The Future of Security Operations

In this episode of Future of Security Operations, Thomas speaks with  Jon Hencinski, VP of SecOps at Expel, a company with "a mission to make security easy to understand, easy to use, and easy to continuously improve." Hencinski is passionate about getting to the root cause of security issues and using strategy to help organizations make problems go away entirely.
Topics include: 
How Jon has seen security evolve from his time on the help desk to managing enterprise incident response investigation.
The importance of using automation for detection at scale — especially as new classes of threats continue to emerge — and what makes a “good detection.”
How organizations can reduce risk through strategy and by making investments in preventing common incidents like business email compromise and macro-enabled Word docs.
The metrics Jon uses to measure success, and why thinking in terms of business goals and objectives will help you retain customers and deliver great outcomes.
Some of the habits of an effective SOC, and how culture and candor can play a big role.
How Expel uses data and metrics to track workloads, hedge burnout, and take care of the mental health of their team.
Advice for those just getting started in security, and predictions for what the future of security teams will look like.  
Resources: 
Twitter: @jhencinski
Expel.com
Keep in touch with Jon Hencinski on LinkedIn: https://www.linkedin.com/in/jonathanhencinski/

In this episode of Future of Security Operations, Thomas speaks with Madhav Gopal, CISO at a Fintech start-up and formerly VP of Cybersecurity Operations at Comcast Cable. Madhav has over 25 years of experience with a track record of using innovation to protect and support customers and partnering effectively with business teams. Over the course of his career, Madhav has also led engineering operations, internal audit and security consulting teams. Madhav serves as an advisor to Save the Children US and Citadel Banking.
Topics include: 
What security operations and infrastructure at scale looks like
How to protect key business operations while focusing on security
How security teams can be a better partner to other teams across an organization
The state of security operations today, considering the speed at which new technologies are adopted
How to manage risk and events at scale, and what to focus on
How to reduce manual tasks and the role engineering plays in doing so
Advice to security leaders and what to look for in a strong CISO
Resources: 
Keep in touch with Madhav on LinkedIn

In this episode of Future of Security Operations, Thomas speaks with Kristian Kivimägi, Head of Security Operations at Pipedrive, a CRM and intelligent revenue management platform for small businesses, who helped scale Pipedrive's Info Sec team from start-up to 20 people. Kivimägi is also a guest lecturer in vulnerability assessment and cybersecurity at Tallinn University of Technology.
 
Topics include: 
The state of security operations today, both the good and the bad
Tips for retaining and building talent from someone who built a security team
How to reduce time spent on manual tasks, including frequent phishing emails
What elements individuals who want to build a security team should prioritize, and advice to new security leaders
How to measure security team success, what metrics to track, and how to assess performance
How to take care of your team, combat burnout, and improve mental health 
What security operations teams will look like in five years, and what technology they will implement

Intro: In this episode of the Future of Security Operations, Thomas speaks with Andrew DiMichele, Director of Security Operations at Redis, whose background is in building security operations programs. DiMichele's security journey began in the US Air Force Reserves, and brought him to CISCO, banking, IBM, and Citrix. 
Topics include: 
The evolution of cybersecurity as seen across different types of organizations
How to keep employees engaged in cybersecurity, and reasons why there's not a long tenure in the industry
Burnout and mental health in security and what companies can do to address it
Reducing the time spent on manual tasks through automation, and how to do so being away of the chain of approvals
How to work with other teams across the organization and showcase the work security does to ensure your team is being respected
Advice for new security leaders
What security teams will look like in five years, what new technologies security teams should look towards, and how to prepare your team for the future

In our latest episode of the Future of Security Operations, Thomas speaks to Corey Hill, Director of Security Operations and Incident Response at Citrix. After working at organizations such as Mandiant and Cisco, in 2020 Corey joined the Citrix team when there were just a small handful of people on the SOC team. Today, the teams Corey leads spread across four countries and are responsible for Detection Engineering, Threat Intelligence, Threat Monitoring, SOAR Automation, and Incident Response (both CSIRT) services at Citrix. 
Topics in this episode include: 
Corey’s journey that eventually led to his current role at Citrix. 
How Corey’s perspective on security has evolved throughout his career and why there’s no security strategy that fits all. 
Lessons from building multiple SOC teams from scratch.  
How security operations have evolved.
How Corey leverages automation to make his team more efficient and effective. 
How Citrix prioritizes mental health for everyone who works at the company. 
Why burnout is inevitable and how to tackle it. 
Taking away the stigma of being breached and how to respond when it happens.  
The role mentors have played in Corey’s professional success. 
#1 piece of advice for those who are leading security operations teams. 
What the future of security operations will look like.

Aaron Cooper is the Security Operations Manager at TripActions with 20+ years of experience working in a variety of enterprise infrastructures. He specializes in managing and designing secure network environments to meet the needs of financial and corporate customers, managing security operations centers, designing and implementing highly secure and available data networks while maintaining HIPAA, SOX, and PCI compliance. 
In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more! 
In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more! 
 
Topics in this episode include: 
His journey from hardware, to a vendor, to healthcare, to banking, to a cloud first tech company – how security posture and challenges differ across industries and companies 
Why it’s critical to understand the culture of the company to run a successful security team 
Why the state of security today is in flux and how security teams are changing how and what they respond to 
Why the ‘onion model’ no longer exists so it’s critical to put on your ‘black hat’ 
The tools and strategies that help Aaron with risk reduction and analyzing indicators 
The one thing IT managers can do to maintain the uptime of their environment
How Aaron works to prevent burnout among his team and what drives him to help his team succeed 
How Aaron evaluates AI tools 
How his major in psychology gives him insight into the minds of security analysts, how resilient they can be, and how to hold space for them 
Resources mentioned: 
Year Up: https://www.yearup.org/job-training/cyber-security
Hunter: https://www.hunters.ai/

In our 10th episode of the Future of Security Operations, Thomas speaks to Jay Thoden Van Velzen, Multicloud Security Operations Advisor at SAP. Prior to Jay’s current role, Jay scaled the SecDevOps team from 5 to 25 team members across three continents and five countries and was the Initiative Lead for multiple security improvement programs for Multicloud across SAP. 
Topics discussed in this episode:
Understanding the scale and size of SAP and the unique security complexities the organization faces. 
The state of security operations today. 
How to overcoming the common challenges that security operations teams face today.  
How teams can solve the talent gap in cybersecurity and how SAP tackles the problem. 
Defining what SecDevOps is exactly. 
Practical advice for those who are leading security operations at fast-growing organizations. 
Why you may need to rethink your existing tooling to ensure its suitable for the public cloud.  
What’s in store for the future of security operations. 

Today on the Future of Security Operations Podcast, Thomas speaks with Rebecca Blair, Manager of the Security Operations Center at Toast, an all-in-one point-of-sale and restaurant management platform for businesses in the food service and hospitality space. After working in a variety of different cybersecurity roles over the past decade, Rebecca joined Toast in 2021 as the first employee of their security operations center. On this episode, she shares lessons learned as she scaled the team along with her insights on what’s in store for the future of security operations. 
Topics discussed in this episode:
- The state of security operations today.
- How to prioritize what needs to be done first when you are building a security operations team from scratch. 
- How to measure the efficacy of your alerts to determine what’s worth keeping and what you should get rid of.
- How Toast reduces the amount of manual time spent on tasks and how they keep their team happy and excited about the work they do.
- How to develop and source cybersecurity talent.
- How working towards an MBA has changed how she approaches security. 
- Why Rebecca loves dashboards and why they are critical to her work. 
- How Toast prioritizes mental health for their entire team. 
- Tips for how to run a good purple team. 
- What security operations teams will look like in the future.

On Today’s episode of the Future of Security Operations Podcast, Thomas speaks with Jason Barnes — the former Head of Global Security Operations at Netskope and current Senior Director at Charter Communications. 
*Note: this episode was recorded in late May 2022, prior to Jason departing from Netskope*  
Topics discussed in this episode:
- How Jason describes the current state of security operations and how its evolved over the past 10 years. 
- What Netskope’s SOC team is focused on and what Jason’s day to day look like. 
- How Jason helps his team prioritize where to focus their time and resources. 
- Jason’s philosophy around automation and the power it can bring to a security operations team. 
- Tips for helping security operations team reduce the time spent on low value manual tasks (outside of automation). 
- Jason’s prediction for what the future of the SOC will look like. 
- How Netskope focuses on mental health and burnout and the resources the company offers to team members. 
- #1 piece of advice for security operations leaders at fast-growing tech
Resources mentioned: Jason’s blog: https://www.netskope.com/blog/author/jbarnes

Today on the Future of Security Operations Podcast, Thomas is joined by Jack Naglieri, CEO of Panther Labs, a cloud-native SIEM platform that alleviates the pain of traditional SIEM with detection-as-code, a robust security data lake, and huge scalability with zero-ops. 
Topics discussed in this episode:
- The challenges Jack faced while working on security teams at organizations like Yahoo and Airbnb. 
- The difference between security at Yahoo and Airbnb. 
- The origin story of StreamAlert - the open-source tool Jack built while working at Airbnb. 
- How a VCs cold email eventually led to Jack founding Panther Labs and how they acquired their first customers. 
- How Panther is different from traditional SIEM platforms. 
- What you need to know about detection-as-code and security data lakes. 
- Why teams need to focus on security — not operations. 
- Lessons learned from Jack working closely with fast-growing sophisticated security teams that make up Panther’s customer base. 
- What security operations will look like in the future. 
- Why security teams must learn and embrace automation to deal with the challenges of cloud-scale security. 
- What features are coming next from Panther Labs. 
Resources mention on the episode: 
Jack’s podcast: Detection at Scale 
Jack’s blog post: From StreamAlert to Panther 
Jack’s keynote releasing StreamAlert: USENIX Enigma 2017 — StreamAlert: A Serverless, Real-time Intrusion Detection Engine