Why I Signed on with an IT Security Vendor
Here's why I jumped to the vendor side of the fence after 12 years as a Fortune 100 incident responder and threat researcher.
In my role as Director of Cybersecurity here at Digital Guardian I have the opportunity to spend a good amount of time with our customers and potential customers. When I tell them that I came to DG after years as a security lead for a Fortune 100 company, they often ask what motivated me to make the change. There were two overarching reasons:
- I viewed it as an opportunity to have a bigger impact protecting sensitive data
- I could see my ideas on how to build a better endpoint data protection/EDR product come to life
Let me explain.
I started off my career as an IT auditor conducting compliance audits, vulnerability assessments and penetration testing. I attempted to avoid at all costs becoming one of those “check-box” auditors, with a pre-filled questionnaire asking monotonous questions all day. Nobody really likes an auditor, let’s be honest. So I changed it up a bit and approached the role as a “business opportunity consultant” to assist in providing guidance on better securing the environment from “hackers!” I would often break into databases/operating systems as a way to show to the auditee that misconfigurations have a real impact. I tried to make it fun every day and although it was something I enjoyed, I realized there was something more that I could be doing. It’s easy to tell someone they have a problem, now go fix it. It’s much harder to hop onto the other side of the fence and actually go fix it! So I left internal audit, and started an advanced defense team against cyber-attacks in an effort to protect our company’s most valuable trade secrets.
In my second major role at this company, I spent over 6 years defending against advanced persistent threats. Developing an incident response process, generating internal and external threat intelligence, standing up a centralized security information and event management system, building and broadening an endpoint detection and response capability, etc. I loved every second of it and, just as importantly, the people I was doing this with. Over time, I started to feel that although I was being effective for this company, I wasn’t having as much of an impact to the security world in general. Protecting one company’s assets is nice, but having the opportunity to protect a bunch of other companies’ and ensure the right capabilities were being built into the products they used just seem so much more exhilarating and impactful. After 12 years, I prepared myself with the perfect skills to take on my next role at Digital Guardian with full force.
What attracted me to DG was the opportunity to build an endpoint detection and response service that leveraged all of my experience and expertise. At the end of the day, it’s all about protecting information, but doing it for Digital Guardian I could help multiple companies at the same time. I also thought it was a great way to build a better EDR product. I’ve seen literally every single EDR tool out there. I know their strengths and their weakness. I have first-hand knowledge of what works and what clearly doesn’t. After my arrival, I immediately went to work with the development team here to map out what customers specifically want and integrating the ‘analyst mindset’ into the product. Our design approach is totally focused on wearing the hats of our key users, answering these questions:
- How would a security analyst want it to work?
- How do we enable the incident responder to be effective in his job?
- What types of forensic artifacts should we be collecting from the endpoint?
- What would a threat hunter want to see in the product?
- How do we organize and harness the data to find things faster, better?
That’s the mission here. Stay tuned.
Tim recently gave a webinar on his lessons learned from working in incident response at a Fortune 100 company - watch his Incident Responder's Field Guide webinar for more.