The Future of Security Operations

In this episode of The Future of Security Operations podcast, David Seidman joins Thomas to discuss their career to date and what they have learned along the way. David is currently Head of Detection and Response at Robinhood, an online brokerage firm with a mission to democratize finance for everyone. 
David has almost 20 years of experience in software and security, having worked for huge names like Microsoft, Google, Salesforce, and now Robinhood. 
Topics include: 
David’s entry into security and their 10-year tenure at Microsoft. 
Dealing with the public’s and media’s interest in security incidents at global organizations like Microsoft, Google, and Salesforce.
The changes that came with David’s move from large-scale organizations to Robinhood and the difference in operations and threat actors that they have seen. 
David’s detection strategy and how they approach the kill chain model. 
How David manages to keep on top of their technical capabilities while also keeping the mental health and performance of their team as high as possible. 
The lessons David has learned so far in their career about creating a culture of safety and high morale for SecOps teams. 
Decreasing friction around prioritizing between good business and good security operations.
How David describes the state of security operations today.  
The challenge of false positives and ways to address the stress and burnout that come with them. 
The need for executive stakeholder communication skills as an incident responder. 
Where David sees security operations and incident response going in the next five years. 
 
Resources: LinkedIn
 

In this episode of The Future of Security Operations podcast, Thomas speaks to Jeff Moss, Senior Director, Information Security, at Incode Technologies. Incode is the leading provider of world-class identity solutions for the world’s largest financial institutions, governments, retailers, hospitality organizations, and gaming establishments. 
 
Jeff has over 10 years of experience in tech and IT, moving from project and program management in areas such as construction and IT into cybersecurity, where he quickly worked his way up to becoming CISO and Senior Director of Information Security. He has countless licenses and certifications, including Certified Information Systems Auditor with ISACA, and he also has an MBA. 
 
Topics include: 
How Jeff decided to make the move from engineering to product security. 
His less traditional path into cybersecurity leadership and how he worked his way up to CISO in such a short space of time. 
The evolution of product security over the last five years. 
The increased attack surface within the industry and how to reduce the risks. 
What Jeff has learned from scaling security for numerous startups.
Tips for the prioritization of initiatives that Jeff has learned as part of his MBA and his years as a project and program manager. 
Jeff’s approach to combining the technical and the business in his management.  
The shift in organizational structure with CISOs needing to report to the board and CEO. 
The proposed Securities and Exchange Commission (SEC) rulemaking in the US and what it means for the industry.
What Jeff expects to see in security operations over the next five years. 
 
Resources: LinkedIn

In this episode of The Future of Security Operations podcast, Thomas chats with Rebecca Harness, VP and Chief Information Security Officer at Quickbase. Quickbase is a no-code database and application development platform that enables anyone to safely build, iterate, and integrate their applications.Rebecca has 25 years of experience in information technology and over 12 years of experience in security specifically. Over her career, Rebecca has launched two of her own companies; she’s led numerous high-performing cybersecurity teams through the challenges of supporting cloud-first digital transformation strategies; and she’s a board member of ISACA St. Louis. She also has a Master of Science in Information Security Engineering.
Topics include: 
Rebecca’s career journey from her start in IT to founding her first company, to becoming VP and CISO at Quickbase.
The steps Rebecca takes to build a strong security culture within her teams.
Balancing empathy and velocity as a CISO.
The measures Rebecca feels best place SecOps teams to securely and safely engage with technology partners and third-party vendors.
The inevitability of human error and how automation can help combat this.
How Rebecca has seen SecOps evolve and the resource and skills gap being experienced across the industry and how this can be combated. 
How generative AI can be a key collaborator for SecOps teams. 
Where Rebecca sees the SecOps landscape going over the next five years. 
Rebecca’s experience in the MSP space and how she feels MSPs will be affected by attacks becoming less commodified and more targeted. 
The measures Rebecca takes to ensure her teams don’t burn out and remain passionate about their role. 
 
Resources: LinkedIn 

In the first episode of this season of The Future of Security Operations podcast, Thomas speaks to Josh Kamdjou, founder and CEO of Sublime Security, the world's first open and adaptable email security platform, preventing email attacks using Detection-as-Code and behavioral AI.
Josh has more than 13 years of experience in the security industry, doing a mix of government work and private consulting before founding Sublime Security in 2019. Josh holds a B.Sc. in Computer Science from the University of Maryland and is a regular speaker at security conferences and workshops.
 
Topics include: 
Josh’s interesting path into security started with his career working with the government.
How the approach to email security has changed over the last 10 years.
The gap and lack of tooling that Josh discovered in email security led to the founding of Sublime Security.
The types of business email compromise fraud that are still working today and how the threat landscape has changed.
Moving from consultancy to creating a product and securing Sublime’s first customers.
Putting yourself in your customers’ shoes to aid discovery and build a better product.
How Josh’s experience working in government and industry shaped his approach to how he builds Sublime’s product.
What companies are doing to successfully defend against email threats.
Where security operations might be in five years and how teams will be doing more with less.
Sublime Security’s plans for the next 12 months.
 
Resources: LinkedIn

In this season’s finale of the Future of Security Operations podcast, Thomas chats with Yinon Costica, Vice President of Product and co-founder at Wiz, the leading cloud infrastructure security platform that enables organizations to identify and remove the most pressing risks in the cloud.
Yinon has more than 15 years of experience leading cybersecurity product development teams, with expertise in the cloud security market. Yinon started his career as a software engineer at the Israel Defense Forces (IDF). After this, he was the VP of Adallom, a leading cloud access security broker, until they were acquired by Microsoft in 2015. At Microsoft, he led the Cloud Security Group product organization for four years before co-founding Wiz.
Topics include: 
Yinon’s journey, starting with the Israel Defense Forces, and how it led to his introduction to cybersecurity. 
The decision process behind building Wiz and how the original idea for the company changed and developed during this time. 
Yinon’s view on the changing landscape of security over the last 20 years and how it has become a C-level discussion. 
Measuring how mature your company’s security operations are and the process of wider teams becoming more proactive about security.
The self-serve model of security used at Wiz and how companies can employ this to create a more secure environment across the enterprise. 
Approaching the challenge of gaining Fortune 100 customers when running a start-up and what it takes to build an enterprise-grade product. 
The specific challenges that those who are leading security teams in fast-growing tech startups face when approaching the cloud.
Stepping back to find toxic combinations in your organization that need to be remediated first when evaluating levels of prioritization. 
What the security operations landscape will look like in five years and how the self-serve model will fit into this. 
Some lessons Yinon has learned from the close relationships that the Wiz founding members have built up over the last 20 years.
Taking steps to overcome the issue of diversity and bias in the security space.
Resources: LinkedIn

In this episode of the Future of Security Operations podcast, Thomas chats with Morey Haber, Chief Security Officer at BeyondTrust. BeyondTrust is a worldwide leader in Privileged Access Management (PAM), focused on addressing the most urgent cybersecurity challenges, including zero trust, ransomware, cloud security, and more.
Morey has more than 25 years of IT industry experience, has authored four books, is a founding member of the industry group Transparency in Cyber, and in 2020 was elected to the Identity Defined Security Alliance (IDSA) Executive Advisory Board. Morey currently oversees BeyondTrust security and governance for corporate and cloud-based solutions and regularly consults for global periodicals and media.
 
Topics include: 
Morey’s journey in cybersecurity, starting almost 20 years ago in a software action team.
The cultural and perception shift that vulnerability management and security operations have undergone over the past 20 years.
The challenges modern security operations face due to identity-based risks increasing in a remote working world. 
The exploitable flaws seen in two-factor authentication (2FA) and multi-factor authentication (MFA) identification. 
How BeyondTrust specializes in privileged access and least privilege to ensure the integrity of all transactions. 
The differences with implementing security disciplines in the cloud. 
How Morey stays on top of the latest issues and threats in the cybersecurity world. 
The importance of self-discipline when it comes to mental health and overcoming the risk of burnout, and how managers can best support this. 
Some of the most memorable security incidents Morey has come across. 
Morey’s stance on what security teams should be wary of when it comes to ChatGPT. 
What cybersecurity might look like in five years’ time with advances in AI taken into consideration. 
 
Resources:
LinkedIn: https://www.linkedin.com/in/mjhaber/

In this episode of the Future of Security Operations podcast, Thomas interviews Arthur Barnes, Senior Director of Security Operations at Oracle – the world’s largest database management company. 
Arthur is an experienced cybersecurity leader with 20 years of experience, having previously worked at Pearson, Dell, and M&S. He contributed to the ENISA Cloud Procurement Guidelines, which is a practical guide aimed at the procurement and governance of cloud services, and is currently completing an MBA in Business Administration and Management. 
Topics include: 
Arthur’s journey from working within government, consulting, and the private sector and how he found his way into the security space. 
How security has evolved over the last 10 years, including the main challenges faced by cybersecurity leaders and their teams. 
Solving the challenge of hiring the right people and how to identify the best candidates during the interview process.
What Arthur has learned about what it takes to be a leader and how to identify good candidates for promotion to leadership positions.
Approaching and dealing with mental health concerns for people working in cybersecurity.
Reducing time spent on repetitive tasks and helping teams outside of the security organization to automate tasks. 
Cases of forensic investigations that became story-worthy. 
Arthur’s number one piece of advice for those leading security teams today.
What security teams might look like in five years’ time. 
 
Resources:
LinkedIn: https://www.linkedin.com/in/arthurbarnes/?originalSubdomain=uk

In this episode of Future of Security Operations, Thomas speaks with Ryan Noon, Founder and CEO of Material Security, a company that protects the email of high-risk VIPs and top global organizations.
A serial entrepreneur and an expert on cloud security, Ryan previously ran infrastructure teams at Dropbox after it acquired his last company, Parastructure. Before that, he helped build a company spun out of Stanford by the Department of Defense. A graduate of Stanford, Ryan holds degrees in Computer Science and Computer Security.
Topics include:
Ryan’s first startup experience and the decision to launch his first company, Parastructure
Getting acquired by Dropbox and what he enjoyed most about working there
Ryan’s journey from a hobbyist to a thought leader and founder in cybersecurity, taking a critical eye towards every system, and why Ryan sees himself as “a builder, a creator, and an optimist than a true security engineer”
How the Russian government’s interference in the 2016 U.S. presidential election impacted his perspective on cybersecurity and helped him realize the power of APIs
Why email is such an excellent target for cyber attackers and how Material Security secures data within inboxes
What founders should focus on in the first year, the importance of product management, and how Material secured its early adopters, including customers like Stripe, Databricks, and Lift, so quickly
How to help your product to stand out, and why he believes it’s important to avoid FUD tactics in cybersecurity
What Ryan has learned from working with the world’s leading security teams and how the best teams bridge gaps to win
Ryan’s thoughts on the uncertain global economic climate, its impacts, and how Material’s conservative approach has allowed them to maintain a relatively lean team
The future of security operations and what trends Ryan believes will continue - doing more with less and leveraging better infrastructure and tools that enable you to go deeper with your existing tech stack
Resources:
LinkedIn

In this episode of the Future of Security Operations podcast, Thomas speaks with Diana Kelley, Chief Security Officer / Chief Strategy Officer at Cybrize, which connects organizations, security leaders, and job seekers to train and support the next generation of cybersecurity professionals. 
Diana has been a trailblazer in the cybersecurity industry for over three decades. She's served as CTO for Microsoft and Global Executive Security Advisor at IBM; she was also previously VP of Burton Group (now Gartner for Technical Professionals) and a manager at KPMG. Diana volunteers with numerous organizations in her free time, including ACM Ethics & Plagiarism Committee and WiCyS (Women in Cybersecurity), all devoted to advancing diversity within this field.
Topics include: 
How Diana first developed a passion for computers and security
Diana's career path, from building and managing a global network to working as a consultant
The changing security landscape and how increasingly sophisticated adversaries challenge it
Why executives need to recognize compliance is not just a checkbox exercise, and how Diana helps business leaders bring compliance in as part of their toolkits to develop better security programs
The challenge of balancing security policies with different pressures within an organization
The cybersecurity skills gap and how hiring managers can attract and retain the best candidates through DEIA, allyship, creating open-minded job descriptions, and recognizing the value of different skill sets
The importance of sizing security teams properly to prevent exhaustion and burnout, measuring the success of your security program, and communicating the value of your security team
Why Diana believes SOCs will be more distributed in the future, why it makes sense for smaller companies to outsource, and the rise of AI and automation to support humans rather than replace humans
Diana reflects on a striking security incident
Resources: 
LinkedIn

In this episode of the Future of Security Operations podcast, Thomas interviews Andreas Schneider - the Field CISO EMEA at Lacework. Leveraging its data-driven platform and cloud-native application protection solution, Lacework helps organizations make sense of immense amounts of security data with minimal effort. 
With over two decades of experience in cybersecurity, Andreas started off as a defender working on mainframes for a financial services company before building up his first security team within the Swiss broadcasting industry.
Topics include: 
After discovering computer games like Risk, how Andreas found himself accidentally working in security.
Building up the security team for a Swiss broadcasting company and managing large-scale environments sensitive to interruption.
Why Andreas moved to Lacework after first experiencing the platform as a customer.
Why Andreas feels comfortable dealing with large-scale attacks and enjoys what he does.
The shift to DevOps and why security needs to evolve continuously and become more decentralized.
The changing role of the lonely CISOs, the importance of culture and accountability, and how Andreas approaches his work to identify gaps.
Two of Andreas' biggest failures and why he believes it's essential to talk about failure in security.
Andreas' passion for the security community, how he sources new talent, and why he prioritizes listening to developers to enhance collaboration efforts.
How Andreas carefully chooses vendors and security tools to help his team avoid alert fatigue and friction that slows their processes down.
Why Andreas believes machine learning and automation will be a big focus in the future of security operations, and human behavior will remain the most formidable risk.
Resources:
LinkedIn: https://www.linkedin.com/in/ciso-andreas-schneider