AI. Josh has more than 13 years of experience in the security industry, doing a mix of government work and private consulting before founding Sublime Security in 2019. Josh holds a B.Sc. in Computer Science from the University of Maryland and is a regular speaker at security conferences and workshops. Topics include: Josh's interesting path into security started with his career working with the government. How the approach to email security has changed over the last 10 years. The gap and lack of tooling that Josh discovered in email security led to the founding of Sublime Security. The types of business email compromise fraud that are still working today and how the threat landscape has changed. Moving from consultancy to creating a product and securing Sublime's first customers. Putting yourself in your customers' shoes to aid discovery and build a better product. How Josh's experience working in government and industry shaped his approach to how he builds Sublime's product. What companies are doing to successfully defend against email threats. Where security operations might be in five years and how teams will be doing more with less. Sublime Security's plans for the next 12 months. Resources: LinkedIn
In this season's finale of the Future of Security Operations podcast, Thomas chats with Yinon Costica, Vice President of Product and co-founder at Wiz, the leading cloud infrastructure security platform that enables organizations to identify and remove the most pressing risks in the cloud. Yinon has more than 15 years of experience leading cybersecurity product development teams, with expertise in the cloud security market. Yinon started his career as a software engineer at the Israel Defense Forces (IDF). After this, he was the VP of Adallom, a leading cloud access security broker, until they were acquired by Microsoft in 2015. At Microsoft, he led the Cloud Security Group product organization for four years before co-founding Wiz. Topics include: Yinon's journey, starting with the Israel Defense Forces, and how it led to his introduction to cybersecurity. The decision process behind building Wiz and how the original idea for the company changed and developed during this time. Yinon's view on the changing landscape of security over the last 20 years and how it has become a C-level discussion. Measuring how mature your company's security operations are and the process of wider teams becoming more proactive about security. The self-serve model of security used at Wiz and how companies can employ this to create a more secure environment across the enterprise. Approaching the challenge of gaining Fortune 100 customers when running a start-up and what it takes to build an enterprise-grade product. The specific challenges that those who are leading security teams in fast-growing tech startups face when approaching the cloud. Stepping back to find toxic combinations in your organization that need to be remediated first when evaluating levels of prioritization. What the security operations landscape will look like in five years and how the self-serve model will fit into this. Some lessons Yinon has learned from the close relationships that the Wiz founding members have built up over the last 20 years. Taking steps to overcome the issue of diversity and bias in the security space. Resources: LinkedIn
In this episode of the Future of Security Operations podcast, Thomas chats with Morey Haber, Chief Security Officer at BeyondTrust. BeyondTrust is a worldwide leader in Privileged Access Management (PAM), focused on addressing the most urgent cybersecurity challenges, including zero trust, ransomware, cloud security, and more. Morey has more than 25 years of IT industry experience, has authored four books, is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud-based solutions and regularly consults for global periodicals and media. Topics include: Morey's journey in cybersecurity, starting almost 20 years ago in a software action team. The cultural and perception shift that vulnerability management and security operations have undergone over the past 20 years. The challenges modern security operations face due to identity-based risks increasing in a remote working world. The exploitable flaws seen in two-factor authentication (2FA) and multi-factor authentication (MFA) identification. How BeyondTrust specializes in privileged access and least privilege to ensure the integrity of all transactions. The differences with implementing security disciplines in the cloud. How Morey stays on top of the latest issues and threats in the cybersecurity world. The importance of self-discipline when it comes to mental health and overcoming the risk of burnout, and how managers can best support this. Some of the most memorable security incidents Morey has come across. Morey's stance on what security teams should be wary of when it comes to ChatGPT. What cybersecurity might look like in five years' time with advances in AI taken into consideration. Resources: LinkedIn: https://www.linkedin.com/in/mjhaber/
In this episode of the Future of Security Operations podcast, Thomas interviews Arthur Barnes, Senior Director of Security Operations at Oracle – the world's largest database management company. Arthur is an experienced cybersecurity leader with 20 years of experience, having previously worked at Pearson, Dell, and M&S. He contributed to the ENISA Cloud Procurement Guidelines, which is a practical guide aimed at the procurement and governance of cloud services, and is currently completing an MBA in Business Administration and Management. Topics include: Arthur's journey from working within government, consulting, and the private sector and how he found his way into the security space. How security has evolved over the last 10 years, including the main challenges faced by cybersecurity leaders and their teams. Solving the challenge of hiring the right people and how to identify the best candidates during the interview process. What Arthur has learned about what it takes to be a leader and how to identify good candidates for promotion to leadership positions. Approaching and dealing with mental health concerns for people working in cybersecurity. Reducing time spent on repetitive tasks and helping teams outside of the security organization to automate tasks. Cases of forensic investigations that became story-worthy. Arthur's number one piece of advice for those leading security teams today. What security teams might look like in five years' time. Resources: LinkedIn: https://www.linkedin.com/in/arthurbarnes/?originalSubdomain=uk
In this episode of Future of Security Operations, Thomas speaks with Ryan Noon, Founder and CEO of Material Security, a company that protects the email of high-risk VIPs and top global organizations. A serial entrepreneur and an expert on cloud security, Ryan previously ran infrastructure teams at Dropbox after it acquired his last company, Parastructure. Before that, he helped build a company spun out of Stanford by the Department of Defense. A graduate of Stanford, Ryan holds degrees in Computer Science and Computer Security. Topics include: Ryan's first startup experience and the decision to launch his first company, Parastructure Getting acquired by Dropbox and what he enjoyed most about working there Ryan's journey from a hobbyist to a thought leader and founder in cybersecurity, taking a critical eye towards every system, and why Ryan sees himself as “a builder, a creator, and an optimist than a true security engineer” How the Russian government's interference in the 2016 U.S. presidential election impacted his perspective on cybersecurity and helped him realize the power of APIs Why email is such an excellent target for cyber attackers and how Material Security secures data within inboxes What founders should focus on in the first year, the importance of product management, and how Material secured its early adopters, including customers like Stripe, Databricks, and Lift, so quickly How to help your product to stand out, and why he believes it's important to avoid FUD tactics in cybersecurity What Ryan has learned from working with the world's leading security teams and how the best teams bridge gaps to win Ryan's thoughts on the uncertain global economic climate, its impacts, and how Material's conservative approach has allowed them to maintain a relatively lean team The future of security operations and what trends Ryan believes will continue - doing more with less and leveraging better infrastructure and tools that enable you to go deeper with your existing tech stack Resources: LinkedIn
In this episode of the Future of Security Operations podcast, Thomas speaks with Diana Kelley, Chief Security Officer / Chief Strategy Officer at Cybrize, which connects organizations, security leaders, and job seekers to train and support the next generation of cybersecurity professionals. Diana has been a trailblazer in the cybersecurity industry for over three decades. She's served as CTO for Microsoft and Global Executive Security Advisor at IBM; she was also previously VP of Burton Group (now Gartner for Technical Professionals) and a manager at KPMG. Diana volunteers with numerous organizations in her free time, including ACM Ethics & Plagiarism Committee and WiCyS (Women in Cybersecurity), all devoted to advancing diversity within this field. Topics include: How Diana first developed a passion for computers and security Diana's career path, from building and managing a global network to working as a consultant The changing security landscape and how increasingly sophisticated adversaries challenge it Why executives need to recognize compliance is not just a checkbox exercise, and how Diana helps business leaders bring compliance in as part of their toolkits to develop better security programs The challenge of balancing security policies with different pressures within an organization The cybersecurity skills gap and how hiring managers can attract and retain the best candidates through DEIA, allyship, creating open-minded job descriptions, and recognizing the value of different skill sets The importance of sizing security teams properly to prevent exhaustion and burnout, measuring the success of your security program, and communicating the value of your security team Why Diana believes SOCs will be more distributed in the future, why it makes sense for smaller companies to outsource, and the rise of AI and automation to support humans rather than replace humans Diana reflects on a striking security incident Resources: LinkedIn
In this episode of the Future of Security Operations podcast, Thomas interviews Andreas Schneider - the Field CISO EMEA at Lacework. Leveraging its data-driven platform and cloud-native application protection solution, Lacework helps organizations make sense of immense amounts of security data with minimal effort. With over two decades of experience in cybersecurity, Andreas started off as a defender working on mainframes for a financial services company before building up his first security team within the Swiss broadcasting industry. Topics include: After discovering computer games like Risk, how Andreas found himself accidentally working in security. Building up the security team for a Swiss broadcasting company and managing large-scale environments sensitive to interruption. Why Andreas moved to Lacework after first experiencing the platform as a customer. Why Andreas feels comfortable dealing with large-scale attacks and enjoys what he does. The shift to DevOps and why security needs to evolve continuously and become more decentralized. The changing role of the lonely CISOs, the importance of culture and accountability, and how Andreas approaches his work to identify gaps. Two of Andreas' biggest failures and why he believes it's essential to talk about failure in security. Andreas' passion for the security community, how he sources new talent, and why he prioritizes listening to developers to enhance collaboration efforts. How Andreas carefully chooses vendors and security tools to help his team avoid alert fatigue and friction that slows their processes down. Why Andreas believes machine learning and automation will be a big focus in the future of security operations, and human behavior will remain the most formidable risk. Resources: LinkedIn: https://www.linkedin.com/in/ciso-andreas-schneider
In this episode of Future of Security Operations, Thomas speaks with Jacob DePriest, VP & Deputy Chief Security Officer at GitHub, a company with a mission "to help every developer - regardless of experience level - learn, code, and ship software effectively." Before joining GitHub, DePriest spent more than 15 years as a senior executive at the National Security Agency (NSA) in the US. Topics include: How Jacob moved from a career deep in the engineering world to security His experience working at the NSA and why curiosity led him to move to GitHub to seek out a new adventure His experience with Open Source tools and why he believes in making tools that help the security community more widely available to handle threats How GitHub's security team prioritizes their workload, thinks about risk, and builds trust with their customers The vast amount of automation in place at GitHub, what they're building, and how they bring security findings as close to developers as they possibly can How the security team influences GitHub's product roadmap and why they want to be the first customer of any new feature His experience with Log4j and why he's proud of GitHub's response to the breach Why he prioritizes his team's psychological safety and thinks empathy, diversity, and transparency are critical to success for any security team Resources: LinkedIn: https://www.linkedin.com/in/jacobdepriest/ Twitter: https://twitter.com/jacobdepriest
In this episode of Future of Security Operations, Thomas speaks with Jon Hencinski, VP of SecOps at Expel, a company with "a mission to make security easy to understand, easy to use, and easy to continuously improve." Hencinski is passionate about getting to the root cause of security issues and using strategy to help organizations make problems go away entirely. Topics include: How Jon has seen security evolve from his time on the help desk to managing enterprise incident response investigation. The importance of using automation for detection at scale — especially as new classes of threats continue to emerge — and what makes a “good detection.” How organizations can reduce risk through strategy and by making investments in preventing common incidents like business email compromise and macro-enabled Word docs. The metrics Jon uses to measure success, and why thinking in terms of business goals and objectives will help you retain customers and deliver great outcomes. Some of the habits of an effective SOC, and how culture and candor can play a big role. How Expel uses data and metrics to track workloads, hedge burnout, and take care of the mental health of their team. Advice for those just getting started in security, and predictions for what the future of security teams will look like. Resources: Twitter: @jhencinski Expel.com Keep in touch with Jon Hencinski on LinkedIn: https://www.linkedin.com/in/jonathanhencinski/
In this episode of Future of Security Operations, Thomas speaks with Madhav Gopal, CISO at a Fintech start-up and formerly VP of Cybersecurity Operations at Comcast Cable. Madhav has over 25 years of experience with a track record of using innovation to protect and support customers and partnering effectively with business teams. Over the course of his career, Madhav has also led engineering operations, internal audit and security consulting teams. Madhav serves as an advisor to Save the Children US and Citadel Banking. Topics include: What security operations and infrastructure at scale looks like How to protect key business operations while focusing on security How security teams can be a better partner to other teams across an organization The state of security operations today, considering the speed at which new technologies are adopted How to manage risk and events at scale, and what to focus on How to reduce manual tasks and the role engineering plays in doing so Advice to security leaders and what to look for in a strong CISO Resources: Keep in touch with Madhav on LinkedIn
In this episode of Future of Security Operations, Thomas speaks with Kristian Kivimägi, Head of Security Operations at Pipedrive, a CRM and intelligent revenue management platform for small businesses, who helped scale Pipedrive's Info Sec team from start-up to 20 people. Kivimägi is also a guest lecturer in vulnerability assessment and cybersecurity at Tallinn University of Technology. Topics include: The state of security operations today, both the good and the bad Tips for retaining and building talent from someone who built a security team How to reduce time spent on manual tasks, including frequent phishing emails What elements individuals who want to build a security team should prioritize, and advice to new security leaders How to measure security team success, what metrics to track, and how to assess performance How to take care of your team, combat burnout, and improve mental health What security operations teams will look like in five years, and what technology they will implement
Intro: In this episode of the Future of Security Operations, Thomas speaks with Andrew DiMichele, Director of Security Operations at Redis, whose background is in building security operations programs. DiMichele's security journey began in the US Air Force Reserves, and brought him to CISCO, banking, IBM, and Citrix. Topics include: The evolution of cybersecurity as seen across different types of organizations How to keep employees engaged in cybersecurity, and reasons why there's not a long tenure in the industry Burnout and mental health in security and what companies can do to address it Reducing the time spent on manual tasks through automation, and how to do so being away of the chain of approvals How to work with other teams across the organization and showcase the work security does to ensure your team is being respected Advice for new security leaders What security teams will look like in five years, what new technologies security teams should look towards, and how to prepare your team for the future
In our latest episode of the Future of Security Operations, Thomas speaks to Corey Hill, Director of Security Operations and Incident Response at Citrix. After working at organizations such as Mandiant and Cisco, in 2020 Corey joined the Citrix team when there were just a small handful of people on the SOC team. Today, the teams Corey leads spread across four countries and are responsible for Detection Engineering, Threat Intelligence, Threat Monitoring, SOAR Automation, and Incident Response (both CSIRT) services at Citrix. Topics in this episode include: Corey's journey that eventually led to his current role at Citrix. How Corey's perspective on security has evolved throughout his career and why there's no security strategy that fits all. Lessons from building multiple SOC teams from scratch. How security operations have evolved. How Corey leverages automation to make his team more efficient and effective. How Citrix prioritizes mental health for everyone who works at the company. Why burnout is inevitable and how to tackle it. Taking away the stigma of being breached and how to respond when it happens. The role mentors have played in Corey's professional success. #1 piece of advice for those who are leading security operations teams. What the future of security operations will look like.
Aaron Cooper is the Security Operations Manager at TripActions with 20+ years of experience working in a variety of enterprise infrastructures. He specializes in managing and designing secure network environments to meet the needs of financial and corporate customers, managing security operations centers, designing and implementing highly secure and available data networks while maintaining HIPAA, SOX, and PCI compliance. In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more! In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more! Topics in this episode include: His journey from hardware, to a vendor, to healthcare, to banking, to a cloud first tech company – how security posture and challenges differ across industries and companies Why it's critical to understand the culture of the company to run a successful security team Why the state of security today is in flux and how security teams are changing how and what they respond to Why the ‘onion model' no longer exists so it's critical to put on your ‘black hat' The tools and strategies that help Aaron with risk reduction and analyzing indicators The one thing IT managers can do to maintain the uptime of their environment How Aaron works to prevent burnout among his team and what drives him to help his team succeed How Aaron evaluates AI tools How his major in psychology gives him insight into the minds of security analysts, how resilient they can be, and how to hold space for them Resources mentioned: Year Up: https://www.yearup.org/job-training/cyber-security Hunter: https://www.hunters.ai/
In our 10th episode of the Future of Security Operations, Thomas speaks to Jay Thoden Van Velzen, Multicloud Security Operations Advisor at SAP. Prior to Jay's current role, Jay scaled the SecDevOps team from 5 to 25 team members across three continents and five countries and was the Initiative Lead for multiple security improvement programs for Multicloud across SAP. Topics discussed in this episode: Understanding the scale and size of SAP and the unique security complexities the organization faces. The state of security operations today. How to overcoming the common challenges that security operations teams face today. How teams can solve the talent gap in cybersecurity and how SAP tackles the problem. Defining what SecDevOps is exactly. Practical advice for those who are leading security operations at fast-growing organizations. Why you may need to rethink your existing tooling to ensure its suitable for the public cloud. What's in store for the future of security operations.
Today on the Future of Security Operations Podcast, Thomas speaks with Rebecca Blair, Manager of the Security Operations Center at Toast, an all-in-one point-of-sale and restaurant management platform for businesses in the food service and hospitality space. After working in a variety of different cybersecurity roles over the past decade, Rebecca joined Toast in 2021 as the first employee of their security operations center. On this episode, she shares lessons learned as she scaled the team along with her insights on what's in store for the future of security operations. Topics discussed in this episode: - The state of security operations today. - How to prioritize what needs to be done first when you are building a security operations team from scratch. - How to measure the efficacy of your alerts to determine what's worth keeping and what you should get rid of. - How Toast reduces the amount of manual time spent on tasks and how they keep their team happy and excited about the work they do. - How to develop and source cybersecurity talent. - How working towards an MBA has changed how she approaches security. - Why Rebecca loves dashboards and why they are critical to her work. - How Toast prioritizes mental health for their entire team. - Tips for how to run a good purple team. - What security operations teams will look like in the future.
On Today's episode of the Future of Security Operations Podcast, Thomas speaks with Jason Barnes — the former Head of Global Security Operations at Netskope and current Senior Director at Charter Communications. *Note: this episode was recorded in late May 2022, prior to Jason departing from Netskope* Topics discussed in this episode: - How Jason describes the current state of security operations and how its evolved over the past 10 years. - What Netskope's SOC team is focused on and what Jason's day to day look like. - How Jason helps his team prioritize where to focus their time and resources. - Jason's philosophy around automation and the power it can bring to a security operations team. - Tips for helping security operations team reduce the time spent on low value manual tasks (outside of automation). - Jason's prediction for what the future of the SOC will look like. - How Netskope focuses on mental health and burnout and the resources the company offers to team members. - #1 piece of advice for security operations leaders at fast-growing tech Resources mentioned: Jason's blog: https://www.netskope.com/blog/author/jbarnes
Today on the Future of Security Operations Podcast, Thomas is joined by Jack Naglieri, CEO of Panther Labs, a cloud-native SIEM platform that alleviates the pain of traditional SIEM with detection-as-code, a robust security data lake, and huge scalability with zero-ops. Topics discussed in this episode: - The challenges Jack faced while working on security teams at organizations like Yahoo and Airbnb. - The difference between security at Yahoo and Airbnb. - The origin story of StreamAlert - the open-source tool Jack built while working at Airbnb. - How a VCs cold email eventually led to Jack founding Panther Labs and how they acquired their first customers. - How Panther is different from traditional SIEM platforms. - What you need to know about detection-as-code and security data lakes. - Why teams need to focus on security — not operations. - Lessons learned from Jack working closely with fast-growing sophisticated security teams that make up Panther's customer base. - What security operations will look like in the future. - Why security teams must learn and embrace automation to deal with the challenges of cloud-scale security. - What features are coming next from Panther Labs. Resources mention on the episode: Jack's podcast: Detection at Scale Jack's blog post: From StreamAlert to Panther Jack's keynote releasing StreamAlert: USENIX Enigma 2017 — StreamAlert: A Serverless, Real-time Intrusion Detection Engine
In our sixth episode of the Future of Security Operations Podcast, Thomas speaks with Niall Heffernan, Head of Security at Cygnvs, a former Senior Manager of Information Security at Informatica, and a Lecturer for BSc, HDIP, PGDip and MSc students studying in the Cyber Security streams at the National College of Ireland. Topics discussed in this episode: Niall's view on the current state of security operations and how it's evolved over the past 5 years. What's top of mind for Niall as he begins building a security operations team from scratch. How to prioritize incidents and determining what detections can be ignored using automation. What most security practitioners get wrong when they embark on bringing the power of automation to their security program. Lessons that security can learn from software engineering. How security changes when an organization goes public and why the stakes become so high. What can be done to solve the security talent shortage gap. Niall's #1 piece of advice for security leaders and and practitioners. What's in store for the future of security operations and why the traditional levels of security analysts will change.
In our fifth episode of the Future of Security Operations Podcast, Thomas speaks with Dylan White, an Information Security Engineer at KnowBe4 — a leading security awareness training platform. Topics Discussed: What KnowBe4 does and the problem they solve for organizations. The most common lures hackers are using today to trick users. Dylan's favorite phishing test of all time — and why it was so effective. How to build a culture that takes responsibility for security and why leaders need to make it clear it's okay if mistakes are made. How to make security more approachable for the entire organization. The state of security automation today and why Dylan is so excited about endless possibilities that automation makes possible for security teams. Manual and mundane tasks that Dylan's been able to automate and free his team from spending (and wasting) their time on. How automation has made his team 5x more effective. What Dylan sees security practitioners get wrong about security automation. Dylan's advice for security leaders and how they can set their teams up for success with automation. What's in store for the future of security automation.
In our fourth episode of the Future of Security Operations Podcast, Thomas speaks with Johannes Gilger— CEO and founder of urlscan, a URL and website scanner that enables users to take a look at the individual resources that are requested when a site is loaded. Prior to founding urlscan, Johannes was the managed the Threat Intelligence Automation team at CrowdStrike Topics discussed in this episode: What urlscan is and how it works. Why Johannes founded urlscan and why he thinks the security community is so collaborative. Johannes journey that eventually led to founding urlscan and why he decided to leave Crowdstrike to focus his attention on urlscan. How automation transforms security investigations. What urlscan users get wrong about automation. The #1 piece of advice Johannes has for security operations teams getting started with automation. Tips for customer-facing brands to reduce their attack target size. What future security challenges will look like in the years ahead and how organizations can use automation to get prepared for what's next.
In our third episode, we speak with Maxime Lamothe-Brassard — CEO and founder of LimaCharlie, a security infrastructure as a service tool that gives security teams full control over how they manage their security infrastructure. Maxime's unique perspectives come from a career in security, including Canada's NSA, Google, Arc4dia, and the early days of Crowdstrike. Topics discussed in this episode: The problem LimaCharlie solves. What endpoint hygiene means and lessons Maxime learned from working at Google. How Maxime describes the state of security today. Maxime's philosophy for how cybersecurity products should be marketed and sold to customers. How small improvements can lead to major change over time. How better tools and great APIs can remove the “boring stuff” so security teams can focus on more exciting work. Where Maxime sees security headed in the future.
In our second episode, we speak with Elastic's Product Marketing Director James Spiteri, an experienced security practitioner turned product marketer with a passion for making security accessible and easy for anyone and everyone. Topics discussed in this episode: Why James joined Elastic four years ago. What Elastic is and the different use cases the company offers (Did you know every Netflix search uses their Elastic?). How James has seen security operations evolve over the years and why the industry still faces the same data problem it faced five years ago. What Elastic is doing to tackle analyst burnout and mental health including “shut it down days” two Fridays per month. How Elastic leverages the power of no-code security automation. The #1 piece of advice James has for security teams.
The security world has undergone a seismic shift. What a few years ago seemed impossible like having a 100% remote team without a decrease in productivity, today is a reality. But what has been the cost? Do I have a process in place or do I have one person that's holding a lot of the processes together? What other questions should leaders ask themselves to determine the state of security operations and the impact these are having on their teams? In our first episode, we are joined by Lena Smart, CISO of MongoDB, an inspiring leader who enjoys building teams and models from scratch, not losing sight of one of the most pressing topics of our time: burnout. Topics discussed in this episode: How Lena became MongoDB's first CISO. How she sees the state of security operations today. What MongoDB does to address burnout and mental health issues in security teams. What Lena advises to do to overcome burnout. How to make security roles more accessible to minorities. Advice for CISOs who are building a security program for the first time. What security operations will look like in a few years' time.
Security teams are feeling burned out and overwhelmed. They are spending most of their time on alerts and tedious manual tasks, experiencing frustration and churn. How do you automate these mundane security work that analysts are drowning in? The Future of Security Operations podcast is about empowering security operations teams and leaders and helping them remove the barriers that are preventing them from doing the high value strategic work that truly matters. Welcome to our podcast show where security leaders reimagine the future of security operations!
© 2020-2025 Ivy Podcast Discovery LLC
