Twilio's Prima Virani on democratizing security and tackling burnout through automation
03/26/24 • 45 min
This week on The Future of Security Operations podcast, Thomas is joined by Prima Virani. Prima is a security engineer who worked across industries as varied as oil and gas and Fintech before becoming Principal Security Engineer at Twilio. With over a decade of experience spanning infrastructure security engineering, incident detection and response, and forensics, she's also shared insights at countless security conferences around the world, including SecTOR Canada and Agile India.
In this episode, Prima and Thomas discuss:
The unique challenges of working in forensics
Her transition to detection and response and cloud security
Building a security detection framework at Segment
Reducing mean time to resolve through automation
Using data to prioritize which processes should be automated
Merging teams and technologies when Segment was acquired by Twilio
Joining the securing platform engineering team at Twilio
Designing a challenging and varied career in security
The influence of mentorship on career growth
Democratizing security through knowledge sharing
How security will change in the next five years
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
Where to find Prima Virani:
Twitter: https://twitter.com/secnerdette?lang=en
LinkedIn: https://www.linkedin.com/in/primavirani/
Twilio: https://www.twilio.com/en-us
Where to find Thomas Kinsella:
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Resources mentioned:
Hosting Fleet on AWS EKS by Prima Virani: https://segment.com/blog/hosting-fleetdm-on-aws-eks/
Fleet Device Management: https://fleetdm.com/
In this episode:
[02:22] Prima's introduction to cybersecurity career opportunities as a teenager
[06:30] The shift from forensics to detection and response
[09:15] Gaining experience in vulnerability and patch management, and network security
[14:15] Building a security detection framework at Segment using SOCless
[18:10] Using automation to reduce alert noise and improve response times
[20:30] The impact of automation on security team burnout
[22:50] Merging security teams, practices and technologies during Twilio's acquisition of Segment
[25:30] Moving to the securing platform engineering team at Twilio
[27:40] Growing her knowledge of AWS, Kubernetes and GCP
[32:40] Prima's plans to embrace machine learning in detection engineering
[34:20] The importance of mentorship and knowledge sharing in career growth
[37:30] Prima's all-time favorite projects, including hosting FleetDM on AWS EKS
[39:36] The future of security operations through Prima's eyes
[42:01] Prima's advice for security practitioners
[43:58] Connect with Prima
This week on The Future of Security Operations podcast, Thomas is joined by Prima Virani. Prima is a security engineer who worked across industries as varied as oil and gas and Fintech before becoming Principal Security Engineer at Twilio. With over a decade of experience spanning infrastructure security engineering, incident detection and response, and forensics, she's also shared insights at countless security conferences around the world, including SecTOR Canada and Agile India.
In this episode, Prima and Thomas discuss:
The unique challenges of working in forensics
Her transition to detection and response and cloud security
Building a security detection framework at Segment
Reducing mean time to resolve through automation
Using data to prioritize which processes should be automated
Merging teams and technologies when Segment was acquired by Twilio
Joining the securing platform engineering team at Twilio
Designing a challenging and varied career in security
The influence of mentorship on career growth
Democratizing security through knowledge sharing
How security will change in the next five years
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
Where to find Prima Virani:
Twitter: https://twitter.com/secnerdette?lang=en
LinkedIn: https://www.linkedin.com/in/primavirani/
Twilio: https://www.twilio.com/en-us
Where to find Thomas Kinsella:
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Resources mentioned:
Hosting Fleet on AWS EKS by Prima Virani: https://segment.com/blog/hosting-fleetdm-on-aws-eks/
Fleet Device Management: https://fleetdm.com/
In this episode:
[02:22] Prima's introduction to cybersecurity career opportunities as a teenager
[06:30] The shift from forensics to detection and response
[09:15] Gaining experience in vulnerability and patch management, and network security
[14:15] Building a security detection framework at Segment using SOCless
[18:10] Using automation to reduce alert noise and improve response times
[20:30] The impact of automation on security team burnout
[22:50] Merging security teams, practices and technologies during Twilio's acquisition of Segment
[25:30] Moving to the securing platform engineering team at Twilio
[27:40] Growing her knowledge of AWS, Kubernetes and GCP
[32:40] Prima's plans to embrace machine learning in detection engineering
[34:20] The importance of mentorship and knowledge sharing in career growth
[37:30] Prima's all-time favorite projects, including hosting FleetDM on AWS EKS
[39:36] The future of security operations through Prima's eyes
[42:01] Prima's advice for security practitioners
[43:58] Connect with Prima
Previous Episode
Fastly’s Andrew Santell on going from the Navy to Netflix and breaking free of bad processes
On this episode of The Future of Security Operations podcast, Thomas is joined by Andrew Santell. Andrew is an experienced security leader who worked for the U.S. Navy for over a decade before moving into the private sector. In 2021, he founded the Security Operations program at Netflix, and recently, he joined edge cloud platform Fastly, where he is the Director of Security Operations and Cyber Defense.
In this episode, Andrew and Thomas discuss:
Navigating the unique challenges of the Navy, from log management to prioritization
Making the leap from the Navy to tech
Building a security operations team and program from scratch at Netflix
Red teaming phishing response playbooks at Netflix to test their effectiveness
Recognizing the value of good processes
Why teams should design processes first, automate later
Creating a feedback loop between teams at Fastly
How “shifting left” has helped Andrew’s team reduce vulnerabilities
Using automation for risk assessment at Fastly
Andrew’s approach to incidents like the Log4J vulnerabilities
Why growth in the vendor market is a good thing for practitioners
Why automation should be a requirement, not just a best practice
What advancements in AI mean for threat detection
The importance of risk-based decision-making
The potential of self-remediation
Why good security leadership starts with taking care of your people
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://tines.com/solutions/security
Where to find Andrew Santell:
LinkedIn: https://www.linkedin.com/in/ajsantell/
Fastly: https://www.fastly.com/
Where to find Thomas Kinsella:
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Resources mentioned:
Google’s SRE handbook: https://sre.google/sre-book/table-of-contents/
Netflix’s 2018 blog post on SOCless: https://www.linkedin.com/pulse/socless-detection-team-netflix-alex-maestretti/
In this episode:
[02:05] Andrew’s career journey so far
[05:35] The unique requirements of working in the Navy
[09:12] Risk-driven decision making
[11:11] Self-assessing phishing response controls and mitigations at Netflix
[14:28] Andrew’s decision to leave the Navy and his transition to the private sector
[16:12] Comparing approaches to security at the Navy and in tech
[19:26] Breaking free of bad processes
[23:20] Broadening roles to include pen testing, application security, and vulnerability management
[27:27] How Andrew approaches automation at Fastly
[31:56] Protecting Fastly’s infrastructure
[33:57] How SecOps has changed and where it’s going next
[40:18] Embracing automation for vulnerability management
[42:45] Taking care of your people as a security leader
[44:56] Making engineering and automation part of prioritization
[47:19] Connect with Andrew
Next Episode
Reddit’s Matt Johansen on renouncing superhero culture and what comes next after “shift left”
In this week’s episode of The Future of Security Operations podcast, Thomas is joined by Matt Johansen. Matt is a security veteran who has helped defend startups, the biggest financial companies in the world, and everything in between. Alongside his day job as Head of Software Security at Reddit, he teaches companies how to protect against cyber attacks, and coaches entrepreneurs and CISOs that need help with infrastructure, application, cloud, and security policies. He also writes Vulnerable U, a weekly newsletter that talks about embracing the power of vulnerability for growth.
Thomas and Matt discuss:
Moving from a large security team at Bank of America to a small one at Reddit
Embracing scrappiness and doing more with less
Overcoming sunk-cost fallacy
Why the 2014 Sony hack was a pivotal time for AppSec
Running the threat research centre at White Hat
What he looks for when hiring in AppSec, the SOC and beyond
His decision to start creating content about mental health in security
Moving past imposter syndrome
Renouncing superhero culture
Paved paths and guardrails, and what comes next after "shift left"
Lessons learned from Reddit's 2023 security incident
The power of automating incident response
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://www.tines.com/solutions/security
Where to find Matt Johansen:
Vulnerable U newsletter: https://vulnu.mattjay.com/
Twitter: https://twitter.com/mattjay
LinkedIn: https://www.linkedin.com/in/matthewjohansen/
TikTok: https://www.tiktok.com/@vulnerable_matt
Reddit: https://www.redditinc.com/
mattjay.com: https://www.mattjay.com
Where to find Thomas Kinsella:
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/
Tines: https://www.tines.com/
Resources mentioned:
The Tech Professional's Guide to Mindfulness by Matt Johansen: https://www.mattjay.com/blog/the-tech-professionals-guide-to-mindfulness
Matt's piece on developer experience in the Vulnerable U newsletter: https://vulnu.mattjay.com/p/vulnu-003-courage-quit
Reddit's post on a February 2023 incident: https://www.reddit.com/r/reddit/comments/10y427y/we_had_a_security_incident_heres_what_we_know/
Collaborative Incident Response Best Practices: Don't Rely on Superheroes by Matt Johansen: https://www.mattjay.com/blog/superhero-incident-response
Threat modeling depression by Matt Johansen: https://www.mattjay.com/blog/threat-model-depression
In this episode:
[02:14] Going from long-time Reddit user to employee
[04:50] Running AppSec at Reddit
[07:30] Being the internet's punching bag and boxing gloves
[10:30] Building a team from scratch at White Hat and lessons learned from the 2014 Sony hack
[15:10] Matt's approach to hiring
[21:15] His decision to create content about mental health in security
[23:20] Turning his Twitter network into his IRL network
[27:55] Moving past imposter syndrome
[30:00] Tools for safeguarding your mental health in incident response
[36:20] Preserving work-life balance for his teams at Reddit
[39:15] Moving past "shift left", and paved path to production and guardrails
[47:40] Lessons learned from a February 2023 incident at Reddit
[51:20] Renouncing superhero culture
[52:20] Automating incident response
[54:12] Connect with Matt
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/the-future-of-security-operations-208042/twilios-prima-virani-on-democratizing-security-and-tackling-burnout-th-47228730"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to twilio's prima virani on democratizing security and tackling burnout through automation on goodpods" style="width: 225px" /> </a>
Copy