The Future of Security Operations

Intro: In this episode of the Future of Security Operations, Thomas speaks with Andrew DiMichele, Director of Security Operations at Redis, whose background is in building security operations programs. DiMichele's security journey began in the US Air Force Reserves, and brought him to CISCO, banking, IBM, and Citrix. 
Topics include: 
The evolution of cybersecurity as seen across different types of organizations
How to keep employees engaged in cybersecurity, and reasons why there's not a long tenure in the industry
Burnout and mental health in security and what companies can do to address it
Reducing the time spent on manual tasks through automation, and how to do so being away of the chain of approvals
How to work with other teams across the organization and showcase the work security does to ensure your team is being respected
Advice for new security leaders
What security teams will look like in five years, what new technologies security teams should look towards, and how to prepare your team for the future

In our latest episode of the Future of Security Operations, Thomas speaks to Corey Hill, Director of Security Operations and Incident Response at Citrix. After working at organizations such as Mandiant and Cisco, in 2020 Corey joined the Citrix team when there were just a small handful of people on the SOC team. Today, the teams Corey leads spread across four countries and are responsible for Detection Engineering, Threat Intelligence, Threat Monitoring, SOAR Automation, and Incident Response (both CSIRT) services at Citrix. 
Topics in this episode include: 
Corey’s journey that eventually led to his current role at Citrix. 
How Corey’s perspective on security has evolved throughout his career and why there’s no security strategy that fits all. 
Lessons from building multiple SOC teams from scratch.  
How security operations have evolved.
How Corey leverages automation to make his team more efficient and effective. 
How Citrix prioritizes mental health for everyone who works at the company. 
Why burnout is inevitable and how to tackle it. 
Taking away the stigma of being breached and how to respond when it happens.  
The role mentors have played in Corey’s professional success. 
#1 piece of advice for those who are leading security operations teams. 
What the future of security operations will look like.

Aaron Cooper is the Security Operations Manager at TripActions with 20+ years of experience working in a variety of enterprise infrastructures. He specializes in managing and designing secure network environments to meet the needs of financial and corporate customers, managing security operations centers, designing and implementing highly secure and available data networks while maintaining HIPAA, SOX, and PCI compliance. 
In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more! 
In this episode, Thomas and Aaron discuss why understanding company culture is a critical component to successful security teams, how he helps his team manage burnout, and more! 
 
Topics in this episode include: 
His journey from hardware, to a vendor, to healthcare, to banking, to a cloud first tech company – how security posture and challenges differ across industries and companies 
Why it’s critical to understand the culture of the company to run a successful security team 
Why the state of security today is in flux and how security teams are changing how and what they respond to 
Why the ‘onion model’ no longer exists so it’s critical to put on your ‘black hat’ 
The tools and strategies that help Aaron with risk reduction and analyzing indicators 
The one thing IT managers can do to maintain the uptime of their environment
How Aaron works to prevent burnout among his team and what drives him to help his team succeed 
How Aaron evaluates AI tools 
How his major in psychology gives him insight into the minds of security analysts, how resilient they can be, and how to hold space for them 
Resources mentioned: 
Year Up: https://www.yearup.org/job-training/cyber-security
Hunter: https://www.hunters.ai/

In our 10th episode of the Future of Security Operations, Thomas speaks to Jay Thoden Van Velzen, Multicloud Security Operations Advisor at SAP. Prior to Jay’s current role, Jay scaled the SecDevOps team from 5 to 25 team members across three continents and five countries and was the Initiative Lead for multiple security improvement programs for Multicloud across SAP. 
Topics discussed in this episode:
Understanding the scale and size of SAP and the unique security complexities the organization faces. 
The state of security operations today. 
How to overcoming the common challenges that security operations teams face today.  
How teams can solve the talent gap in cybersecurity and how SAP tackles the problem. 
Defining what SecDevOps is exactly. 
Practical advice for those who are leading security operations at fast-growing organizations. 
Why you may need to rethink your existing tooling to ensure its suitable for the public cloud.  
What’s in store for the future of security operations. 

Today on the Future of Security Operations Podcast, Thomas speaks with Rebecca Blair, Manager of the Security Operations Center at Toast, an all-in-one point-of-sale and restaurant management platform for businesses in the food service and hospitality space. After working in a variety of different cybersecurity roles over the past decade, Rebecca joined Toast in 2021 as the first employee of their security operations center. On this episode, she shares lessons learned as she scaled the team along with her insights on what’s in store for the future of security operations. 
Topics discussed in this episode:
- The state of security operations today.
- How to prioritize what needs to be done first when you are building a security operations team from scratch. 
- How to measure the efficacy of your alerts to determine what’s worth keeping and what you should get rid of.
- How Toast reduces the amount of manual time spent on tasks and how they keep their team happy and excited about the work they do.
- How to develop and source cybersecurity talent.
- How working towards an MBA has changed how she approaches security. 
- Why Rebecca loves dashboards and why they are critical to her work. 
- How Toast prioritizes mental health for their entire team. 
- Tips for how to run a good purple team. 
- What security operations teams will look like in the future.

On Today’s episode of the Future of Security Operations Podcast, Thomas speaks with Jason Barnes — the former Head of Global Security Operations at Netskope and current Senior Director at Charter Communications. 
*Note: this episode was recorded in late May 2022, prior to Jason departing from Netskope*  
Topics discussed in this episode:
- How Jason describes the current state of security operations and how its evolved over the past 10 years. 
- What Netskope’s SOC team is focused on and what Jason’s day to day look like. 
- How Jason helps his team prioritize where to focus their time and resources. 
- Jason’s philosophy around automation and the power it can bring to a security operations team. 
- Tips for helping security operations team reduce the time spent on low value manual tasks (outside of automation). 
- Jason’s prediction for what the future of the SOC will look like. 
- How Netskope focuses on mental health and burnout and the resources the company offers to team members. 
- #1 piece of advice for security operations leaders at fast-growing tech
Resources mentioned: Jason’s blog: https://www.netskope.com/blog/author/jbarnes

Today on the Future of Security Operations Podcast, Thomas is joined by Jack Naglieri, CEO of Panther Labs, a cloud-native SIEM platform that alleviates the pain of traditional SIEM with detection-as-code, a robust security data lake, and huge scalability with zero-ops. 
Topics discussed in this episode:
- The challenges Jack faced while working on security teams at organizations like Yahoo and Airbnb. 
- The difference between security at Yahoo and Airbnb. 
- The origin story of StreamAlert - the open-source tool Jack built while working at Airbnb. 
- How a VCs cold email eventually led to Jack founding Panther Labs and how they acquired their first customers. 
- How Panther is different from traditional SIEM platforms. 
- What you need to know about detection-as-code and security data lakes. 
- Why teams need to focus on security — not operations. 
- Lessons learned from Jack working closely with fast-growing sophisticated security teams that make up Panther’s customer base. 
- What security operations will look like in the future. 
- Why security teams must learn and embrace automation to deal with the challenges of cloud-scale security. 
- What features are coming next from Panther Labs. 
Resources mention on the episode: 
Jack’s podcast: Detection at Scale 
Jack’s blog post: From StreamAlert to Panther 
Jack’s keynote releasing StreamAlert: USENIX Enigma 2017 — StreamAlert: A Serverless, Real-time Intrusion Detection Engine
 

In our sixth episode of the Future of Security Operations Podcast, Thomas speaks with Niall Heffernan, Head of Security at Cygnvs, a former Senior Manager of Information Security at Informatica, and a Lecturer for BSc, HDIP, PGDip and MSc students studying in the Cyber Security streams at the National College of Ireland. 
Topics discussed in this episode:
Niall’s view on the current state of security operations and how it’s evolved over the past 5 years.
What’s top of mind for Niall as he begins building a security operations team from scratch. 
How to prioritize incidents and determining what detections can be ignored using automation. 
What most security practitioners get wrong when they embark on bringing the power of automation to their security program. 
Lessons that security can learn from software engineering. 
How security changes when an organization goes public and why the stakes become so high.  
What can be done to solve the security talent shortage gap.
Niall’s #1 piece of advice for security leaders and and practitioners. 
What’s in store for the future of security operations and why the traditional levels of security analysts will change. 

In our fifth episode of the Future of Security Operations Podcast, Thomas speaks with Dylan White, an Information Security Engineer at KnowBe4 — a leading security awareness training platform.
Topics Discussed: 
What KnowBe4 does and the problem they solve for organizations. 
The most common lures hackers are using today to trick users. 
Dylan’s favorite phishing test of all time — and why it was so effective.  
How to build a culture that takes responsibility for security and why leaders need to make it clear it’s okay if mistakes are made. 
How to make security more approachable for the entire organization.
The state of security automation today and why Dylan is so excited about endless possibilities that automation makes possible for security teams.
Manual and mundane tasks that Dylan’s been able to automate and free his team from spending (and wasting) their time on.  
How automation has made his team 5x more effective. 
What Dylan sees security practitioners get wrong about security automation. 
Dylan’s advice for security leaders and how they can set their teams up for success with automation.  
What’s in store for the future of security automation.

In our fourth episode of the Future of Security Operations Podcast,  Thomas speaks with Johannes Gilger— CEO and founder of urlscan, a URL and website scanner that enables users to take a look at the individual resources that are requested when a site is loaded. Prior to founding urlscan, Johannes was the managed the Threat Intelligence Automation team at CrowdStrike
Topics discussed in this episode:
What urlscan is and how it works.
Why Johannes founded urlscan and why he thinks the security community is so collaborative. 
Johannes journey that eventually led to founding urlscan and why he decided to leave Crowdstrike to focus his attention on urlscan. 
How automation transforms security investigations. 
What urlscan users get wrong about automation. 
The #1 piece of advice Johannes has for security operations teams getting started with automation. 
Tips for customer-facing brands to reduce their attack target size. 
What future security challenges will look like in the years ahead and how organizations can use automation to get prepared for what’s next.