The CISO of CISOs: Greg Notch @Expel

Greg Notch, led the NHL’s cybersecurity initiatives and now he is in some ways the "CISO of CISOs". Greg dives deep into the issue of cybersecurity tool sprawl and its impact on the effectiveness of security operations. Exploring strategic tool consolidation, he shares insights on enhancing efficiency and aligning security efforts with business goals. Drawing from his notable career, Greg provides expert strategies for managing security in dynamic environments and fostering a proactive security culture.

This transcript was generated automatically by AI. If you find any mistakes, please email us.

[00:00:00] Announcer: Hello, everyone. You're listening to Cloud Next, your go to source for cloud innovation and leaders insight brought to you by GlobalDots. It's

[00:00:13] Ganesh: 2024 and some security leaders navigate through a labyrinth of complex tools, each promising [00:00:20] safety, but delivering only more noise. They grapple with ballooning budgets that never seem to cover the escalating costs of securiting their digital realms.

[00:00:28] Teams stretch thin, trying to monitor an ever growing pile of alerts with no end in sight. But our guest today envisions a different path forward. A path where simplicity, integration, and strategic focus replace the chaotic chaos. [00:00:40] tool sprawled landscape of yesterday, Greg Notch, CISO at Expel specializes in information security, notably in developing secure solutions for enterprise businesses.

[00:00:50] His work spans from establishing the NHL's first information security program, leading SAS and DevOps transformations, and managing extremely [00:01:00] large infrastructure projects. Greg, Welcome to the show and tell us a little bit about yourself and why people should be listening to you.

[00:01:07] Greg: Oh, well, thank you for having me.

[00:01:08] Um, I'm Greg. I'm the CISO for Expel. Um, you know, I've, I've been doing security for about 10 years, but, uh, technology for about 30. And so I've, uh, I've seen a lot of things come and go [00:01:20] over the, over that time. So I'm sure you have too. And I think we're, we're at an interesting moment in security and I think it's going to be fun to talk about that.

[00:01:28] Ganesh: Yeah, definitely. So. You said you've got 20 years of experience. Give us a little bit of a flavor. What are some of the strategic approaches to cybersecurity within organizations? [00:01:40]

[00:01:40] Greg: Sure. I mean, my background is an engineering background. So I came up building systems and doing network architecture and things like that.

[00:01:47] And as I moved towards the business side, I realized like how much of, uh, cybersecurity and, and Frank, frankly, the rest of technology really is a business problem where we're solving. I think. [00:02:00] Now that that moment has always been true, but for cyber, it's cyber is now having that moment as opposed to like the rest of the, the technology organization.

[00:02:09] Ganesh: Why do you think cyber came slower or later?

[00:02:11] Greg: Well, it came later. It started really, cybersecurity started in 2013, right? When the Sony breach happened and boards and woke up and was like, Oh, [00:02:20] this could actually impact my business. So it's a really pretty young, uh, like part of the technology landscape. And of course it had its hype cycle where tons of venture capital and tons of investment was made in it.

[00:02:34] And now we're starting to see that recede a little bit in it. And as the tide goes out, we're seeing the fruits [00:02:40] of our labors.

[00:02:40] Ganesh: Yeah. You think, cause one of the main issues And I have lots of friends in the industry. There's, well, there's a few issues actually. So many attack surfaces, so many attack vectors.

[00:02:53] And then because there's so many surfaces and vectors, the amount of tooling is incredible now. Like [00:03:00] ridiculous amounts of tooling. And then you sort of feel like if you're a serious organization, you need to cover a lot of those, which means you have an unbelievable amount of tooling and incredible amounts of alerts and alert fatigue is a huge thing that's happening to people out there.

[00:03:13] What are your feelings on that? And what is what's your take on that?

[00:03:16] Greg: Sure. I mean, I kind of noticed this when I was starting to build the program. [00:03:20] Uh, the NHL, I thought, I looked at the surfaces that they had, I looked at the, the systems that we had to protect, and it's a pretty broad environment there, and I realized, like, my goodness, I'm going to have to buy, you know, a dozen tools probably to cover very specific parts of the environment, and then I'm going to have to hire a person or [00:03:40] two per tool to manage these, and then, oh, wait, hackers don't sleep.

[00:03:45] So now I have to do that 24 seven. You know, what do I do now? Um, what do I do with all the data that's coming out of these tools? What do I do with like, how do I, how do I operationalize this in any meaningful way? And I sort of drew on my [00:04:00] previous experience, like building network operation centers and standing up like technical operations functions for data centers.

[00:04:06] So I was like, Whoa, if I have to do that. for security. That's going to be a very large and expensive and headcount intensive endeavor. Okay. What else, what are my other options?

[00:04:17] Ganesh: Um, [00:04:20] unpack that for us. I'm, I'm interested because that's, if you set out the problem, I'm sure that, you know, lots of people are in that position at the moment.

[00:04:27] Greg: Um, well, at the time I was doing it, there wasn't actually a solution to that problem. Um, like effectively you were, you bought a, a SIM. Um, and then you bought some, then you tried to put a pile, all your data into the SIM. And then you built some [00:04:40] detections on top of that. You hired some engineers to manage all this for you and you attempted to automate this.

[00:04:45] Um, and then sort of around a little later, like, you know, SOAR platforms came out and like, well, that would help you automate that. And. But you still had the people problem and you still had the big data problem that you didn't want to have, right? Um, and so right around that time, [00:05:00] um, there, there were MSSPs in the, in play at that time.

[00:05:03] There were, there were large established players in that space, but they didn't really solve that problem. They, it was really more staff og than, uh, than a, you know, Like a solution to the technology problem, um, that you sort of, you referenced was the proliferation of, of sources of information. [00:05:20] And around that time, the company I work for now, uh, was started, its started its journey and was attempting to solve that problem specifically.

[00:05:27] Ganesh: Well that resonates quite highly. I had a number of positions, um, throughout my career and. One thing that people were really good at was collecting that information and making sure that we're all like, we've got to collect all the [00:05:40] logs. We've got to collect all the alerts. And that never actually worked.

[00:05:44] The only thing they ever really seemed to be used for was, uh, post breach or post accident, um, diagnosis. And it's like, Oh look, Oh yeah, we did have the alert. It was, it was drowning in 10, 000 other alerts basically. And I think, you know, it's, [00:06:00] to me, it felt mostly like ass covering basically, you know, just, just making sure you had something so you could show an auditor or prove to somebody.

[00:06:09] Greg: Um, it has a little more of a, like, I, I won't dunk on Sims quite that hard. Um, there, there's a little bit of value from the investigative side. It's the compliance for sure. There, there's a, But there [00:06:20] is the right of boom moment where you're like, I need to know what happened. I need to establish a timeline.

[00:06:25] And you of course can't take all of the signal from, uh, from that and look at it all the time, even with AI. So that you do need something to go back and refer to. But I think of it like note taking, like you got to take good notes, but I don't go back and index my [00:06:40] notes, right? Like they're there when I need to go back and refer to something.

[00:06:43] Ganesh: Yeah. I think, I think about that. And actually it's not. It wasn't to nail on the sim and say that was the problem. I just think getting people to correctly drive one

[00:06:53] Greg: is It's expensive. You have to hire some expensive and hard to hire talent [00:07:00] to really manage a sim well. So,

[00:07:04] Ganesh: Going back to your problem statement you set out and you needed an unbelievable amount of budget and you had a different approach to it and all these other things.

[00:07:11] Um, there will be people in that boat at the moment and particularly when they have so many bases to cover and definitely, [00:07:20] you know, there's never any budget for anything until after an accident usually. So what would you say to people who are in that situation of, you know,

[00:07:28] Greg: Well, like anything, it's, you're prioritizing what you're, the problem that you're solving.

[00:07:32] I like to think about solving security problems as taking care of the stuff that's closest to my, the part of the business that matters. So [00:07:40] if I'm a, if I work for a retail company, like the transaction part is the part that matters, like making sure that a point of sale can happen. If I work for an airline, making sure that people can get on the plane and that the planes can take off and land safely is a, is a extremely important part of that.

[00:07:56] world. And sort of everything else about like laptops maybe matters [00:08:00] less so long as that part of the business, you know, continues. Or if you're an online web property, for example, the, like, your, the, your uptime and your service delivery around how you deliver and keep your customers content fresh, but also keep the systems that operate it up is your highest priority.

[00:08:18] So you're, you should [00:08:20] focus your security talent and as much of your security efforts internally to that valence of things that are in your environment and everything else, like there are table stakes, security things that you need to do, try to get, try to externalize that effort as much as possible.

[00:08:36] Ganesh: I like the critical path.

[00:08:37] I mean, it's fairly logical and obviously it makes a lot of [00:08:40] sense, but I, I definitely know even in myself and you see it with other people and I've seen it with my colleagues and, and superiors and everybody else. You do fall down rabbit holes of looking at things because somebody has deemed it necessary.

[00:08:53] And um, that's a lot of a political decision and a lot of political power. And [00:09:00] I know a lot of tech people aren't so good at the politics because. I mean, well, lots of tech people like to be behind a keyboard and a mouse and, and do techie things, not battle business politics, and people who are good at politics tend to get their way.

[00:09:13] What advice would you give to people in that situation?

[00:09:16] Greg: Well, look, I mean, I think a lot of ink has been spilled on like the [00:09:20] importance of soft skills, even in highly technical roles. Um. I like to think about it this way, if you are working as an individual contributor, as an individual engineer, the scope of the problem, the size of the things you can work on is limited by how much effort you can put in and how smart you are and how, like, how much time you put in.

[00:09:39] But if you manage [00:09:40] teams and or if you can influence across an organization. You, the scope of the type of problems you can solve expands. And so if you're the type of person that's jazzed by having, like solving really large audacious problems and specifically ones like cybersecurity or for a company or, uh, you know, [00:10:00] SRE problems, if you're into that, like you're going to need to figure out how to organize people, organize work and influence across the org.

[00:10:07] You, you can't evade that. It's fine. If you want to make, if you, if you want to maintain. and maintain being an individual contributor, totally fine, but that's going to, that you're choosing a path there. So if [00:10:20] you, if what you want is to lead teams and you want to lead and big scope projects, no way around it.

[00:10:24] You have to learn to navigate it.

[00:10:26] Ganesh: Yeah, I totally agree with that. Actually. There's um, yeah, if you want to put your head above the parapet and go somewhere, you're going to have to face those moments. You talked about being jazzed. Um, previously you were. A tiny technical [00:10:40] person, and this is a step out of your technical previous roles, but what got you jazzed then and what gets you jazzed now?

[00:10:47] Greg: Oh, that's a great question. Um, I think I was sort of accidentally thrust into management like early in my career. I, and I, at the time, I guess I'm old enough that there weren't really solid paths for [00:11:00] individual contributors. Like, you know, Google, you could be an SRE or you could be a high level individual contributor and there was a very clearly defined career path for you.

[00:11:09] That was, that is still not true in many organizations and certainly not true in any that I worked at. So it was sort of an up or out and I was sort of thrust into management because I was delivering good [00:11:20] work. Um, and so then I realized that I had this moment, right? Where, Oh, I spent all my time reading books on Python or learning C or like all of these very technical skills.

[00:11:31] And I'm good at those things, but in order to be good at management and good at leadership, I'm going to have to go and put in a bunch of [00:11:40] effort into that too, to read those books. And I'm going to have to go talk to people about the craft of being a leader. And I think some people don't realize that it, some people are natural leaders, but the rest, there's a lot of effort to become good at that, that requires the same kind of discipline as.

[00:11:58] learning a programming language or learning a new, [00:12:00] a new tool set. And I, I think some people get lost in the like, well, that's not a thing that I want to spend my time on. Right. I'd rather spend my time on technical stuff, but if you don't put in the time, you won't be good at

[00:12:12] Ganesh: it. That's sounds like an unbelievably mature way of approaching that.

[00:12:18] Cause I know so [00:12:20] many people who've just been, you know, launched into that management role. I don't really know why businesses think that. if you're good at doing that technical role, why you'll suddenly be good at managing that technical role. That makes no sense to me whatsoever.

[00:12:33] Greg: I think a lot of, uh, companies sort of lack management development programs and they're just like, well, we need a leader.

[00:12:38] Our choices are hire someone from [00:12:40] the outside or this guy's great. We should, we should promote, we should

[00:12:43] Ganesh: take him away from the thing that he's really good at and put him into something that he's really bad at. Yeah. It doesn't seem to work out very well most times. And I think you've got to want to do it.

[00:12:53] I mean, I've, I've, I've had it happen to me where. previously ended up managing a fairly extensive development team and lots [00:13:00] of people in an office, um, based out in London and I just couldn't do anything. And it, it, it, I actually ended up hating it, in all honesty, because it was just too much, too, too, basically too many voices complaining, but, you know, you can't, it's not like managing your own problem in your own workspace, you're managing people, which is a totally, totally [00:13:20] different skill.

[00:13:20] Um, any particular top tips for people on those kinds of books who are going to, thinking about jumping into that?

[00:13:26] Greg: Um, I, I mean, I've a few, I think the manager's path is pretty good for like learning how to become a manager, um, for learning how to manage work, because I, I look at managing work and managing people as two kind of [00:13:40] separate domains, um, for managing work.

[00:13:42] I really like, uh, Andy Grove's classic high output management, um, for how to. How to like build process and how to make sure that you're doing the right things. You're not doing more things, more dumb things faster. You're actually like getting the outcomes that you, that you want. Um, you know, there's a ton of manage and there's a ton of [00:14:00] really bad management books out there.

[00:14:01] So I think waiting, waiting through that is tough.

[00:14:04] Ganesh: We won't ask you to nail on the bad ones, but we'll, we'll definitely keep the good ones. Unpack your, your role at the NHL for us. Tell us about it.

[00:14:12] Greg: Sure. Um, so I started, I was hired as a consultant initially to. basically fix [00:14:20] a bunch of DevOps and SRE problems that they had.

[00:14:22] Um, they had uptime issues with their public public facing websites and some of their mobile apps. And so I had a background doing that. And so I came in and cleaned some of that up. And then, you know, I kind of looked around and I had a number of colleagues that worked there that were friends of mine and they had a bunch of really interesting [00:14:40] technical challenges that they, that they needed to solve.

[00:14:42] And so I, so I went full time and then I, started solving one set of problems, and then after a while, they just give me another every couple of years, they would give me some new like technical challenge. And then I think the classic moment where I pivoted into cyber security was right around the time of the Sony breach in [00:15:00] 2013.

[00:15:01] Everyone realized like, oh, cyber security is like, Like all of a sudden the C suite cares. Um, and so I went to my boss, who was the CIO at the time. And I was like, look, you're going to have to go hire someone to run this for you. You're going to need a somebody like a CISO. Um, and then they're going to need to buy this set of tools.

[00:15:18] I think for us, this is what [00:15:20] it sort of looks like. They're going to need a staff that's. Um, so you should budget like, you know, something that looks like this and this is what the, what the organization is going to look like. You should do this pretty soon because it's, you know, it's, it's not going to get better if you don't.

[00:15:35] Um, and they're like, cool, when can you start? Um, and so that [00:15:40] was like this moment of like, what, Don't you want to hire someone who's actually done this before? Um, and so, I mean, a lot of it had to do with, I had been there for, for 10 years at that point, or eight years at that point, was a trusted person within the organization and knew where, like, I knew the important systems, I'd built some of them, I [00:16:00] knew how things worked, and so was likely to succeed in, in building a security program.

[00:16:05] But it was still that moment of like, oh God, all right, I guess, I guess I'm gonna have to do this now.

[00:16:10] Ganesh: Yeah. And give us a little idea of the feelings of pressure around that, because it's one thing building architecture and maybe the video platform falls [00:16:20] over and people can't access the videos for a bit, or whatever they do on the NHL site, I don't know, but then being splashed over the news for a cyber hack is obviously a lot more pressure, so how do you navigate that, or what's your feelings around that?

[00:16:32] Greg: Um, I mean, uh, initially utter terror, um, I mean, like that, that, that was the initial feeling. I think that

[00:16:37] Ganesh: would actually be comforting to a lot of people to hear that, just

[00:16:39] Greg: [00:16:40] honest peril and terror. Yeah. Like, okay, this is on me now. Um, I actually thrive in that, like, I don't think you're a CISO if you don't thrive with some amount of external pressure and you're, and you've developed mechanisms for, for coping with that.

[00:16:52] But at the time I was like, okay, so now what do I have to do? Um, you know, I, I put together a very broad plan, but now I have to, I have to, I have [00:17:00] I have to make it real, um, and I'm responsible for the outcome. And so I, I did what any sane person, as I called some people who had done it before and started ads, started talking to tons of peers, my, uh, my, uh, good friend and peer near Neil Boland at Major League Baseball.

[00:17:15] And when I would took my call and we worked like we worked pretty [00:17:20] diligently for a number of years on putting together programs for both those leagues.

[00:17:23] Ganesh: That's so American, the baseball guy and the NFL guy. Love

[00:17:27] Greg: it. Great. Great. Um, and so that was, so. You know, once you started, once you start to look at it, I think you'll appreciate it.

[00:17:33] Like all of my thinking came from first principles engineering thinking about, well, what, how should you build a security program [00:17:40] and how, if you were gonna build something, how should it work? And then that did not survive contact with what existed in the market, which is, I think what I was talking about earlier.

[00:17:49] It's like, Oh, well, what will you mean? I have to, build a sim, and then I have to build a sock. Like, that's terrible. What else? What other options are there? Um, and I think that's the, that was the [00:18:00] genesis of my thinking about maybe the way to solve this is I can build something bespoke. I can build something that's a More aligned with the business because at the time the security tooling that was available, wasn't great.

[00:18:13] Ganesh: What was some of the outputs of, so when you had that conversation, sorry, I forget the guy from the, [00:18:20] um, was it, was there something that came out of that where you thought, Oh, wow. I was really way, way off the mark. Or was there something that came out of that with, um, would be advice to somebody else who's, who's in the same position where they're just starting to build out their own SOC teams and things like that.

[00:18:33] Greg: Well, I think now you, you wouldn't have to phone a friend in that way. Like it's a little bit better defined. Um, I think [00:18:40] one of the things we realized. And specifically I realized early was like, well, okay, if the market is not where we need it to be, if what I need doesn't exist, I can go out and talk to like venture capital firms and I can talk to private equity firms who invest in companies who are bringing these products to market.

[00:18:56] And if you find your, find that as part [00:19:00] of your path, you can, First off, help early stage companies bring their products to market. If you're working at a big brand, second, you get very good bespoke outcomes for your company. And so the two of us and, and, and others, we just built our programs on the back of early stage startups who are solving the business problems we had, as opposed to like telling us how [00:19:20] to solve the cybersecurity problems as they saw them.

[00:19:22] And I think that's the, like, if you can, that'd be my piece of advice is if you can find your way to enter the ecosystem that way, um, Um, you can deliver very high quality programs at a much lower cost.

[00:19:35] Ganesh: Mm. Top tip. Um, how do you, how, what are some ways [00:19:40] you sort of stay present at the moment? I mean, I have, um, I'm thankful enough to be in a WhatsApp group with Almost, well, a lot of cyber people in the UK like CISOs things like that, um, run by a wonderful man called Motti.

[00:19:53] Motti, if you're listening, good work on the WhatsApp group. Um, it's up to like 300 people now and it's quite interesting actually because you see a lot of the fears [00:20:00] of CISOs coming in there and people saying, you know, we've got such and such an audit, what does anyone else do? What's good? What's bad? And it says that's, you get a good feel that way.

[00:20:09] Um, what ways do you stay fresh?

[00:20:11] Greg: I'm on a number of CISO slacks that are like that. I think as a reference earlier, we're kind of, CISOs are pack animals. Um, you know, they, they certainly like, they [00:20:20] will seek the advice and, and knowledge of their peers who have solved this before, because frankly, it's hard enough to try to figure this stuff out on your own.

[00:20:27] You do not want to blaze trails if you don't have to. So, uh, I, I stay current through, I think probably four or five. you know, in the same size, three, four, five hundred CISOs groups. Um, I still, [00:20:40] interestingly, also belong to a privacy lawyer slack, um, which, you know, sounds like boring, but they are fantastic if you want to keep up on things like GDPR and, like, new privacy regulations and, like, there's a constant stream of, like, new and, and great information from that So all of that, a couple of [00:21:00] podcasts I listen to, I don't, you know, I'm not a super podcast consumer, but like, uh, the Risky Business one is pretty good.

[00:21:06] And there's a couple of CISO podcasts. One by David Spark is pretty good. Um, and those those I'll listen to mostly for the zeitgeist of what people are talking about in the industry, as opposed to like hardcore, like, is this going [00:21:20] to solve my problem or, you know, how, how should I approach it?

[00:21:23] Ganesh: Yeah. We didn't talk much about what your, what your business does, but so people understand that, you know, Expel is a SOC outsourcing.

[00:21:31] So you're the, I like to think you've the CISO of CISOs really, because you're, you're underpinning a lot of these organizations. First of all, [00:21:40] how does that look from your side of the fence? Does that magnify the terror? Um,

[00:21:45] Greg: yes, it magnifies, it magnifies the terror at this moment. I think it was probably, I don't know, two or three weeks after I started.

[00:21:53] Um, and I, it's one of those things, like it's, you, you think about it ahead of time, but it's like a corner you can't see around [00:22:00] until all of a sudden you're like, Oh wait, I am now responsible for the aggregated risk of all of our customers. Um, Furthermore, if anything goes seriously wrong with our product or our, like our environment, like we're wired into the security controls of all of these companies.

[00:22:14] So double like, uh, oh. Um, and so that was that [00:22:20] when I had that. When I realized what that meant, I mean, I knew what it meant, but when I like, it really sunk in what it meant. It's like, okay, um, this is a whole nother level of being a CISO. The rigor required is significantly more because all of these people, yes, they're customers and they pay us money and, and, and thank you for that.

[00:22:39] But [00:22:40] like, these are businesses that are critical. And, um, You know, it was like, all right, I can't, I can't let these people down. Like I have to make sure this is the, like, that we have this pitch perfect every day.

[00:22:49] Ganesh: Yeah. I mean, you're in the world or you're getting to the point where you're going to be in the world of the octas.

[00:22:54] You know, octas got to be one of the most highly targeted organizations in the world because they got all the keys to everyone else's kingdom. [00:23:00] You must be at that. Edge, I would imagine. And what are some of the sort of things that you see advanced attacks on you and tooling around that, like that you use, if you can mention?

[00:23:10] Greg: Um, sure. I mean, we have a lot of bespoke stuff. Um, I, I will mention that Expel uses Expel to protect Expel. If [00:23:20] that's not too like, you know, circular. Um, so we have Drink your own champagne, they like to say. Yes, yes, we drink. But that actually turns out to be a good thing in the case of security operations, um, because we have a feedback loop between our internal security team and the SOC and our detection and response engineering teams.

[00:23:37] Like there's a, like we use a lot of [00:23:40] the integrations, you know, we have a lot of that technology. And so our, you know, You know, our product security, if you, if you will, is built on the backs of all of the stuff that we get from our customers, all the stuff we build internally, and there's this like feedback loop of, of information and value that happens in that moment.

[00:23:59] And then we spend, [00:24:00] if you want to talk about tools and tactics, I mean, we spend a lot of time on product security on making sure what goes into production is absolutely secure. So we focus. Very far left of boom. Most of our efforts to make sure that our supply chain is solid. Um, and we make sure that the, how it's configured and what lands in [00:24:20] production is as, as solid as we can make it.

[00:24:22] And he

[00:24:23] Ganesh: like

[00:24:23] Greg: couldn't

[00:24:23] Ganesh: live without tools in the app

[00:24:25] Greg: sec pipeline. I mean, we use a lot of sneak and sysdig right now. Um, I, like every security tool has good things and bad things. And, you know, there, there are, there are things that I love about those tools. And then there are things that make them, that make [00:24:40] them hard to operationalize.

[00:24:41] And I think that's, that's, that's really important. There's no dig on any of them. It's just, there's things that I wish were different. Um, uh, specifically some of those tools, they generate very high fidelity, um, actions for you to take, but they don't help you operationalize those things within your developer.

[00:24:58] So like, it'll tell me like, [00:25:00] There's a, a problem in this, uh, infrastructure as code, but it doesn't help me get that problem in front of the person who's able to fix it. We have to, you know, elbow grease that throughout the rest of our org. And so some of it is workflow. Some of it is, uh, is, you know, information sharing.

[00:25:17] So I think those are all opportunities for those [00:25:20] companies to like help up, help me solve those problems. Um, but yeah, that, so I was, it's always like a, that's great, but I wish it. Did you know something else? Kind of

[00:25:29] Ganesh: interesting. Yeah, we work. I work with a lot of tech startups are coming out of Israel, and I see lots of motions towards that, particularly around alert prioritization [00:25:40] and automatic workflows, you know, just based on Because you can know who did things because you can obviously you can see a pull request you can see which users related to so actually you know who did the thing.

[00:25:50] Um, so you can find them back. But I think that's coming. I think that's

[00:25:53] Greg: yeah, it's just a matter. I mean, look, what's going to happen now is we had a lot of point products, like like very narrow solutions [00:26:00] to problems that have happened. And that's in response to the stimulus of the environment's like, Oh, we found a risk.

[00:26:05] Let's like, Here's a solution. It's kind of complicated to implement. Here's a company that does it to now, like the funding environment plus just general business consolidation will cause those things to consolidate, right? [00:26:20] Like they'll, you won't buy a tiny, very narrow tool. You'll buy a bundle of them that, that are all from the same company.

[00:26:26] And then that gives you the opportunity for a workflow.

[00:26:28] Ganesh: Yeah, we. seen that happening for a little while because it was cloud workload protection platforms. And then there was cloud security posture management platforms. And then there were now it's just

[00:26:39] Greg: whiz, right?

[00:26:39] Ganesh: And now [00:26:40] it's just whiz where they did seem to, they did seem to win that battle quite nicely, but yeah, I think there's a, there'll be a, definitely a merging of that for sure.

[00:26:47] Um, in the AppSec world, you know, all those, all those CICD pipeline tools, a huge overlay, um, brings us nicely to other predictions. So you're predicting that those, those things are going to become [00:27:00] amalgamated. Anything else for 2024 and beyond?

[00:27:02] Greg: Yeah, I think, well, I think 2024 will be the year of the, of the roll up in security.

[00:27:06] I think funding environment makes that happen. Um, I think we see, uh, It's the year the CFO shows up to security programs. I think that's true. It's CFO showing up in businesses across the board, but it's the year where, [00:27:20] uh, They will ROI and value and like what are the what are the outcomes that we're spending money on is going to get Scrutinized pretty much in any business now.

[00:27:32] We see it pretty much all the CISOs I talked to are like well, my budget's not rising 10 percent year over year like it has previously It's either [00:27:40] flat or slightly down but my but the risks aren't going away and the and in fact, they're increasing so You know, uh, the, I think the buzzword is efficiency, right?

[00:27:50] The, like, how are people going to drive efficiency through their security programs, which is the thing CISOs really haven't. had to work on before. They were always like, yep, [00:28:00] new thing, spend more money, do the thing, as opposed to now it's like, well, what are you going to take out? Or what are you, what thing can you, what can you use that you already have?

[00:28:10] I actually think it's a great conversation because you can't, you can't grow security like that 10 percent year over year. It's crazy.

[00:28:17] Ganesh: No, and You would be expected to things [00:28:20] to roll into packages eventually as well, you know, that that

[00:28:22] Greg: for sure. I mean, your, your, your strategics like Palo and Microsoft are already doing, you know, are already doing this right?

[00:28:30] Um, I think the moment where it'll become real for folks is when It's already happened actually in a bunch of Fortune 50 and up [00:28:40] cases where the CIO is like, well, we bought Office 365 with E five, so like, here's all your security tools. Like, figure it out because we're not, there's no more, there's no more budget, or your budget is significantly curtailed because of that.

[00:28:52] And I think that is like, that's a moment where you're really gonna have to be able to like back to the, the influencing and, and managing part. [00:29:00] Like, well no, that's cool, but we need. You know, there's other capabilities we need that Microsoft isn't selling us or Palo Alto isn't selling us.

[00:29:07] Ganesh: Yeah. Yeah. That makes sense.

[00:29:08] And there'll be streams of salespeople happening there to navigate people through that, of that much. If

[00:29:15] Greg: they can, for sure. Of that much, I'm totally confident. One thing [00:29:20] that's for sure going to happen is the tempo of attacks are going to increase, um, either powered by AI, ML, or whatever you want to call it.

[00:29:28] Great news. What's that?

[00:29:30] Ganesh: The, the, the, the, the tax going to increase. Thank you.

[00:29:33] Greg: Well, not only are they going to increase, but they're going to, the, the tempo of them is going to increase, I think, you know, partially because it's a very [00:29:40] successful financial model to be a cyber criminal. Um, and also because the automation potential also helps them as well.

[00:29:48] And so I, I think that, uh, one of our, uh, largest customers, change their security posture as a result of this. They, uh, they recognized at the start of the, of the [00:30:00] Ukraine war that they had some exposure to that via one of their partners. And the, uh, normally when, when expel responds, you know, we'll, we'll generally tell you that an event happens, we'll give you all of the context and all of the information about what occurs in an alert.

[00:30:17] But there's also an option for us to just [00:30:20] Take care of it. So take some take action to prevent a breach and so, you know, that takes the form of like contain this laptop isolated from the network or do or you know, remove it from the environment and You know, they change their entire posture from hey Just tell us about the problem give us all of the [00:30:40] information and we'll respond to it to you know What no this is these attacks are now happening so quickly We need you to to go weapons hot and and and contain this stuff, don't even tell us, tell us about it after the fact.

[00:30:52] And I think that's the, that just illustrates like CISOs and, you know, other high risk environments are already like, you know what, we need to go [00:31:00] as fast as we possibly can. And I think that's only going to increase in, in 2024 when all of a sudden you're in, in, uh, You'll have an automated attack that attacks huge numbers of people in your company all at once.

[00:31:12] Um, it there'll be, they'll look like targeted attacks, but it'll actually be 50 people targeted at once. Um, and [00:31:20] the, the really terrifying 2024, you know, AI doom prediction for me is, um, we just saw a new story, uh, yesterday about this, where. Deep fakes are being used to impersonate the CFO or deep fakes are being used to impersonate actual people and In a world where you rely on identity [00:31:40] Like if you use Okta or any of those IDPs if you rely on identity in any way How do you validate that the person on the other end is that person?

[00:31:50] Can they enroll a new phone? Like how do I check to make sure you're you and if you can fake that via video or voice You Because we're not in the same time zone. Like, [00:32:00] like at some point, like. Uh, how do I, how do I make sure that you're not just a threat actor who grabbed a piece of video of me off the internet and is now telling my CEO to like, turn off our, our security controls?

[00:32:13] Right? Like, or, or to, or to the CFO to wire money for something like a terrifying,

[00:32:19] Ganesh: [00:32:20] great story. And I think there was a, there was more than one person in that zoom room when the person transferred the money. And it actually, it turned out the only real person in there was the, was the victim. Basically.

[00:32:29] Every, you know, there was a whole bunch of deep fakes all in one zoom room together.

[00:32:32] Greg: Right, and like this is day one of that. Now imagine that at scale. Yeah. I mean, it's already a service you can buy on the dark web, but imagine the, like, it's [00:32:40] only going to get better. This is the 1. 0 of that stuff. I think we're in for a fun year.

[00:32:45] Terrifying

[00:32:46] Ganesh: and exciting. Two interesting points there. First thing that they're going to start moving really quickly. I know CISOs don't move quickly. They can't because the business demands that they have to go and go and check everything. How are they going to deal with that?

[00:32:59] Greg: Um, good [00:33:00] question. Um, I don't know.

[00:33:01] Uh, but I can speculate. Um, the. If you get the basics right, you can solve 99 percent of the problems that you'll have. And so hopefully what will happen is enough consolidation in tools and enough consolidation in sort of the table stakes security stack will be sort of. [00:33:20] off of your field of view so that you can, you actually will have the, the money and the attention span, frankly, to, to try to tackle these.

[00:33:30] Um, I think all, but like this will come to the largest financial services. First, like, because of the obvious targets for, for money. [00:33:40] Um, and mercifully, they're the ones with the most sophisticated security programs. So stuff will inherently be developed for, for that, that'll trickle down to the rest of us.

[00:33:49] But in the interim, like it's going to be spicy.

[00:33:52] Ganesh: And the second part of that was about identity and how can you trust somebody who's really there? The only way I can see that going anywhere. [00:34:00] Is biometrics, which I sort of put the fear of God in me in some way because I just don't like the idea of biometrics being shed around and, and, uh, But once those are breached, like you're breached.

[00:34:13] Greg: You mean like 23andMe? Like, that doesn't terrify you? Yeah, well,

[00:34:16] Ganesh: yeah, exactly like that. What are your feelings on that? I'm [00:34:20] okay

[00:34:20] Greg: with biometrics as long as they're contained on a device that I control. So Touch ID on your Mac or on your iOS device. And I think you can derive enough security properties via cryptography and other things where And like the secure enclave chips that are on these devices, where the biometrics don't need to leave a device that's outside of my control.

[00:34:39] And I [00:34:40] can derive all of the good security from that. And Okta has this and FastPass and Duo has it as well. Um, those, that's probably okay for the vast majority of use cases, but the problem with it is, is it falls down on the enrollment of the device. When you say, hi, uh, I lost my phone. And [00:35:00] I need to enroll a new device to a, to a service desk employee in Bangalore.

[00:35:04] Like, how do you, like, how are they supposed to know like, Oh, you're a deep fake of, of Greg and like, no, you can't enroll that device. Cause once that device is enrolled, I mean, that's how Facebook got breached. That's how Okta got breached. Like those, those device enrollment hacks are big. So [00:35:20] terrifying. I think that there's going to be services and there already are for like truly validating someone.

[00:35:26] is who they say they are. Like, hey, walk over there and take a book off the shelf and show me your government ID and, you know, all of the things that would be very hard to deep fake in, in real time. Um, you know, information that maybe [00:35:40] Code, like pre shared code words or other ways to validate pre enrollment.

[00:35:45] Ganesh: Oh, it's cool. It'll be like spies in wartime. It's cold this time of year in Russia, isn't it? Yeah,

[00:35:51] Greg: listen from a cryptography perspective. There is almost nothing more secure than a one time pad.

[00:35:56] Ganesh: Yeah Interesting. Well, that's some sort of [00:36:00] semi frightening and some things to look forward to but Hey, at least you're in the right business.

[00:36:04] You're not going to be out of work and anybody in the security profession is definitely not going to be out of business.

[00:36:08] Greg: You want to be selling shovels in the gold rush. Yeah. That's,

[00:36:11] Ganesh: uh, uh, CIO says the exact same thing. Oh really? Yeah. It's sorry. It was on our sales kickoff. Yeah. The [00:36:20] gold Russian in the, that's what we do with the shovel sellers.

[00:36:23] Um, if you could go back in time and give yourself one piece of advice, what would it be either to avoid something or, um, That's always

[00:36:31] Greg: a fun question. Um, I think a couple of things. First I would. I would tell my, my younger self to spend much more [00:36:40] time on the soft skills and the relationship skills earlier.

[00:36:44] Um, because they, they pay a lot of dividends, right? Like, like having, um, having that ability to influence people and outcomes. I mean, it was, it's a learned skill and, you know, I wish I had done it earlier. Um, I think the other thing that I, [00:37:00] I probably wish I had done was, focus on cybersecurity a little earlier than I did, like while I was still much more technical.

[00:37:10] I, I don't know if even if like the, if I'd need a DeLorean for that timeline to be like that. Uh, but, but the, like, I honestly wish I had gone deep on [00:37:20] application security, like, you know, when it was new while I was still had time to be like deeply technical. I, I, you know, I find that stuff. Very interesting now.

[00:37:28] And I feel like it's an important part of the future.

[00:37:30] Ganesh: Um, yeah, I, I, I also completely missed the boat with APSEC really. I have a, tangential sort [00:37:40] of understanding of it. And I think it's a very interesting space because most of the stuff that is hackable comes out of that, that pipeline, you know, they, uh, totally understandable why people want a software bill of materials these days.

[00:37:54] And

[00:37:54] Greg: totally, I mean, I, when I want to go, like some, one of the things I actually do when I want to take a break from [00:38:00] my, from my day job is like, Oh, I, I still like to write some code now. Oh, it's so relaxing. Yeah. Cause it doesn't matter. It's never going to production. Um, but one of the other things I tinker around with is burp suite.

[00:38:09] I don't know if you, yeah. And like, and I realized like how much time it would take me to be bad at that. It's like golf, right? Like it would take me, you know, months and months and months of, of [00:38:20] continued practice to be bad at this. And then you realize like how the people who are really good at it or, you know, Their chef's kiss.

[00:38:26] Awesome.

[00:38:27] Ganesh: The, um, burp suite for if a case anyone doesn't know is, uh, packet sniffing, I would say.

[00:38:33] Greg: It's more like a manipulates, um, like the interaction between your browser and [00:38:40] some web service or some API. It sits in the middle and it lets you fiddle with the bits and try to break stuff.

[00:38:46] Ganesh: That was a much better description.

[00:38:47] That's why, that's why you're the CISO of CISOs. Yeah. I worked with a guy who was. He was our information security manager at a newspaper company in the UK. And he was always fiddling with Burp Suite and doing stuff and proving that [00:39:00] stuff could be done. He was deep with the Burp Suite. He was one of those guys where you sort of bow down.

[00:39:04] We are not worthy for your Burp Suite skills. Let's talk about Tool Sprawl.

[00:39:08] Greg: All right, perfect. Let's talk about Tool Sprawl. Um, I mean, look, like we were talking before, like, There was a, there's a base of problems like a standard of care that are sort of [00:39:20] native to every security program. You have some sort of endpoint problem product, you have some sort of mail security product you have, you know, probably if you have cloud environments, you have some basic cloud tooling, so you already are three or four there.

[00:39:33] If you have on prem infrastructure, you got firewalls. If you, you know, like, so there's, Those are like your core, let's say four or five [00:39:40] things, four or five technologies. And then all of a sudden, depending on your business and how and what, like whether you build software for a living or you're a retail establishment or you're an airline or whatever, like you have things that are, like I was saying before, close to your business and you start popping controls there.

[00:39:56] And then maybe you're a manufacturing company and you have OT and you can't [00:40:00] patch it. So now you have some other network security controls in there because you're meeting compliance requirements. Pretty soon you're like, the average was, but it was something terrifying, like 30 or 40 security controls, uh, in, in, in your environment.

[00:40:13] And now you're trying to operationalize these. Um, back in the day, it used to be the adage was for every tool you buy, [00:40:20] you need a head, um, to, to manage it. And like, or at least maybe half of one or sometimes more if it's Salesforce, it's five, I don't know. Um, but the, uh, the, the. The problem with security tools is like, now you've got these people managing the tools, but you also have an operational cadence that comes out of them.

[00:40:37] Alerts, or, you know, [00:40:40] investigations, and you'd simply cannot keep up with all of them. Like, and you honestly want to take information from one source, Like, they're related, like an alert in your firewall might be related to the email that the person clicked that may, that was also alerted on by your mail gateway that also had some [00:41:00] application security log that's in your sim.

[00:41:03] Well, how do you make sense of that? Um, I mean, shameless plug, that's what our company does. Um, but of course, That you still have that problem, whether you choose to solve it with a, with a, with an MDR or not, that's either there's a pile of people gluing all of that together for you somewhere in order for you to [00:41:20] both left and right of boom, make sense of all of that.

[00:41:22] So

[00:41:23] Ganesh: yeah, the answer was always going to be machine learning and AI somewhere at the end of that conversation with tool sprawl.

[00:41:29] Greg: Well, yeah. Or, uh, or, you know, elbow grease, which is the bad answer. Um, it's like, okay, I'm going to just get a bunch of people to grind this out. Like we did with. [00:41:40] Um, so

[00:41:41] Ganesh: yeah, we, we, we're in the, we're in the business of talking to people about these things, you know, shameless, we're resellers of those sorts of technologies as well, but we have lots of conversations around that.

[00:41:51] And, you know, having. The day one conversations with people that are about to start building a NOC from [00:42:00] scratch and, you know, talking about you need to follow the sun headcount and all those other problems, which means, you know, plus they're on holiday. So it ends up being six headcount and that whole story, which is real story.

[00:42:10] But people still still happy to do that or still really keen to go and do that. Um, What are your thoughts on that? I mean, you obviously [00:42:20] need your own, you obviously need your own security team because someone's got to handle the alerts that can't be done by a managed detection response team because managed detection response teams can only do so much because otherwise they'd just be working for you and they wouldn't be a service.

[00:42:32] Greg: Um, where's the line? I think, well, that's the, that is the question and your choice. One of your main choices [00:42:40] as a CISO and sometimes maybe even above that in like the executive suite is how much, like, where do you draw that line for your program? Um, you know, my opinion is anything that's not close to the operation of your business.

[00:42:52] You should get off your balance sheet either via insurance or externalization with a, with a provider. Like you don't want, People doing low value [00:43:00] work for you. You do this in the help desk. You do this, you do this in other parts of it operations. You certainly do it in dev ops and SRE land. Like you pay pager duty.

[00:43:08] You don't have someone staring at a, at a, uh, at a, like a monitoring solution. Like, wait, did that green light turn red? Like you don't, you don't do that in other parts of your business. Like, gosh, why would you do it? [00:43:20] Um, you know, unless you're SpaceX and you're launching rockets and you have a bunch of people like that need to stare at glass, like you should not do that unless you really have to.

[00:43:28] Yeah.

[00:43:29] Ganesh: I, I very much like the pager analysis. I'll be using that in the future. You also talked about, um, well, you, we, we, we can't mention the companies, [00:43:40] but you have some, uh, very large tier one companies. Um, anything interesting you can tell us or war stories, maybe not even related to EXPEL, but

[00:43:50] Greg: About an incident or about Yeah, just

[00:43:52] Ganesh: around your security career, um, we've found from experience that people basically love a good war story of any description.

[00:43:59] Um, [00:44:00] I think it, I think hearing your pain makes people feel better about their lives. So, uh, yeah,

[00:44:07] Greg: anything from the trenches? Oh, this is a fun one. Um, So we, we were installing a brand new, uh, security tool. Um, and the security tool, uh, [00:44:20] would, it was, uh, it was, uh, like a SACE product. Um, so it would, it was sit between.

[00:44:27] People and their, and their web browsing and people and the applications that they access. Um, so think like, you know, Netscope or Zscaler. Um, and so we turned it on and it had this feature where it [00:44:40] had, uh, a threat, threat intelligence built into it. So it would look at breach data and say like, Oh, look, these are breached, Um, or breached accounts.

[00:44:50] Um,

[00:44:50] Ganesh: A bit like I've been pawned. Yeah, exactly,

[00:44:52] Greg: but early, but it was built into the product. So you would see like, it would show you like, hey, this endpoint and this user looks like they have a compromised [00:45:00] credential. Like you should, you know, You should tell them to go change it. And so we turn this thing on and it lights up, right?

[00:45:06] And this one particular user had, um, it, you know, had their credential, it looked like they had their credentials compromised. So like, all right, cool. We'll start an investigation, make sure that it wasn't, wasn't compromised. Well, it turns out that that we had MFA [00:45:20] everywhere. So that credential actually wasn't compromised.

[00:45:23] Um, And so, the account that was compromised was somebody else who had used the laptop for their personal email, and that's, we, we, uh, we picked up the, uh, we picked up the email address of the, of the person who had used their, their, used this laptop. Well, [00:45:40] turns out, the breaches that, uh, The, that those, uh, email addresses were found in were the adult friend finder and the, uh, Ashley Madison breach.

[00:45:48] Ganesh: And

[00:45:50] Greg: the person whose email address was compromised was the spouse of the, of the person who, of the. Oh, that's a good one. Yeah. So, and so now you have this like, [00:46:00] amazing, like, well, do you? Tell them like this amazing moment of like, and I remember talking to the vendor who sold us the tool and I was like, this is probably one of those unintended consequences for like, you know, like inbound threat Intel.

[00:46:16] Um, and maybe you want to think about like this, like [00:46:20] maybe constraining that to like, you know, work emails and like, not like some random Yahoo address or something that's in there.

[00:46:27] Ganesh: Nice. Yeah. There's, there was a, I can't remember them all, but I've definitely heard a good few stories around those hacks over the years.

[00:46:35] There was some.

[00:46:35] Greg: Yeah. It's a, it's just like, yeah, they're gifts that keep on giving. It puts you in [00:46:40] like, like the problem with a lot of these security tools is they, it gives you information that is hard to action on in times, right? You just, you're like, well, this is now turned into. Like, I have to correlate it with a bunch of other information to generate a good security outcome.

[00:46:56] And then, then the so what of it becomes a problem to work

[00:46:59] Ganesh: on. [00:47:00] Yeah. That, that, those, those you've been breached ones are interesting. It's like, okay, I can change my password for that site, but I mean. Aside from that, you know,

[00:47:08] Greg: I don't even pay attention anymore because I just presume I've had the same email address since 1997.

[00:47:14] Um, and so like, it's been owned, I'm sure.

[00:47:18] Ganesh: Many, many, many times [00:47:20] over. Um, great. I mean, we're coming to the close of the show. We've asked you lots of things, any, any other little bits of golden nuggets or anything else for the people out there?

[00:47:31] Greg: Um, no, I just, uh, really grateful for you having me on here. It was great to meet you and, uh, thanks for having me.

[00:47:37] Ganesh: Likewise, um, really appreciate it. I know your [00:47:40] time is pretty scarce, so we're very lucky to have you. Many thanks. This episode was produced and edited by Daniel Ohana and Toma Morvidsson. Sound editing and mix by Bren Russell. I'm Ganesh The Awesome, and if you're ready to deep dive and start transforming the way you approach security, FinOps, and DevOps, Or any other cloud practices, then the team and myself at GlobalDots are at your disposal.[00:48:00]

[00:48:00] It's what we do, and if I don't say so, myself, we do it pretty well. So have a word with the experts, don't be shy, and remember that conversations are always for free.

Related Content

  • SASE Evolution: Shlomo Kramer, Founder & CEO @Cato
    Cloud Security
    SASE Evolution: Shlomo Kramer, Founder & CEO @Cato

    What does the future of security look like? Shlomo Kramer, Founder & CEO of Cato Networks, joins CloudNext to share his vision. From the rise of SASE as the next-generation network security model to the importance of convergence and simplicity in security platforms, Shlomo offers invaluable insights for organizations navigating digital transformation. Tune in to explore how legacy systems are being replaced, how to secure your operations with agility, and what’s next for the industry.

  • Prioritizing Cloud Security: Tomer Hadassi CTO @Upwind
    Cloud Security
    Prioritizing Cloud Security: Tomer Hadassi CTO @Upwind

    Too much visibility, not enough action? Tomer Hadassi, CTO at Upwind, explains how to prioritize what really matters in cloud security. Discover how real-time, runtime context slashes thousands of vulnerabilities down to a few key threats, making life easier for DevOps and security teams. We also explore CNAP’s evolution, AI-driven profiling, and how to simplify compliance for enterprises and startups.

  • Mental & Cyber Security: Peter Coroneos @Cybermindz
    Cloud Security
    Mental & Cyber Security: Peter Coroneos @Cybermindz

    Cybersecurity professionals are working in a department where someone is constantly trying to ruin their day. A security breach causes untreated trauma, which at best leads to a career change. Peter Coroneos, former head of Australia’s Internet Industry Association, argues addressing well-being will benefit companies by reducing turnover and preserving corporate memory. He founded Cybermindz, which offers neuroscience-based solutions to build resilience and prevent burnout.

  • How Yuki Achieved SOC 2 Compliance 6x Faster
    Compliance Automation
    How Yuki Achieved SOC 2 Compliance 6x Faster

    Overview A fast-growing Snowflake optimization platform was missing out on customers because they didn’t have the right data security compliance. Through multiple consultations and extensive vendor-testing, the GlobalDots team selected a solution to provide both tech and human support, helping the company achieve SOC 2 compliance within just 3 months – and win new customers […]

  • Secure Sanity: Bronwyn Boyle, CISO @PPRO
    Cloud Security
    Secure Sanity: Bronwyn Boyle, CISO @PPRO

    Dive into cybersecurity and mental health with Bronwyn Boyle, CISO at PPRO. Discover the challenges of managing risk in evolving tech environments and the impact of AI on security. Bronwyn shares insights on fostering a no-blame culture, the importance of diversity in tech, and her journey through burnout. Learn practical strategies for building resilience and supporting mental health in cybersecurity. Tune in for a compelling conversation that bridges tech and well-being.

  • Adopting to Speed of Cloud: Stav Sitnikov, CTO @StreamSecurity
    Cloud Security
    Adopting to Speed of Cloud: Stav Sitnikov, CTO @StreamSecurity

    If you are facing real-time cloud security challenges and struggling with escalating costs this episode is for you. Discover the future of cloud security with insights into AI-driven threat detection and seamless integration of security tools. Learn how to balance performance and cost-efficiency, and why early unit testing is crucial for success. Join Ganesh on CloudNext as he sits down with Stav Sitnikov, Co-Founder & CTO of StreamSecurity, to explore actionable strategies and forward-thinking solutions reshaping cloud security.

  • Pragmatic Cybersecurity: Alex Jilitsky, Head of Cybersecurity @Plus500
    Cloud Security
    Pragmatic Cybersecurity: Alex Jilitsky, Head of Cybersecurity @Plus500

    In this CloudNext episode, Alex Jilitsky of Plus500 and Ganesh dive into cybersecurity automation's role in transforming digital defense. They tackle the shift from manual strategies to innovative automated solutions, underscoring the need for agility in tech's fast-paced realm. Alex shares insights on pragmatic decision-making and aligning security with business goals. Tune in for a discussion on navigating cybersecurity challenges in today's dynamic landscape.

  • Transforming AppSec: Neatsun Ziv, CEO @Ox Security
    Cloud Security
    Transforming AppSec: Neatsun Ziv, CEO @Ox Security

    In this episode of CloudNext, Neatsun Ziv, co-founder and CEO at Ox Security, joins Ganesh to tackle the evolving challenges in application security. They delve into the incessant alert noise and manual triage that often overwhelm tech professionals, and how traditional methods fall short in today's fast-paced digital landscape. Neatsun shares his vision for a future where innovative solutions and strategic playbooks transform incident response, making security management more efficient and effective. Tune in for invaluable insights on enhancing your security posture in an era of endless cyber challenges.

  • Adaptive Security: Janis Lasmanis, CISO @Evolution
    Cloud Security
    Adaptive Security: Janis Lasmanis, CISO @Evolution

    In this episode of CloudNext, Janis Lasmanis, CISO at Evolution, unveils his cybersecurity strategies, emphasizing the importance of adapting to unique threats rather than relying solely on market solutions. Delving into SIEM and SOC, Janis discusses the critical balance between securing operations and maintaining business flow, showcasing how tailored, dynamic defenses are crucial in the rapidly evolving tech landscape.

  • AWS Innovations Decoded: GlobalDots’ Top 20 Picks
    Cloud Computing
    AWS Innovations Decoded: GlobalDots’ Top 20 Picks

    Join AWS experts from GlobalDots as they decode the top 20 cloud innovations you need to know in a 2 part Webinar. Gain insider insights on leveraging these transformative technologies to boost performance, tighten security, and reduce costs. Discover real-world applications to apply these advancements to your business. Reserve your spot now! ? Stay Ahead: Learn […]

  • Complying with AWS’s RI/SP Policy Update: Save More, Stress Less
    Cloud Cost Optimization
    Complying with AWS’s RI/SP Policy Update: Save More, Stress Less

    Shared Reserved Instances (RIs) and Savings Plans (SPs) have been a common workaround for reducing EC2 costs, but their value has always been limited. On average, these shared pools deliver only 25% savings on On-Demand costs—far below the 60% savings achievable with automated reservation tools. For IT and DevOps teams, the trade-offs include added complexity, […]

  • The Future of Cybersecurity: Shlomo Kramer’s Bold Predictions for the SASE Era
    Web Security
    The Future of Cybersecurity: Shlomo Kramer’s Bold Predictions for the SASE Era

    What does the next decade of cybersecurity hold? Few can answer that better than Shlomo Kramer—co-founder of Check Point and Imperva, and founder & CEO of Cato Networks. In a candid conversation on the CloudNext podcast, Shlomo shared bold predictions and actionable strategies for navigating the challenges and opportunities ahead. From the rise of SASE […]

  • Three Ways CISOs Can Combat Emerging Threats in 2025
    Web Security
    Three Ways CISOs Can Combat Emerging Threats in 2025

    73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

  • From IT Headaches to Automation with Alon Zlatkin, CEO @Dots
    Hosting, networking & hardware
    From IT Headaches to Automation with Alon Zlatkin, CEO @Dots

    From IT procurement and onboarding to IT asset disposition and offboarding, logistics is often sidelined as a hectic routine. But as Alon Zlatkin, CEO of Dots, discloses, these essentials are the backbone of smooth operations, impacting productivity and cost efficiency. Tune in as we explore the hidden logistical nightmare affecting the IT department and echoes through the whole organization. Discover how Dots transforms logistical headaches into automated solutions that fuel growth.

  • FinOps Strategies: Liat Shoil & Nastya Mor @SentinelOne
    FinOps
    FinOps Strategies: Liat Shoil & Nastya Mor @SentinelOne

    FinOps is a key driver of business growth, but what does it take to run an efficient FinOps practice? In this episode, Ganesh the Awesome sits down with Liat Shoil, Director of FinOps & Analytics, and Nastya Mor, Staff FinOps Engineer at SentinelOne. They share their journeys into FinOps, their biggest challenges, and how they built successful FinOps teams from scratch. Learn about automation tools, the importance of KPIs, and how cross-team collaboration can optimize cloud costs while aligning with business goals. Tune in to discover actionable strategies to level up your cloud cost management.

Amplify Your Cloud Security

Technology, security threats, and competition all change rapidly and constantly. Your security stack must, therefore, be ahead of every emerging threat and, just as importantly, enable full-speed business processes by reducing friction in critical workflows.

Achieve this with GlobalDots’ curated solutions:

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services