The Future of Security Operations

In this episode of Future of Security Operations, Thomas speaks with Ryan Noon, Founder and CEO of Material Security, a company that protects the email of high-risk VIPs and top global organizations.
A serial entrepreneur and an expert on cloud security, Ryan previously ran infrastructure teams at Dropbox after it acquired his last company, Parastructure. Before that, he helped build a company spun out of Stanford by the Department of Defense. A graduate of Stanford, Ryan holds degrees in Computer Science and Computer Security.
Topics include:
Ryan’s first startup experience and the decision to launch his first company, Parastructure
Getting acquired by Dropbox and what he enjoyed most about working there
Ryan’s journey from a hobbyist to a thought leader and founder in cybersecurity, taking a critical eye towards every system, and why Ryan sees himself as “a builder, a creator, and an optimist than a true security engineer”
How the Russian government’s interference in the 2016 U.S. presidential election impacted his perspective on cybersecurity and helped him realize the power of APIs
Why email is such an excellent target for cyber attackers and how Material Security secures data within inboxes
What founders should focus on in the first year, the importance of product management, and how Material secured its early adopters, including customers like Stripe, Databricks, and Lift, so quickly
How to help your product to stand out, and why he believes it’s important to avoid FUD tactics in cybersecurity
What Ryan has learned from working with the world’s leading security teams and how the best teams bridge gaps to win
Ryan’s thoughts on the uncertain global economic climate, its impacts, and how Material’s conservative approach has allowed them to maintain a relatively lean team
The future of security operations and what trends Ryan believes will continue - doing more with less and leveraging better infrastructure and tools that enable you to go deeper with your existing tech stack
Resources:
LinkedIn

In this episode of the Future of Security Operations podcast, Thomas speaks with Diana Kelley, Chief Security Officer / Chief Strategy Officer at Cybrize, which connects organizations, security leaders, and job seekers to train and support the next generation of cybersecurity professionals. 
Diana has been a trailblazer in the cybersecurity industry for over three decades. She's served as CTO for Microsoft and Global Executive Security Advisor at IBM; she was also previously VP of Burton Group (now Gartner for Technical Professionals) and a manager at KPMG. Diana volunteers with numerous organizations in her free time, including ACM Ethics & Plagiarism Committee and WiCyS (Women in Cybersecurity), all devoted to advancing diversity within this field.
Topics include: 
How Diana first developed a passion for computers and security
Diana's career path, from building and managing a global network to working as a consultant
The changing security landscape and how increasingly sophisticated adversaries challenge it
Why executives need to recognize compliance is not just a checkbox exercise, and how Diana helps business leaders bring compliance in as part of their toolkits to develop better security programs
The challenge of balancing security policies with different pressures within an organization
The cybersecurity skills gap and how hiring managers can attract and retain the best candidates through DEIA, allyship, creating open-minded job descriptions, and recognizing the value of different skill sets
The importance of sizing security teams properly to prevent exhaustion and burnout, measuring the success of your security program, and communicating the value of your security team
Why Diana believes SOCs will be more distributed in the future, why it makes sense for smaller companies to outsource, and the rise of AI and automation to support humans rather than replace humans
Diana reflects on a striking security incident
Resources: 
LinkedIn

In this episode of the Future of Security Operations podcast, Thomas interviews Andreas Schneider - the Field CISO EMEA at Lacework. Leveraging its data-driven platform and cloud-native application protection solution, Lacework helps organizations make sense of immense amounts of security data with minimal effort. 
With over two decades of experience in cybersecurity, Andreas started off as a defender working on mainframes for a financial services company before building up his first security team within the Swiss broadcasting industry.
Topics include: 
After discovering computer games like Risk, how Andreas found himself accidentally working in security.
Building up the security team for a Swiss broadcasting company and managing large-scale environments sensitive to interruption.
Why Andreas moved to Lacework after first experiencing the platform as a customer.
Why Andreas feels comfortable dealing with large-scale attacks and enjoys what he does.
The shift to DevOps and why security needs to evolve continuously and become more decentralized.
The changing role of the lonely CISOs, the importance of culture and accountability, and how Andreas approaches his work to identify gaps.
Two of Andreas' biggest failures and why he believes it's essential to talk about failure in security.
Andreas' passion for the security community, how he sources new talent, and why he prioritizes listening to developers to enhance collaboration efforts.
How Andreas carefully chooses vendors and security tools to help his team avoid alert fatigue and friction that slows their processes down.
Why Andreas believes machine learning and automation will be a big focus in the future of security operations, and human behavior will remain the most formidable risk.
Resources:
LinkedIn: https://www.linkedin.com/in/ciso-andreas-schneider

In this episode of Future of Security Operations, Thomas speaks with Jacob DePriest, VP & Deputy Chief Security Officer at GitHub, a company with a mission "to help every developer - regardless of experience level - learn, code, and ship software effectively."
Before joining GitHub, DePriest spent more than 15 years as a senior executive at the National Security Agency (NSA) in the US.
Topics include: 
How Jacob moved from a career deep in the engineering world to security
His experience working at the NSA and why curiosity led him to move to GitHub to seek out a new adventure
His experience with Open Source tools and why he believes in making tools that help the security community more widely available to handle threats
How GitHub's security team prioritizes their workload, thinks about risk, and builds trust with their customers
The vast amount of automation in place at GitHub, what they're building, and how they bring security findings as close to developers as they possibly can
How the security team influences GitHub's product roadmap and why they want to be the first customer of any new feature
His experience with Log4j and why he's proud of GitHub's response to the breach
Why he prioritizes his team's psychological safety and thinks empathy, diversity, and transparency are critical to success for any security team
Resources: 
LinkedIn: https://www.linkedin.com/in/jacobdepriest/
Twitter: https://twitter.com/jacobdepriest

In this episode of Future of Security Operations, Thomas speaks with  Jon Hencinski, VP of SecOps at Expel, a company with "a mission to make security easy to understand, easy to use, and easy to continuously improve." Hencinski is passionate about getting to the root cause of security issues and using strategy to help organizations make problems go away entirely.
Topics include: 
How Jon has seen security evolve from his time on the help desk to managing enterprise incident response investigation.
The importance of using automation for detection at scale — especially as new classes of threats continue to emerge — and what makes a “good detection.”
How organizations can reduce risk through strategy and by making investments in preventing common incidents like business email compromise and macro-enabled Word docs.
The metrics Jon uses to measure success, and why thinking in terms of business goals and objectives will help you retain customers and deliver great outcomes.
Some of the habits of an effective SOC, and how culture and candor can play a big role.
How Expel uses data and metrics to track workloads, hedge burnout, and take care of the mental health of their team.
Advice for those just getting started in security, and predictions for what the future of security teams will look like.  
Resources: 
Twitter: @jhencinski
Expel.com
Keep in touch with Jon Hencinski on LinkedIn: https://www.linkedin.com/in/jonathanhencinski/

In this episode of Future of Security Operations, Thomas speaks with Madhav Gopal, CISO at a Fintech start-up and formerly VP of Cybersecurity Operations at Comcast Cable. Madhav has over 25 years of experience with a track record of using innovation to protect and support customers and partnering effectively with business teams. Over the course of his career, Madhav has also led engineering operations, internal audit and security consulting teams. Madhav serves as an advisor to Save the Children US and Citadel Banking.
Topics include: 
What security operations and infrastructure at scale looks like
How to protect key business operations while focusing on security
How security teams can be a better partner to other teams across an organization
The state of security operations today, considering the speed at which new technologies are adopted
How to manage risk and events at scale, and what to focus on
How to reduce manual tasks and the role engineering plays in doing so
Advice to security leaders and what to look for in a strong CISO
Resources: 
Keep in touch with Madhav on LinkedIn

In this episode of Future of Security Operations, Thomas speaks with Kristian Kivimägi, Head of Security Operations at Pipedrive, a CRM and intelligent revenue management platform for small businesses, who helped scale Pipedrive's Info Sec team from start-up to 20 people. Kivimägi is also a guest lecturer in vulnerability assessment and cybersecurity at Tallinn University of Technology.
 
Topics include: 
The state of security operations today, both the good and the bad
Tips for retaining and building talent from someone who built a security team
How to reduce time spent on manual tasks, including frequent phishing emails
What elements individuals who want to build a security team should prioritize, and advice to new security leaders
How to measure security team success, what metrics to track, and how to assess performance
How to take care of your team, combat burnout, and improve mental health 
What security operations teams will look like in five years, and what technology they will implement

Intro: In this episode of the Future of Security Operations, Thomas speaks with Andrew DiMichele, Director of Security Operations at Redis, whose background is in building security operations programs. DiMichele's security journey began in the US Air Force Reserves, and brought him to CISCO, banking, IBM, and Citrix. 
Topics include: 
The evolution of cybersecurity as seen across different types of organizations
How to keep employees engaged in cybersecurity, and reasons why there's not a long tenure in the industry
Burnout and mental health in security and what companies can do to address it
Reducing the time spent on manual tasks through automation, and how to do so being away of the chain of approvals
How to work with other teams across the organization and showcase the work security does to ensure your team is being respected
Advice for new security leaders
What security teams will look like in five years, what new technologies security teams should look towards, and how to prepare your team for the future

In our latest episode of the Future of Security Operations, Thomas speaks to Corey Hill, Director of Security Operations and Incident Response at Citrix. After working at organizations such as Mandiant and Cisco, in 2020 Corey joined the Citrix team when there were just a small handful of people on the SOC team. Today, the teams Corey leads spread across four countries and are responsible for Detection Engineering, Threat Intelligence, Threat Monitoring, SOAR Automation, and Incident Response (both CSIRT) services at Citrix. 
Topics in this episode include: 
Corey’s journey that eventually led to his current role at Citrix. 
How Corey’s perspective on security has evolved throughout his career and why there’s no security strategy that fits all. 
Lessons from building multiple SOC teams from scratch.  
How security operations have evolved.
How Corey leverages automation to make his team more efficient and effective. 
How Citrix prioritizes mental health for everyone who works at the company. 
Why burnout is inevitable and how to tackle it. 
Taking away the stigma of being breached and how to respond when it happens.  
The role mentors have played in Corey’s professional success. 
#1 piece of advice for those who are leading security operations teams. 
What the future of security operations will look like.

Aaron Cooper is the Security Operations Manager at TripActions with 20+ years of experience working in a variety of enterprise infrastructures. He specializes in managing and designing secure network environments to meet the needs of financial and corporate customers, managing security operations centers, designing and implementing highly secure and available data networks while maintaining HIPAA, SOX, and PCI compliance. 
In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more! 
In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more! 
 
Topics in this episode include: 
His journey from hardware, to a vendor, to healthcare, to banking, to a cloud first tech company – how security posture and challenges differ across industries and companies 
Why it’s critical to understand the culture of the company to run a successful security team 
Why the state of security today is in flux and how security teams are changing how and what they respond to 
Why the ‘onion model’ no longer exists so it’s critical to put on your ‘black hat’ 
The tools and strategies that help Aaron with risk reduction and analyzing indicators 
The one thing IT managers can do to maintain the uptime of their environment
How Aaron works to prevent burnout among his team and what drives him to help his team succeed 
How Aaron evaluates AI tools 
How his major in psychology gives him insight into the minds of security analysts, how resilient they can be, and how to hold space for them 
Resources mentioned: 
Year Up: https://www.yearup.org/job-training/cyber-security
Hunter: https://www.hunters.ai/