February 14, 2024

00:37:05

Episode 242 Deep Dive: Nick Schneider | Unpacking Challenges: A Discussion on Legacy Approaches, Talent Shortage, Alert Fatigue, and Over-layered Security Systems

Episode 242 Deep Dive: Nick Schneider | Unpacking Challenges: A Discussion on Legacy Approaches, Talent Shortage, Alert Fatigue, and Over-layered Security Systems
KBKAST
Episode 242 Deep Dive: Nick Schneider | Unpacking Challenges: A Discussion on Legacy Approaches, Talent Shortage, Alert Fatigue, and Over-layered Security Systems

Feb 14 2024 | 00:37:05

/

Show Notes

In this episode, we are joined by Nick Schneider, as we explore the challenges organizations face in managing cybersecurity with multiple point solutions. Nick discusses the complexity of handling 30-50 different tools, and the necessity of integrating and aggregating telemetry and alerts onto a centralized platform. The episode delves into the evolution of cybersecurity, the use of AI, addressing talent shortages, and combating alert fatigue. Join us as we unravel the complexities of cybersecurity and the strategic approach needed to mitigate risks in a rapidly changing landscape.

As President and CEO of Arctic Wolf, Nick Schneider brings more than 15 years of experience in building global, high-growth technology companies spanning both emerging and established markets. As a veteran in the security industry, Nick has developed expertise in creating best-of-breed technology platforms and world-class sales organizations, which have been the driving force behind Arctic Wolf’s explosive growth and leadership position in the security operations market.

Before being named CEO, Nick served as Arctic Wolf’s President and Chief Revenue Officer, where he helped lead the company to eight consecutive years of 100% sales growth, spearheaded the company’s international expansion, and oversaw Arctic Wolf’s transition to a 100% channel go-to-market model.

Prior to Arctic Wolf, Nick served as the Vice President of North American Sales for Code42, an industry-leading endpoint data protection company. Before Code42, Nick led high-performing sales teams at Compellent Technologies, where he helped the company grow to a successful IPO and eventual acquisition by Dell. Nick holds a Bachelor of Arts and Sciences degree from Duke University in public policy and economics.

View Full Transcript

Episode Transcript

[00:00:00] Speaker A: So as those changes are happening, you're actually making your organization a larger target, or your organization is taking on more risk. And by having kind of a centralized platform, having someone in the middle of your operation, you're both allowing yourself to get the best ROI out of the tools that you've previous implemented. But you're also giving yourself some semblance of a future proofing. In other words, as things change in your environment, or as the market changes, or as product capabilities change, you have this kind of cornerstone of your security posture, which helps you over time. [00:00:36] Speaker B: This is KDCan as a primary target for ransomware campaigns, security and testing and performance risk and compliance. [00:00:45] Speaker A: We can actually automate that, take that. [00:00:47] Speaker B: Data and use it. Joining me today is Nick Schneider, CEO from Arctic Wolf. And today we're discussing the pivot towards new cyber strategies to take over legacy approaches. So, Nick, thanks for joining and welcome. [00:01:01] Speaker A: Great to be here. Thanks for having me. [00:01:02] Speaker B: So I want to start with your view first, Nick, and understand what are legacy now? Depends on who people are going to have. There's going to be various opinions, so I'm keen to sort of hear yours. [00:01:14] Speaker A: Yeah, so I think legacy approaches in the more recent history have been folks trying to solve for their overall cybersecurity posture by deploying a litany of different point solutions within their environment. I think this has happened kind of over time. It started with the perimeter moved to cloud applications, and now you're seeing customers trying to solve for cybersecurity with 30, 40, 50 different tools in their environment. And it's a really complex environment to navigate, even without having to deal with that number of tools. So it's a problem that's been there for quite some time. Obviously, there's a lot of complexity in that approach, and along with kind of the cyber skills gap, making the problem even that much greater, the customers are left kind of wondering what's next. [00:01:58] Speaker B: Yeah, and you're right. I think there was a study that I've read. I think the average company and their larger company enterprise, they have around 70 tools. I mean, that's a lot. Would you say from your opinion, that all those 70 tools are probably not being utilized to the best of their ability? [00:02:12] Speaker A: Yeah, there almost never are. And it's interesting. You'll see some customers that have a really good handle on a subset of those tools. You'll see other customers that actually have deployed all those tools. You've seen others that have bought 70 tools but only deployed ten of them. Sometimes folks are buying stuff that are duplicative but they still have gaps in other areas. So it's a pretty big problem. And I think what speaks to the level of sophistication or the level of complexity of the problem itself, but also speaks to the importance of cybersecurity to businesses and that they're willing to spend and cause that complexity in the environment. With regards to tools, the issue is it's just not delivering the outcomes that they're expecting. [00:02:49] Speaker B: Yeah, so there's a couple of points in there. So I was talking to a sizeo the other day, and he made a point around, we've got all these tools. What would be great to understand is how do all these tools, let's go with the 70 example. How do we get all of these tools in like a tech stack? Maybe there is some overlap from a capability point of view. How do we actually know how it all works, how it integrates, et cetera, talks to one another? Because maybe that 70 could get reduced down to 60, for example. And again, that's to be in a perfect world. But are you sort of seeing this mindset now around, well, we have all of these tools, we're paying a lot of money for all of these things. How do we reduce, down to your words, the complexity of that? Or do you think that people are just struggling to get their head above the water? So, yes, that's nice to have, but again, I'm dealing with other fires at the moment. [00:03:39] Speaker A: Yeah, I think it's the number one complaint that we hear from end users as we're engaging is that they've spent a lot of time and energy on buying, getting approval for and implementing these tools, and they still don't feel like they have a great handle on their cybersecurity posture. It is what we do. Right. So we help our customers understand their overall posture that is inclusive of the tools that they have in their environment, but also the human expertise that needs to come along with that. And a lot of times you'll find, like I said earlier, that folks have more than enough tools and more than enough telemetry to understand their security posture, but they need to put them together and deploy them and understand them in the aggregate in a more material way. And that's been historically pretty difficult and is kind of what we've focused on with our security operations cloud. [00:04:28] Speaker B: Yeah, that's an interesting observation and around points that you raise. So for people listening, they're like, okay, I've definitely probably got too many tools, too many things going on, spending a lot of money that I could probably save how do you sort of approach this problem? Because again, depending on the size of your organization, different people like to bring different vendors in that they've had experience with, but then they leave the organization, it gets shelved, it doesn't get deployed, doesn't get used, and then someone else will come in and buy maybe a competitor's product that they prefer more. But again, it just seems to be like you keep layering on top of one another and then it potentially could spiral out of control. So do you have any sort of strategies on how to reduce that? Where to start? [00:05:05] Speaker A: Yeah, I think it's important for customers to kind of understand the position that they're in today before they start doing new things. And we've built our platform in a way that is agnostic to the tools that the customer has. So the point there being, let's get these tools, and let's get the telemetry and the alerts associated with these tools onto a common platform. And then let's work together to help you as a customer understand where you have overlap or where you have gaps, where you should prioritize filling those gaps or shoring up those risks. And most importantly, help you to understand the outcome that you're after at the beginning, which is how protected am I? Where are my risks? Am I more or less protected than the organization down the street? Am I a target for bad actors? And at the end of the day, am I safe as an organization? And in some ways, the same approach that is used to start the conversation is the approach that I think is important in an ongoing manner with customers. And what I mean by that is, as you pointed out, folks come and go within the organization. Tools kind of come and go within the organization. And unfortunately, in cybersecurity, as those things happen, you're exposed, you're adding risk, right? So unlike other areas in software or in infrastructure, you can live with some change because the system or the tool itself kind of does the work itself, and that's not necessarily true in cybersecurity. So as those changes are happening, you're actually making your organization a larger target, or your organization is taking on more risk. And by having kind of a centralized platform, having someone in the middle of your operation, like an article for others, you're both allowing yourself to get the best ROI out of the tools that you've previous implemented, but you're also giving yourself some semblance of a future proofing. In other words, as things change in your environment, or as the market changes or as product capabilities change, you have this kind of cornerstone of your security posture, which helps you over time. [00:07:07] Speaker B: So before we move on, there was something that you mentioned before at the start of this question would be, people are so focused on starting new things rather than just dealing with what they currently have. So where do you think that mindset stems from? Do you think it's because people are technologists at heart? So it's like, oh, cool, shiny new tool. There's something new out that I want to explore. Do you think it comes from that? [00:07:28] Speaker A: Honestly? I think it comes from the market that we're playing in. Right. So cybersecurity is a fast paced, ever evolving landscape that's really hard to keep up with. So you have bad actors. You have bad actors organizing in different manners. They're using new techniques, they're leveraging different ways that people work. And every time one of those changes kind of happens within the marketplace, what you see is a bunch of new technologies come out to solve for that change or to solve for that shift in the marketplace. And while it might serve a purpose at the time, kind of the new thing comes out, and then customers end up buying what tool to solve for each one of these individual instances or each one of these individual shifts in the market. But at the end of the day, it's in some ways making them less secure. So our approach has been, look, leave the changes in the marketplace, and leave the changes in the way in which the bad actors are trying to leverage those changes in the marketplace to us. Leave it to an organization that specializes in cybersecurity, that has a labs team and a threat intelligence team and can understand kind of how things are evolving in the landscape. And then we'll work with you to make sure that you're protected against those evolving changes. Just dumping more tools into your environment because of the changes in the marketplace isn't necessarily making you any more secure, and it is probably, in fact, making you less secure because of the complexity involved. [00:08:54] Speaker B: Yeah, that's a great point. So when you were speaking, what was coming to my mind is I interviewed the global sides of equifax, and one of the statements he said was, we just, by default, make security way more complex than it needs to be. You've said it so many times already on this interview. So why is that? Why do we keep making things harder for ourselves? It's like building a rod for our own back, or whatever that phraseology is. So where does this come from? I mean, with your experience, your background, from your point of view, where does that land with you? [00:09:22] Speaker A: Yeah, I don't think it's intentional, and certainly for folks that are security practitioners, I think it comes from an intense desire for folks to protect their organizations. And I think especially with small, mid sized, even small enterprise, even, frankly, some larger enterprises, they're short staffed, they don't have quite the expertise that they need with regards to cybersecurity. And as things come up in the marketplace that purport to solve an issue that's burning, it's pretty easy to say, man, it would really benefit me to put that in my environment. And that might solve for five or ten or 20% of the risk that I feel like I'm taking, when in reality, a lot of the cybersecurity risk in a customer's environment is blocking and tackling. It's really having a strong operation and having good processes and training your employees properly, and understanding your risks and prioritizing those risks. So it's something that needs to be done in an organized fashion over time. But that's not the way the market's built, right? The market's built to bring out a new tool and bring out a new piece of tech every time something changes within kind of cybersecurity. And unfortunately, I think a lot of customers that don't have a fully staffed team or customers that are, frankly, focused on their core businesses and also trying at the same time to be a cybersecurity company, they struggle with it. So they try to fill in the gaps with tools, and before they know it, few new people on the team, few new tools per person, a few changes in the marketplace, you end up at 2030, 40 tools pretty quickly. Then you're almost better off starting over to make yourself secure, or at least leveraging somebody that can help you kind of untangle what you've created. [00:11:07] Speaker B: Have you ever seen someone say, well, we've got 30, 40 tools, let's just start over? Have you ever heard that approach? Let's just rip everything out and start again. [00:11:14] Speaker A: I've never seen anyone actually rip all the tools out and start again, because a lot of those tools are cornerstones to a good cybersecurity hygiene. What I have heard people say is, I know that what I am doing is inefficient. I know that what I am doing is leaving risk within my environment. So let's start by just giving myself a baseline as to what's working, what's not working, what's duplicative and what's not duplicative, and then let's make decisions in a way that is organized around what tools or what infrastructure needs to come in or go out of the environment over time. And that helps customers align with budget cycles. It helps customers align with certain milestones within their organization. It helps them to understand kind of how they have to hire or not hire or shore up their talent pool. So having a longer term view on it and making sure that it's a really organized and well thought out plan and has data to support that plan is really important. And I think that's where folks kind of head is. How can I get my arms around this first and then start to make decisions to improve my posture over time? [00:12:28] Speaker B: You made a great point there as well. And this is really important, this first part of our interview, because, again, I'm hearing a lot of these conversations being had in various parts of the world as well. So I think it's really important to address it. But you said before leaving risk in my environment, like people you've been speaking to saying, yeah, I'm aware that I'm exposing myself. Do you think, though, as well, on the other side of the coin, people aren't aware that's what they're doing, and maybe it's not intentional, but maybe it's just not apparent. [00:12:53] Speaker A: Absolutely. Yeah. Every time we onboard a customer, there are risks that they're aware of, and there are risks that they aren't aware of. And there's also risks that have been created by the manner in which they've kind of built out or put together the tools or the people kind of within their environment when it's our job to, a, get the data into the platform and make sense of it for them, b, help them through the platform to understand how to prioritize what they should do next, and then c, give them a helping hand, give them someone to call if they have a question in kind of some of the final mile activities to bounce some ideas off of that have some business context. And it's that kind of ongoing evolution, that ongoing security journey with the customer that allows them to understand where they're at, where they're headed, the movement that they've made within their posture over time, and kind of what they need to do to continue to drive risk out of their business and frankly, potentially transfer some of that risk through a cyber policy or something else. But all of those kind of decisions and all those checkpoints require a really solid baseline to begin with. [00:14:00] Speaker B: So let's switch gears now, and let's talk about the new pivot now. Again, depends on who you ask. And I interview people all around the world about various different things. People have different opinions and views, which is perfect because it gets me to even think about things at a deeper level, but also it gives a very 360 view on the industry. So I'm keen to understand, what does this look like to you? [00:14:23] Speaker A: Yeah, so I think there's two areas within cyber that are changing. So number one would be a lot of what we just talked about. I think customers are fed up with the sheer sprawl of cybersecurity tools within their environment. So you're starting to see a move towards security operations and a consolidation of kind of these various tools into outcomes. Right. So can I detect and respond against the attack surfaces in my environment? Do I understand my risks? Are my people trained? Do I have an incident response plan? Do I have the ability to integrate or interoperate with an insurance company and transfer some risk? So looking at the problem, maybe one level up of where folks have kind of looked at the problem historically, I think is most certainly a change in the marketplace. And then I think the second one that's certainly well talked about is the use of AI in cybersecurity, both on the end user side, but also in the vendor side. And there's a ton of opportunities there with the manner in which detections are deployed, the manner in which a security operation operates from an efficiency standpoint, engagement with the platform itself, and the list goes on and on. And I think those opportunities are going to be really interesting in the manner in which kind of cybersecurity evolves here over time. That's the good news with AI. The bad news with AI is it's also an opportunity for the bad actors to leverage a new tool or a new technique to work against the customers that are trying to leverage it in a defensive posture? So I think those two things are really important pivots and really important changes kind of in the marketplace itself. And then I think the third one is you're seeing an increased focus and an increased attention being paid to kind of the small, mid size enterprise market, which frankly, historically has been underserved by the larger cybersecurity market. And I think you'll start to see more solutions and more vendors paying attention to and working tightly with that segment of the market. Whereas 510 years ago it was really focused primarily up market. So those three would be the big ones. [00:16:29] Speaker B: So it's going back to the third point that you raised around vendors now focusing on mid sized companies. Why do you think historically they've been focused on enterprise just purely financial purposes? Or why do you think there's now that shift happening? [00:16:44] Speaker A: Well, I think originally it was demand. So I think originally, 510 years ago, you still had a good swath of the market that viewed cybersecurity as a problem that didn't pertain to them. Right. We're not a big enough organization. There's not enough to go after. So I don't know if I'm going to spend a ton of money on cybersecurity because we're just a small company. That is a nonexistent sentiment these days. And then the second one would certainly be economic. Right? So larger organizations spend more and the deal sizes are larger. So you typically see vendors chase that market. So I think the two things together, kind of the demand cycle and kind of where folks were at 510 years ago, coupled with some of the economic trade offs on the vendor side, is why you saw more activity and more options for larger, more sophisticated customers and less for the mid size and small customers. And I also think that's part of the reason that you ended up with all these tools and some of these tools being very complex because they were intended to be implemented in a fully staffed, fully budgeted security operation with 1020 people helping to keep it together. And that's just not the case for the small, medium sized, small enterprise business. And that's really kind of the impetus for what we started our company on. [00:18:00] Speaker B: So going back to point number two, around the evolution of AI. So I was interviewing someone yesterday for my saka. The whole thing was about AI, the report that they had conducted and sort of going through some of the insights as well as where that's going to evolve to around. One of the examples that was given was the EU AI law. So a lot of people now looking to that to not replicate, but to get some inspiration to develop laws in the United States, but also in Australia then as well. And just that there were just no guardrails, the efficacy, et cetera. So again, from the conversations that I've had on this show, and it's not like everyone has all the answers, because we don't, because it's still relatively uncharted waters with how things are progressing, even the last twelve months specifically. So where do you sort of see this now moving to? And I hear both sides of the coin of, I think it was even ex Google employees sort of coming out in the media saying like, this is the worst thing that's ever happened. And then you've got other people like, no, it's actually going to help us. People that were doing more for example, manual tasks can now be automated by AI, but then also that the people can leverage their skill sets to do more strategic initiatives, for example. So where does all of this conversation then sit with you? [00:19:11] Speaker A: Yeah, I mean, I think the reality is AI is coming and or is here to stay in some way, shape or form. I think we need to be smart as a global community as to how we use it and how we implement it in the various facets of life. I think as it pertains to cybersecurity, there are certainly opportunities to make things more efficient or to improve the efficacy of various solutions or outcomes. I don't know if that means that folks should be worried about what they're doing day to day. I think typically as these cycles kind of work their way through, that's the initial reaction. And then I think it typically cloud and some of the other examples of different, similar kind of revolutions, if you will, have resulted in actually more jobs or more opportunity. And I think that likely will be true of kind of AI. I think the trick that we need to figure out, and I think what folks are highlighting with regards to regulation is there is risk involved and it's still, quote, relatively new, although within cybersecurity. AI and machine learning has been used extensively for quite some time. But you got to be careful with how it's implemented and how well it's been tested and some of the pitfalls that have come out with having a high degree of confidence and incorrect answers and some of the hallucinations and things like that. So there's a bunch of work that still needs to be done to make sure that it's implemented properly and used properly, not only in cybersecurity, but wholesale. But I do think it's something that we as a global community are going to have to get our heads wrapped around, because I don't think it's going away anytime soon. And we just got to work together to make sure that it's leveraged and used in the appropriate manner and is providing real benefits in the way in which we've intended. [00:20:58] Speaker B: So you talk about three fundamentals, which include, number one, alleviating the talent crisis. Number two, alert fatigue, and then number three, complexity within overlayered security systems. So maybe let's break down each of these fundamentals one by one. So let's start with the alleviating the talent crisis. And I was scrolling through LinkedIn the other day, which I believe I linked you a reference to, and I'll preserve the person's name and company, but I hear so many people arguing online about there is no talent shortage. In fact, again, going back to that reference, it was a senior representative from a very well known vendor put a very strong opinion out on LinkedIn saying there is no talent gap. So again, I hear this, foreign against foreign against foreign again. So it depends again, who you ask, but you're saying that how to alleviate a talent cris. So I'm really keen to hear your sentiments. [00:21:48] Speaker A: Yeah, I think the talent gap has been something that's been talked about for a long time, effectively forever within cybersecurity. And I think it's very real. I think the perspective that folks can have on the talent gap is very much dependent on the market, the organization, or the experiences that they've had. But I can tell you both, the majority of the organizations in Australia, but also a lot of the organizations that we work with in the US or in EMEA or in Canada, are small, medium, small enterprise organizations, and they are, without question, struggling to identify and attract and budget for and hire and train. And then what I think sometimes gets lost in the shuffle is retain their top cybersecurity talent. And it's one thing to be able to attract folks, it's another thing to be able to retain them to a length of time where you can really build out a security operation or really build out your security program. And I do not think that that is a problem that is solved by any stretch of the imagination. And I think that's why you're seeing a lot of companies turn to organizations like Arctic Wolf to help with some level of their security operation and their overall security risk, to not only alleviate kind of the skills gap potentially, but also help to de risk any potential turnover risk or any potential retention risk that they might have in their environment. Now, do I think that an organization with a giant budget and a strong brand that's well known in the space can't find cybersecurity talent anymore? Probably not. But I also don't think that that is the majority of the market. So I think the answer to that question is highly dependent on the section or the area of the market that you're talking about. And kind of what aspect of the cyberskills talent shortage are you talking about? Are you talking about attracting them, training them, retaining them at kind of what level? [00:23:49] Speaker B: Yeah, that's so true. And I think going back to the attracting the talent side of things, what's been coming to my mind lately is even the next generation of kids coming through, like your generation Z's, they just want to become youtubers and all that, which is absolutely fine, but then that means we're going to have a massive deficit of people who are not coming into this field, because maybe it's just not as attractive or as appealing. And there was something I was looking up the other day, even the US, I think there was more than like a million, 2 million roles that haven't been filled in the United States alone. And obviously Australia is nowhere near that number, only because we're a smaller nation. But I think I read something like 30,000 people still need to be in these roles or else we're not going to have the people to be able to protect our nation. So clearly, I think there definitely is a skills gap and again, attracting the people in, because even speaking to younger people today, they're like, oh, no, I kind of just want to become a content creator online or whatever it is, and I have to leave my home. It's a lot easier. So now, I think the way in which working environments have evolved, I think now even that attraction piece has got to get even harder than it was before. [00:24:55] Speaker A: Yeah, I think you're right. So I think it's incumbent on organizations and I think it's also incumbent on our education systems and governments to find a way to make it attractive and find a way to make sure that folks understand that it's an industry that you can get into that has a lot of interesting aspects of it. Right. And I'll use Arctic Wolf as an example. We have folks that come out of school and they'll go into a role within the SoC, they might spend some time on incident response, they might spend some time within the labs team on security research, they could help to develop some products, they could do a customer facing role. And these are all cybersecurity positions. And I think being able to kind of leverage and work through different manners in which cybersecurity can be implemented from like a career standpoint is somewhat of an unknown to a lot of folks. And I think where you see regions where they've done a good job within the education system or through the local government, or they have kind of a nucleus of cybersecurity companies or a nucleus of cybersecurity talent, I think the sentiment is a little bit differently because it's a better understood industry, but if you're in an area where it's not all that well understood, I think we need to do a better job as an industry to educate folks on it, because it's kind of a scary job if you don't really know what you're getting yourself into, like cybersecurity. What? And the reality is if folks kind of apply themselves, it can be a really lucrative career. And I think for that same market that's interested in YouTubing, cybersecurity is an interesting role in that you're directly helping people. So yes, it's a technology, and yes, you're in a tech role, but cybersecurity typically is a human against a human. And if you can be on kind of the right side of that equation, I think there's a lot of folks in that generation that would be really interested by that, but they just don't understand the space well enough to fully grasp that context. And I think we can do a better job as a market and making sure that folks are aware of kind of what they're doing on a day to day basis within their job and how it makes a real impact not only on companies, but on individuals. [00:27:08] Speaker B: Okay, so let's move to the second fundamental. So alert fatigue. So this is coming up a lot in my interviews, actually, at the moment. So sometimes I see trends of things pop up for a while and they sort of fade away. But this alert fatigue conversation is sort of coming to the forefront again. So I'm really keen to maybe hear your thoughts, what's happening on this front. [00:27:29] Speaker A: Yeah, so I think it's a little bit part and parcel to our previous conversations. You have a ton of tools in an environment. Those tools are not all connected to each other, and they're all giving information to a client or to an organization about what's happening with regards to cybersecurity within their environment. So folks are just getting inundated with information and with to dos effectively. Right, alerts. And then there's not enough people or there's not enough talent within the organization to kind of weed through all of those alerts. So it's a very real thing. And in order to kind of solve for that, you need to start by kind of getting all those alerts and getting all that information into a centralized platform, and then you need the platform to do some work for you to weed through the noise. And we see it in real time with our platform. Our platform is now processing four and a half trillion observations a week. But on average, our customers are dealing with five to ten kind of actionable events per week. The delta between that four and a half trillion to five to ten per week is the amount of noise that a customer would have to deal with if they weren't leveraging a platform or leveraging the technologies that they have appropriately. And that's just overwhelming. When it's particularly overwhelming if you're not fully staffed or you don't have the expertise to kind of get through it. And then what that results in is breaches. More often than not, those breaches had an alert or customers were notified and just got lost in the noise. So it's a very real problem and it's something that we've tried hard to help our customers with, and I think we've done a pretty good job. But it's definitely kind of part and parcel both to the skills gap, but also just the sheer volume of telemetry and the sheer volume of alerts and events that a customer might see within their environment. [00:29:20] Speaker B: So as a result of the sheer volume, would you say that people just becoming desensitized? Because it's like, oh, well, another thing I've got to deal with. I'm so busy anyway, I'm understaffed. I've got one guy looking everything that becomes hard. Then I think on the other side of it as well. I mean, being reporting analysts myself originally, there's a lot of things that you can't focus on every single thing. Like you've got a million alerts, you just can't focus on all of them. So I think the prioritization as well needs to be addressed. But again, have these conversations too, of people saying, well, it depends on who you ask, KB. Different priorities are different for different people in the organization, et cetera. So what do you think of that, Nick? [00:29:55] Speaker A: Yeah, I think alert fatigue in the manner in which it's being solved for within an organization, there's no question that it turns into noise. We've heard of people saying that they create an email rule for their cybersecurity alerts. I mean, think about how frightening that is. And in cybersecurity, it only takes one, right? So you could be looking for a needle in a haystack, but in cybersecurity, you're really looking for like the needle in a giant pile of needles. And that makes it really difficult when you're getting inundated day after day with events and alerts that you need to triage. And it only takes one to slip through to cause a real problem for your organization. So it's a combination of just the sheer volume, it's a combination of kind of human nature. Like, how am I supposed to weed through all this? And then how am I supposed to do it consistently, day in, day out, right? It's like a diet problem. It's not that hard to eat right one day, but to do it for a year, it gets a little bit more difficult. And it's the same thing with alert fatigue and with cybersecurity. And the way to solve that for customers is to not make it their problem. Right. So move that problem to a technology platform, move that problem outside of their purview, and bring them the stuff that requires real action, and bring them the stuff that has been vetted through the technology and through the experts so that they can spend their time on doing the actual security work within their environment or doing other things that are more strategic. [00:31:25] Speaker B: Yeah. And going back to your example around people setting up an email rule, I kind of understand, if I go on the analyst side, I do understand that because people are human beings. At the end of the day, they got their own stuff and they're seeing 50,000 of these things a day. Of course you're going to get over it and become desensitized. So how do you think we solve that problem then moving forward? I mean, this is a problem that I've been hearing about for years, and I don't know, it doesn't feel that we've really solved it, other than adding more to your point complexity to what we're doing day to day, more things to look at, more dashboards to log into. So it just feels like we're not really getting to the root cause of the problem. We're just layering stuff on top. [00:32:06] Speaker A: Yeah. That's where you have to get the various points of telemetry from the various attack surfaces into a centralized platform, which for us is the security operations cloud. And then that platform needs to do the hard work, they need to do the sorting and the sifting. And we do that through a combination of machine learning, AI, automation and other techniques within the platform itself. And then make sure that once we've kind of done that sorting and once you've done the work through the platform, that whatever the remaining output is. So even that five to ten that I talked about, you have to understand as a vendor that the customer is still going to probably have questions about two or three of those things, not need context because they can get the context through the platform, but they might have questions about one or two of the alerts or what they're supposed to do about one or two of the items kind of on their list of things to get through. And that's where they have to talk to somebody that they understand who their business is and the context of how their business operates so that you can get kind of the end user focused on the end of the funnel, if you will, not the top of the funnel. [00:33:13] Speaker B: And I guess just now focusing on the third fundamental, which you've kind of already answered, I guess, throughout this conversation anyway, which is the overlaid security system. So is there anything sort of you'd like to summarize the third point with? [00:33:26] Speaker A: I think we've talked about a lot of it. You got to make sure that you bring a customer through a journey so that it's not just about an individual layer, an individual tool. You have to make sure that you're neutral to the tools that are being used or might be deployed in the future. And then there's this really important piece, which we call our concierge delivery model, where you can apply some human intelligence in the final mile for Q A or to make sure that you get it right. It's kind of those three things that help bring a customer's kind of overall journey or their overall security posture into a focused program over time, and in the end, help them to understand their risk and help them to drive risk out of their business. [00:34:06] Speaker B: So, Nick, I'd like to just conclude our interview with maybe one final question, which is around some thoughts from your investors, like, what are their sort of sentiments on the industry? What's their view? [00:34:15] Speaker A: Yeah, so, I mean, this would be a combination of our investors or investors in the market that we talk to wholesale. Certainly, cybersecurity is an area that is going to continue to see growth. It's an area that is continually going to be a massive problem for organizations and that poses massive risk to organizations. So it's certainly a market that is very interesting and attractive to invest in. And I think for those folks, what they're looking for, as in today's environment, budgets are tightening or techniques are changing within the marketplace itself to find solutions or to find organizations that solve the problem at a higher order bit. So solve the larger problem for the customer, doesn't solve a problem for an individual attack surface or an individual technique. And I think those vendors are going to be really interesting investment opportunities over time. And I think outside of those vendors that are able to kind of accomplish that outcome, you're going to see a lot of opportunity or you're going to see a lot of change, I think, with regards to consolidation. So folks that do only solve for a portion of the problem, I think are going to be targets and now targets at potentially much more attractive valuations for folks that are marching towards a holistic security operations outcome, and I think we're starting to see some of that. I think for a long time we saw a lot of activity within M A. But the ask and the actual bid were pretty far apart. And I think we're starting to see some of those come together, and you're starting to see some deals get done, and I think that's going to continue. But the market is still ripe for disruption. There's still not a central owner of cybersecurity like there is in some other markets, like a salesforce or servicenow or one of those. So I think there's still kind of the quote unquote gold medal to be taken. And I think those vendors that kind of do what we talked about today are going to be primed for that. And I think folks that aren't in that realm are going to be candidates for M A. Which is fine, too. But it should be an interesting year or two here as things kind of shape up. [00:36:22] Speaker B: This is KBcast, the voice of cyber. Thanks for tuning in. For more industry leading news and thought provoking articles, visit KBI Media to get access today. This episode is brought to you by Merckset, your smarter route to security talent. Mercksec's executive search has helped enterprise organizations find the right people from around the world since 2012. Their ondemand talent acquisition team helps startups and midsize businesses scale faster and more efficiently. Find out [email protected] today.

Other Episodes