Despite increased threats, an uncertain economy, and increasing automation, your organization can still thrive.

Gavin Reid, Mike Johnson

February 22, 2023

3 Min Read

When the vulnerability in Log4j happened, security teams sought the answer to a seemingly simple question: Am I vulnerable?

Answering that question led to a maelstrom of activity. Security groups requested information from vendors about their level of vulnerability and, in turn, had to respond to their customers about whether they were vulnerable. In many ways, the entire exercise seemed more about legal obligations than making people more secure.

The deluge of information — some of it useful, some of it useless — highlighted the need to rethink how we are doing security in the future.

We're living in a chaotic time. With a possible recession, technology companies trimming their ranks, and businesses pushing further into the cloud and adopting more automation and AI, security teams need to re-evaluate. Do they just follow the traditional playbook without thinking why? Or do they improve what they are doing to make security better?

Here are some focus areas to reduce chaos and increase overall security effectiveness.

Simplify for Greater Visibility

Gaining visibility into your applications and infrastructure is essential. Companies expanding their use of the cloud and converting applications to cloud-native infrastructure often see initial growing complexity because of a period of redundancy and hybrid infrastructure.

Pushing beyond that stage provides both cost and security benefits. Limiting the use of third-party tools to capture and analyze data for security teams is important. There's really no reason to, say, pull NetFlow data off the cloud infrastructure, when that same data — and more — is natively available.

Explore your cloud service provider's tools. Major cloud providers will often provide you detailed data, and you can reduce the complexity of the infrastructure needed to analyze that data.

Pay Attention to Even the "Small" Breaches

When NASA astronauts start getting emails in French, it's time to investigate.

That's what happened to Gavin early in his security career. Turns out two students in France were using Telnet to get into the NASA server and using it to send email. The incident ended up driving a greater project around making sure NASA had a robust data classification system and better data isolation.

Weird anomalies can be signs of an attack, but they can also drive a security team to better understand their organization's infrastructure. Investigations are time consuming but also often worthwhile, so even the small stuff should be investigated.

Threat Intelligence Can Help

Usually, a security team's most precious commodity is time. The old method of analyzing every IT project (even as they are changing) and looking for security issues is untenable.

Threat intelligence can help cut through the noise. By using threat intelligence, your security team can take a priority-based approach to architecture based on real-world attack intelligence. At the same time, they can deprioritize other areas. Threat intelligence can also help refine your playbooks and increase the maturity of your security team.

Thriving With Automation, Planning for Layoffs

Security teams are facing other sorts of stress, with most economists expecting a recession. Security teams still need to be able to perform, despite stressors and even in the face of losing some of their headcount.

To focus on the most important aspects of security, even with fewer people, companies need to adopt more automation, machine learning, and artificial intelligence. Every team should be asking how to speed up manual tasks with automation. Automation, correctly applied, can free up staff to be working on the areas.

In the past, security teams have been considered a roadblock — a bump on the way to a company's core business of making money. Most teams have moved past the reflexive need to say no. We're here to make sure that the business is taking educated risks, but at the end of the day, just saying no to everything doesn't help anyone.

As every security manager surveys the horizon, they need to look at how they have traditionally approached problems. And they should consider whether now is time to say yes to something new.

About the Author(s)

Gavin Reid

CISO, VP of Threat Intelligence, Human Security

Gavin Reid serves as CISO for Human Security. Gavin began his cybersecurity career in information security at NASA's Johnson Space Center. Later, he moved on to create Cisco's security incident response team, Cisco's threat research and communications, and Fidelity's cyber information group. Before joining Human to lead the Satori threat Intelligence and research team as VP of threat intelligence, Gavin was the CSO for Recorded Future, where he was responsible for ensuring the protection, integrity, confidentiality and availability of all customer-facing services, internal operational systems and related information assets. For more than 20 years, Gavin has managed every aspect of security for large enterprises.

Mike Johnson

CISO, Fastly

Mike Johnson serves as the CISO of Fastly, where he leads teams focused on the security of Fastly’s network, products, services, and systems trusted by the world’s leading companies. Prior to joining Fastly, Mike served as the CISO of Lyft, and also led detection and response at Salesforce.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights