Jeffrey Starr, CMO of AlgoSec, sat down with us and explained how his company is helping companies simplify and automate their security management.
Safety Detective: How did you get into cybersecurity and what do you love about it?
Jeffrey Starr: The cybersecurity market is very exciting, but also so dynamic that you must be forward-thinking, and highly decisive with marketing in order to provide value, generate business, and expand the market opportunity. This is an industry that demands visionary business strategy, robust expertise, and insightful leadership in order to thrive. For me, cybersecurity has always been a natural destination, having worked in diverse but related fields such as compliance and digital forensics. Success in cybersecurity truly demands the development and execution of a comprehensive global strategy that encompasses the full marketing mix.
Cybersecurity is one of the most dynamic and exciting areas of enterprise technology to be working in. It truly sits at the intersection of technology and people. You’re not only dealing with some of the most sophisticated, rapidly evolving tools and applications around; you’re also considering so many scenarios. You’re considering a wide variety of use cases, and constantly thinking about how best to support the people on your side in their day-to-day work, without slowing them down or making things overcomplicated.
Today’s businesses absolutely have to prioritize cybersecurity as part of their enterprise risk management. If you’re successful, you can truly help businesses to be more profitable, to protect their reputations and to ensure the security of their operations. That’s extremely satisfying.
SD: How do AlgoSec’s solutions work?
JS: AlgoSec’s core proposition is enabling organizations to visualize and automate the management of security across their entire enterprise IT network – whether on-premise, virtualized or in the cloud. Using AlgoSec, organizations can discover and map all the business applications that power their business, and from there, automate the network security policy changes that are required when applications are deployed, amended or removed. In turn, this means that we can link cybersecurity directly to business processes – we work on the basis that the job of security is to enable business applications to work safely and securely, rather than restricting them.
We do this by simplifying and automating network security policy management, across the entire enterprise environment. We are the management system at the heart of an array of different technologies from different vendors – network and security devices, cloud and SDN platforms, vulnerability scanners, orchestration systems, business applications and so on.
SD: What types of enterprises use AlgoSec’s services and why?
JS: We work across a wide range of sectors, with customers from the finance, insurance, healthcare, and telecommunications industries, as well as many government organizations. We also work for several managed security service providers.
What they tend to have in common is a need to simplify and automate some or all their network security policy management. Perhaps they’ve grown in an organic way and their infrastructures have become so complex that manually managing security policy changes when they deploy new applications is becoming prohibitively slow. Perhaps they’re thinking more in terms of business growth and efficiency and want their cybersecurity to be acting as a business enabler, rather than as another series of demands to tick off.
SD: What cyberthreats should people be concerned about today?
JS: The threat landscape is constantly changing and evolving, but I feel the biggest threat facing most organizations is that they don’t have complete control over their networks and security posture – which means security gaps exist that hackers can exploit. Enterprise environments are so dynamic and fast-moving that security teams can’t keep up with all the changes: in some cases, they may not even be aware that changes have been made until after they’ve been done, which means security gaps can exist for days or weeks that can cause outages or lead to vulnerabilities.
These changes also risk breaking applications. A recent CSA and AlgoSec report found that the top cause of outages is misconfigurations due to human errors during change processes. The only way to ensure that security and availability are maintained is to use automation. Automation slashes the time involved in change processes, reduces risk and eliminates misconfigurations caused by human errors.
SD: How do you see the cyberthreat landscape developing in the next five years?
JS: Cyberthreats grow as the complexity of the heterogeneous IT ecosystems evolve – so one way of managing risk is to rapidly adjust to these changing business and technical environments. For example, as enterprises move more workloads to the cloud, and corporate infrastructures become more dynamic and complex, threats that capitalize on the lack of visibility and the rapid pace of change in hybrid environments are going to become more and more common.
Ultimately, visibility, automation, and close management of policies, rules, and connectivity across highly complex IT environments and ecosystems will be the ultimate safeguard for the networks of the future.