Security Unfiltered
Security Unfiltered
Mastering Life's Juggling Act: Balancing Business, Family, and AI with Colby DeRodeff
Ever wondered how to juggle building a personal brand, consulting, and family life all while staying sane? Join us as Colby DeRodeff, an expert in this very balancing act, shares his secrets for mastering time management and finding stability in uncertain times. We promise you'll come away with practical insights into handling economic challenges and utilizing AI's potential in cost reduction, tempered with a healthy dose of skepticism about its true impact.
Colby opens up about the pitfalls of regional content targeting and the quest for unbiased information in our digital age. Hear how a misadventure with algorithmic targeting in Tennessee left him questioning how location shapes our media consumption. Plus, we dive into a critical evaluation of AI language models and the misinformation risks they pose, urging listeners to maintain a skeptical eye amid the relentless digital noise.
In the world of startups and family life, Colby offers a candid account of navigating the ever-evolving responsibilities and challenges. From robust security measures and the temptation to cut corners in startups, to the personal dynamics of raising a family, his journey is filled with lessons on risk management and career goals. We also explore the high-stakes world of cloud security, discussing innovative data management strategies and the importance of prioritizing customer experiences over mere cost-cutting.
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
How's it going, colby, it's great to get you on the podcast. I think that we've been planning this for quite a while at this point, and we've had to delay it, of course, a couple times, but I'm glad to have you on.
Speaker 2:Yeah, joe, appreciate it. Sorry for the delays too. It's a busy time of year with travel and everything going on crazy it's.
Speaker 1:I like burned myself out three times this year and I'm like, I'm like just recovering from my my last one of the year, hopefully last one of the year, it's, I don't know. It's a. It's an interesting thing. Right, trying to develop like outside, outside things from the nine to five. Right, trying to develop, you know, a brand for yourself and trying to like I'm starting to dive more into consulting. Right and, and you know, provide companies with cloud security. You know consulting services and whatnot. And when you start adding on those things, right, like you have to use your time so efficiently now you know, especially with a little one. Right, like you have to use your time so efficiently now you know, especially with a little one. Right, like I have a 20 month old at home.
Speaker 2:Okay.
Speaker 1:Yeah, thanks. You know like I make a very concerted effort to always be available for her Right. So when she's up I'm not working right Like I'm spending time with her. That, you know that takes out, you know, six hours a day. It's like okay. Well, let's like use the time that I have as efficiently as possible yeah, absolutely.
Speaker 2:It's like burning the candle at like four ends I have a four month old at home so I'm right there, first one.
Speaker 2:So I'm learning that whole side of of which is. You know it's a blessing, it's fantastic. But then you know trying to build a startup and you know running around customer acquisition and my wife is in the wine business. So there's, you know, another startup kind of going on at the same time and it's, yeah, there's like candles burning all over the place and trying to time, manage and be efficient while you're. You know growing a brand, building a business. Right, you know a lot of people choose to do just one of those things at any given time in life, and you know as well as like throw in a new family member at the same time.
Speaker 1:So it's definitely.
Speaker 1:It's interesting, a new family member at the same time, yeah, so it's definitely it's. It's interesting, you know, like I feel like, you know, when I, when I was growing up, right, when I was graduating high school, starting to get into college, right, the recession hit Right, and so that impacted my family very significantly. You know, my dad lost his job Right he my family very significantly. You know my dad lost his job right. He couldn't find work for like two years. That was a very stressful time, right, and going through that, you know, puts me into a situation, or a mentality at least, where it's like, okay, well, my kid's never going to go through that, you know. Yeah, and now you know the market is in a weird place. It's kind of in limbo. It's been in limbo for a couple of years now where it's like, well, surely it can't keep on going up. And then it goes up more.
Speaker 2:That's what everybody said about Bitcoin.
Speaker 1:Yeah, well, like you know, the risk side of me is like, ok, sure, like it looks great, but what's actually going on here? You know, because it can't go up forever and just by odds alone, you know, the timing is not in our favor, right Like the recession, there will be a correction, right. And so trying to develop other methods of, you know, bringing in income and, you know, building something that I actually love and enjoy and whatnot is, it's a challenge for sure, and I, like I always tell my wife I'm like, hey, you're the stable income. Yeah, I know I have a salary and everything, but you're the stable one, you're a teacher, they're never going to fire you. You work for CPS, you are good, you need to be there.
Speaker 2:That's right. That's right. Yeah, the market's interesting right now. I mean, we're seeing just as we work with customers. You know there's some spending starting to open back up, but it's mostly critical projects and most of the projects we're seeing are around how to reduce costs. You know, in in areas and I think there's a lot of noise in the market right now with AI and how AI is going to reduce all these costs everywhere and I don't think people are really seeing that value happening. Maybe it's a hallucination, yeah.
Speaker 1:I feel like the AI trend right, or the AI evolution, is almost like it's still in its infancy. I feel I talk to people from NVIDIA. They kind of argue that it's in the middle. It's going towards the middle a little bit. Well, from the end user perspective. You know I've been buying tools, working with tools with, you know, an alleged AI behind the scenes for 10 years, right, right, and I've seen my costs only go up, you know. So like that's, that's something there, that's not something.
Speaker 2:I can just ignore. I like how you said. I like how you said alleged AI right and. I'm sure you've seen the Scooby-Doo meme where they pull the mask off of AI and it's if, then else.
Speaker 1:Yeah, yeah, exactly, I mean it's, I don't know, it's a tough pill to swallow, right, because that was like a huge selling point for so many years of like. Oh yeah, we have a next gen, we have an AI thing, you know, and I feel like the benefits of AI where they may be, you know, true and valid and whatnot, like cost savings and whatnot I feel like we won't even see those real benefits until, you know, probably five to 10 years from now, and I know there's a lot of AI people out there that are probably going to, like, you know, laugh at me or whatever for saying that, but like, but look me saying five to 10 years. I mean, they've been saying it for 20 years, right.
Speaker 1:Right, they've been saying AI is going to eliminate everyone's job for 20 years.
Speaker 2:Right, right, since, like Terminator days, right, but I don't know. I mean, I use it tactically for certain things here and there, but I would certainly you know. Let's say I was writing an email to my board about how we're doing as a company, or what have you. Or I was writing an email to a CISO, a customer that we're working with. I would never let AI do that for me, right? I just you know what, if it hallucinates and, you know, says something that is just not true, or whatever, at the end of the day, you're the one who's accountable, right?
Speaker 2:so yeah, I.
Speaker 1:I don't think that most people are really in risk of ai taking over their jobs at any time soon right, yeah, if it can't, if it's not even responding to emails for me or proactively right looking at things and responding and stuff like that Like it's more of an assistant you know everyone now has like a personal assistant that you can bounce ideas off of and get information off of it's. I view it as kind of like the next iteration of a search engine, almost you know, that's how I use it for sure, Exactly.
Speaker 2:All right, I think it is definitely the next iteration of a search engine. It saves you from having to collate all the results yourself and it kind of formulates an opinion. The question is then how much do you trust that opinion and how much additional due diligence do you do? And I guess it depends on the importance of the decision, right, Right, you know if I use it, we've been, obviously, with a newborn. We've been checking a lot on the internet. Well, every time something happens with the baby, you Google it. Right, You're like what is?
Speaker 2:this. You know how it goes right, and some of the responses come back and you're like, yeah, okay, I get it. But if it came back and said like, oh, you should do this remedy or something, I'm certainly going to check with a doctor before I, you know, just base that decision off of that.
Speaker 1:Yeah, yeah it's. You know we're going into an interesting place, right, because I, you know, we just got, we're on the other side of the election, right, and it has been an interesting year because I feel like a lot more people are, I guess, more aware, right, of the media that we're consuming and what it's actually doing to us. I hope so. I would certainly hope so too, you know, and you know you always, you always hear like oh yeah, you know you're being targeted by these kinds of ads and whatnot, right, and so I, I live in Illinois, right, very much, I mean it's, it's a blue state in the County that that I live in. It just happens to be like 80% of the people in the state live in the County, right, and I get, I get I don't want to say targeted, right, but my, my algorithms are heavily based on where I live and where I search them from and everything, right, and I search things that are typically, I view it as like right in the middle, right on the political spectrum and I'm not trying to get political on this podcast or anything like that, right, but it's fascinating for us from a security perspective to see what's going on kind of behind the scenes.
Speaker 1:And so over the summer, my family and I went for a vacation over in Tennessee, right, went there for like a week just hanging out, right, tennessee's a red state, right? For anyone that doesn't know which, I guess that's probably a stupid thing, even because I talked to people over in, like Russia, and you know Europe, and they like know our political system a little bit better than us, almost, yeah, probably. And so I I go to Tennessee and my entire feed is stuff that, like, I have never watched. I don't subscribe to the channels, like none of it was for me to click on, right, so, you know, I I didn't, I didn't pay any attention to anything that was in my youtube feed, my google news feed none of it, right, because it's not didn't even appeal to me, right, so I didn't think anything of it. And then, you know, it happened the next day and the next day after that I'm like man, what the hell is going on here? Like this is literally nothing that I even watched. Like I don't want to watch any of this. What is going on? Yeah, and you know, sure enough, right, like you're being targeted based on your region, which is it's a dicey thing, right, because it's like, well, how much of my opinion is being shaped by where I live, and where I live determines what I'm being targeted with right, and where I live determines what I'm being targeted with right, and you know it's a weird situation.
Speaker 1:You know, and to quickly you know, go through this one point right with AI, how we're using it as a search engine. You know, I saw someone on social media they're from Canada, right and they put into like chat GPT. You know when was the first Trump assassination attempt? I mean, this is a factual thing that happened. It took place at a date time at a certain place, all that sort of stuff. Any search engine should be able to give you those exact specifics. And he said that essentially, chatgpt, you know, tried to just go around the question, didn't even answer it. You know, said that it never occurred or anything like that.
Speaker 1:And he had to like really prod for it. And so I thought to myself well, surely if this LLM is learning from itself, it knows hey, I made a mistake there. Let me go readjust and pull in other feeds and, you know, recalibrate right. So I mean, a couple days after, I went ahead and just put in the same question it was like the exact same question. You know when was the first Trump assassination attempt? And it literally said there was no assassination attempt. It literally said there was no assassination attempt. And I had to go and say no, there was one.
Speaker 1:And it pulled up some 2017 event where someone threw a shoe at him or whatever, and I said no, it happened in 2024. And I had to literally feed it. I mean several steps down, because even after saying 2024, it still said that there was nothing in 2024. And I had to then Google what the exact date was and I said no, it happened on this date. And it said no, it didn't happen.
Speaker 1:And I was like it happened in this state, in this town. You're arguing with the machine. Yes, I had to feed it all of that information. You know, after doing this for a bit, it was like I made a mistake, or I don't even think it said I made a mistake. It just posted, you know, like a cnn news article that was on it and, like you know, we're going into a place where there's a there's a huge amount of the population that would never double check that, right? Like if MSNBC didn't report on it or CNN didn't report on it or Fox News didn't report on it, right? They're going to think, hey, this never happened, right? Because they're not saying it happened and same thing with the LLMs, you know.
Speaker 1:And so we're going into a weird place and I apologize, I didn't mean to like take over, no, no, it's. I mean it's interesting, right?
Speaker 2:I mean, it's something I worry about a lot is, as these LLMs get more embedded into everything and more embedded into decisions, the fact that they either were not trained to know the answer no-transcript, say we never landed on the moon, the earth is flat and we're going to, uh, be in a lot of trouble in society as we move forward based on facts. Right, so it's a? It's a brave new world out there. Yeah, it's going to be interesting for the next generations.
Speaker 1:How do you try to keep yourself informed of, I guess, the right information without being kind of influenced by the information? I feel like there's a very fine line between being influenced and informed.
Speaker 2:Yeah, you know, we saw that a lot this year yeah for sure, and it's tough because sometimes you see you know bits or whatever, and you're you do get influenced by them, right? Oh yeah, well, that's a. That point makes sense. But then you have to go back and like, was that actually true? Right, and that's the thing that I think we all ask ourselves a lot is is the information I'm seeing accurate? You know, because you hear so many crazy things out there, you know this company's doing fantastic because they posted something on LinkedIn that says they've tripled their sales, like, but did they, or is that just some marketing hype that they're trying to? You know, maybe they're going out to raise a round or something like that and they're trying to make the company look good, you know.
Speaker 2:So I think it's almost living in a state of constant paranoia, right, and I hate to say that, but I think there is good, healthy paranoia. Obviously, you don't want to be sitting there at your window all day long staring out the window, but it's good to be cautious and it's, I think, good to be a little bit paranoid. And I mean, I guess I kind of run in that state, maybe from being in cyber for 25 years. We were all a little bit paranoid about what's the old expression Just because you're paranoid doesn't mean they're not after you. So I think we all kind of operate in that kind of a mode and you know, so I think, got to keep asking questions and got to inspect the answers. And you know otherwise keep reading, keep researching. I think that's the only way.
Speaker 1:Yeah. Yeah, that's a really good point. You know it's interesting. Recently, you know, I lead all of cloud security for my current employer right, and a part of one of my initiatives for the year was to deploy.
Speaker 2:And you must be paranoid because it says undisclosed, undisclosed, undisclosed.
Speaker 1:And you must be paranoid because it says undisclosed, undisclosed undisclosed Well, so I do that very purposefully because I don't want you know, I'll give like career stories, right, Things that I encountered and stuff like that, and I don't ever want someone to say, oh, that sounds like X place right.
Speaker 1:Or that sounds like this one right, or the manager, for there is like I know that that occurred. I'm still here, like we're going to come after you. You know, that's really what I want to avoid at all costs and you know, and I guess maybe it limits the amount of opportunities that I get hit up for or whatnot, but I feel like if it's a real opportunity, they'll see through that and you know still talk to me right now, right, but you know, since I lead all of cloud security for my organization, I'm working with about 150 developers, right, and these developers because I'm rolling out this, this AWS WAF, right.
Speaker 1:So these developers, they decided amongst themselves hey, we don't like the WAF, we're going to try and get this bypass rule through Joe and you know, if he approves it, it basically bypasses the whole WAF. We don't have to worry about it. There's going to be no issues, no troubleshooting, none of that. And I get on this call and they immediately start badgering me with, you know issues and you know they tried to make it sound like it was 15 different issues.
Speaker 1:But through all of my you know questioning, right, like insecurity, we're so paranoid Like I ask questions until I know exactly what is going on, right, because I'm not getting fired for something that I did and I didn't know I did, and you know they, I, through the questioning, I was able to whittle it down to one, one core issue that they were trying to mask from me. And then I spent, you know, probably the next 30 minutes literally going through their, their issues and everything, trying to see what they were actually trying to get at, because they didn't. They didn't want it to make it sound like I was going to bypass the entire WAF. They wanted to make it sound like hey, it's just this rule, you know, it's just this rule in the stack.
Speaker 2:Right.
Speaker 1:But they're, but they're effective.
Speaker 2:It's the one that says allow star dot star.
Speaker 1:Yeah, their, their effective rule was allow star dot star. Without the allow star dot star, it bypassed everything else. And so I like pulled in my network guy, I pulled in my infrastructure guy, I don't, I don't think that they thought that I would do that. So I pulled them in and I said play into my network, guy, what you want to do. And they explained it. And I said I have one question Does this bypass the WAF? And he said yeah, it bypasses the whole thing. I was like we're not doing it and like everyone was so mad at me, right. But you know, I got that skill, though, of being able to do that from years of being in security and, just to put it bluntly, being lied to where it's like OK, I need to. I need to make sure that I fully understand what's going on here before I actually make a decision that impacts the security posture of our organization.
Speaker 2:Yeah, absolutely Absolutely, and you know it's I hate to say it, but a lot of times there's it. Maybe it's some extra work to make something work through the security control. And so the easy question, the easy path is like just, you know, just whitelisted or whatever for now, and then we'll, you know, we'll get to it later, and then later never happens, and you know how that goes yes, yeah, yeah, we have.
Speaker 1:I've seen that so many times and that was a part of their argument. Right Once I figured out what they were doing, they were like oh well, can you just whitelist it? You know, we'll, we'll readdress it. You know, in January I don't work like that. You know, I know that there's other security people that have been in this role before and they were, you know, basically pushovers for you. Like I do not play that game, you know.
Speaker 2:No, you can't. You can't Not when I have people on from. You know startup companies, founders and CEOs.
Speaker 1:You know the people that are starting these companies. They're all typically like pretty, pretty young, and I'm not trying to you know, age you or anything like that, right but you said that you have a four-month-old, so that that tells me that you're in a different place of your life.
Speaker 1:You could be in your 20s, right, but you, but you're in a different place in terms of right, but I'm saying you're in a different place in terms of, like, the risk that you're willing to accept right, because now you have a four-month-old, you have another little person that's depending on you and for a lot of people that's life-changing. I'm sure it was probably life-changing for you. It changed my entire life, my entire perspective of what life is and love and everything else. But I say that because when you're in your 20s, you typically have no responsibilities. Well, you got a car payment, you got rent, you got small little, minuscule things. You typically don't have kids. I mean, you could absolutely have kids, but if you're in that situation, you're probably not starting a company. So what is that like? How do you manage the risk and the stress of having a young family and doing a startup? Because I couldn't imagine, you know.
Speaker 2:Yeah, it's a lot. I think it's just one of those things where my wife and I had been working on building our family for a long time and you know. So that was just kind of, if it's going to happen, like it's a blessing and we're going to take it whenever, but at the same time I wasn't going to put my goals and passion on the sideline and kind of wait. So I figured, well, I'm just going to have to figure out how to do it all at once, which people can do it. I mean, I'm in my mid forties, I'm 46. So I guess I'm pushing towards my late forties. But I've always been in startups, right. So this is startup number five. You know, I started at ArcSight back in 2000.
Speaker 1:Wow, okay.
Speaker 2:I think I was employee like 30 there, something like that. So, pre-product, you know, there was basically a batch file that started at JPEG of the console and I spent 12 years there and ArcSight grew, went public, acquired by HP, and then I went off to another startup called Silvertail Systems and basically spent about two years there and we got acquired by RSA and I decided to leave shortly after that acquisition and go start a company for the first time. With my co-founder, Greg Martin, we started ThreatStream, which grew into Anomaly oh wow. And so you know that business is still operational. They're doing fantastic. So we're over here rooting for them on the sidelines.
Speaker 2:But I decided after about eight years of building that company that I was ready to go try something else and I joined a company called Veriden which was in the breach and attack simulation space, where I had invested in that company early on in the seed round and the A round and I think that you know the writing was on the wall that I was eventually going to be there and you know I ended up joining as their CTO and about a year after I joined, we got into talks about getting acquired by Mandiant FireEye Mandiant at the time and so about midway through 2019, we got acquired by FireEye Mandiant and that was interesting, right.
Speaker 2:So I ended up spending three years at Mandiant through the divestiture of the FireEye stack and ultimately through the acquisition by Google, and about four months after the Google acquisition, I left Google and started Abstract, and it was something that I'd been wanting to do for a long time, and you know, really kind of companies at this stage are, like you know, really kind of the most fun thing for me, right? Not for everybody, for a lot of people don't like companies at this stage. They're hard, yeah yeah.
Speaker 1:So it kind of sounds like.
Speaker 1:It sounds like you kind of, you know, went through that initial stress or grew into it early on and then it became the norm, whereas everyone typically starts with the stress of a 9 to 5, and that becomes the norm and you kind of stay within that mix. You know when, when I was starting out in my career maybe you know, 10 years ago, right I I reached out to alissa knight and I was I was talking to her, I was trying to like unravel this, you know startup thing and how do you get, how do you get started, like what's the right you know thing that you should be doing for it and everything. And the one piece of advice that really stuck with me was that you only, you know, leave your day job when your startup or your side hustle is matching the income of your day job. Right, because it gives you that financial security. You understand, okay, I have something here and then you can lean in a little bit more and see how it grows and everything else like that.
Speaker 1:And I think if I didn't have that framework right or that idea you know, kind of planted in, I feel like I would have either gone one of two ways right. I would have gone full-on into the nine to five and just been like if this is where I'm at this, I'm stuck here forever. Or I would have gone full-on startup yeah, risk, you know, losing everything basically yeah, yeah.
Speaker 2:Well, you know, the good news is you don't really lose everything. You may not, it may not be successful, right, but at the end of the day, the experience and the lessons learned are invaluable, right. So I don't know For me. Like I said, I worked at Fire, at Mandiant, for three years and you know we had a good time and I mean it was a hard time. It was obviously during the pandemic, so things were different than ever before, but we accomplished a lot while we were there, which some things that I was really proud about. I mean, we kind of took a legacy software stack and converted it to a modern SaaS application. Inside of, we were almost operating like a startup within a big business because we were the acquired company. So we kind of had a team. All the stuff we did coming into that was SaaS-based, and so we're kind of taking this legacy sort of you know network appliance sort of company and building a modern SaaS application on top of that, you know, and our areas were really around threat intelligence and the breach and attack simulation areas, which is what we're focused on, kind of that migration. So it was interesting.
Speaker 2:But you know, I think the company was 3000 people give or take, if I'm remembering that correctly, but give or take around 3000 people, which to me is just like a huge, huge company. I mean the last, I think, arcsight, when we got acquired by HP, we were maybe like 600 people or something like that, and so that was kind of my experience. My big company experience was that and you know, silvertail was maybe 100 or so people and Anomaly we grew to about maybe two, 50, 300, something like that. Um, so those are the kinds of companies like I really love that you know zero to a hundred million ARR type phase. You know the a hundred to two 50 ARR type phase, um, and then as it gets into a 3000, 4,000 person company, I mean that's, it's a different beast, right, yeah.
Speaker 1:Yeah, you, you start to like have to have things like a whole HR department and finance department, right, you know?
Speaker 1:you get a board in place, all that sort of stuff. It's a different, different challenges that you have to learn and grow through and whatnot. And you know, I, I think like I'm a big kind of I I don't want to say I'm a big stats guy, but I'm a numbers guy, you know. So when I, when I do something or when I venture into something, right, it's kind of like I look at what the odds are. I look at like what the odds are of success, right. And you know, you, you look at just the companies that go to RSA every year, right. Something like 86 or 89 percent of them fail within that year. They don't show up again the following year.
Speaker 1:And then you look at the ultra wealthy. I look at people like Elon Musk or Mark Cuban, jeff Bezos, and when you do your research, all of them went through several bankruptcies. All of them started with relatively small amounts of money compared to what they have. What they have today, right. What they grew into today, right. And so that does actually tell you something like, hey, you should expect a certain degree of failure to come with your success, absolutely.
Speaker 1:And you shouldn't allow that failure to hold you back. You know you have to use it and grow through it because I'm sure you know, if one of those billionaires go and declare bankruptcy, you know this year for the ninth time or the tenth time, right For them mentally, that's not even on their radar of stress in terms of, like you know what bankruptcy means and everything else like that. Because it's like I did it 10 other times. Right, like I did it 10 other times. I'm going to make it through this one. We'll be fine. You know, for me, if I were to go through that today, I'd be, I'd be terrified, yeah, me too, me too.
Speaker 2:So yeah, yeah, I'm looking to not go that route.
Speaker 1:I would never want to no, but fail fast.
Speaker 2:I mean, you know, I think that is an important lesson there. Like you know, we try different hypotheses all the time as we're building product and whatnot and it's like, hey, let's try this, we're going to put some effort in. Is it going to work? It's not guaranteed to, so let's try it, see what works, and if it doesn't get the lessons learned, figure out a different approach. But do it quickly. Approach, but do it quickly like it's better to. You know, I don't know.
Speaker 1:Try and fail and never try at all, I guess yeah. So yeah, that's very, that's very valid. There's an old adage yeah not, but it's, it's very valid. And you can really only do that in a small startup like environment. Right, like you're not doing that at intel or ibm. Right where you're, where you're failing fast and making adjustments on the fly, trying different things, failing again yeah, you're.
Speaker 2:That's the definition of getting fired well, and that's why, that's why the projects take, you know, so much longer to get anything done right.
Speaker 2:I mean that's that's what I love about startups is we iterate fast, we build features quickly, we know we're right there with the customer right.
Speaker 2:So we're like building as the customer's asking for something.
Speaker 2:And you know, at big companies you know it just doesn't happen that way because there's so many customers feeding in requirements that there's no way you can be that responsive. But at our stage and I mean I think as you stay nimble, even as you grow being able to have that level of customer support, customer success is like critical right and I always tell people, always tell people this that customers will tell you what they need. You just have to listen and that's something that I think too many startup founders don't do. Well, because they come from a place where they think they know better than the customer and maybe it's their education or their amount of experience with a certain technology or a certain technology stack that they think the customer doesn't know what they need. And they're here to tell the customer. I've always taken the approach of customer does this job every single day. This is what they do for a living and they're telling me they need this feature. Most likely it's because they do and they're telling me they need this feature.
Speaker 1:Most likely, it's because they do. Yeah, that's a very it's a very valid point. You're listening to. You're listening to understand rather than listening to reply right, that's right, that's right.
Speaker 1:Yeah, you know it's weird because all of school right, and I was talking to my PhD chair on this right, because I'm working on my PhD and it is the most difficult thing that I've ever done from an educational perspective right, and it's hard in ways that you do not expect. Everyone says that it's really difficult and whatnot, that a lot of people that start do not finish. I can completely understand why, right, it's because you literally just spent 20 years in school and they're telling you, hey, what's on the next test? They're telling you what they want you to write, right, all this sort of stuff. And then you go into your PhD and they're like no, you have to find a topic, oh, okay, well, you have to write this literature review, that's. You know, it could be 10 pages long, it could be 150 pages long. You have to do it.
Speaker 1:Well, what's a literature review?
Speaker 1:Right, it is a complete blank slate.
Speaker 1:Like, a literature review is a core paper in this process, right, and there's no set, like defined, even outline of what a literature review is, right, like, you can Google it and you're going to get 15 examples and they all look different, they all feel different, they all read different, right, and so you spend literally 20 years in school, you know, learning how to reply to something that is being told to you right, or how to deliver a result based on something you know you're being told to do right. And when you get into kind of this startup phase or the PhD, right Like now, I understand why people that get their PhD actually make. You know the money that they tend to if they go into the right area. It's because you literally do not have to tell them anything. You tell them what you're thinking about and they go and figure out everything, Because it's a different thought process. So talk to me about abstract security. You know what's the niche area or what's the problem that you're designed to fix, that you're working on fixing right now.
Speaker 2:Yeah, so basically, you know, our mission is building a complete platform for data security, right, Right? So basically a data platform that is focused on collection and aggregation and operationalizing security data. So we want to make the data collection side of things simple. So we say we simplify data and we amplify insights. So the idea is we're providing customers better cloud visibility, we're giving them a handle on their log management infrastructure. We're helping a lot of customers with SIM migration. So people are kind of migrating from Splunk to Google or from QRadar to Microsoft Sentinel or wherever the case may be. We're helping them on that journey by being that data collection layer for them. And you know, we also have a lot of capabilities in kind of the analytics space. So as we're collecting the data and routing it, optimizing it, we can also do analytics on that data and provide those results to their you know sim of choice or their next-gen sim of choice, however the case may be these days, Hmm, that's interesting.
Speaker 1:So it's almost like a sim collector or like a log collector, and then you're able to run some analytics and analyze the actual data that's right.
Speaker 2:Yeah, on the data stream itself. So we collect the data, we stream it. As it's streaming, we can operate on the data. So you know, for example, like, well, you're in cloud, you're in cloud security, right, and it sounds like you were talking about, you know, deploying this WAF, right, right, well, the WAF's going to generate a lot of logs. Most of them might not be useful or there might be a subset that's actually useful for security detections, and so what we would do is we would collect those WAF logs out of, let's say, an S3 bucket or wherever they're being written to, and we would then say, okay, out of this set of data, what is the data that's relevant for? Either your compliance needs, your regulatory right.
Speaker 2:So there may be a requirement that you're under that says, hey, we have to keep all data that is between system X and system Y because it's their regulated systems systems. But there could be a bunch of internal traffic that maybe you don't need, although maybe not through a web, but if you're looking at, like VPC flow logs or some of these other sources, you know you have a lot of internal communications that. Do you really need that data? Maybe not, and so you can filter out data, you can change, you know values or you can enrich data. So let's say that, for example, you know GitHub's a great example.
Speaker 2:We have a lot of customers who collect GitHub logs and GitHub is basically a social network so you can go in there and create whatever username you want.
Speaker 2:Well, when the log gets written, it's going to be tagged with your username, right, and so what we want to do is actually enrich that so that it gets tagged with the actual identity of the user, so we're able to kind of do that data enrichment type stuff on the fly. We enrich data with threat intelligence so you can know basically like which threat actors potentially are associated with an alert, and then we forward that off to multiple destinations. So you could take, let's say you have I don't know, say, an AWS data lake and you want some of the data to be stored in your AWS data lake in maybe OCSF format. And then you want some subset of the data going to your SIEM where you're paying extremely high storage costs, so you don't want to send everything there high core storage costs, so you don't want to send everything there. So you can kind of slice and dice route and really figure out. You know, a strategy, a data strategy that is going to allow you to get the most value out of your tech stack.
Speaker 1:So I mean, it sounds like you're able to use the data from wherever it kind of resides, right? I'm thinking in terms of, you know, in the cloud. Right now, there's a huge battle between legacy tech stacks and cloud tech stacks, especially with logging. Like, as you probably know, right, I've been engaging with a logging conversation around this waft for six, eight months now at this point right, and we don't really have a good solution. We have sort of a solution and hopefully we never have to query it or anything else.
Speaker 1:You know, right, yeah because it's it's so expensive, it's so extremely expensive to go and send that data to Splunk right, because we already have Splunk on prem, it's already sized right and everything else like that, yeah it is so expensive, yeah, especially with, like the WAF or just network flow logs, right man? Yeah, I mean we might as well just try and buy slunk from ibm at that point, like, or whoever just bought them you know, cisco, yeah, yeah, cisco.
Speaker 2:Well, that was the going joke, right, that cisco was either going to pay the renewal or they were going to buy the company, yeah, so probably not too far off, but it's so accurate they probably only had to spend a little bit more.
Speaker 2:Probably only a little more, but you know we could probably, you know, look at helping you out if you're interested not to turn this into a abstract conversation on you know, but might be something there yeah, yeah, I mean, you know this is something that I've definitely been, you know, mulling over, right for for a while.
Speaker 1:you know, caveat to everyone, right, like I, right for a while. You know, caveat to everyone, right? Like, I don't bring people on the podcast for them to sell me a product or anything like that. I want to talk about interesting stuff because I'm actually in this field, right Like I'm in this field, I'm dealing with these problems every single day, and so it's really beneficial for me to see what's out there, what's growing, what's coming out, you know, because there's so many different people that are going to think of these problems in different ways and solve them in different ways. You know, like, my environment is interesting, right, because I don't, from a security perspective, I don't have full visibility into my environment, right?
Speaker 1:So I'm a cloud security guy and I don't have full visibility due to different restrictions and it creates a lot of different challenges. So you know, in security engineering you're going to be faced with a whole lot of unique challenges and you have to figure out how to solve them. You know, like that's the whole point of the engineer's job.
Speaker 2:Yep, absolutely, and you're always kind of operating with like one hand tied behind your back right.
Speaker 1:I'm lucky if I only got one hand tied behind my back.
Speaker 2:Maybe hamstrung with a hand behind your back.
Speaker 1:yeah, yeah, I'm over here like using my head as a weapon at this point, you know.
Speaker 2:Yeah, yeah, I was going to make a funny joke about the Tyson fight man.
Speaker 1:That was going to make a funny joke about the Tyson fight man.
Speaker 2:That was an interesting weekend. I will say this Netflix better get some more servers going before football hits on Christmas Day. Because people are going to be not happy.
Speaker 1:You know, as a cloud security person, I just don't understand how they could have an issue like that, right, because I'm thinking like how do you, how do you have your load balancers configured and how do you not have auto scaling configured on a streaming service, probably one of the biggest streaming services?
Speaker 1:on the planet for like a decade Right and you pride yourselves, you talk it up at these, you know tech conferences that you know all of Netflix is built on containers. It's all serverless. It's you know this, it's that. So if that's true, it's literally a checkbox for you to. You know, go into your load balancer and say auto scale, put it into an auto scaling group and give it the template right.
Speaker 2:Well, it's a checkbox, but it's also a check that they have to write. So maybe, if they, maybe they came up with a budget on cloud spend for this event and they're like we can't go over x, no more load balancers I guess I I mean, I, you know this.
Speaker 1:This is the thing Like. I feel like maybe someone in finance maybe came up with that arbitrary budget.
Speaker 2:Yeah, right, yeah.
Speaker 1:Instead of customer experience, it was the cost for the three or four hours that the event was going on. Right, you eat that cost for four hours. Okay, it scales right back down afterwards. And now you get, you know, a cnn article saying of how netflix, you know, was able to stream to, I don't know, 50 million people all at the same time.
Speaker 2:Right, like 100, 130 million, I'm sorry, 120 million, which is 10 million less than watch the super bowl.
Speaker 1:Imagine just imagine if that was the article in the news. Right, right, exactly, hey, they streamed to 110 million people flawlessly, without issues, right, and now we're dealing with the after effects of you not doing auto scaling groups properly in your cloud. You know, wink, wink, there may be someone on this podcast that knows how to do it. Like it's like common sense. I mean they, they're the company that came up with chaos monkey and chaos gorilla, and if you don't know what those are, it is ensuring high availability and extreme redundancy in your data center, in your environment. Like these things take down servers randomly, they take out data centers randomly, you know, and and if you're up and you're running that in your environment, that's better than probably most of the cloud providers at that point.
Speaker 1:You know, I worked for a company, a financial services institution, right A couple of years ago and we bought a company in California and this company viewed disaster recovery totally differently from how we even viewed it. Right, like they really increased the par for what we consider disaster recovery to the point where every two weeks, they wouldn't just like sever network connections in a data center, they would go into the data center and shut down the power. I mean literally shut down the power on that data center.
Speaker 1:And if something failed, then they're like okay, we know we have an issue over here and there was no turning it back on for two weeks, you know. So it's like, hey, you got to fix this thing on the fly, which just like took it to a whole other level, right? Like we kind of re-augmented or redid everything we did from a disaster recovery perspective globally. Once we bought them and we saw that technology, we're like we need to be doing this everywhere, like right now.
Speaker 2:Yeah, I like the idea of chaos monkey.
Speaker 1:That's uh pretty sweet well I every, every, every time I go to a, to a new company or whatever. I mean, it's one of the first things I ask. You guys want to run chaos, monkey. And every single, every single time they're like, nope, we don't want to touch it, like don't even bring that in here, I'm like, all right, fine all right sure yeah, yeah, absolutely, it's, it's a, it's a.
Speaker 1:You know, the. The problem that abstract security is solving for is a problem that I'm finding at a lot of places. Honestly, I mean not just, not just my own place, right, but you know every place that I've been to right, the biggest issue is okay, we're heavily into the cloud and now we have all these logs, we can't even query them for something. God forbid, an incident happened because we don't know how to get that data.
Speaker 2:And if we?
Speaker 1:send it to our slunk where we already have everything. It's an insane amount of money. It doubles or triples our spend with that vendor.
Speaker 2:That's right. That's right. And so much of that data is just not relevant for cyber. Amazing, I mean. We did some analysis on like CloudTrail logs and found, like you know, 70% reduction capable. Yeah, I mean you're talking a data source that generates terabytes of data every day. So if you can reduce that by 70%, I mean you're saving a significant amount of money.
Speaker 1:Yeah, yeah, especially from a security perspective. I mean, you need to know about the transaction you know you don't need to know about. You know the flow logs and everything else like that, right, like it just so happens that the information that you need is within those logs.
Speaker 2:That's right.
Speaker 1:just so happens that the information that you need is within those logs. That has all this other mess with it, and you have to be skilled enough to sift through it and figure out. You know what's actually going on. So it's a it's definitely an area that that we're struggling with right now, you know, in cloud security. Yeah, you know, colby, I I really enjoyed our conversation. We we're at the top of our time here and you know I try to stay very cognizant of everyone's time. But before I let you go, how about you tell my audience you know where they can find you if they wanted to reach out and connect and where they can find your company if they wanted to learn more?
Speaker 2:Yeah, absolutely Well. Find me on LinkedIn, colby Deretiff. Or find Abstract Security on LinkedIn. Me on LinkedIn, colby Derodiff. Or find Abstract Security on LinkedIn. We're around. Or the old, traditional way our website abstractsecurity, though maybe that's not exactly traditional, but it is on the worldwide webs.
Speaker 1:Awesome. Well, thanks, colby, I really appreciate you coming on, absolutely.
Speaker 2:Jeff, it was a pleasure. Look forward to keeping in touch.
Speaker 1:Yeah, yeah, absolutely Well, thanks everyone. I hope you enjoyed this episode.