The Future of Security Operations

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Brent Deterding. Brent has over 25 years of experience in security, both on the vendor side and now as a security leader. He spent a big part of his career with cloud-native security analytics platform SecureWorks, and he’s currently the CISO of Afni, a global provider of contact center solutions in the U.S., Philippines, and Mexico.
Brent and Thomas discuss:
- His unconventional path to becoming a CISO
- Building a security team with zero attrition
- Removing the burden of stress in incident response
- Strategies for risk prioritization
- Facing off against cybercriminal group Scattered Spider
- Why prioritization and leadership are among security's biggest challenges
- Being dubbed "the happy CISO" after reporting high levels of job satisfaction
- Brent's four security non-negotiables
- The right way to approach CISOs as a security vendor
- Measuring success when you're metrics-averse
- What the SOC will - and should - look like in five years
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
Where to find Brent Deterding:
LinkedIn: https://www.linkedin.com/in/brent-deterding/
Afni: https://www.afni.com/
Where to find Thomas Kinsella: 
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Twitter/X: https://twitter.com/thomasksec
Tines: https://www.tines.com/
Resources mentioned:
How to connect with me as a vendor by Brent Deterding on LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:7146566282128076800/
In this episode:
[01:56] Brent's unconventional path to becoming a CISO
[04:10] Finding the right fit at Afni
[06:09] Separating his identity from his job and removing the burden of stress
[10:22] Why Brent sees risk prioritization and leadership as security's biggest challenges
[13:02] Brent's first steps as CISO at Afni including deploying MFA across 10,000 employees
[16:29] Going up against threat group Scattered Spider
[17:43] Brent's custom risk frameworks
[23:03] Measuring success as someone who's metrics-averse
[26:19] How Brent developed his unique leadership style
[29:13] Supporting his team to do their best work
[31:55] Brent's tips for security vendors
[36:07] Using AI for resilience and protection
[39:20] What security could and should look like in five years
[42:53] Connect with Brent

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Nicolas Chaillan. Nicolas is a security leader who has held several high-profile roles in US federal agencies including Chief Software Officer for the US Air Force and Space Force, Special Advisor for Cloud Security and DevSecOps at the Department of Defense (DOD), and Special Advisor for Cybersecurity and Chief Architect for Cyber.gov at the Department of Homeland Security. He is also the founder of no less than 13 companies, including Ask Sage, a GPT-powered platform that brings Generative AI capabilities to government teams.
Nicolas and Thomas discuss:
- Building the US government's first zero trust implementation
- Putting Kubernetes on jets and space systems
- The challenges of bringing new technologies to the federal government
- How the threat landscape will continue to evolve for US federal agencies
- The biggest mistakes entrepreneurs make
- How cross-team collaboration helped him create meaningful change at the DOD
- The future of AI in security
- The inspiration behind his AI-powered platform, Ask Sage
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
Where to find Nicolas Chaillan:
LinkedIn: https://www.linkedin.com/in/nicolaschaillan/
Twitter/X: https://twitter.com/NicolasChaillan
Nic's YouTube channel: https://www.youtube.com/channel/UCt7jKHaxWS8W_4rcKGg7X9w
Ask Sage: https://www.asksage.ai/
Where to find Thomas Kinsella: 
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Twitter/X: https://twitter.com/thomasksec
Tines: https://www.tines.com/
Resources mentioned:
Making An Impact: Nicolas Chaillan, CEO Magazine: https://www.theceomagazine.com/executive-interviews/government-defence/nicolas-chaillan/
In this episode:
[02:20] Becoming a self-taught coder at 7 and founding his first company at 15
[05:02] Shipping 187+ technology products as a founder, in verticals as varied as healthcare, retail and banking
[07:08] The biggest mistakes entrepreneurs make
[08:40] His latest product, generative AI platform Ask Sage
[11:30] The challenges of bringing a new product to the US government
[13:45] Building the first zero trust implementation in the government as Special Advisor for Cybersecurity at the Department of Homeland Security
[15:20] Advocating for new technologies at federal agencies
[19:40] Deploying Kubernetes on 50-year-old hardware on the F16 jet at the Department of Defense
[22:02] Dealing with pushback and internal resistance to change
[24:50] Recruiting internal help to establish force-wide DevSecOps at the DOD
[29:00] Becoming Federal Chief Technology Officer at Qualys
[30:30] Reflecting on the changes he implemented while working for the US government
[33:12] Deciding which companies to work with as an advisory board member
[36:40] How the threat landscape will continue to evolve for US federal agencies
[40:50] TikTok as a channel for misinformation and national security weapon
[44:18] Nicolas' predictions for the future of security
[47: 10] Connect with Nicolas

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by George Griesler. George has been working in cybersecurity since 1997, when he assumed the role of Senior Network administrator at the United States Golf Association (USGA), eventually advancing to Director of Information Security. He currently serves as the Senior Director of Cybersecurity at the National Football League (NFL), where he works to secure events like the Super Bowl, which in 2024 was the most-watched telecast ever.
George and Thomas discuss:
- What security operations looked like in 1997
- Protecting the secrets of regulation golf equipment at the USGA
- The shift in security and privacy needs at live sports events
- Securing scents, flavors, and other chemical formulations at IFF
- Preparing for Super Bowl LXXVIII in the wake of the MGM Resorts cyber attack
- The Super Bowl threat profile, from scoreboard hacking to stadium credentials
- Collaborating with cybersecurity experts from CISA, the FBI, Caesars Palace, and the MGM Grand.
- Aligning security operations with physical security
- The reality of working on high-pressure events
- The benefits of knowledge sharing with other teams working on live sports events
- The importance of relationship building across internal security teams:
- The potential of automation, orchestration, and AI in incident response
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
Where to find George Griesler:
NFL: https://www.nfl.com/
LinkedIn: https://www.linkedin.com/in/georgegriesler/
Where to find Thomas Kinsella: 
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Tines: https://www.tines.com/
Resources mentioned:
A Cyberattack Shuts Down MGM Resorts In Las Vegas And Other Cities: https://www.forbes.com/sites/suzannerowankelleher/2023/09/12/a-cyberattack-mgm-resorts-las-vegas/?sh=c1b5096505c0
The 1,000-ton screen bringing Super Bowl LVI to the lucky fans inside the stadium: https://edition.cnn.com/2022/02/11/sport/super-bowl-lvi-samsung-infinity-screen-sofi-stadium-tech-spc-intl/index.html
In this episode:
[01:50] What infrastructure management and incident response looked like in 1997
[03:30] His projects at the United States Golf Association (USGA), including securing a golf handicap information network
[06:05] Witnessing the digital transformation of live sports events
[08:40] Securing flavors, scents and other chemical formulations at IFF
[13:20] Building a threat model for large OT environments
[15:30] Increasing security awareness and culture across the organization
[17:45] Moving to the NFL
[21:20] How George's team prepare for the Super Bowl
[24:10] Partnering with cybersecurity experts at CISA, the FBI, and local partners in Las Vegas like Caesars Palace and the MGM Grand.
[27:00] The Super Bowl's threat profile, from scoreboard hacking to stadium credentials to online identities of individual players
[29:20] Inside the NFL's Super Bowl command centre
[30:40] Ensuring the team is supported to handle high-pressure events
[32:55] Knowledge sharing with security teams on other live sports events, from The Olympics to the World Cup
[37:00] Reducing risk through collaboration across the security team
[38:35] AI as a defender tool and attacker tool
[41:50] The future of the SOC
[43:15] Connect with George

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Adam Khan. Adam is a cybersecurity and technology leader with over 25 years of experience working at Fortune 500 companies. He has a proven track record of building and managing global security teams, leading engineering, infrastructure, application, and product, and is currently VP of Global Security Operations at Barracuda.
Adam and Thomas discuss:
- Building discipline and resilience by working on SRE teams
- How a well-known DDoS attack changed his career path
- Using automation to reduce alert fatigue
- Strategies for plugging the security skills gap
- The potential of AI-driven XDR
- How cyber attacks are evolving in the age of AI
- Lessons learned from researching the history of cybersecurity
- Empowering teams to do their best work
- Creating a culture of continuous learning
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
Where to find Adam Khan:
Adam's website: https://www.adamkhancyber.com/
LinkedIn: https://www.linkedin.com/in/adamkhan-cyber/
Barracuda: https://www.barracudamsp.com/ and sales@barracudamsp.com
Where to find Thomas Kinsella: 
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Tines: https://www.tines.com/
Resources mentioned:
2023 Global Cyber Threat Report by Adam Khan: https://www.adamkhancyber.com/post/2023-global-cyber-threat-report
Adam's five-part cybersecurity history series on smartermsp.com: https://smartermsp.com/author/akhan/
DarkReading: https://www.darkreading.com/
BleepingComputer: https://www.bleepingcomputer.com/
In this episode:
[02:10] Switching from site reliability engineering (SRE) to SecOps
[03:40] How the DDoS attack on Amazon, eBay and Priceline in 2008 piqued his interest in security
[04:37] Building discipline and resilience by working on SRE teams
[09:05] Navigating Barracuda's acquisition of SKOUT
[10:22] How growing companies can benefit from a external XDR platform
[11:50] Prioritizing the alerts that matter most to customers
[13:03] Using automation to enrich threat intelligence and root out false positives
[14:50] The potential of AI-driven XDR
[16:40] How cyber attacks have evolved as adversaries use AI tools like FraudGPT and WormGPT
[19:30] Adam's three key takeaways from researching the history of cybersecurity
[23:20] Strategies for tackling the talent shortage
[25:15] Empowering teams to do their best work
[28:10] How Adam stay on top of the latest security trends
[31:35] The importance of making mistakes
[32:20] Promoting a culture of blameless incident reviews
[34:40] Predictions for the future
[35:50] Connect with Adam

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Matt Johansen. Matt is a security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Alongside his day job as Head of Software Security at Reddit, he teaches companies how to protect against cyber attacks, and coaches entrepreneurs and CISOs that need help with infrastructure, application, cloud, and security policies. He also writes Vulnerable U, a weekly newsletter that talks about embracing the power of vulnerability for growth.
Thomas and Matt discuss:
- Moving from a large security team at Bank of America to a small one at Reddit
- Embracing scrappiness and doing more with less
- Overcoming sunk-cost fallacy
- Why the 2014 Sony hack was a pivotal time for AppSec
- Running the threat research centre at White Hat
- What he looks for when hiring in AppSec, the SOC and beyond
- His decision to start creating content about mental health in security
- Moving past imposter syndrome
- Renouncing superhero culture
- Paved paths and guardrails, and what comes next after "shift left"
- Lessons learned from Reddit's 2023 security incident
- The power of automating incident response
 
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
 
Where to find Matt Johansen:
Vulnerable U newsletter: https://vulnu.mattjay.com/
Twitter: https://twitter.com/mattjay
LinkedIn: https://www.linkedin.com/in/matthewjohansen/
TikTok: https://www.tiktok.com/@vulnerable_matt
Reddit: https://www.redditinc.com/
mattjay.com: https://www.mattjay.com
 
 
Where to find Thomas Kinsella: 
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Tines: https://www.tines.com/
 
Resources mentioned:
The Tech Professional's Guide to Mindfulness by Matt Johansen: https://www.mattjay.com/blog/the-tech-professionals-guide-to-mindfulness
Matt's piece on developer experience in the Vulnerable U newsletter: https://vulnu.mattjay.com/p/vulnu-003-courage-quit
Reddit's post on a February 2023 incident: https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Collaborative Incident Response Best Practices: Don't Rely on Superheroes by Matt Johansen: https://www.mattjay.com/blog/superhero-incident-response
Threat modeling depression by Matt Johansen: https://www.mattjay.com/blog/threat-model-depression
 
In this episode:
[02:14] Going from long-time Reddit user to employee
[04:50] Running AppSec at Reddit
[07:30] Being the internet's punching bag and boxing gloves
[10:30] Building a team from scratch at White Hat and lessons learned from the 2014 Sony hack
[15:10] Matt's approach to hiring
[21:15] His decision to create content about mental health in security
[23:20] Turning his Twitter network into his IRL network
[27:55] Moving past imposter syndrome
[30:00] Tools for safeguarding your mental health in incident response
[36:20] Preserving work-life balance for his teams at Reddit
[39:15] Moving past "shift left", and paved path to production and guardrails
[47:40] Lessons learned from a February 2023 incident at Reddit
[51:20] Renouncing superhero culture
[52:20] Automating incident response
[54:12] Connect with Matt
 

This week on The Future of Security Operations podcast, Thomas is joined by Prima Virani. Prima is a security engineer who worked across industries as varied as oil and gas and Fintech before becoming Principal Security Engineer at Twilio. With over a decade of experience spanning infrastructure security engineering, incident detection and response, and forensics, she's also shared insights at countless security conferences around the world, including SecTOR Canada and Agile India.
In this episode, Prima and Thomas discuss:
- The unique challenges of working in forensics
- Her transition to detection and response and cloud security
- Building a security detection framework at Segment
- Reducing mean time to resolve through automation
- Using data to prioritize which processes should be automated
- Merging teams and technologies when Segment was acquired by Twilio
- Joining the securing platform engineering team at Twilio
- Designing a challenging and varied career in security
- The influence of mentorship on career growth
- Democratizing security through knowledge sharing
- How security will change in the next five years
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
Where to find Prima Virani: 
Twitter: https://twitter.com/secnerdette?lang=en
LinkedIn: https://www.linkedin.com/in/primavirani/
Twilio: https://www.twilio.com/en-us
Where to find Thomas Kinsella: 
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Resources mentioned:
Hosting Fleet on AWS EKS by Prima Virani: https://segment.com/blog/hosting-fleetdm-on-aws-eks/
Fleet Device Management: https://fleetdm.com/
In this episode:
[02:22] Prima's introduction to cybersecurity career opportunities as a teenager
[06:30] The shift from forensics to detection and response
[09:15] Gaining experience in vulnerability and patch management, and network security
[14:15] Building a security detection framework at Segment using SOCless
[18:10] Using automation to reduce alert noise and improve response times
[20:30] The impact of automation on security team burnout
[22:50] Merging security teams, practices and technologies during Twilio's acquisition of Segment
[25:30] Moving to the securing platform engineering team at Twilio
[27:40] Growing her knowledge of AWS, Kubernetes and GCP
[32:40] Prima's plans to embrace machine learning in detection engineering
[34:20] The importance of mentorship and knowledge sharing in career growth
[37:30] Prima's all-time favorite projects, including hosting FleetDM on AWS EKS
[39:36] The future of security operations through Prima's eyes
[42:01] Prima's advice for security practitioners
[43:58] Connect with Prima
 

On this episode of The Future of Security Operations podcast, Thomas is joined by Andrew Santell. Andrew is an experienced security leader who worked for the U.S. Navy for over a decade before moving into the private sector. In 2021, he founded the Security Operations program at Netflix, and recently, he joined edge cloud platform Fastly, where he is the Director of Security Operations and Cyber Defense.
In this episode, Andrew and Thomas discuss:
- Navigating the unique challenges of the Navy, from log management to prioritization
- Making the leap from the Navy to tech
- Building a security operations team and program from scratch at Netflix
- Red teaming phishing response playbooks at Netflix to test their effectiveness
- Recognizing the value of good processes
- Why teams should design processes first, automate later
- Creating a feedback loop between teams at Fastly
- How “shifting left” has helped Andrew’s team reduce vulnerabilities
- Using automation for risk assessment at Fastly
- Andrew’s approach to incidents like the Log4J vulnerabilities 
- Why growth in the vendor market is a good thing for practitioners 
- Why automation should be a requirement, not just a best practice
- What advancements in AI mean for threat detection
- The importance of risk-based decision-making
- The potential of self-remediation 
- Why good security leadership starts with taking care of your people
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://tines.com/solutions/security
Where to find Andrew Santell: 
LinkedIn: https://www.linkedin.com/in/ajsantell/
Fastly: https://www.fastly.com/
Where to find Thomas Kinsella: 
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Resources mentioned:
Google’s SRE handbook: https://sre.google/sre-book/table-of-contents/
Netflix’s 2018 blog post on SOCless: https://www.linkedin.com/pulse/socless-detection-team-netflix-alex-maestretti/
In this episode:
[02:05] Andrew’s career journey so far
[05:35] The unique requirements of working in the Navy
[09:12] Risk-driven decision making
[11:11] Self-assessing phishing response controls and mitigations at Netflix
[14:28] Andrew’s decision to leave the Navy and his transition to the private sector
[16:12] Comparing approaches to security at the Navy and in tech
[19:26] Breaking free of bad processes
[23:20] Broadening roles to include pen testing, application security, and vulnerability management 
[27:27] How Andrew approaches automation at Fastly
[31:56] Protecting Fastly’s infrastructure
[33:57] How SecOps has changed and where it’s going next
[40:18] Embracing automation for vulnerability management
[42:45] Taking care of your people as a security leader
[44:56] Making engineering and automation part of prioritization
[47:19] Connect with Andrew  

To kick off season 5 of the Future of Security Operations podcast, Thomas is joined by Mandy Andress. Mandy is the Chief Information Security Officer at Elastic, a leading platform for search-powered solutions, and has more than 25 years of experience in information risk management and security. Before Elastic, Mandy led the information security function at MassMutual and established and built information security programs at TiVo, Evant, and Privada. She also founded an information security consulting company with clients ranging from startups to Fortune 100 companies.
In this episode, Mandy and Thomas discuss:
- Her move from accounting to security 
- Why she was drawn to Elastic's employee-centric culture
- How her role at TiVo in the early '00s shaped her view of privacy
- Switching from a technology-first to people-first approach to security
- Recognizing the human factor in incident response 
- Embracing asynchronous operations on dispersed teams
- The importance of bringing your authentic self to work 
- Staying technical as you move into leadership
- How she puts her law degree to use as a CISO
- Balancing compliance and overall security posture
- Collaboration and knowledge sharing within the CISO community
- Elastic's approach of knowledge sharing by default
- How prioritizing analyst time will be critical in the future of SecOps
- Adopting an infrastructure-as-code approach
- Balancing between proactive security measures and reactive responses
- Building a culture of security across the organization
- Tips for surviving in security operations in tech
The Future of Security Operations is brought to you by Tines, the platform that powers some of the world’s most important security workflows. https://www.tines.com/solutions/security
Where to find Mandy Andress: 
LinkedIn: https://www.linkedin.com/in/mandyandress/
Elastic: https://www.elastic.co/
Where to find Thomas Kinsella: 
LinkedIn: https://twitter.com/thomasksec
Twitter/X: https://www.linkedin.com/in/thomas-kinsella/
Resources mentioned:
Surviving Security: How to Integrate People, Process & Technology by Mandy Andress: https://www.amazon.co.uk/Surviving-Security-Integrate-Process-Technology/dp/0672321297
Mandy’s 2001 BlackHat talk on wireless LAN security: https://www.youtube.com/watch?v=XtT2Ta87uow
Elastic’s blog: https://www.elastic.co/blog
In this episode:
[01:57] Moving from accounting to security  
[02:43] Finding a company with strong vision, culture and business foundations 
[05:26] Working in network security in the early days of TiVo
[07:05] What’s changed in security since 2001?
[09:20] A career-long fascination with the human factor in incident response 
[10:30] Embracing empathy in her leadership style
[12:25] Finding a workplace where you can be your authentic self 
[16:10] Exercising her technical muscles
[17:45] The decision to study law
[21:18] Balancing compliance and overall security posture
[23:35] Knowledge sharing in the CISO community
[24:22] Elastic's policy of being "radically transparent"
[29:20] The future of security operations 
[31:29] How her security team works with product engineering
[34:03] Adopting an infrastructure-as-code approach
[35:01] Building a culture of security across the organization
[38:09] Her advice for others working in security in a high-growth organization
[41:50] Baking off security products in her home lab
[44:37] Connect with Mandy
 

In this episode of The Future of Security Operations podcast, Thomas interviews industry veteran Dmitriy Sokolovskiy.
Dmitriy is a founding member of (ISC)2 Eastern Massachusetts Chapter, and has over 25 years of experience in the security industry, having led teams at Putnam Investments, CyberArk, and, most recently, Avid. He’s a mentor and advisor to several successful startups and sits on the advisory board of companies like Audience 1st.
On this episode of The Future of Security Operations, Dmitriy discusses:
His early career journey from IT support to security.
Getting comfortable “losing sales on purpose” and building a cloud security program from the ground up at CyberArk.
Running product security at Avid, where the customer base included Oscar-winning film editors and Grammy-winning sound engineers. 
A particularly memorable mistake - how Dmitriy accidentally rerouted every employee’s emails to his inbox on the first day on the job, and what that experience taught him.
Learning to measure and communicate the security team’s ROI to senior leadership, with guidance from the team at Okta.
Why he believes we need a new word to describe the cybersecurity industry.
Dmitriy’s thoughts on the role security practitioners will play in fifth-generation warfare. 
Note: this episode was recorded before the October 2023 attacks in Israel and Gaza. 
Resources:
LinkedIn

In this episode of The Future of Security Operations podcast, David Seidman joins Thomas to discuss their career to date and what they have learned along the way. David is currently Head of Detection and Response at Robinhood, an online brokerage firm with a mission to democratize finance for everyone. 
David has almost 20 years of experience in software and security, having worked for huge names like Microsoft, Google, Salesforce, and now Robinhood. 
Topics include: 
David’s entry into security and their 10-year tenure at Microsoft. 
Dealing with the public’s and media’s interest in security incidents at global organizations like Microsoft, Google, and Salesforce.
The changes that came with David’s move from large-scale organizations to Robinhood and the difference in operations and threat actors that they have seen. 
David’s detection strategy and how they approach the kill chain model. 
How David manages to keep on top of their technical capabilities while also keeping the mental health and performance of their team as high as possible. 
The lessons David has learned so far in their career about creating a culture of safety and high morale for SecOps teams. 
Decreasing friction around prioritizing between good business and good security operations.
How David describes the state of security operations today.  
The challenge of false positives and ways to address the stress and burnout that come with them. 
The need for executive stakeholder communication skills as an incident responder. 
Where David sees security operations and incident response going in the next five years. 
 
Resources: LinkedIn