Future of Security Operations Podcast

To kick off season 5 of the Future of Security Operations podcast, Thomas is joined by Mandy Andress. Mandy is the Chief Information Security Officer at Elastic, a leading platform for search-powered solutions, and has more than 25 years of experience in information risk management and security. Before Elastic, Mandy led the information security function at MassMutual and established and built information security programs at TiVo, Evant, and Privada. She also founded an information security consulting company with clients ranging from startups to Fortune 100 companies.

In this episode, Mandy and Thomas discuss:

- Her move from accounting to security
- Why she was drawn to Elastic's employee-centric culture
- How her role at TiVo in the early '00s shaped her view of privacy
- Switching from a technology-first to people-first approach to security
- Recognizing the human factor in incident response
- Embracing asynchronous operations on dispersed teams
- The importance of bringing your authentic self to work
- Staying technical as you move into leadership
- How she puts her law degree to use as a CISO
- Balancing compliance and overall security posture
- Collaboration and knowledge sharing within the CISO community
- Elastic's approach of knowledge sharing by default
- How prioritizing analyst time will be critical in the future of SecOps
- Adopting an infrastructure-as-code approach
- Balancing between proactive security measures and reactive responses
- Building a culture of security across the organization
- Tips for surviving in security operations in tech

The Future of Security Operations is brought to you by Tines, the platform that powers some of the world’s most important security workflows. https://www.tines.com/solutions/security

On this episode of The Future of Security Operations podcast, Thomas is joined by Andrew Santell. Andrew is an experienced security leader who worked for the U.S. Navy for over a decade before moving into the private sector. In 2021, he founded the Security Operations program at Netflix, and recently, he joined edge cloud platform Fastly, where he is the Director of Security Operations and Cyber Defense.

In this episode, Andrew and Thomas discuss:
- Navigating the unique challenges of the Navy, from log management to prioritization
- Making the leap from the Navy to tech
- Building a security operations team and program from scratch at Netflix
- Red teaming phishing response playbooks at Netflix to test their effectiveness
- Recognizing the value of good processes
- Why teams should design processes first, automate later
- Creating a feedback loop between teams at Fastly
- How “shifting left” has helped Andrew’s team reduce vulnerabilities
- Using automation for risk assessment at Fastly
- Andrew’s approach to incidents like the Log4J vulnerabilities
- Why growth in the vendor market is a good thing for practitioners
- Why automation should be a requirement, not just a best practice
- What advancements in AI mean for threat detection
- The importance of risk-based decision-making
- The potential of self-remediation
- Why good security leadership starts with taking care of your people

This week on The Future of Security Operations podcast, Thomas is joined by Prima Virani. Prima is a security engineer who worked across industries as varied as oil and gas and Fintech before becoming Principal Security Engineer at Twilio. With over a decade of experience spanning infrastructure security engineering, incident detection and response, and forensics, she's also shared insights at countless security conferences around the world, including SecTOR Canada and Agile India.

In this episode, Prima and Thomas discuss:

- The unique challenges of working in forensics
- Her transition to detection and response and cloud security
- Building a security detection framework at Segment
- Reducing mean time to resolve through automation
- Using data to prioritize which processes should be automated
- Merging teams and technologies when Segment was acquired by Twilio
- Joining the securing platform engineering team at Twilio
- Designing a challenging and varied career in security
- The influence of mentorship on career growth
- Democratizing security through knowledge sharing
- How security will change in the next five years

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Matt Johansen. Matt is a security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Alongside his day job as Head of Software Security at Reddit, he teaches companies how to protect against cyber attacks, and coaches entrepreneurs and CISOs that need help with infrastructure, application, cloud, and security policies. He also writes Vulnerable U, a weekly newsletter that talks about embracing the power of vulnerability for growth.

Thomas and Matt discuss:

- Moving from a large security team at Bank of America to a small one at Reddit
- Embracing scrappiness and doing more with less
- Overcoming sunk-cost fallacy
- Why the 2014 Sony hack was a pivotal time for AppSec
- Running the threat research centre at White Hat
- What he looks for when hiring in AppSec, the SOC and beyond
- His decision to start creating content about mental health in security
- Moving past imposter syndrome
- Renouncing superhero culture
- Paved paths and guardrails, and what comes next after "shift left"
- Lessons learned from Reddit's 2023 security incident
- The power of automating incident response

The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Adam Khan. Adam is a cybersecurity and technology leader with over 25 years of experience working at Fortune 500 companies. He has a proven track record of building and managing global security teams, leading engineering, infrastructure, application, and product, and is currently VP of Global Security Operations at Barracuda.

Adam and Thomas discuss:
- Building discipline and resilience by working on SRE teams
- How a well-known DDoS attack changed his career path
- Using automation to reduce alert fatigue
- Strategies for plugging the security skills gap
- The potential of AI-driven XDR
- How cyber attacks are evolving in the age of AI
- Lessons learned from researching the history of cybersecurity
- Empowering teams to do their best work
- Creating a culture of continuous learning

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by George Griesler. George has been working in cybersecurity since 1997, when he assumed the role of Senior Network administrator at the United States Golf Association (USGA), eventually advancing to Director of Information Security. He currently serves as the Senior Director of Cybersecurity at the National Football League (NFL), where he works to secure events like the Super Bowl, which in 2024 was the most-watched telecast ever.

George and Thomas discuss:

- What security operations looked like in 1997
- Protecting the secrets of regulation golf equipment at the USGA
- The shift in security and privacy needs at live sports events
- Securing scents, flavors, and other chemical formulations at IFF
- Preparing for Super Bowl LXXVIII in the wake of the MGM Resorts cyber attack
- The Super Bowl threat profile, from scoreboard hacking to stadium credentials
- Collaborating with cybersecurity experts from CISA, the FBI, Caesars Palace, and the MGM Grand.
- Aligning security operations with physical security
- The reality of working on high-pressure events
- The benefits of knowledge sharing with other teams working on live sports events
- The importance of relationship building across internal security teams:
- The potential of automation, orchestration, and AI in incident response