Cybersecurity’s Love Affair with Distractions – Fred Wilmot, Dani Woolf – ESW #370
Full Audio
View Show IndexSegments
1. Cybersecurity’s Love Affair with Distractions – Fred Wilmot – ESW #370
Remember 20 years ago? When we were certain SIEMs would grant our cybersecurity teams superpowers? Or 10 years ago, when we were sure that NGAV would put an end to malware as we knew it? Or 15 years ago, when we were sure that application control would put an end to malware as we knew it? Or 18 years ago, when NAC would put an end to unauthorized network access?
Why do we keep thinking that the next vendor offering is going to solve all our problems? In this interview, we talk with Fred Wilmot about the hard work of building effective processes and resilient architectures that will actually yield reductions in risk and detection/response capabilities that actually work.
We'll discuss shifts in thinking that can move us past the latest distractions, and keep security teams focused on work that moves the needle. Fred may also mention his past transgressions against the industry and what he's doing to "wipe out the red from his ledger".
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Fred is the CEO and co-founder at Detecteam. Prior to Detecteam, Fred was head of product and engineering at Interpres, building a patented the first-CTEM platform. He was the first CISO at identity provider JumpCloud and at Devo. As head of Security Products and Engineering at Devo, Fred released a Security Operations platform generating 24MM in its first year shipping. As CEO/CTO at PacketSled, built a DFIR product capable of finding adversaries on the network in 48 hours. Fred was the founder of the Global Security Practice at Splunk deeply tied to Enterprise security product and content at its birth. He also co-founded the Red Team Offensive Village at DEF CON, and researches threats and detections in OT technology in support of industry safety improvement.
Hosts
2. 10 Security Researcher Qualities Marketers Should Adopt – Dani Woolf – ESW #370
There's plenty of content out there detailing how vendors fall short:
- scummy, aggressive sales tactics
- overuse of jargon and buzzwords
- sneaky sales tactics
- dumping on competitors
- products that fall far short of claims
- ambulance chasing
So what should they doing? In this episode, we chat with Dani Woolf, about how marketers can adopt the skills and mindsets of security researchers to improve GTM strategies, without resorting to awful tactics. Drawing from extensive experience in qualitative interviews and collaborations with enterprise security executives and researchers, Dani will uncover how the innate curiosity and analytical prowess of researchers can dismantle unhealthy habits within vendor organizations.
We'll also discuss Dani's various projects, including the WTF Did I Just Read podcast, CyberNest, and CyberSynapse. Dani will explain how these are all designed to address the gap between vendors and buyers in the cybersecurity industry.
Guest
Dani Woolf has spent 14 years running digital marketing and demand generation departments for high-growth B2B technology startups.
In 2018, she ventured into the cybersecurity industry and discovered that the way marketing was executed in other verticals did not work in the security space.
She realized marketers “talked the talk” about customer research but didn’t actually do it, foregoing customer-led growth models, which burns through budget, stunts growth, and upsets buyers.
So, she created Audience 1st, a modern customer research agency, to help customer-obsessed go-to-market teams in both growth-stage and established cybersecurity companies quickly and cost-effectively get access to true buyer insights, cut the guesswork, gain and retain loyal customers.
She is also the creator and host of Audience 1st Podcast and WTF Did I Just Read? Tech Sales and Marketing Edition Podcast.
Hosts
3. Funding, Cato, Code42, DoS Robots, and Blackhat Prep – ESW #370
This week, in the enterprise security news,
- over half a billion in funding, as everyone gets their pre-Blackhat announcements out!
- Mimecast picks up Code42
- Will Cato Networks IPO?
- Canarytokens update
- We still have some crowdstrike fallout to discuss
- CISO responses to SEC rules
- Making things secure without security tools
- tips for going SOCLess
- denial of service robots
All that and more, on this episode of Enterprise Security Weekly.
Hosts
- 1. FUNDINGS: Vanta, Chainguard, Cowbell, Dazz, Lakera, Heeler, Vijil, Zest
Over half a billion in funding, probably because Blackhat is next week?
- Vanta, $150M Series C at a $2.45B valuation, led by Sequoia Capital. Automated compliance ("trust management platform", in their words). Crossed $100M ARR in January.
- Chainguard, $140M Series C at a $1.12B valuation, led by Redpoint Ventures, Lightspeed Venture Partners, and IVP. Total funding is $256M. Secure container image repository.
- Cowbell, $60M Series C led by Zurich Insurance Group. Cyber insurance MGA.
- Dazz, $50M led by Greylock Partners, Cyberstarts, Insight Partners, and Index Ventures. Total funding is $105M. A "unified security remediation platform" - ASPM and CTEM?
- Lakera, $20M Series A led by Atomico. Evaluates and protects AI-powered applications.
- ZeroTier, $13.5M Series A led by Battery Ventures. Private network overlays.
- Heeler Security, $8.5M Seed round led by Norwest Venture Partners. SDLC security.
- Vijil, $6M Seed funding led by Mayfield LLC's AIStart fund and Google's AI-focused seed fund, Gradient Ventures. Securing GenAI in applications.
- Zest Security, $5M Seed from Hanaco and Silvertech Ventures. Discover, flag, and resolve GenAI threats in the enterprise.
- Promptfoo, $5M Seed round led by A16Z. Evaluate Generative AI models and tools.
- 2. ACQUISITIONS: Mimecast Announces Acquisition of Code42
- 3. MILESTONES: Cato Networks Surpasses $200 Million, Doubles ARR in Under Two Years
- 4. NEW FEATURES: Canarytokens Updates
- 5. CROWDSTRUCK: Windows resiliency: Best practices and the path forward
- 6. CROWDSTRUCK: Microsoft signals plans to make Windows security more like Mac post-CrowdStrike
- 7. CROWDSTRUCK: Microsoft, SecOps pros weigh kernel access post-CrowdStrike
- 8. ESSAYS: “We’re becoming scapegoats”: How have CISOs responded to SEC cyber risk disclosure rules?
- 9. ESSAYS: Unfashionably secure: why we use isolated VMs
- 10. SECOPS: Tips for SOCLess Oncall
- 11. REGULATION: US senators turn up heat on automakers over sale of driver data
- 12. TRENDS: Canada Olympic chiefs apologize for drone flight over New Zealand soccer team’s training
- 13. OFFENSIVE SECURITY: It May Soon Be Legal to Jailbreak AI to Expose How it Works
- 14. SQUIRREL: Desktop Operating Systems Since 1978
- 15. SQUIRREL: DHS Has a DoS Robot to Disable Internet of Things ‘Booby Traps’ Inside Homes
