The Future of Security Operations

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Raymond Schippers. With 15 years of experience leading detection and response teams, Raymond is a seasoned security leader with high-impact roles at Check Point and Canva under his belt. He recently became co-founder of Huntabil.IT, a Melbourne-based company providing organizations with tailored advisory services to align with their unique threat landscapes and business goals.

In this episode:

[02:27] Landing his first security internship at Siemens as a teenager

[03:18] Reflecting on some state-sponsored attacks he encountered while working IR at Check Point

[04:45] Working with government partners to attribute and dismantle APTs

[08:10] The challenges of remediating threats for anonymized customers

[09:30] What inspired Raymond’s move from Check Point to Canva

[10:35] Building Canva’s blue team during the company’s phase of hypergrowth

[12:40] Rethinking the interview process to prioritize diversity in hiring

[18:02] Proven strategies for reducing burnout and alert fatigue in IR

[21:09] How Raymond's team used automation to scale security operations at Canva

[23:16] The state of AI in security - and its most effective use cases

[28:53] What inspired Raymond to found Huntabil.IT

[31:09] Raymond’s approach to working with non-profit organizations

[39:15] The under-reported threats that could reshape the future of SecOps

[44:06] Anticipating the biggest challenges security teams will face over the next five years

[46:42] Connect with Raymond

Where to find Raymond Schippers:

• LinkedIn
• Huntabil.IT

Where to find Thomas Kinsella:

• LinkedIn
• Tines

Resources mentioned:

• Cyber Threat Alliance
• Raymond's talk on avoiding team burnout at BSides Perth

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by George Griesler. George has been working in cybersecurity since 1997, when he assumed the role of Senior Network administrator at the United States Golf Association (USGA), eventually advancing to Director of Information Security. He currently serves as the Senior Director of Cybersecurity at the National Football League (NFL), where he works to secure events like the Super Bowl, which in 2024 was the most-watched telecast ever.

George and Thomas discuss:

What security operations looked like in 1997

Protecting the secrets of regulation golf equipment at the USGA

The shift in security and privacy needs at live sports events

Securing scents, flavors, and other chemical formulations at IFF

Preparing for Super Bowl LXXVIII in the wake of the MGM Resorts cyber attack

The Super Bowl threat profile, from scoreboard hacking to stadium credentials

Collaborating with cybersecurity experts from CISA, the FBI, Caesars Palace, and the MGM Grand.

Aligning security operations with physical security

The reality of working on high-pressure events

The benefits of knowledge sharing with other teams working on live sports events

The importance of relationship building across internal security teams:

The potential of automation, orchestration, and AI in incident response

The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security

Where to find George Griesler:

NFL: https://www.nfl.com/

LinkedIn: https://www.linkedin.com/in/georgegriesler/

Where to find Thomas Kinsella:

Twitter/X: https://twitter.com/thomasksec

LinkedIn: https://www.linkedin.com/in/thomas-kinsella/

Tines: https://www.tines.com/

Resources mentioned:

A Cyberattack Shuts Down MGM Resorts In Las Vegas And Other Cities: https://www.forbes.com/sites/suzannerowankelleher/2023/09/12/a-cyberattack-mgm-resorts-las-vegas/?sh=c1b5096505c0

The 1,000-ton screen bringing Super Bowl LVI to the lucky fans inside the stadium: https://edition.cnn.com/2022/02/11/sport/super-bowl-lvi-samsung-infinity-screen-sofi-stadium-tech-spc-intl/index.html

In this episode:

[01:50] What infrastructure management and incident response looked like in 1997

[03:30] His projects at the United States Golf Association (USGA), including securing a golf handicap information network

[06:05] Witnessing the digital transformation of live sports events

[08:40] Securing flavors, scents and other chemical formulations at IFF

[13:20] Building a threat model for large OT environments

[15:30] Increasing security awareness and culture across the organization

[17:45] Moving to the NFL

[21:20] How George's team prepare for the Super Bowl

[24:10] Partnering with cybersecurity experts at CISA, the FBI, and local partners in Las Vegas like Caesars Palace and the MGM Grand.

[27:00] The Super Bowl's threat profile, from scoreboard hacking to stadium credentials to online identities of individual players

[29:20] Inside the NFL's Super Bowl command centre

[30:40] Ensuring the team is supported to handle high-pressure events

[32:55] Knowledge sharing with security teams on other live sports events, from The Olympics to the World Cup

[37:00] Reducing risk through collaboration across the security team

[38:35] AI as a defender tool and attacker tool

[41:50] The future of the SOC

[43:15] Connect with George

To kick off season 5 of the Future of Security Operations podcast, Thomas is joined by Mandy Andress. Mandy is the Chief Information Security Officer at Elastic, a leading platform for search-powered solutions, and has more than 25 years of experience in information risk management and security. Before Elastic, Mandy led the information security function at MassMutual and established and built information security programs at TiVo, Evant, and Privada. She also founded an information security consulting company with clients ranging from startups to Fortune 100 companies.

In this episode, Mandy and Thomas discuss:

Her move from accounting to security

Why she was drawn to Elastic's employee-centric culture

How her role at TiVo in the early '00s shaped her view of privacy

Switching from a technology-first to people-first approach to security

Recognizing the human factor in incident response

Embracing asynchronous operations on dispersed teams

The importance of bringing your authentic self to work

Staying technical as you move into leadership

How she puts her law degree to use as a CISO

Balancing compliance and overall security posture

Collaboration and knowledge sharing within the CISO community

Elastic's approach of knowledge sharing by default

How prioritizing analyst time will be critical in the future of SecOps

Adopting an infrastructure-as-code approach

Balancing between proactive security measures and reactive responses

Building a culture of security across the organization

Tips for surviving in security operations in tech

The Future of Security Operations is brought to you by Tines, the platform that powers some of the world’s most important security workflows. https://www.tines.com/solutions/security

Where to find Mandy Andress:

LinkedIn: https://www.linkedin.com/in/mandyandress/

Elastic: https://www.elastic.co/

Where to find Thomas Kinsella:

LinkedIn: https://twitter.com/thomasksec

Twitter/X: https://www.linkedin.com/in/thomas-kinsella/

Resources mentioned:

Surviving Security: How to Integrate People, Process & Technology by Mandy Andress: https://www.amazon.co.uk/Surviving-Security-Integrate-Process-Technology/dp/0672321297

Mandy’s 2001 BlackHat talk on wireless LAN security: https://www.youtube.com/watch?v=XtT2Ta87uow

Elastic’s blog: https://www.elastic.co/blog

In this episode:

[01:57] Moving from accounting to security

[02:43] Finding a company with strong vision, culture and business foundations

[05:26] Working in network security in the early days of TiVo

[07:05] What’s changed in security since 2001?

[09:20] A career-long fascination with the human factor in incident response

[10:30] Embracing empathy in her leadership style

[12:25] Finding a workplace where you can be your authentic self

[16:10] Exercising her technical muscles

[17:45] The decision to study law

[21:18] Balancing compliance and overall security posture

[23:35] Knowledge sharing in the CISO community

[24:22] Elastic's policy of being "radically transparent"

[29:20] The future of security operations

[31:29] How her security team works with product engineering

[34:03] Adopting an infrastructure-as-code approach

[35:01] Building a culture of security across the organization

[38:09] Her advice for others working in security in a high-growth organization

[41:50] Baking off security products in her home lab

[44:37] Connect with Mandy

In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Mark Hillick, CISO at Brex. Mark’s experience in the security industry spans more than two decades. He started out as a security engineer at Allied Irish Banks before advancing through companies like MongoDB to become Director and Head of Security at Riot Games. His book, The Security Path, features over 70 interviews with security professionals on their career journeys.

In this episode:

[02:06] His early career journey - from a mathematics background to building early online banking systems
[03:32] What’s kept Mark excited about security for over two decades
[04:40] The compound benefits of growing within a company over time
[07:20] Mark’s leadership style - defined by transparency, directness, and genuine care for his teammates
[12:45] Communicating the business trade-off between risk and return
[16:45] Reflecting on the team’s response to major incidents at Riot Games
[21:00] The unique challenges of securing gaming platforms
[26:30] How Mark approaches strategy and planning in the fintech space
[28:08] The case for building strong, partnership-driven vendor relationships
[31:13] Creating space for creativity - without spreading the team too thin
[34:35] Empowering his team to speak openly - even if it means calling him out
[36:35] The inspiration behind Mark’s books Digital Safety for Parents and The Security Path
[40:20] Connect with Mark

Where to find Mark:

• LinkedIn
• Brex

Where to find Thomas Kinsella:

• LinkedIn
• Tines

Resources mentioned:

• The Security Path - click here to redeem a free copy for podcast listeners (first come, first serve)
• Digital Safety for Parents - click here to redeem a free copy for podcast listeners (first come, first serve)
• Mark's talk during his time at Riot Games in 2016

On this episode of The Future of Security Operations podcast, Thomas is joined by Andrew Santell. Andrew is an experienced security leader who worked for the U.S. Navy for over a decade before moving into the private sector. In 2021, he founded the Security Operations program at Netflix, and recently, he joined edge cloud platform Fastly, where he is the Director of Security Operations and Cyber Defense.

In this episode, Andrew and Thomas discuss:

Navigating the unique challenges of the Navy, from log management to prioritization

Making the leap from the Navy to tech

Building a security operations team and program from scratch at Netflix

Red teaming phishing response playbooks at Netflix to test their effectiveness

Recognizing the value of good processes

Why teams should design processes first, automate later

Creating a feedback loop between teams at Fastly

How “shifting left” has helped Andrew’s team reduce vulnerabilities

Using automation for risk assessment at Fastly

Andrew’s approach to incidents like the Log4J vulnerabilities

Why growth in the vendor market is a good thing for practitioners

Why automation should be a requirement, not just a best practice

What advancements in AI mean for threat detection

The importance of risk-based decision-making

The potential of self-remediation

Why good security leadership starts with taking care of your people

The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://tines.com/solutions/security

Where to find Andrew Santell:

LinkedIn: https://www.linkedin.com/in/ajsantell/

Fastly: https://www.fastly.com/

Where to find Thomas Kinsella:

Twitter/X: https://twitter.com/thomasksec

LinkedIn: https://www.linkedin.com/in/thomas-kinsella/

Resources mentioned:

Google’s SRE handbook: https://sre.google/sre-book/table-of-contents/

Netflix’s 2018 blog post on SOCless: https://www.linkedin.com/pulse/socless-detection-team-netflix-alex-maestretti/

In this episode:

[02:05] Andrew’s career journey so far

[05:35] The unique requirements of working in the Navy

[09:12] Risk-driven decision making

[11:11] Self-assessing phishing response controls and mitigations at Netflix

[14:28] Andrew’s decision to leave the Navy and his transition to the private sector

[16:12] Comparing approaches to security at the Navy and in tech

[19:26] Breaking free of bad processes

[23:20] Broadening roles to include pen testing, application security, and vulnerability management

[27:27] How Andrew approaches automation at Fastly

[31:56] Protecting Fastly’s infrastructure

[33:57] How SecOps has changed and where it’s going next

[40:18] Embracing automation for vulnerability management

[42:45] Taking care of your people as a security leader

[44:56] Making engineering and automation part of prioritization

[47:19] Connect with Andrew