Miss part one of our interview? Click here to catch up!
Any thoughts on what we can do to expand the pool of people that get into cybersecurity as a career?
A lot of people think you need an IT or even a basic computer-based background to get into cybersecurity, however, I do not think that is the case at all. There are a lot of specialties and techniques that are very useful in the cybersecurity world. A data scientist, fraud investigator, compliance lawyer, mathematician, or statistician would be immensely valuable to a full cybersecurity team. Some of the top cybersecurity teams in the world even employ behavioral specialists to better understand how their users think and how to best educate them on better practices.
Interesting. The last major industry topic I wanted to discuss today was automation. It looms in the background of a lot of different sectors as something that could disrupt, or seriously alter how industries operate. From your perspective, do you see automation decreasing the need for threat hunters or security analysts? Or do you see it as potentially valuable in that it might automate some of the more mundane tasks to make your job easier?
I think automation is great where it can take away the busy work, but if anything, it's going to make analysts more needed because increasing automation also increases the need for validation and verification. And as an example, if a company can't necessarily afford a team of cybersecurity analysts, well, now they can use an automation tool to do a lot of that grunt work for them and then have a cybersecurity specialist validate and verify what the tool is doing. In this example, a company that originally had nothing now has automation and an analyst.
Taking a step back, what do you think is the biggest challenge facing the infosec community today? Put another way, if you could wave the magic wand and change one thing about DG or the tech industry as a whole, what would you change?
In the industry, a lot of cybersecurity is reactive – meaning solving a problem after it has already happened and might have had an effect. What the industry needs is to be more proactive at reducing threats and threat actors. It has been getting better over the past few years, but breaches happen all the time at different scales, large and small. If I could wave a wand and change something about the tech industry, I would have companies be more proactive at protecting their data, rather than being reactive about it. Here at Digital Guardian, that is our specialty as we can proactively protect our client’s data using our powerful Agent and its control capabilities.
So our audience can get to know you better, what do you like to do in your free time besides security?
Even though my daily life exists behind a desk and screen, I am a very handy person. Recently, I have replaced the engine in my 2000 Jeep Cherokee with a new 4.7 Stroker engine. That means the physical engine block and head are the same as the original but have been machined out to take an aftermarket crank and longer-stroke pistons for increased displacement.
I have also gained a fascination for and am taking sailing lessons, which has been difficult living in the Arizona desert. Maybe one day if the opportunity presents itself, I will sail around the Caribbean.
The only reason I ask is because Ben (McGraw) said that Tim (Bandos, DG’s CISO), was fairly elite at basketball. I wanted to see if someone could verify that.
We had an ATT&CK team event down at Disney World one year in Florida. And there was an afternoon where we did these one-on-one matches, and Tim beat everybody (laughs).
Final question, in your work at DG, what aspect of your job keeps you engaged and interested?
I love working with different people across different industries. Coming up with solutions to unique problems is always a highlight of my work and brings me enjoyment. Working at Digital Guardian, who I see as a leader and innovator in the space, means I work with the latest and greatest information and technology. As new threats arise companies turn to us for advice and solutions and being able to provide the best-in-class answers keeps me engaged and interested.
Thanks! I appreciate you taking the time to speak with us today!
Absolutely, you have a good day now.
Interview was condensed and edited for clarity.
