Elastic’s Mandy Andress on switching from a tech-first to people-first approach to security
03/12/24 • 46 min
To kick off season 5 of the Future of Security Operations podcast, Thomas is joined by Mandy Andress. Mandy is the Chief Information Security Officer at Elastic, a leading platform for search-powered solutions, and has more than 25 years of experience in information risk management and security. Before Elastic, Mandy led the information security function at MassMutual and established and built information security programs at TiVo, Evant, and Privada. She also founded an information security consulting company with clients ranging from startups to Fortune 100 companies.
In this episode, Mandy and Thomas discuss:
Her move from accounting to security
Why she was drawn to Elastic's employee-centric culture
How her role at TiVo in the early '00s shaped her view of privacy
Switching from a technology-first to people-first approach to security
Recognizing the human factor in incident response
Embracing asynchronous operations on dispersed teams
The importance of bringing your authentic self to work
Staying technical as you move into leadership
How she puts her law degree to use as a CISO
Balancing compliance and overall security posture
Collaboration and knowledge sharing within the CISO community
Elastic's approach of knowledge sharing by default
How prioritizing analyst time will be critical in the future of SecOps
Adopting an infrastructure-as-code approach
Balancing between proactive security measures and reactive responses
Building a culture of security across the organization
Tips for surviving in security operations in tech
The Future of Security Operations is brought to you by Tines, the platform that powers some of the world’s most important security workflows. https://www.tines.com/solutions/security
Where to find Mandy Andress:
LinkedIn: https://www.linkedin.com/in/mandyandress/
Elastic: https://www.elastic.co/
Where to find Thomas Kinsella:
LinkedIn: https://twitter.com/thomasksec
Twitter/X: https://www.linkedin.com/in/thomas-kinsella/
Resources mentioned:
Surviving Security: How to Integrate People, Process & Technology by Mandy Andress: https://www.amazon.co.uk/Surviving-Security-Integrate-Process-Technology/dp/0672321297
Mandy’s 2001 BlackHat talk on wireless LAN security: https://www.youtube.com/watch?v=XtT2Ta87uow
Elastic’s blog: https://www.elastic.co/blog
In this episode:
[01:57] Moving from accounting to security
[02:43] Finding a company with strong vision, culture and business foundations
[05:26] Working in network security in the early days of TiVo
[07:05] What’s changed in security since 2001?
[09:20] A career-long fascination with the human factor in incident response
[10:30] Embracing empathy in her leadership style
[12:25] Finding a workplace where you can be your authentic self
[16:10] Exercising her technical muscles
[17:45] The decision to study law
[21:18] Balancing compliance and overall security posture
[23:35] Knowledge sharing in the CISO community
[24:22] Elastic's policy of being "radically transparent"
[29:20] The future of security operations
[31:29] How her security team works with product engineering
[34:03] Adopting an infrastructure-as-code approach
[35:01] Building a culture of security across the organization
[38:09] Her advice for others working in security in a high-growth organization
[41:50] Baking off security products in her home lab
[44:37] Connect with Mandy
To kick off season 5 of the Future of Security Operations podcast, Thomas is joined by Mandy Andress. Mandy is the Chief Information Security Officer at Elastic, a leading platform for search-powered solutions, and has more than 25 years of experience in information risk management and security. Before Elastic, Mandy led the information security function at MassMutual and established and built information security programs at TiVo, Evant, and Privada. She also founded an information security consulting company with clients ranging from startups to Fortune 100 companies.
In this episode, Mandy and Thomas discuss:
Her move from accounting to security
Why she was drawn to Elastic's employee-centric culture
How her role at TiVo in the early '00s shaped her view of privacy
Switching from a technology-first to people-first approach to security
Recognizing the human factor in incident response
Embracing asynchronous operations on dispersed teams
The importance of bringing your authentic self to work
Staying technical as you move into leadership
How she puts her law degree to use as a CISO
Balancing compliance and overall security posture
Collaboration and knowledge sharing within the CISO community
Elastic's approach of knowledge sharing by default
How prioritizing analyst time will be critical in the future of SecOps
Adopting an infrastructure-as-code approach
Balancing between proactive security measures and reactive responses
Building a culture of security across the organization
Tips for surviving in security operations in tech
The Future of Security Operations is brought to you by Tines, the platform that powers some of the world’s most important security workflows. https://www.tines.com/solutions/security
Where to find Mandy Andress:
LinkedIn: https://www.linkedin.com/in/mandyandress/
Elastic: https://www.elastic.co/
Where to find Thomas Kinsella:
LinkedIn: https://twitter.com/thomasksec
Twitter/X: https://www.linkedin.com/in/thomas-kinsella/
Resources mentioned:
Surviving Security: How to Integrate People, Process & Technology by Mandy Andress: https://www.amazon.co.uk/Surviving-Security-Integrate-Process-Technology/dp/0672321297
Mandy’s 2001 BlackHat talk on wireless LAN security: https://www.youtube.com/watch?v=XtT2Ta87uow
Elastic’s blog: https://www.elastic.co/blog
In this episode:
[01:57] Moving from accounting to security
[02:43] Finding a company with strong vision, culture and business foundations
[05:26] Working in network security in the early days of TiVo
[07:05] What’s changed in security since 2001?
[09:20] A career-long fascination with the human factor in incident response
[10:30] Embracing empathy in her leadership style
[12:25] Finding a workplace where you can be your authentic self
[16:10] Exercising her technical muscles
[17:45] The decision to study law
[21:18] Balancing compliance and overall security posture
[23:35] Knowledge sharing in the CISO community
[24:22] Elastic's policy of being "radically transparent"
[29:20] The future of security operations
[31:29] How her security team works with product engineering
[34:03] Adopting an infrastructure-as-code approach
[35:01] Building a culture of security across the organization
[38:09] Her advice for others working in security in a high-growth organization
[41:50] Baking off security products in her home lab
[44:37] Connect with Mandy
Previous Episode
Dmitriy Sokolovskiy: How SecOps teams can measure and communicate their ROI to senior leadership
In this episode of The Future of Security Operations podcast, Thomas interviews industry veteran Dmitriy Sokolovskiy.
Dmitriy is a founding member of (ISC)2 Eastern Massachusetts Chapter, and has over 25 years of experience in the security industry, having led teams at Putnam Investments, CyberArk, and, most recently, Avid. He’s a mentor and advisor to several successful startups and sits on the advisory board of companies like Audience 1st.
On this episode of The Future of Security Operations, Dmitriy discusses:
- His early career journey from IT support to security.
- Getting comfortable “losing sales on purpose” and building a cloud security program from the ground up at CyberArk.
- Running product security at Avid, where the customer base included Oscar-winning film editors and Grammy-winning sound engineers.
- A particularly memorable mistake - how Dmitriy accidentally rerouted every employee’s emails to his inbox on the first day on the job, and what that experience taught him.
- Learning to measure and communicate the security team’s ROI to senior leadership, with guidance from the team at Okta.
- Why he believes we need a new word to describe the cybersecurity industry.
- Dmitriy’s thoughts on the role security practitioners will play in fifth-generation warfare.
Note: this episode was recorded before the October 2023 attacks in Israel and Gaza.
Resources:
Next Episode
Fastly’s Andrew Santell on going from the Navy to Netflix and breaking free of bad processes
On this episode of The Future of Security Operations podcast, Thomas is joined by Andrew Santell. Andrew is an experienced security leader who worked for the U.S. Navy for over a decade before moving into the private sector. In 2021, he founded the Security Operations program at Netflix, and recently, he joined edge cloud platform Fastly, where he is the Director of Security Operations and Cyber Defense.
In this episode, Andrew and Thomas discuss:
Navigating the unique challenges of the Navy, from log management to prioritization
Making the leap from the Navy to tech
Building a security operations team and program from scratch at Netflix
Red teaming phishing response playbooks at Netflix to test their effectiveness
Recognizing the value of good processes
Why teams should design processes first, automate later
Creating a feedback loop between teams at Fastly
How “shifting left” has helped Andrew’s team reduce vulnerabilities
Using automation for risk assessment at Fastly
Andrew’s approach to incidents like the Log4J vulnerabilities
Why growth in the vendor market is a good thing for practitioners
Why automation should be a requirement, not just a best practice
What advancements in AI mean for threat detection
The importance of risk-based decision-making
The potential of self-remediation
Why good security leadership starts with taking care of your people
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://tines.com/solutions/security
Where to find Andrew Santell:
LinkedIn: https://www.linkedin.com/in/ajsantell/
Fastly: https://www.fastly.com/
Where to find Thomas Kinsella:
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Resources mentioned:
Google’s SRE handbook: https://sre.google/sre-book/table-of-contents/
Netflix’s 2018 blog post on SOCless: https://www.linkedin.com/pulse/socless-detection-team-netflix-alex-maestretti/
In this episode:
[02:05] Andrew’s career journey so far
[05:35] The unique requirements of working in the Navy
[09:12] Risk-driven decision making
[11:11] Self-assessing phishing response controls and mitigations at Netflix
[14:28] Andrew’s decision to leave the Navy and his transition to the private sector
[16:12] Comparing approaches to security at the Navy and in tech
[19:26] Breaking free of bad processes
[23:20] Broadening roles to include pen testing, application security, and vulnerability management
[27:27] How Andrew approaches automation at Fastly
[31:56] Protecting Fastly’s infrastructure
[33:57] How SecOps has changed and where it’s going next
[40:18] Embracing automation for vulnerability management
[42:45] Taking care of your people as a security leader
[44:56] Making engineering and automation part of prioritization
[47:19] Connect with Andrew
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/the-future-of-security-operations-208042/elastics-mandy-andress-on-switching-from-a-tech-first-to-people-first-46514022"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to elastic’s mandy andress on switching from a tech-first to people-first approach to security on goodpods" style="width: 225px" /> </a>
Copy