December 3, 2024 • 51 mins
Ever wondered how to juggle building a personal brand, consulting, and family life all while staying sane? Join us as Colby DeRodeff, an expert in this very balancing act, shares his secrets for mastering time management and finding stability in uncertain times. We promise you'll come away with practical insights into handling economic challenges and utilizing AI's potential in cost reduction, tempered with a healthy dose of skepticism about its true impact.
Colby opens up about the pitfalls of regional content targeting and the quest for unbiased information in our digital age. Hear how a misadventure with algorithmic targeting in Tennessee left him questioning how location shapes our media consumption. Plus, we dive into a critical evaluation of AI language models and the misinformation risks they pose, urging listeners to maintain a skeptical eye amid the relentless digital noise.
In the world of startups and family life, Colby offers a candid account of navigating the ever-evolving responsibilities and challenges. From robust security measures and the temptation to cut corners in startups, to the personal dynamics of raising a family, his journey is filled with lessons on risk management and career goals. We also explore the high-stakes world of cloud security, discussing innovative data management strategies and the importance of prioritizing customer experiences over mere cost-cutting.
Follow the Podcast on Social Media!
Tesla Referral Code: https://ts.la/joseph675128
YouTube: https://www.youtube.com/@securityunfilteredpodcast
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
How's it going, colby , it's great to get you on the
podcast.
I think that we've beenplanning this for quite a while
at this point, and we've had todelay it, of course, a couple
times, but I'm glad to have youon.
Speaker 2 (00:11):
Yeah, joe, appreciate it.
Sorry for the delays too.
It's a busy time of year withtravel and everything going on
crazy it's.
Speaker 1 (00:27):
I like burned myself out three times this year and
I'm like, I'm like justrecovering from my my last one
of the year, hopefully last oneof the year, it's, I don't know.
It's a.
It's an interesting thing.
Right, trying to develop likeoutside, outside things from the
nine to five.
Right, trying to develop, youknow, a brand for yourself and
(00:47):
trying to like I'm starting todive more into consulting.
Right and, and you know,provide companies with cloud
security.
You know consulting servicesand whatnot.
And when you start adding onthose things, right, like you
have to use your time soefficiently now you know,
especially with a little one.
Right, like you have to useyour time so efficiently now you
know, especially with a littleone.
Right, like I have a 20 monthold at home.
Speaker 2 (01:10):
Okay.
Speaker 1 (01:11):
Yeah, thanks.
You know like I make a veryconcerted effort to always be
available for her Right.
So when she's up I'm notworking right Like I'm spending
time with her.
That, you know that takes out,you know, six hours a day.
It's like okay.
Well, let's like use the timethat I have as efficiently as
possible yeah, absolutely.
Speaker 2 (01:33):
It's like burning the candle at like four ends I have
a four month old at home so I'mright there, first one.
So I'm learning that whole sideof of which is.
You know it's a blessing, it'sfantastic.
But then you know trying tobuild a startup and you know
running around customeracquisition and my wife is in
(01:54):
the wine business.
So there's, you know, anotherstartup kind of going on at the
same time and it's, yeah,there's like candles burning all
over the place and trying totime, manage and be efficient
while you're.
You know growing a brand,building a business.
Right, you know a lot of peoplechoose to do just one of those
(02:15):
things at any given time in life, and you know as well as like
throw in a new family member atthe same time.
Speaker 1 (02:23):
So it's definitely.
It's interesting, a new familymember at the same time, yeah,
so it's definitely it's.
It's interesting, you know,like I feel like, you know, when
I, when I was growing up, right, when I was graduating high
school, starting to get intocollege, right, the recession
hit Right, and so that impactedmy family very significantly.
You know, my dad lost his jobRight he my family very
(02:46):
significantly.
You know my dad lost his jobright.
He couldn't find work for liketwo years.
That was a very stressful time,right, and going through that,
you know, puts me into asituation, or a mentality at
least, where it's like, okay,well, my kid's never going to go
through that, you know.
Yeah, and now you know themarket is in a weird place.
It's kind of in limbo.
It's been in limbo for a coupleof years now where it's like,
(03:06):
well, surely it can't keep ongoing up.
And then it goes up more.
Speaker 2 (03:10):
That's what everybody said about Bitcoin.
Speaker 1 (03:12):
Yeah, well, like you know, the risk side of me is
like, ok, sure, like it looksgreat, but what's actually going
on here?
You know, because it can't goup forever and just by odds
alone, you know, the timing isnot in our favor, right Like the
recession, there will be acorrection, right.
And so trying to develop othermethods of, you know, bringing
(03:38):
in income and, you know,building something that I
actually love and enjoy andwhatnot is, it's a challenge for
sure, and I, like I always tellmy wife I'm like, hey, you're
the stable income.
Yeah, I know I have a salaryand everything, but you're the
stable one, you're a teacher,they're never going to fire you.
You work for CPS, you are good,you need to be there.
Speaker 2 (04:00):
That's right.
That's right.
Yeah, the market's interestingright now.
I mean, we're seeing just as wework with customers.
You know there's some spendingstarting to open back up, but
it's mostly critical projectsand most of the projects we're
seeing are around how to reducecosts.
You know, in in areas and Ithink there's a lot of noise in
(04:26):
the market right now with AI andhow AI is going to reduce all
these costs everywhere and Idon't think people are really
seeing that value happening.
Maybe it's a hallucination,yeah.
Speaker 1 (04:38):
I feel like the AI trend right, or the AI evolution
, is almost like it's still inits infancy.
I feel I talk to people fromNVIDIA.
They kind of argue that it's inthe middle.
It's going towards the middle alittle bit.
Well, from the end userperspective.
You know I've been buying tools, working with tools with, you
(05:00):
know, an alleged AI behind thescenes for 10 years, right,
right, and I've seen my costsonly go up, you know.
So like that's, that'ssomething there, that's not
something.
Speaker 2 (05:10):
I can just ignore.
I like how you said.
I like how you said alleged AIright and.
I'm sure you've seen theScooby-Doo meme where they pull
the mask off of AI and it's if,then else.
Speaker 1 (05:21):
Yeah, yeah, exactly, I mean it's, I don't know, it's
a tough pill to swallow, right,because that was like a huge
selling point for so many yearsof like.
Oh yeah, we have a next gen, wehave an AI thing, you know, and
I feel like the benefits of AIwhere they may be, you know,
(05:45):
true and valid and whatnot, likecost savings and whatnot I feel
like we won't even see thosereal benefits until, you know,
probably five to 10 years fromnow, and I know there's a lot of
AI people out there that areprobably going to, like, you
know, laugh at me or whateverfor saying that, but like, but
look me saying five to 10 years.
I mean, they've been saying itfor 20 years, right.
(06:08):
Right, they've been saying AI isgoing to eliminate everyone's
job for 20 years.
Speaker 2 (06:13):
Right, right, since, like Terminator days, right, but
I don't know.
I mean, I use it tactically forcertain things here and there,
but I would certainly you know.
Let's say I was writing anemail to my board about how
we're doing as a company, orwhat have you.
Or I was writing an email to aCISO, a customer that we're
working with.
(06:33):
I would never let AI do thatfor me, right?
I just you know what, if ithallucinates and, you know, says
something that is just not true, or whatever, at the end of the
day, you're the one who'saccountable, right?
so yeah, I.
Speaker 1 (06:49):
I don't think that most people are really in risk
of ai taking over their jobs atany time soon right, yeah, if it
can't, if it's not evenresponding to emails for me or
proactively right looking atthings and responding and stuff
like that Like it's more of anassistant you know everyone now
(07:09):
has like a personal assistantthat you can bounce ideas off of
and get information off of it's.
I view it as kind of like thenext iteration of a search
engine, almost you know, that'show I use it for sure, Exactly.
Speaker 2 (07:22):
All right, I think it is definitely the next
iteration of a search engine.
It saves you from having tocollate all the results yourself
and it kind of formulates anopinion.
The question is then how muchdo you trust that opinion and
how much additional duediligence do you do?
And I guess it depends on theimportance of the decision,
right, Right, you know if I useit, we've been, obviously, with
(07:45):
a newborn.
We've been checking a lot onthe internet.
Well, every time somethinghappens with the baby, you
Google it.
Right, You're like what is?
this.
You know how it goes right, andsome of the responses come back
and you're like, yeah, okay, Iget it.
But if it came back and saidlike, oh, you should do this
remedy or something, I'mcertainly going to check with a
doctor before I, you know, justbase that decision off of that.
Speaker 1 (08:07):
Yeah, yeah it's.
You know we're going into aninteresting place, right,
because I, you know, we just got, we're on the other side of the
election, right, and it hasbeen an interesting year because
I feel like a lot more peopleare, I guess, more aware, right,
of the media that we'reconsuming and what it's actually
(08:30):
doing to us.
I hope so.
I would certainly hope so too,you know, and you know you
always, you always hear like ohyeah, you know you're being
targeted by these kinds of adsand whatnot, right, and so I, I
live in Illinois, right, verymuch, I mean it's, it's a blue
(08:53):
state in the County that that Ilive in.
It just happens to be like 80%of the people in the state live
in the County, right, and I get,I get I don't want to say
targeted, right, but my, myalgorithms are heavily based on
where I live and where I searchthem from and everything, right,
and I search things that aretypically, I view it as like
right in the middle, right onthe political spectrum and I'm
(09:14):
not trying to get political onthis podcast or anything like
that, right, but it'sfascinating for us from a
security perspective to seewhat's going on kind of behind
the scenes.
And so over the summer, myfamily and I went for a vacation
over in Tennessee, right, wentthere for like a week just
hanging out, right, tennessee'sa red state, right?
For anyone that doesn't knowwhich, I guess that's probably a
(09:37):
stupid thing, even because Italked to people over in, like
Russia, and you know Europe, andthey like know our political
system a little bit better thanus, almost, yeah, probably.
And so I I go to Tennessee andmy entire feed is stuff that,
like, I have never watched.
I don't subscribe to thechannels, like none of it was
(10:01):
for me to click on, right, so,you know, I I didn't, I didn't
pay any attention to anythingthat was in my youtube feed, my
google news feed none of it,right, because it's not didn't
even appeal to me, right, so Ididn't think anything of it.
And then, you know, it happenedthe next day and the next day
after that I'm like man, whatthe hell is going on here?
Like this is literally nothingthat I even watched.
(10:22):
Like I don't want to watch anyof this.
What is going on?
Yeah, and you know, sure enough, right, like you're being
targeted based on your region,which is it's a dicey thing,
right, because it's like, well,how much of my opinion is being
shaped by where I live, andwhere I live determines what I'm
(10:42):
being targeted with right, andwhere I live determines what I'm
being targeted with right, andyou know it's a weird situation.
You know, and to quickly youknow, go through this one point
right with AI, how we're usingit as a search engine.
You know, I saw someone onsocial media they're from Canada
, right and they put into likechat GPT.
(11:03):
You know when was the firstTrump assassination attempt?
I mean, this is a factual thingthat happened.
It took place at a date time ata certain place, all that sort
of stuff.
Any search engine should beable to give you those exact
specifics.
And he said that essentially,chatgpt, you know, tried to just
(11:27):
go around the question, didn'teven answer it.
You know, said that it neveroccurred or anything like that.
And he had to like really prodfor it.
And so I thought to myself well, surely if this LLM is learning
from itself, it knows hey, Imade a mistake there.
Let me go readjust and pull inother feeds and, you know,
(11:47):
recalibrate right.
So I mean, a couple days after,I went ahead and just put in
the same question it was likethe exact same question.
You know when was the firstTrump assassination attempt?
And it literally said there wasno assassination attempt.
It literally said there was noassassination attempt.
And I had to go and say no,there was one.
(12:08):
And it pulled up some 2017 eventwhere someone threw a shoe at
him or whatever, and I said no,it happened in 2024.
And I had to literally feed it.
I mean several steps down,because even after saying 2024,
it still said that there wasnothing in 2024.
And I had to then Google whatthe exact date was and I said no
(12:31):
, it happened on this date.
And it said no, it didn'thappen.
And I was like it happened inthis state, in this town.
You're arguing with the machine.
Yes, I had to feed it all ofthat information.
You know, after doing this fora bit, it was like I made a
mistake, or I don't even thinkit said I made a mistake.
It just posted, you know, likea cnn news article that was on
(12:54):
it and, like you know, we'regoing into a place where there's
a there's a huge amount of thepopulation that would never
double check that, right?
Like if MSNBC didn't report onit or CNN didn't report on it or
Fox News didn't report on it,right?
(13:14):
They're going to think, hey,this never happened, right?
Because they're not saying ithappened and same thing with the
LLMs, you know.
And so we're going into a weirdplace and I apologize, I didn't
mean to like take over, no, no,it's.
I mean it's interesting, right?
Speaker 2 (13:30):
I mean, it's something I worry about a lot is
, as these LLMs get moreembedded into everything and
more embedded into decisions,the fact that they either were
not trained to know the answerno-transcript, say we never
(14:10):
landed on the moon, the earth isflat and we're going to, uh, be
in a lot of trouble in societyas we move forward based on
facts.
Right, so it's a?
It's a brave new world outthere.
Yeah, it's going to beinteresting for the next
generations.
Speaker 1 (14:26):
How do you try to keep yourself informed of, I
guess, the right informationwithout being kind of influenced
by the information?
I feel like there's a very fineline between being influenced
(14:47):
and informed.
Speaker 2 (14:48):
Yeah, you know, we saw that a lot this year yeah
for sure, and it's tough becausesometimes you see you know bits
or whatever, and you're you doget influenced by them, right?
Oh yeah, well, that's a.
That point makes sense.
But then you have to go backand like, was that actually true
?
Right, and that's the thingthat I think we all ask
(15:09):
ourselves a lot is is theinformation I'm seeing accurate?
You know, because you hear somany crazy things out there, you
know this company's doingfantastic because they posted
something on LinkedIn that saysthey've tripled their sales,
like, but did they, or is thatjust some marketing hype that
they're trying to?
You know, maybe they're goingout to raise a round or
(15:31):
something like that and they'retrying to make the company look
good, you know.
So I think it's almost living ina state of constant paranoia,
right, and I hate to say that,but I think there is good,
healthy paranoia.
Obviously, you don't want to besitting there at your window
all day long staring out thewindow, but it's good to be
(15:53):
cautious and it's, I think, goodto be a little bit paranoid.
And I mean, I guess I kind ofrun in that state, maybe from
being in cyber for 25 years.
We were all a little bitparanoid about what's the old
expression Just because you'reparanoid doesn't mean they're
not after you.
So I think we all kind ofoperate in that kind of a mode
and you know, so I think, got tokeep asking questions and got
(16:15):
to inspect the answers.
And you know otherwise keepreading, keep researching.
I think that's the only way.
Speaker 1 (16:23):
Yeah.
Yeah, that's a really goodpoint.
You know it's interesting.
Recently, you know, I lead allof cloud security for my current
employer right, and a part ofone of my initiatives for the
year was to deploy.
Speaker 2 (16:40):
And you must be paranoid because it says
undisclosed, undisclosed,undisclosed.
Speaker 1 (16:42):
And you must be paranoid because it says
undisclosed, undisclosedundisclosed Well, so I do that
very purposefully because Idon't want you know, I'll give
like career stories, right,Things that I encountered and
stuff like that, and I don'tever want someone to say, oh,
that sounds like X place right.
Or that sounds like this oneright, or the manager, for there
(17:03):
is like I know that thatoccurred.
I'm still here, like we'regoing to come after you.
You know, that's really what Iwant to avoid at all costs and
you know, and I guess maybe itlimits the amount of
opportunities that I get hit upfor or whatnot, but I feel like
if it's a real opportunity,they'll see through that and you
(17:24):
know still talk to me right now, right, but you know, since I
lead all of cloud security formy organization, I'm working
with about 150 developers, right, and these developers because
I'm rolling out this, this AWSWAF, right.
So these developers, theydecided amongst themselves hey,
we don't like the WAF, we'regoing to try and get this bypass
(17:47):
rule through Joe and you know,if he approves it, it basically
bypasses the whole WAF.
We don't have to worry about it.
There's going to be no issues,no troubleshooting, none of that
.
And I get on this call and theyimmediately start badgering me
with, you know issues and youknow they tried to make it sound
like it was 15 different issues.
(18:09):
But through all of my you knowquestioning, right, like
insecurity, we're so paranoidLike I ask questions until I
know exactly what is going on,right, because I'm not getting
fired for something that I didand I didn't know I did, and you
know they, I, through thequestioning, I was able to
whittle it down to one, one coreissue that they were trying to
(18:31):
mask from me.
And then I spent, you know,probably the next 30 minutes
literally going through their,their issues and everything,
trying to see what they wereactually trying to get at,
because they didn't.
They didn't want it to make itsound like I was going to bypass
the entire WAF.
They wanted to make it soundlike hey, it's just this rule,
(18:52):
you know, it's just this rule inthe stack.
Speaker 2 (18:55):
Right.
Speaker 1 (18:55):
But they're, but they're effective.
Speaker 2 (18:56):
It's the one that says allow star dot star.
Speaker 1 (18:59):
Yeah, their, their effective rule was allow star
dot star.
Without the allow star dot star, it bypassed everything else.
And so I like pulled in mynetwork guy, I pulled in my
infrastructure guy, I don't, Idon't think that they thought
that I would do that.
So I pulled them in and I saidplay into my network, guy, what
you want to do.
(19:19):
And they explained it.
And I said I have one questionDoes this bypass the WAF?
And he said yeah, it bypassesthe whole thing.
I was like we're not doing itand like everyone was so mad at
me, right.
But you know, I got that skill,though, of being able to do
that from years of being insecurity and, just to put it
(19:41):
bluntly, being lied to whereit's like OK, I need to.
I need to make sure that Ifully understand what's going on
here before I actually make adecision that impacts the
security posture of ourorganization.
Speaker 2 (19:53):
Yeah, absolutely Absolutely, and you know it's I
hate to say it, but a lot oftimes there's it.
Maybe it's some extra work tomake something work through the
security control.
And so the easy question, theeasy path is like just, you know
, just whitelisted or whateverfor now, and then we'll, you
know, we'll get to it later, andthen later never happens, and
(20:18):
you know how that goes yes, yeah, yeah, we have.
Speaker 1 (20:22):
I've seen that so many times and that was a part
of their argument.
Right Once I figured out whatthey were doing, they were like
oh well, can you just whitelistit?
You know, we'll, we'llreaddress it.
You know, in January I don'twork like that.
You know, I know that there'sother security people that have
been in this role before andthey were, you know, basically
pushovers for you.
Like I do not play that game,you know.
Speaker 2 (20:44):
No, you can't.
You can't Not when I havepeople on from.
You know startup companies,founders and CEOs.
Speaker 1 (20:51):
You know the people that are starting these
companies.
They're all typically likepretty, pretty young, and I'm
(21:14):
not trying to you know, age youor anything like that, right but
you said that you have afour-month-old, so that that
tells me that you're in adifferent place of your life.
You could be in your 20s, right,but you, but you're in a
different place in terms ofright, but I'm saying you're in
a different place in terms of,like, the risk that you're
willing to accept right, becausenow you have a four-month-old,
(21:34):
you have another little personthat's depending on you and for
a lot of people that'slife-changing.
I'm sure it was probablylife-changing for you.
It changed my entire life, myentire perspective of what life
is and love and everything else.
But I say that because whenyou're in your 20s, you
typically have noresponsibilities.
Well, you got a car payment,you got rent, you got small
(21:58):
little, minuscule things.
You typically don't have kids.
I mean, you could absolutelyhave kids, but if you're in that
situation, you're probably notstarting a company.
So what is that like?
How do you manage the risk andthe stress of having a young
family and doing a startup?
Because I couldn't imagine, youknow.
Speaker 2 (22:19):
Yeah, it's a lot.
I think it's just one of thosethings where my wife and I had
been working on building ourfamily for a long time and you
know.
So that was just kind of, ifit's going to happen, like it's
a blessing and we're going totake it whenever, but at the
same time I wasn't going to putmy goals and passion on the
(22:41):
sideline and kind of wait.
So I figured, well, I'm justgoing to have to figure out how
to do it all at once, whichpeople can do it.
I mean, I'm in my mid forties,I'm 46.
So I guess I'm pushing towardsmy late forties.
But I've always been instartups, right.
So this is startup number five.
You know, I started at ArcSightback in 2000.
Speaker 1 (23:03):
Wow, okay.
Speaker 2 (23:04):
I think I was employee like 30 there,
something like that.
So, pre-product, you know,there was basically a batch file
that started at JPEG of theconsole and I spent 12 years
there and ArcSight grew, wentpublic, acquired by HP, and then
I went off to another startupcalled Silvertail Systems and
basically spent about two yearsthere and we got acquired by RSA
(23:26):
and I decided to leave shortlyafter that acquisition and go
start a company for the firsttime.
With my co-founder, Greg Martin, we started ThreatStream, which
grew into Anomaly oh wow.
And so you know that businessis still operational.
They're doing fantastic.
So we're over here rooting forthem on the sidelines.
(23:46):
But I decided after about eightyears of building that company
that I was ready to go trysomething else and I joined a
company called Veriden which wasin the breach and attack
simulation space, where I hadinvested in that company early
on in the seed round and the Around and I think that you know
(24:08):
the writing was on the wall thatI was eventually going to be
there and you know I ended upjoining as their CTO and about a
year after I joined, we gotinto talks about getting
acquired by Mandiant FireEyeMandiant at the time and so
about midway through 2019, wegot acquired by FireEye Mandiant
and that was interesting, right.
(24:29):
So I ended up spending threeyears at Mandiant through the
divestiture of the FireEye stackand ultimately through the
acquisition by Google, and aboutfour months after the Google
acquisition, I left Google andstarted Abstract, and it was
(24:52):
something that I'd been wantingto do for a long time, and you
know, really kind of companiesat this stage are, like you know
, really kind of the most funthing for me, right?
Not for everybody, for a lot ofpeople don't like companies at
this stage.
They're hard, yeah yeah.
Speaker 1 (25:12):
So it kind of sounds like.
It sounds like you kind of, youknow, went through that initial
stress or grew into it early onand then it became the norm,
whereas everyone typicallystarts with the stress of a 9 to
5, and that becomes the normand you kind of stay within that
(25:32):
mix.
You know when, when I wasstarting out in my career maybe
you know, 10 years ago, right II reached out to alissa knight
and I was I was talking to her,I was trying to like unravel
this, you know startup thing andhow do you get, how do you get
started, like what's the rightyou know thing that you should
(25:56):
be doing for it and everything.
And the one piece of advicethat really stuck with me was
that you only, you know, leaveyour day job when your startup
or your side hustle is matchingthe income of your day job.
Right, because it gives youthat financial security.
(26:18):
You understand, okay, I havesomething here and then you can
lean in a little bit more andsee how it grows and everything
else like that.
And I think if I didn't havethat framework right or that
idea you know, kind of plantedin, I feel like I would have
either gone one of two waysright.
(26:38):
I would have gone full-on intothe nine to five and just been
like if this is where I'm atthis, I'm stuck here forever.
Or I would have gone full-onstartup yeah, risk, you know,
losing everything basically yeah, yeah.
Speaker 2 (26:52):
Well, you know, the good news is you don't really
lose everything.
You may not, it may not besuccessful, right, but at the
end of the day, the experienceand the lessons learned are
invaluable, right.
So I don't know For me.
Like I said, I worked at Fire,at Mandiant, for three years and
you know we had a good time andI mean it was a hard time.
It was obviously during thepandemic, so things were
(27:19):
different than ever before, butwe accomplished a lot while we
were there, which some thingsthat I was really proud about.
I mean, we kind of took alegacy software stack and
converted it to a modern SaaSapplication.
Inside of, we were almostoperating like a startup within
a big business because we werethe acquired company.
So we kind of had a team.
All the stuff we did cominginto that was SaaS-based, and so
(27:39):
we're kind of taking thislegacy sort of you know network
appliance sort of company andbuilding a modern SaaS
application on top of that, youknow, and our areas were really
around threat intelligence andthe breach and attack simulation
areas, which is what we'refocused on, kind of that
(28:00):
migration.
So it was interesting.
But you know, I think thecompany was 3000 people give or
take, if I'm remembering thatcorrectly, but give or take
around 3000 people, which to meis just like a huge, huge
company.
I mean the last, I think,arcsight, when we got acquired
by HP, we were maybe like 600people or something like that,
(28:23):
and so that was kind of myexperience.
My big company experience wasthat and you know, silvertail
was maybe 100 or so people andAnomaly we grew to about maybe
two, 50, 300, something likethat.
Um, so those are the kinds ofcompanies like I really love
(28:44):
that you know zero to a hundredmillion ARR type phase.
You know the a hundred to two50 ARR type phase, um, and then
as it gets into a 3000, 4,000person company, I mean that's,
it's a different beast, right,yeah.
Speaker 1 (29:03):
Yeah, you, you start to like have to have things like
a whole HR department andfinance department, right, you
know?
you get a board in place, allthat sort of stuff.
It's a different, differentchallenges that you have to
learn and grow through andwhatnot.
And you know, I, I think likeI'm a big kind of I I don't want
(29:26):
to say I'm a big stats guy, butI'm a numbers guy, you know.
So when I, when I do somethingor when I venture into something
, right, it's kind of like Ilook at what the odds are.
I look at like what the oddsare of success, right.
And you know, you, you look atjust the companies that go to
RSA every year, right.
Something like 86 or 89 percentof them fail within that year.
(29:48):
They don't show up again thefollowing year.
And then you look at the ultrawealthy.
I look at people like Elon Muskor Mark Cuban, jeff Bezos, and
when you do your research, allof them went through several
bankruptcies.
All of them started withrelatively small amounts of
(30:13):
money compared to what they have.
What they have today, right.
What they grew into today,right.
And so that does actually tellyou something like, hey, you
should expect a certain degreeof failure to come with your
success, absolutely.
And you shouldn't allow thatfailure to hold you back.
You know you have to use it andgrow through it because I'm
sure you know, if one of thosebillionaires go and declare
(30:36):
bankruptcy, you know this yearfor the ninth time or the tenth
time, right For them mentally,that's not even on their radar
of stress in terms of, like youknow what bankruptcy means and
everything else like that.
Because it's like I did it 10other times.
Right, like I did it 10 othertimes.
I'm going to make it throughthis one.
(30:56):
We'll be fine.
You know, for me, if I were togo through that today, I'd be,
I'd be terrified, yeah, me too,me too.
Speaker 2 (31:04):
So yeah, yeah, I'm looking to not go that route.
Speaker 1 (31:08):
I would never want to no, but fail fast.
Speaker 2 (31:10):
I mean, you know, I think that is an important
lesson there.
Like you know, we try differenthypotheses all the time as
we're building product andwhatnot and it's like, hey,
let's try this, we're going toput some effort in.
Is it going to work?
It's not guaranteed to, solet's try it, see what works,
and if it doesn't get thelessons learned, figure out a
(31:32):
different approach.
But do it quickly.
Approach, but do it quicklylike it's better to.
You know, I don't know.
Speaker 1 (31:41):
Try and fail and never try at all, I guess yeah.
So yeah, that's very, that'svery valid.
There's an old adage yeah not,but it's, it's very valid.
And you can really only do thatin a small startup like
environment.
Right, like you're not doingthat at intel or ibm.
Right where you're, whereyou're failing fast and making
adjustments on the fly, tryingdifferent things, failing again
(32:03):
yeah, you're.
Speaker 2 (32:04):
That's the definition of getting fired well, and
that's why, that's why theprojects take, you know, so much
longer to get anything doneright.
I mean that's that's what I loveabout startups is we iterate
fast, we build features quickly,we know we're right there with
the customer right.
So we're like building as thecustomer's asking for something.
And you know, at big companiesyou know it just doesn't happen
(32:26):
that way because there's so manycustomers feeding in
requirements that there's no wayyou can be that responsive.
But at our stage and I mean Ithink as you stay nimble, even
as you grow being able to havethat level of customer support,
(32:47):
customer success is likecritical right and I always tell
people, always tell people thisthat customers will tell you
what they need.
You just have to listen andthat's something that I think
too many startup founders don'tdo.
Well, because they come from aplace where they think they know
(33:11):
better than the customer andmaybe it's their education or
their amount of experience witha certain technology or a
certain technology stack thatthey think the customer doesn't
know what they need.
And they're here to tell thecustomer.
I've always taken the approachof customer does this job every
single day.
This is what they do for aliving and they're telling me
(33:33):
they need this feature.
Most likely it's because theydo and they're telling me they
need this feature.
Speaker 1 (33:40):
Most likely, it's because they do.
Yeah, that's a very it's a veryvalid point.
You're listening to.
You're listening to understandrather than listening to reply
right, that's right, that'sright.
Yeah, you know it's weirdbecause all of school right, and
I was talking to my PhD chairon this right, because I'm
working on my PhD and it is themost difficult thing that I've
(34:04):
ever done from an educationalperspective right, and it's hard
in ways that you do not expect.
Everyone says that it's reallydifficult and whatnot, that a
lot of people that start do notfinish.
I can completely understand why, right, it's because you
literally just spent 20 years inschool and they're telling you,
hey, what's on the next test?
(34:25):
They're telling you what theywant you to write, right, all
this sort of stuff.
And then you go into your PhDand they're like no, you have to
find a topic, oh, okay, well,you have to write this
literature review, that's.
You know, it could be 10 pageslong, it could be 150 pages long
.
You have to do it.
Well, what's a literature review?
(34:46):
Right, it is a complete blankslate.
Like, a literature review is acore paper in this process,
right, and there's no set, likedefined, even outline of what a
literature review is, right,like, you can Google it and
you're going to get 15 examplesand they all look different,
(35:06):
they all feel different, theyall read different, right, and
so you spend literally 20 yearsin school, you know, learning
how to reply to something thatis being told to you right, or
how to deliver a result based onsomething you know you're being
told to do right.
And when you get into kind ofthis startup phase or the PhD,
(35:31):
right Like now, I understand whypeople that get their PhD
actually make.
You know the money that theytend to if they go into the
right area.
It's because you literally donot have to tell them anything.
You tell them what you'rethinking about and they go and
figure out everything, Becauseit's a different thought process
(35:55):
.
So talk to me about abstractsecurity.
You know what's the niche areaor what's the problem that
you're designed to fix, thatyou're working on fixing right
now.
Speaker 2 (36:05):
Yeah, so basically, you know, our mission is
building a complete platform fordata security, right, Right?
So basically a data platformthat is focused on collection
and aggregation andoperationalizing security data.
(36:25):
So we want to make the datacollection side of things simple
.
So we say we simplify data andwe amplify insights.
So the idea is we're providingcustomers better cloud
visibility, we're giving them ahandle on their log management
infrastructure.
We're helping a lot ofcustomers with SIM migration.
(36:47):
So people are kind of migratingfrom Splunk to Google or from
QRadar to Microsoft Sentinel orwherever the case may be.
We're helping them on thatjourney by being that data
collection layer for them.
And you know, we also have alot of capabilities in kind of
(37:08):
the analytics space.
So as we're collecting the dataand routing it, optimizing it,
we can also do analytics on thatdata and provide those results
to their you know sim of choiceor their next-gen sim of choice,
however the case may be thesedays, Hmm, that's interesting.
Speaker 1 (37:28):
So it's almost like a sim collector or like a log
collector, and then you're ableto run some analytics and
analyze the actual data that'sright.
Speaker 2 (37:38):
Yeah, on the data stream itself.
So we collect the data, westream it.
As it's streaming, we canoperate on the data.
So you know, for example, like,well, you're in cloud, you're
in cloud security, right, and itsounds like you were talking
about, you know, deploying thisWAF, right, right, well, the
WAF's going to generate a lot oflogs.
Most of them might not beuseful or there might be a
(38:02):
subset that's actually usefulfor security detections, and so
what we would do is we wouldcollect those WAF logs out of,
let's say, an S3 bucket orwherever they're being written
to, and we would then say, okay,out of this set of data, what
is the data that's relevant for?
Either your compliance needs,your regulatory right.
(38:24):
So there may be a requirementthat you're under that says, hey
, we have to keep all data thatis between system X and system Y
because it's their regulatedsystems systems.
But there could be a bunch ofinternal traffic that maybe you
don't need, although maybe notthrough a web, but if you're
looking at, like VPC flow logsor some of these other sources,
you know you have a lot ofinternal communications that.
(38:45):
Do you really need that data?
Maybe not, and so you canfilter out data, you can change,
you know values or you canenrich data.
So let's say that, for example,you know GitHub's a great
example.
We have a lot of customers whocollect GitHub logs and GitHub
is basically a social network soyou can go in there and create
(39:05):
whatever username you want.
Well, when the log gets written,it's going to be tagged with
your username, right, and sowhat we want to do is actually
enrich that so that it getstagged with the actual identity
of the user, so we're able tokind of do that data enrichment
type stuff on the fly.
We enrich data with threatintelligence so you can know
(39:27):
basically like which threatactors potentially are
associated with an alert, andthen we forward that off to
multiple destinations.
So you could take, let's sayyou have I don't know, say, an
AWS data lake and you want someof the data to be stored in your
AWS data lake in maybe OCSFformat.
And then you want some subsetof the data going to your SIEM
(39:51):
where you're paying extremelyhigh storage costs, so you don't
want to send everything therehigh core storage costs, so you
don't want to send everythingthere.
So you can kind of slice anddice route and really figure out
.
You know, a strategy, a datastrategy that is going to allow
you to get the most value out ofyour tech stack.
Speaker 1 (40:09):
So I mean, it sounds like you're able to use the data
from wherever it kind ofresides, right?
I'm thinking in terms of, youknow, in the cloud.
Right now, there's a hugebattle between legacy tech
stacks and cloud tech stacks,especially with logging.
Like, as you probably know,right, I've been engaging with a
(40:37):
logging conversation aroundthis waft for six, eight months
now at this point right, and wedon't really have a good
solution.
We have sort of a solution andhopefully we never have to query
it or anything else.
You know, right, yeah becauseit's it's so expensive, it's so
(40:57):
extremely expensive to go andsend that data to Splunk right,
because we already have Splunkon prem, it's already sized
right and everything else likethat, yeah it is so expensive,
yeah, especially with, like theWAF or just network flow logs,
right man?
Yeah, I mean we might as welljust try and buy slunk from ibm
(41:18):
at that point, like, or whoeverjust bought them you know, cisco
, yeah, yeah, cisco.
Speaker 2 (41:25):
Well, that was the going joke, right, that cisco
was either going to pay therenewal or they were going to
buy the company, yeah, soprobably not too far off, but
it's so accurate they probablyonly had to spend a little bit
more.
Probably only a little more, butyou know we could probably, you
know, look at helping you outif you're interested not to turn
this into a abstractconversation on you know, but
(41:47):
might be something there yeah,yeah, I mean, you know this is
something that I've definitelybeen, you know, mulling over,
right for for a while.
Speaker 1 (41:57):
you know, caveat to everyone, right, like I, right
for a while.
You know, caveat to everyone,right?
Like, I don't bring people onthe podcast for them to sell me
a product or anything like that.
I want to talk aboutinteresting stuff because I'm
actually in this field, rightLike I'm in this field, I'm
dealing with these problemsevery single day, and so it's
really beneficial for me to seewhat's out there, what's growing
(42:17):
, what's coming out, you know,because there's so many
different people that are goingto think of these problems in
different ways and solve them indifferent ways.
You know, like, my environmentis interesting, right, because I
don't, from a securityperspective, I don't have full
visibility into my environment,right?
So I'm a cloud security guy andI don't have full visibility due
(42:38):
to different restrictions andit creates a lot of different
challenges.
So you know, in securityengineering you're going to be
faced with a whole lot of uniquechallenges and you have to
figure out how to solve them.
You know, like that's the wholepoint of the engineer's job.
Speaker 2 (42:54):
Yep, absolutely, and you're always kind of operating
with like one hand tied behindyour back right.
Speaker 1 (43:01):
I'm lucky if I only got one hand tied behind my back
.
Speaker 2 (43:04):
Maybe hamstrung with a hand behind your back.
Speaker 1 (43:06):
yeah, yeah, I'm over here like using my head as a
weapon at this point, you know.
Speaker 2 (43:11):
Yeah, yeah, I was going to make a funny joke about
the Tyson fight man.
Speaker 1 (43:16):
That was going to make a funny joke about the
Tyson fight man.
Speaker 2 (43:18):
That was an interesting weekend.
I will say this Netflix betterget some more servers going
before football hits onChristmas Day.
Because people are going to benot happy.
Speaker 1 (43:29):
You know, as a cloud security person, I just don't
understand how they could havean issue like that, right,
because I'm thinking like how doyou, how do you have your load
balancers configured and how doyou not have auto scaling
configured on a streamingservice, probably one of the
(43:50):
biggest streaming services?
on the planet for like a decadeRight and you pride yourselves,
you talk it up at these, youknow tech conferences that you
know all of Netflix is built oncontainers.
It's all serverless.
It's you know this, it's that.
So if that's true, it'sliterally a checkbox for you to.
(44:12):
You know, go into your loadbalancer and say auto scale, put
it into an auto scaling groupand give it the template right.
Speaker 2 (44:21):
Well, it's a checkbox , but it's also a check that
they have to write.
So maybe, if they, maybe theycame up with a budget on cloud
spend for this event and they'relike we can't go over x, no
more load balancers I guess I Imean, I, you know this.
Speaker 1 (44:36):
This is the thing Like.
I feel like maybe someone infinance maybe came up with that
arbitrary budget.
Speaker 2 (44:43):
Yeah, right, yeah.
Speaker 1 (44:44):
Instead of customer experience, it was the cost for
the three or four hours that theevent was going on.
Right, you eat that cost forfour hours.
Okay, it scales right back downafterwards.
And now you get, you know, acnn article saying of how
(45:06):
netflix, you know, was able tostream to, I don't know, 50
million people all at the sametime.
Speaker 2 (45:11):
Right, like 100, 130 million, I'm sorry, 120 million,
which is 10 million less thanwatch the super bowl.
Speaker 1 (45:21):
Imagine just imagine if that was the article in the
news.
Right, right, exactly, hey,they streamed to 110 million
people flawlessly, withoutissues, right, and now we're
dealing with the after effectsof you not doing auto scaling
groups properly in your cloud.
(45:41):
You know, wink, wink, there maybe someone on this podcast that
knows how to do it.
Like it's like common sense.
I mean they, they're thecompany that came up with chaos
monkey and chaos gorilla, and ifyou don't know what those are,
it is ensuring high availabilityand extreme redundancy in your
(46:01):
data center, in your environment.
Like these things take downservers randomly, they take out
data centers randomly, you know,and and if you're up and you're
running that in yourenvironment, that's better than
probably most of the cloudproviders at that point.
You know, I worked for a company, a financial services
(46:24):
institution, right A couple ofyears ago and we bought a
company in California and thiscompany viewed disaster recovery
totally differently from how weeven viewed it.
Right, like they reallyincreased the par for what we
consider disaster recovery tothe point where every two weeks,
they wouldn't just like severnetwork connections in a data
(46:47):
center, they would go into thedata center and shut down the
power.
I mean literally shut down thepower on that data center.
And if something failed, thenthey're like okay, we know we
have an issue over here andthere was no turning it back on
for two weeks, you know.
So it's like, hey, you got tofix this thing on the fly, which
just like took it to a wholeother level, right?
(47:10):
Like we kind of re-augmented orredid everything we did from a
disaster recovery perspectiveglobally.
Once we bought them and we sawthat technology, we're like we
need to be doing this everywhere, like right now.
Speaker 2 (47:23):
Yeah, I like the idea of chaos monkey.
Speaker 1 (47:25):
That's uh pretty sweet well I every, every, every
time I go to a, to a newcompany or whatever.
I mean, it's one of the firstthings I ask.
You guys want to run chaos,monkey.
And every single, every singletime they're like, nope, we
don't want to touch it, likedon't even bring that in here,
I'm like, all right, fine allright sure yeah, yeah,
(47:47):
absolutely, it's, it's a, it's a.
You know, the.
The problem that abstractsecurity is solving for is a
problem that I'm finding at alot of places.
Honestly, I mean not just, notjust my own place, right, but
you know every place that I'vebeen to right, the biggest issue
is okay, we're heavily into thecloud and now we have all these
(48:10):
logs, we can't even query themfor something.
God forbid, an incidenthappened because we don't know
how to get that data.
Speaker 2 (48:18):
And if we?
Speaker 1 (48:18):
send it to our slunk where we already have everything
.
It's an insane amount of money.
It doubles or triples our spendwith that vendor.
Speaker 2 (48:27):
That's right.
That's right.
And so much of that data isjust not relevant for cyber.
Amazing, I mean.
We did some analysis on likeCloudTrail logs and found, like
you know, 70% reduction capable.
Yeah, I mean you're talking adata source that generates
(48:50):
terabytes of data every day.
So if you can reduce that by70%, I mean you're saving a
significant amount of money.
Speaker 1 (48:58):
Yeah, yeah, especially from a security
perspective.
I mean, you need to know aboutthe transaction you know you
don't need to know about.
You know the flow logs andeverything else like that, right
, like it just so happens thatthe information that you need is
within those logs.
Speaker 2 (49:17):
That's right.
Speaker 1 (49:17):
just so happens that the information that you need is
within those logs.
That has all this other messwith it, and you have to be
skilled enough to sift throughit and figure out.
You know what's actually goingon.
So it's a it's definitely anarea that that we're struggling
with right now, you know, incloud security.
Yeah, you know, colby, I Ireally enjoyed our conversation.
We we're at the top of our timehere and you know I try to stay
(49:38):
very cognizant of everyone'stime.
But before I let you go, howabout you tell my audience you
know where they can find you ifthey wanted to reach out and
connect and where they can findyour company if they wanted to
learn more?
Speaker 2 (49:50):
Yeah, absolutely Well .
Find me on LinkedIn, colbyDeretiff.
Or find Abstract Security onLinkedIn.
Me on LinkedIn, colby Derodiff.
Or find Abstract Security onLinkedIn.
We're around.
Or the old, traditional way ourwebsite abstractsecurity,
though maybe that's not exactlytraditional, but it is on the
worldwide webs.
Speaker 1 (50:11):
Awesome.
Well, thanks, colby, I reallyappreciate you coming on,
absolutely.
Speaker 2 (50:16):
Jeff, it was a pleasure.
Look forward to keeping intouch.
Speaker 1 (50:19):
Yeah, yeah, absolutely Well, thanks everyone
.
I hope you enjoyed this episode.
How's it going, colby , it's great to get you on the
podcast.
I think that we've beenplanning this for quite a while
at this point, and we've had todelay it, of course, a couple
times, but I'm glad to have youon.
Speaker 2 (00:11):
Yeah, joe, appreciate it.
Sorry for the delays too.
It's a busy time of year withtravel and everything going on
crazy it's.
Speaker 1 (00:27):
I like burned myself out three times this year and
I'm like, I'm like justrecovering from my my last one
of the year, hopefully last oneof the year, it's, I don't know.
It's a.
It's an interesting thing.
Right, trying to develop likeoutside, outside things from the
nine to five.
Right, trying to develop, youknow, a brand for yourself and
(00:47):
trying to like I'm starting todive more into consulting.
Right and, and you know,provide companies with cloud
security.
You know consulting servicesand whatnot.
And when you start adding onthose things, right, like you
have to use your time soefficiently now you know,
especially with a little one.
Right, like you have to useyour time so efficiently now you
know, especially with a littleone.
Right, like I have a 20 monthold at home.
Speaker 2 (01:10):
Okay.
Speaker 1 (01:11):
Yeah, thanks.
You know like I make a veryconcerted effort to always be
available for her Right.
So when she's up I'm notworking right Like I'm spending
time with her.
That, you know that takes out,you know, six hours a day.
It's like okay.
Well, let's like use the timethat I have as efficiently as
possible yeah, absolutely.
Speaker 2 (01:33):
It's like burning the candle at like four ends I have
a four month old at home so I'mright there, first one.
So I'm learning that whole sideof of which is.
You know it's a blessing, it'sfantastic.
But then you know trying tobuild a startup and you know
running around customeracquisition and my wife is in
(01:54):
the wine business.
So there's, you know, anotherstartup kind of going on at the
same time and it's, yeah,there's like candles burning all
over the place and trying totime, manage and be efficient
while you're.
You know growing a brand,building a business.
Right, you know a lot of peoplechoose to do just one of those
(02:15):
things at any given time in life, and you know as well as like
throw in a new family member atthe same time.
Speaker 1 (02:23):
So it's definitely.
It's interesting, a new familymember at the same time, yeah,
so it's definitely it's.
It's interesting, you know,like I feel like, you know, when
I, when I was growing up, right, when I was graduating high
school, starting to get intocollege, right, the recession
hit Right, and so that impactedmy family very significantly.
You know, my dad lost his jobRight he my family very
(02:46):
significantly.
You know my dad lost his jobright.
He couldn't find work for liketwo years.
That was a very stressful time,right, and going through that,
you know, puts me into asituation, or a mentality at
least, where it's like, okay,well, my kid's never going to go
through that, you know.
Yeah, and now you know themarket is in a weird place.
It's kind of in limbo.
It's been in limbo for a coupleof years now where it's like,
(03:06):
well, surely it can't keep ongoing up.
And then it goes up more.
Speaker 2 (03:10):
That's what everybody said about Bitcoin.
Speaker 1 (03:12):
Yeah, well, like you know, the risk side of me is
like, ok, sure, like it looksgreat, but what's actually going
on here?
You know, because it can't goup forever and just by odds
alone, you know, the timing isnot in our favor, right Like the
recession, there will be acorrection, right.
And so trying to develop othermethods of, you know, bringing
(03:38):
in income and, you know,building something that I
actually love and enjoy andwhatnot is, it's a challenge for
sure, and I, like I always tellmy wife I'm like, hey, you're
the stable income.
Yeah, I know I have a salaryand everything, but you're the
stable one, you're a teacher,they're never going to fire you.
You work for CPS, you are good,you need to be there.
Speaker 2 (04:00):
That's right.
That's right.
Yeah, the market's interestingright now.
I mean, we're seeing just as wework with customers.
You know there's some spendingstarting to open back up, but
it's mostly critical projectsand most of the projects we're
seeing are around how to reducecosts.
You know, in in areas and Ithink there's a lot of noise in
(04:26):
the market right now with AI andhow AI is going to reduce all
these costs everywhere and Idon't think people are really
seeing that value happening.
Maybe it's a hallucination,yeah.
Speaker 1 (04:38):
I feel like the AI trend right, or the AI evolution
, is almost like it's still inits infancy.
I feel I talk to people fromNVIDIA.
They kind of argue that it's inthe middle.
It's going towards the middle alittle bit.
Well, from the end userperspective.
You know I've been buying tools, working with tools with, you
(05:00):
know, an alleged AI behind thescenes for 10 years, right,
right, and I've seen my costsonly go up, you know.
So like that's, that'ssomething there, that's not
something.
Speaker 2 (05:10):
I can just ignore.
I like how you said.
I like how you said alleged AIright and.
I'm sure you've seen theScooby-Doo meme where they pull
the mask off of AI and it's if,then else.
Speaker 1 (05:21):
Yeah, yeah, exactly, I mean it's, I don't know, it's
a tough pill to swallow, right,because that was like a huge
selling point for so many yearsof like.
Oh yeah, we have a next gen, wehave an AI thing, you know, and
I feel like the benefits of AIwhere they may be, you know,
(05:45):
true and valid and whatnot, likecost savings and whatnot I feel
like we won't even see thosereal benefits until, you know,
probably five to 10 years fromnow, and I know there's a lot of
AI people out there that areprobably going to, like, you
know, laugh at me or whateverfor saying that, but like, but
look me saying five to 10 years.
I mean, they've been saying itfor 20 years, right.
(06:08):
Right, they've been saying AI isgoing to eliminate everyone's
job for 20 years.
Speaker 2 (06:13):
Right, right, since, like Terminator days, right, but
I don't know.
I mean, I use it tactically forcertain things here and there,
but I would certainly you know.
Let's say I was writing anemail to my board about how
we're doing as a company, orwhat have you.
Or I was writing an email to aCISO, a customer that we're
working with.
(06:33):
I would never let AI do thatfor me, right?
I just you know what, if ithallucinates and, you know, says
something that is just not true, or whatever, at the end of the
day, you're the one who'saccountable, right?
so yeah, I.
Speaker 1 (06:49):
I don't think that most people are really in risk
of ai taking over their jobs atany time soon right, yeah, if it
can't, if it's not evenresponding to emails for me or
proactively right looking atthings and responding and stuff
like that Like it's more of anassistant you know everyone now
(07:09):
has like a personal assistantthat you can bounce ideas off of
and get information off of it's.
I view it as kind of like thenext iteration of a search
engine, almost you know, that'show I use it for sure, Exactly.
Speaker 2 (07:22):
All right, I think it is definitely the next
iteration of a search engine.
It saves you from having tocollate all the results yourself
and it kind of formulates anopinion.
The question is then how muchdo you trust that opinion and
how much additional duediligence do you do?
And I guess it depends on theimportance of the decision,
right, Right, you know if I useit, we've been, obviously, with
(07:45):
a newborn.
We've been checking a lot onthe internet.
Well, every time somethinghappens with the baby, you
Google it.
Right, You're like what is?
this.
You know how it goes right, andsome of the responses come back
and you're like, yeah, okay, Iget it.
But if it came back and saidlike, oh, you should do this
remedy or something, I'mcertainly going to check with a
doctor before I, you know, justbase that decision off of that.
Speaker 1 (08:07):
Yeah, yeah it's.
You know we're going into aninteresting place, right,
because I, you know, we just got, we're on the other side of the
election, right, and it hasbeen an interesting year because
I feel like a lot more peopleare, I guess, more aware, right,
of the media that we'reconsuming and what it's actually
(08:30):
doing to us.
I hope so.
I would certainly hope so too,you know, and you know you
always, you always hear like ohyeah, you know you're being
targeted by these kinds of adsand whatnot, right, and so I, I
live in Illinois, right, verymuch, I mean it's, it's a blue
(08:53):
state in the County that that Ilive in.
It just happens to be like 80%of the people in the state live
in the County, right, and I get,I get I don't want to say
targeted, right, but my, myalgorithms are heavily based on
where I live and where I searchthem from and everything, right,
and I search things that aretypically, I view it as like
right in the middle, right onthe political spectrum and I'm
(09:14):
not trying to get political onthis podcast or anything like
that, right, but it'sfascinating for us from a
security perspective to seewhat's going on kind of behind
the scenes.
And so over the summer, myfamily and I went for a vacation
over in Tennessee, right, wentthere for like a week just
hanging out, right, tennessee'sa red state, right?
For anyone that doesn't knowwhich, I guess that's probably a
(09:37):
stupid thing, even because Italked to people over in, like
Russia, and you know Europe, andthey like know our political
system a little bit better thanus, almost, yeah, probably.
And so I I go to Tennessee andmy entire feed is stuff that,
like, I have never watched.
I don't subscribe to thechannels, like none of it was
(10:01):
for me to click on, right, so,you know, I I didn't, I didn't
pay any attention to anythingthat was in my youtube feed, my
google news feed none of it,right, because it's not didn't
even appeal to me, right, so Ididn't think anything of it.
And then, you know, it happenedthe next day and the next day
after that I'm like man, whatthe hell is going on here?
Like this is literally nothingthat I even watched.
(10:22):
Like I don't want to watch anyof this.
What is going on?
Yeah, and you know, sure enough, right, like you're being
targeted based on your region,which is it's a dicey thing,
right, because it's like, well,how much of my opinion is being
shaped by where I live, andwhere I live determines what I'm
(10:42):
being targeted with right, andwhere I live determines what I'm
being targeted with right, andyou know it's a weird situation.
You know, and to quickly youknow, go through this one point
right with AI, how we're usingit as a search engine.
You know, I saw someone onsocial media they're from Canada
, right and they put into likechat GPT.
(11:03):
You know when was the firstTrump assassination attempt?
I mean, this is a factual thingthat happened.
It took place at a date time ata certain place, all that sort
of stuff.
Any search engine should beable to give you those exact
specifics.
And he said that essentially,chatgpt, you know, tried to just
(11:27):
go around the question, didn'teven answer it.
You know, said that it neveroccurred or anything like that.
And he had to like really prodfor it.
And so I thought to myself well, surely if this LLM is learning
from itself, it knows hey, Imade a mistake there.
Let me go readjust and pull inother feeds and, you know,
(11:47):
recalibrate right.
So I mean, a couple days after,I went ahead and just put in
the same question it was likethe exact same question.
You know when was the firstTrump assassination attempt?
And it literally said there wasno assassination attempt.
It literally said there was noassassination attempt.
And I had to go and say no,there was one.
(12:08):
And it pulled up some 2017 eventwhere someone threw a shoe at
him or whatever, and I said no,it happened in 2024.
And I had to literally feed it.
I mean several steps down,because even after saying 2024,
it still said that there wasnothing in 2024.
And I had to then Google whatthe exact date was and I said no
(12:31):
, it happened on this date.
And it said no, it didn'thappen.
And I was like it happened inthis state, in this town.
You're arguing with the machine.
Yes, I had to feed it all ofthat information.
You know, after doing this fora bit, it was like I made a
mistake, or I don't even thinkit said I made a mistake.
It just posted, you know, likea cnn news article that was on
(12:54):
it and, like you know, we'regoing into a place where there's
a there's a huge amount of thepopulation that would never
double check that, right?
Like if MSNBC didn't report onit or CNN didn't report on it or
Fox News didn't report on it,right?
(13:14):
They're going to think, hey,this never happened, right?
Because they're not saying ithappened and same thing with the
LLMs, you know.
And so we're going into a weirdplace and I apologize, I didn't
mean to like take over, no, no,it's.
I mean it's interesting, right?
Speaker 2 (13:30):
I mean, it's something I worry about a lot is
, as these LLMs get moreembedded into everything and
more embedded into decisions,the fact that they either were
not trained to know the answerno-transcript, say we never
(14:10):
landed on the moon, the earth isflat and we're going to, uh, be
in a lot of trouble in societyas we move forward based on
facts.
Right, so it's a?
It's a brave new world outthere.
Yeah, it's going to beinteresting for the next
generations.
Speaker 1 (14:26):
How do you try to keep yourself informed of, I
guess, the right informationwithout being kind of influenced
by the information?
I feel like there's a very fineline between being influenced
(14:47):
and informed.
Speaker 2 (14:48):
Yeah, you know, we saw that a lot this year yeah
for sure, and it's tough becausesometimes you see you know bits
or whatever, and you're you doget influenced by them, right?
Oh yeah, well, that's a.
That point makes sense.
But then you have to go backand like, was that actually true
?
Right, and that's the thingthat I think we all ask
(15:09):
ourselves a lot is is theinformation I'm seeing accurate?
You know, because you hear somany crazy things out there, you
know this company's doingfantastic because they posted
something on LinkedIn that saysthey've tripled their sales,
like, but did they, or is thatjust some marketing hype that
they're trying to?
You know, maybe they're goingout to raise a round or
(15:31):
something like that and they'retrying to make the company look
good, you know.
So I think it's almost living ina state of constant paranoia,
right, and I hate to say that,but I think there is good,
healthy paranoia.
Obviously, you don't want to besitting there at your window
all day long staring out thewindow, but it's good to be
(15:53):
cautious and it's, I think, goodto be a little bit paranoid.
And I mean, I guess I kind ofrun in that state, maybe from
being in cyber for 25 years.
We were all a little bitparanoid about what's the old
expression Just because you'reparanoid doesn't mean they're
not after you.
So I think we all kind ofoperate in that kind of a mode
and you know, so I think, got tokeep asking questions and got
(16:15):
to inspect the answers.
And you know otherwise keepreading, keep researching.
I think that's the only way.
Speaker 1 (16:23):
Yeah.
Yeah, that's a really goodpoint.
You know it's interesting.
Recently, you know, I lead allof cloud security for my current
employer right, and a part ofone of my initiatives for the
year was to deploy.
Speaker 2 (16:40):
And you must be paranoid because it says
undisclosed, undisclosed,undisclosed.
Speaker 1 (16:42):
And you must be paranoid because it says
undisclosed, undisclosedundisclosed Well, so I do that
very purposefully because Idon't want you know, I'll give
like career stories, right,Things that I encountered and
stuff like that, and I don'tever want someone to say, oh,
that sounds like X place right.
Or that sounds like this oneright, or the manager, for there
(17:03):
is like I know that thatoccurred.
I'm still here, like we'regoing to come after you.
You know, that's really what Iwant to avoid at all costs and
you know, and I guess maybe itlimits the amount of
opportunities that I get hit upfor or whatnot, but I feel like
if it's a real opportunity,they'll see through that and you
(17:24):
know still talk to me right now, right, but you know, since I
lead all of cloud security formy organization, I'm working
with about 150 developers, right, and these developers because
I'm rolling out this, this AWSWAF, right.
So these developers, theydecided amongst themselves hey,
we don't like the WAF, we'regoing to try and get this bypass
(17:47):
rule through Joe and you know,if he approves it, it basically
bypasses the whole WAF.
We don't have to worry about it.
There's going to be no issues,no troubleshooting, none of that
.
And I get on this call and theyimmediately start badgering me
with, you know issues and youknow they tried to make it sound
like it was 15 different issues.
(18:09):
But through all of my you knowquestioning, right, like
insecurity, we're so paranoidLike I ask questions until I
know exactly what is going on,right, because I'm not getting
fired for something that I didand I didn't know I did, and you
know they, I, through thequestioning, I was able to
whittle it down to one, one coreissue that they were trying to
(18:31):
mask from me.
And then I spent, you know,probably the next 30 minutes
literally going through their,their issues and everything,
trying to see what they wereactually trying to get at,
because they didn't.
They didn't want it to make itsound like I was going to bypass
the entire WAF.
They wanted to make it soundlike hey, it's just this rule,
(18:52):
you know, it's just this rule inthe stack.
Speaker 2 (18:55):
Right.
Speaker 1 (18:55):
But they're, but they're effective.
Speaker 2 (18:56):
It's the one that says allow star dot star.
Speaker 1 (18:59):
Yeah, their, their effective rule was allow star
dot star.
Without the allow star dot star, it bypassed everything else.
And so I like pulled in mynetwork guy, I pulled in my
infrastructure guy, I don't, Idon't think that they thought
that I would do that.
So I pulled them in and I saidplay into my network, guy, what
you want to do.
(19:19):
And they explained it.
And I said I have one questionDoes this bypass the WAF?
And he said yeah, it bypassesthe whole thing.
I was like we're not doing itand like everyone was so mad at
me, right.
But you know, I got that skill,though, of being able to do
that from years of being insecurity and, just to put it
(19:41):
bluntly, being lied to whereit's like OK, I need to.
I need to make sure that Ifully understand what's going on
here before I actually make adecision that impacts the
security posture of ourorganization.
Speaker 2 (19:53):
Yeah, absolutely Absolutely, and you know it's I
hate to say it, but a lot oftimes there's it.
Maybe it's some extra work tomake something work through the
security control.
And so the easy question, theeasy path is like just, you know
, just whitelisted or whateverfor now, and then we'll, you
know, we'll get to it later, andthen later never happens, and
(20:18):
you know how that goes yes, yeah, yeah, we have.
Speaker 1 (20:22):
I've seen that so many times and that was a part
of their argument.
Right Once I figured out whatthey were doing, they were like
oh well, can you just whitelistit?
You know, we'll, we'llreaddress it.
You know, in January I don'twork like that.
You know, I know that there'sother security people that have
been in this role before andthey were, you know, basically
pushovers for you.
Like I do not play that game,you know.
Speaker 2 (20:44):
No, you can't.
You can't Not when I havepeople on from.
You know startup companies,founders and CEOs.
Speaker 1 (20:51):
You know the people that are starting these
companies.
They're all typically likepretty, pretty young, and I'm
(21:14):
not trying to you know, age youor anything like that, right but
you said that you have afour-month-old, so that that
tells me that you're in adifferent place of your life.
You could be in your 20s, right,but you, but you're in a
different place in terms ofright, but I'm saying you're in
a different place in terms of,like, the risk that you're
willing to accept right, becausenow you have a four-month-old,
(21:34):
you have another little personthat's depending on you and for
a lot of people that'slife-changing.
I'm sure it was probablylife-changing for you.
It changed my entire life, myentire perspective of what life
is and love and everything else.
But I say that because whenyou're in your 20s, you
typically have noresponsibilities.
Well, you got a car payment,you got rent, you got small
(21:58):
little, minuscule things.
You typically don't have kids.
I mean, you could absolutelyhave kids, but if you're in that
situation, you're probably notstarting a company.
So what is that like?
How do you manage the risk andthe stress of having a young
family and doing a startup?
Because I couldn't imagine, youknow.
Speaker 2 (22:19):
Yeah, it's a lot.
I think it's just one of thosethings where my wife and I had
been working on building ourfamily for a long time and you
know.
So that was just kind of, ifit's going to happen, like it's
a blessing and we're going totake it whenever, but at the
same time I wasn't going to putmy goals and passion on the
(22:41):
sideline and kind of wait.
So I figured, well, I'm justgoing to have to figure out how
to do it all at once, whichpeople can do it.
I mean, I'm in my mid forties,I'm 46.
So I guess I'm pushing towardsmy late forties.
But I've always been instartups, right.
So this is startup number five.
You know, I started at ArcSightback in 2000.
Speaker 1 (23:03):
Wow, okay.
Speaker 2 (23:04):
I think I was employee like 30 there,
something like that.
So, pre-product, you know,there was basically a batch file
that started at JPEG of theconsole and I spent 12 years
there and ArcSight grew, wentpublic, acquired by HP, and then
I went off to another startupcalled Silvertail Systems and
basically spent about two yearsthere and we got acquired by RSA
(23:26):
and I decided to leave shortlyafter that acquisition and go
start a company for the firsttime.
With my co-founder, Greg Martin, we started ThreatStream, which
grew into Anomaly oh wow.
And so you know that businessis still operational.
They're doing fantastic.
So we're over here rooting forthem on the sidelines.
(23:46):
But I decided after about eightyears of building that company
that I was ready to go trysomething else and I joined a
company called Veriden which wasin the breach and attack
simulation space, where I hadinvested in that company early
on in the seed round and the Around and I think that you know
(24:08):
the writing was on the wall thatI was eventually going to be
there and you know I ended upjoining as their CTO and about a
year after I joined, we gotinto talks about getting
acquired by Mandiant FireEyeMandiant at the time and so
about midway through 2019, wegot acquired by FireEye Mandiant
and that was interesting, right.
(24:29):
So I ended up spending threeyears at Mandiant through the
divestiture of the FireEye stackand ultimately through the
acquisition by Google, and aboutfour months after the Google
acquisition, I left Google andstarted Abstract, and it was
(24:52):
something that I'd been wantingto do for a long time, and you
know, really kind of companiesat this stage are, like you know
, really kind of the most funthing for me, right?
Not for everybody, for a lot ofpeople don't like companies at
this stage.
They're hard, yeah yeah.
Speaker 1 (25:12):
So it kind of sounds like.
It sounds like you kind of, youknow, went through that initial
stress or grew into it early onand then it became the norm,
whereas everyone typicallystarts with the stress of a 9 to
5, and that becomes the normand you kind of stay within that
(25:32):
mix.
You know when, when I wasstarting out in my career maybe
you know, 10 years ago, right II reached out to alissa knight
and I was I was talking to her,I was trying to like unravel
this, you know startup thing andhow do you get, how do you get
started, like what's the rightyou know thing that you should
(25:56):
be doing for it and everything.
And the one piece of advicethat really stuck with me was
that you only, you know, leaveyour day job when your startup
or your side hustle is matchingthe income of your day job.
Right, because it gives youthat financial security.
(26:18):
You understand, okay, I havesomething here and then you can
lean in a little bit more andsee how it grows and everything
else like that.
And I think if I didn't havethat framework right or that
idea you know, kind of plantedin, I feel like I would have
either gone one of two waysright.
(26:38):
I would have gone full-on intothe nine to five and just been
like if this is where I'm atthis, I'm stuck here forever.
Or I would have gone full-onstartup yeah, risk, you know,
losing everything basically yeah, yeah.
Speaker 2 (26:52):
Well, you know, the good news is you don't really
lose everything.
You may not, it may not besuccessful, right, but at the
end of the day, the experienceand the lessons learned are
invaluable, right.
So I don't know For me.
Like I said, I worked at Fire,at Mandiant, for three years and
you know we had a good time andI mean it was a hard time.
It was obviously during thepandemic, so things were
(27:19):
different than ever before, butwe accomplished a lot while we
were there, which some thingsthat I was really proud about.
I mean, we kind of took alegacy software stack and
converted it to a modern SaaSapplication.
Inside of, we were almostoperating like a startup within
a big business because we werethe acquired company.
So we kind of had a team.
All the stuff we did cominginto that was SaaS-based, and so
(27:39):
we're kind of taking thislegacy sort of you know network
appliance sort of company andbuilding a modern SaaS
application on top of that, youknow, and our areas were really
around threat intelligence andthe breach and attack simulation
areas, which is what we'refocused on, kind of that
(28:00):
migration.
So it was interesting.
But you know, I think thecompany was 3000 people give or
take, if I'm remembering thatcorrectly, but give or take
around 3000 people, which to meis just like a huge, huge
company.
I mean the last, I think,arcsight, when we got acquired
by HP, we were maybe like 600people or something like that,
(28:23):
and so that was kind of myexperience.
My big company experience wasthat and you know, silvertail
was maybe 100 or so people andAnomaly we grew to about maybe
two, 50, 300, something likethat.
Um, so those are the kinds ofcompanies like I really love
(28:44):
that you know zero to a hundredmillion ARR type phase.
You know the a hundred to two50 ARR type phase, um, and then
as it gets into a 3000, 4,000person company, I mean that's,
it's a different beast, right,yeah.
Speaker 1 (29:03):
Yeah, you, you start to like have to have things like
a whole HR department andfinance department, right, you
know?
you get a board in place, allthat sort of stuff.
It's a different, differentchallenges that you have to
learn and grow through andwhatnot.
And you know, I, I think likeI'm a big kind of I I don't want
(29:26):
to say I'm a big stats guy, butI'm a numbers guy, you know.
So when I, when I do somethingor when I venture into something
, right, it's kind of like Ilook at what the odds are.
I look at like what the oddsare of success, right.
And you know, you, you look atjust the companies that go to
RSA every year, right.
Something like 86 or 89 percentof them fail within that year.
(29:48):
They don't show up again thefollowing year.
And then you look at the ultrawealthy.
I look at people like Elon Muskor Mark Cuban, jeff Bezos, and
when you do your research, allof them went through several
bankruptcies.
All of them started withrelatively small amounts of
(30:13):
money compared to what they have.
What they have today, right.
What they grew into today,right.
And so that does actually tellyou something like, hey, you
should expect a certain degreeof failure to come with your
success, absolutely.
And you shouldn't allow thatfailure to hold you back.
You know you have to use it andgrow through it because I'm
sure you know, if one of thosebillionaires go and declare
(30:36):
bankruptcy, you know this yearfor the ninth time or the tenth
time, right For them mentally,that's not even on their radar
of stress in terms of, like youknow what bankruptcy means and
everything else like that.
Because it's like I did it 10other times.
Right, like I did it 10 othertimes.
I'm going to make it throughthis one.
(30:56):
We'll be fine.
You know, for me, if I were togo through that today, I'd be,
I'd be terrified, yeah, me too,me too.
Speaker 2 (31:04):
So yeah, yeah, I'm looking to not go that route.
Speaker 1 (31:08):
I would never want to no, but fail fast.
Speaker 2 (31:10):
I mean, you know, I think that is an important
lesson there.
Like you know, we try differenthypotheses all the time as
we're building product andwhatnot and it's like, hey,
let's try this, we're going toput some effort in.
Is it going to work?
It's not guaranteed to, solet's try it, see what works,
and if it doesn't get thelessons learned, figure out a
(31:32):
different approach.
But do it quickly.
Approach, but do it quicklylike it's better to.
You know, I don't know.
Speaker 1 (31:41):
Try and fail and never try at all, I guess yeah.
So yeah, that's very, that'svery valid.
There's an old adage yeah not,but it's, it's very valid.
And you can really only do thatin a small startup like
environment.
Right, like you're not doingthat at intel or ibm.
Right where you're, whereyou're failing fast and making
adjustments on the fly, tryingdifferent things, failing again
(32:03):
yeah, you're.
Speaker 2 (32:04):
That's the definition of getting fired well, and
that's why, that's why theprojects take, you know, so much
longer to get anything doneright.
I mean that's that's what I loveabout startups is we iterate
fast, we build features quickly,we know we're right there with
the customer right.
So we're like building as thecustomer's asking for something.
And you know, at big companiesyou know it just doesn't happen
(32:26):
that way because there's so manycustomers feeding in
requirements that there's no wayyou can be that responsive.
But at our stage and I mean Ithink as you stay nimble, even
as you grow being able to havethat level of customer support,
(32:47):
customer success is likecritical right and I always tell
people, always tell people thisthat customers will tell you
what they need.
You just have to listen andthat's something that I think
too many startup founders don'tdo.
Well, because they come from aplace where they think they know
(33:11):
better than the customer andmaybe it's their education or
their amount of experience witha certain technology or a
certain technology stack thatthey think the customer doesn't
know what they need.
And they're here to tell thecustomer.
I've always taken the approachof customer does this job every
single day.
This is what they do for aliving and they're telling me
(33:33):
they need this feature.
Most likely it's because theydo and they're telling me they
need this feature.
Speaker 1 (33:40):
Most likely, it's because they do.
Yeah, that's a very it's a veryvalid point.
You're listening to.
You're listening to understandrather than listening to reply
right, that's right, that'sright.
Yeah, you know it's weirdbecause all of school right, and
I was talking to my PhD chairon this right, because I'm
working on my PhD and it is themost difficult thing that I've
(34:04):
ever done from an educationalperspective right, and it's hard
in ways that you do not expect.
Everyone says that it's reallydifficult and whatnot, that a
lot of people that start do notfinish.
I can completely understand why, right, it's because you
literally just spent 20 years inschool and they're telling you,
hey, what's on the next test?
(34:25):
They're telling you what theywant you to write, right, all
this sort of stuff.
And then you go into your PhDand they're like no, you have to
find a topic, oh, okay, well,you have to write this
literature review, that's.
You know, it could be 10 pageslong, it could be 150 pages long
.
You have to do it.
Well, what's a literature review?
(34:46):
Right, it is a complete blankslate.
Like, a literature review is acore paper in this process,
right, and there's no set, likedefined, even outline of what a
literature review is, right,like, you can Google it and
you're going to get 15 examplesand they all look different,
(35:06):
they all feel different, theyall read different, right, and
so you spend literally 20 yearsin school, you know, learning
how to reply to something thatis being told to you right, or
how to deliver a result based onsomething you know you're being
told to do right.
And when you get into kind ofthis startup phase or the PhD,
(35:31):
right Like now, I understand whypeople that get their PhD
actually make.
You know the money that theytend to if they go into the
right area.
It's because you literally donot have to tell them anything.
You tell them what you'rethinking about and they go and
figure out everything, Becauseit's a different thought process
(35:55):
.
So talk to me about abstractsecurity.
You know what's the niche areaor what's the problem that
you're designed to fix, thatyou're working on fixing right
now.
Speaker 2 (36:05):
Yeah, so basically, you know, our mission is
building a complete platform fordata security, right, Right?
So basically a data platformthat is focused on collection
and aggregation andoperationalizing security data.
(36:25):
So we want to make the datacollection side of things simple
.
So we say we simplify data andwe amplify insights.
So the idea is we're providingcustomers better cloud
visibility, we're giving them ahandle on their log management
infrastructure.
We're helping a lot ofcustomers with SIM migration.
(36:47):
So people are kind of migratingfrom Splunk to Google or from
QRadar to Microsoft Sentinel orwherever the case may be.
We're helping them on thatjourney by being that data
collection layer for them.
And you know, we also have alot of capabilities in kind of
(37:08):
the analytics space.
So as we're collecting the dataand routing it, optimizing it,
we can also do analytics on thatdata and provide those results
to their you know sim of choiceor their next-gen sim of choice,
however the case may be thesedays, Hmm, that's interesting.
Speaker 1 (37:28):
So it's almost like a sim collector or like a log
collector, and then you're ableto run some analytics and
analyze the actual data that'sright.
Speaker 2 (37:38):
Yeah, on the data stream itself.
So we collect the data, westream it.
As it's streaming, we canoperate on the data.
So you know, for example, like,well, you're in cloud, you're
in cloud security, right, and itsounds like you were talking
about, you know, deploying thisWAF, right, right, well, the
WAF's going to generate a lot oflogs.
Most of them might not beuseful or there might be a
(38:02):
subset that's actually usefulfor security detections, and so
what we would do is we wouldcollect those WAF logs out of,
let's say, an S3 bucket orwherever they're being written
to, and we would then say, okay,out of this set of data, what
is the data that's relevant for?
Either your compliance needs,your regulatory right.
(38:24):
So there may be a requirementthat you're under that says, hey
, we have to keep all data thatis between system X and system Y
because it's their regulatedsystems systems.
But there could be a bunch ofinternal traffic that maybe you
don't need, although maybe notthrough a web, but if you're
looking at, like VPC flow logsor some of these other sources,
you know you have a lot ofinternal communications that.
(38:45):
Do you really need that data?
Maybe not, and so you canfilter out data, you can change,
you know values or you canenrich data.
So let's say that, for example,you know GitHub's a great
example.
We have a lot of customers whocollect GitHub logs and GitHub
is basically a social network soyou can go in there and create
(39:05):
whatever username you want.
Well, when the log gets written,it's going to be tagged with
your username, right, and sowhat we want to do is actually
enrich that so that it getstagged with the actual identity
of the user, so we're able tokind of do that data enrichment
type stuff on the fly.
We enrich data with threatintelligence so you can know
(39:27):
basically like which threatactors potentially are
associated with an alert, andthen we forward that off to
multiple destinations.
So you could take, let's sayyou have I don't know, say, an
AWS data lake and you want someof the data to be stored in your
AWS data lake in maybe OCSFformat.
And then you want some subsetof the data going to your SIEM
(39:51):
where you're paying extremelyhigh storage costs, so you don't
want to send everything therehigh core storage costs, so you
don't want to send everythingthere.
So you can kind of slice anddice route and really figure out
.
You know, a strategy, a datastrategy that is going to allow
you to get the most value out ofyour tech stack.
Speaker 1 (40:09):
So I mean, it sounds like you're able to use the data
from wherever it kind ofresides, right?
I'm thinking in terms of, youknow, in the cloud.
Right now, there's a hugebattle between legacy tech
stacks and cloud tech stacks,especially with logging.
Like, as you probably know,right, I've been engaging with a
(40:37):
logging conversation aroundthis waft for six, eight months
now at this point right, and wedon't really have a good
solution.
We have sort of a solution andhopefully we never have to query
it or anything else.
You know, right, yeah becauseit's it's so expensive, it's so
(40:57):
extremely expensive to go andsend that data to Splunk right,
because we already have Splunkon prem, it's already sized
right and everything else likethat, yeah it is so expensive,
yeah, especially with, like theWAF or just network flow logs,
right man?
Yeah, I mean we might as welljust try and buy slunk from ibm
(41:18):
at that point, like, or whoeverjust bought them you know, cisco
, yeah, yeah, cisco.
Speaker 2 (41:25):
Well, that was the going joke, right, that cisco
was either going to pay therenewal or they were going to
buy the company, yeah, soprobably not too far off, but
it's so accurate they probablyonly had to spend a little bit
more.
Probably only a little more, butyou know we could probably, you
know, look at helping you outif you're interested not to turn
this into a abstractconversation on you know, but
(41:47):
might be something there yeah,yeah, I mean, you know this is
something that I've definitelybeen, you know, mulling over,
right for for a while.
Speaker 1 (41:57):
you know, caveat to everyone, right, like I, right
for a while.
You know, caveat to everyone,right?
Like, I don't bring people onthe podcast for them to sell me
a product or anything like that.
I want to talk aboutinteresting stuff because I'm
actually in this field, rightLike I'm in this field, I'm
dealing with these problemsevery single day, and so it's
really beneficial for me to seewhat's out there, what's growing
(42:17):
, what's coming out, you know,because there's so many
different people that are goingto think of these problems in
different ways and solve them indifferent ways.
You know, like, my environmentis interesting, right, because I
don't, from a securityperspective, I don't have full
visibility into my environment,right?
So I'm a cloud security guy andI don't have full visibility due
(42:38):
to different restrictions andit creates a lot of different
challenges.
So you know, in securityengineering you're going to be
faced with a whole lot of uniquechallenges and you have to
figure out how to solve them.
You know, like that's the wholepoint of the engineer's job.
Speaker 2 (42:54):
Yep, absolutely, and you're always kind of operating
with like one hand tied behindyour back right.
Speaker 1 (43:01):
I'm lucky if I only got one hand tied behind my back
.
Speaker 2 (43:04):
Maybe hamstrung with a hand behind your back.
Speaker 1 (43:06):
yeah, yeah, I'm over here like using my head as a
weapon at this point, you know.
Speaker 2 (43:11):
Yeah, yeah, I was going to make a funny joke about
the Tyson fight man.
Speaker 1 (43:16):
That was going to make a funny joke about the
Tyson fight man.
Speaker 2 (43:18):
That was an interesting weekend.
I will say this Netflix betterget some more servers going
before football hits onChristmas Day.
Because people are going to benot happy.
Speaker 1 (43:29):
You know, as a cloud security person, I just don't
understand how they could havean issue like that, right,
because I'm thinking like how doyou, how do you have your load
balancers configured and how doyou not have auto scaling
configured on a streamingservice, probably one of the
(43:50):
biggest streaming services?
on the planet for like a decadeRight and you pride yourselves,
you talk it up at these, youknow tech conferences that you
know all of Netflix is built oncontainers.
It's all serverless.
It's you know this, it's that.
So if that's true, it'sliterally a checkbox for you to.
(44:12):
You know, go into your loadbalancer and say auto scale, put
it into an auto scaling groupand give it the template right.
Speaker 2 (44:21):
Well, it's a checkbox , but it's also a check that
they have to write.
So maybe, if they, maybe theycame up with a budget on cloud
spend for this event and they'relike we can't go over x, no
more load balancers I guess I Imean, I, you know this.
Speaker 1 (44:36):
This is the thing Like.
I feel like maybe someone infinance maybe came up with that
arbitrary budget.
Speaker 2 (44:43):
Yeah, right, yeah.
Speaker 1 (44:44):
Instead of customer experience, it was the cost for
the three or four hours that theevent was going on.
Right, you eat that cost forfour hours.
Okay, it scales right back downafterwards.
And now you get, you know, acnn article saying of how
(45:06):
netflix, you know, was able tostream to, I don't know, 50
million people all at the sametime.
Speaker 2 (45:11):
Right, like 100, 130 million, I'm sorry, 120 million,
which is 10 million less thanwatch the super bowl.
Speaker 1 (45:21):
Imagine just imagine if that was the article in the
news.
Right, right, exactly, hey,they streamed to 110 million
people flawlessly, withoutissues, right, and now we're
dealing with the after effectsof you not doing auto scaling
groups properly in your cloud.
(45:41):
You know, wink, wink, there maybe someone on this podcast that
knows how to do it.
Like it's like common sense.
I mean they, they're thecompany that came up with chaos
monkey and chaos gorilla, and ifyou don't know what those are,
it is ensuring high availabilityand extreme redundancy in your
(46:01):
data center, in your environment.
Like these things take downservers randomly, they take out
data centers randomly, you know,and and if you're up and you're
running that in yourenvironment, that's better than
probably most of the cloudproviders at that point.
You know, I worked for a company, a financial services
(46:24):
institution, right A couple ofyears ago and we bought a
company in California and thiscompany viewed disaster recovery
totally differently from how weeven viewed it.
Right, like they reallyincreased the par for what we
consider disaster recovery tothe point where every two weeks,
they wouldn't just like severnetwork connections in a data
(46:47):
center, they would go into thedata center and shut down the
power.
I mean literally shut down thepower on that data center.
And if something failed, thenthey're like okay, we know we
have an issue over here andthere was no turning it back on
for two weeks, you know.
So it's like, hey, you got tofix this thing on the fly, which
just like took it to a wholeother level, right?
(47:10):
Like we kind of re-augmented orredid everything we did from a
disaster recovery perspectiveglobally.
Once we bought them and we sawthat technology, we're like we
need to be doing this everywhere, like right now.
Speaker 2 (47:23):
Yeah, I like the idea of chaos monkey.
Speaker 1 (47:25):
That's uh pretty sweet well I every, every, every
time I go to a, to a newcompany or whatever.
I mean, it's one of the firstthings I ask.
You guys want to run chaos,monkey.
And every single, every singletime they're like, nope, we
don't want to touch it, likedon't even bring that in here,
I'm like, all right, fine allright sure yeah, yeah,
(47:47):
absolutely, it's, it's a, it's a.
You know, the.
The problem that abstractsecurity is solving for is a
problem that I'm finding at alot of places.
Honestly, I mean not just, notjust my own place, right, but
you know every place that I'vebeen to right, the biggest issue
is okay, we're heavily into thecloud and now we have all these
(48:10):
logs, we can't even query themfor something.
God forbid, an incidenthappened because we don't know
how to get that data.
Speaker 2 (48:18):
And if we?
Speaker 1 (48:18):
send it to our slunk where we already have everything
.
It's an insane amount of money.
It doubles or triples our spendwith that vendor.
Speaker 2 (48:27):
That's right.
That's right.
And so much of that data isjust not relevant for cyber.
Amazing, I mean.
We did some analysis on likeCloudTrail logs and found, like
you know, 70% reduction capable.
Yeah, I mean you're talking adata source that generates
(48:50):
terabytes of data every day.
So if you can reduce that by70%, I mean you're saving a
significant amount of money.
Speaker 1 (48:58):
Yeah, yeah, especially from a security
perspective.
I mean, you need to know aboutthe transaction you know you
don't need to know about.
You know the flow logs andeverything else like that, right
, like it just so happens thatthe information that you need is
within those logs.
Speaker 2 (49:17):
That's right.
Speaker 1 (49:17):
just so happens that the information that you need is
within those logs.
That has all this other messwith it, and you have to be
skilled enough to sift throughit and figure out.
You know what's actually goingon.
So it's a it's definitely anarea that that we're struggling
with right now, you know, incloud security.
Yeah, you know, colby, I Ireally enjoyed our conversation.
We we're at the top of our timehere and you know I try to stay
(49:38):
very cognizant of everyone'stime.
But before I let you go, howabout you tell my audience you
know where they can find you ifthey wanted to reach out and
connect and where they can findyour company if they wanted to
learn more?
Speaker 2 (49:50):
Yeah, absolutely Well .
Find me on LinkedIn, colbyDeretiff.
Or find Abstract Security onLinkedIn.
Me on LinkedIn, colby Derodiff.
Or find Abstract Security onLinkedIn.
We're around.
Or the old, traditional way ourwebsite abstractsecurity,
though maybe that's not exactlytraditional, but it is on the
worldwide webs.
Speaker 1 (50:11):
Awesome.
Well, thanks, colby, I reallyappreciate you coming on,
absolutely.
Speaker 2 (50:16):
Jeff, it was a pleasure.
Look forward to keeping intouch.
Speaker 1 (50:19):
Yeah, yeah, absolutely Well, thanks everyone
.
I hope you enjoyed this episode.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!