Their Identities Are Hidden, But Their Frustrations Are Not | InfoSec Confessions: Log's Honest Truth | A Devo Story

A Their Story conversation with Sean Martin, Marco Ciappelli, and the team from Devo. This is a 5-part podcast series inspired by the Log’s Honest Truth video campaign recently published by Devo.

Logs do not lie. But, what is the true story that a company’s business data can tell to the security professionals that use these logs everyday to do their job? Perhaps more importantly, can these cybersecurity professionals candidly and openly talk about the way they feel about their job and how they would like the data to work better for them?

Sometimes we just need a safe space to share how we really feel. 

In this video series, Devo collects real-world feedback from real people working at real companies. They share their candid thoughts based on their experience they have doing their jobs using the tools they have available to them.

There’s always an ounce of truth in every joke. And while these videos poke a bit of fun at the industry, is that one ounce the slice of truth that makes your InfoSec program suffer, or succeed? Only you know the truth. For now, you can hear some truth from some of your peers.

Listen to each podcast episode below, watch the accompanying Log’s Honest Truth confession video, and be sure to subscribe to our newsletter and podcasts to catch all of the episodes as they become available.

More Data. More Clarity. More Confidence.

Note: This story contains promotional content. Learn more.


Episode 1: Confessions of an Information Security Consultant

Conversation with: Jason Mical, Cyber Security Evangelist at Devo
Confession shared by: Mr L”

With Power Comes Responsibility: Not All SIEM Platforms Are Created Equally

Security information and event management (SIEM) solutions have evolved quite a bit over the years. Yet, for most, much of what they do and how they tend to do it have not really matured to a point where they can take a lot of the burden off of the security consultant’s shoulders.

In this conversation, we speak with Jason Mical, Cyber Security Evangelist at Devo, about the confession “Mr L” shared with the Devo team. “Mr L” described 3 main challenges faced:

  • Increased level and variety of data to be ingested

  • The need to have speed and volume in log collection and storage AND high value in correlation and visualization (trade-offs here are unacceptable)

  • False positives should really be a thing of the past; how can we get there?

In the end, “Mr L” is looking for a SIEM that is Scalable (to handle numerous data feeds), Cloud-Enabled (to handle real-time insightful visualization), and Business-Driven (to handle what really matters… supporting and protecting the business objectives).

One more truth? Okay. If three blades on a razor are better than two, six may not be better than five — quality matters, not just quantity.


Episode 2: Confessions of a Cybersecurity Consultant

Conversation with: Kayla Williams, VP, IT GRC at Devo
Confession shared by: Ms H”

The Wall Of “Un-Scalability” — Why Do Teams Hit It And Is There A Path To Clearing This Hurdle?

When climbing to reach the summit for the business, a security management failure can happen at any moment, resulting in missed opportunities or lost revenue. The good news? Your logs have the solutions.

We're not only talking about finding the solution to fix problems when it is too late. We're talking about focusing the resources on knowing the business and its risks before something terrible happens so you can better prepare, protect, and prevent the mishap in the first place. If you listen to the logs, the solution can be synonymous with prevention.  

In this conversation, we speak with Kayla Williams, VP, IT GRC at Devo, about the confession "Ms. H" shared with the Devo team. "Ms. H" described 3 main challenges faced:

The wall of "Un-Scalability": what makes a company to that point where the wall is too tall to scale?

Analytics: you can't magically know what you don't know, and you can't analyze what you can't see

What is the real impact on the team's performance in terms of MTTD and MTTR? Yes, this applies to compliance requirements as well.

These points likely resonate with many preparing to listen to this episode. Still, the challenges—and opportunities—may not be as obvious.

Security operations programs within any organization can only mature and progress as fast as its weakest point. And, for many, that weakest spot lives in their ability to collect, correlate, analyze, and act on enough relevant data from enough (let's be honest, "all") relevant sources.

What's the reality? Many hit the "wall of un-scalability" far too soon for them to be successful as they try to reach the summit. They simply can't see what needs to be seen to prepare, protect, and prevent.

Suppose we learn to listen to the cybersecurity practitioners that know what is really needed to get the job done. In that case, we can also learn to listen to the log's truth—as they do not lie.


Episode 3: Confessions of a CISO

Conversation with: JC Vega, CISO at Devo (@teamvega on Twitter)
Confession shared by: Mr T”

Need—Innovation—Change—Growth—Mistakes—Fixes—Results—Sprawl—Trim—Repeat.

This path seems like the standard road for most businesses, but the truth is that there is no predetermined way to success for any organization. However, there is one clear and a common path to failure—not preparing for, expecting, nor embracing change.

"The art of simplicity is a puzzle of complexity."—Douglas Horton

With change can come complexity — and confusion, and opportunities if you know where to look and are prepared to react and adapt quickly.

The point is that it can be easy to get "comfortable" with a particular set of technologies—many of which are likely legacy systems that, unfortunately, can't perpetually deliver the value your team really needs when it matters most.

For example, you might be able to collect 6 months' worth of security logs from most of the systems that matter, but what about that new business system that your team stood up at the beginning of the fiscal year—are you collecting those logs too?

Sure, you might have a nice routine set for your security analysts so they can quickly and easily close out simple security events and the large number of false positives they deal with every day. But, when that severe incident is taking place, do they—and the rest of the security organization—have what they need at their fingertips to identify the source, shut it down, prevent the spread, limit damage, and get things back up and running as quickly as humanly possible?

The truth is, most probably, not a chance — and at the end of the business day, the truth is what truly matters.

In this conversation, we speak with JC Vega, CISO at Devo, about the confession "Mr. T" shared with the Devo team

"Mr. T" described 3 main challenges faced:

1 - Innovation is driving business value: how come the security team continues to hold the business back?

2 - Technology is sprawling: why can't we seem to shake things that prevent us from focusing on what really matters--the business?

3 - There will always be legacy systems: the question is, how do we embrace the past and enable the future regardless of the technology stack in play?

This back-and-forth struggle may resonate with you, and you may be wondering how to overcome some of these challenges yourself.

Suppose we learn to listen to the CISOs dealing with this challenge every day; CISOs that give a nod to the past and connect that reality with the present and future—through their logs.

Suppose this conversation will make you think that something got to change for better outcomes, and now your know-how.

Listen to this confession. It is the truth.


Episode 4: Confessions of a Digital Security and Fraud Director 

Conversation with: Jill Orhun, Vice President of Customer Success at Devo
Confession shared by: Mr V”

Even if you can collect an increasing amount of data, you still need the tools and the power to analyze it. Only then, can you reach your full potential limited only by your imagination.

Looking for signs of fraud and the loss of intellectual property or customer data is not the same. What's the difference? What's the overlap? Are there organizations set up to do both well? Glad you asked. You will find the answers by listening to this podcast.

As organizations take their journey on a digital transformation and move to the cloud, many are forced to re-visit where their infosec systems reside and how their security and fraud logs are collected, stored, and used.

Just as the move to the cloud generally means a more scalable process, so does the need to handle more data from more applications representing the increased need for additional analysis. Today it's not good enough to "keep up" or simply "handle" the load. Security and fraud teams require a rate of efficiency that can handle significant data sets and allow the team to create new correlations to prevent fraud and detect threats.

In this conversation, we speak with Jill Orhun, Vice President of Customer Success at Devo, about the confession "Mr. V" shared with the Devo team

"Mr. V" described 3 main challenges faced:

1 - Operating in different parts of the world can make log collection, storage, access, and analysis tricky

2 - The rules and algorithms that define what's "normal" and what isn't are different as well

3 - Integrations with security systems AND fraud systems is critical (detection AND response)

To tackle these three challenges, Mr. V needed a new partner. A new solution that would support a security architecture to create new tables, extract additional information, and perform ad-hoc searches based on what the SOC team members are experiencing at any moment in time.

Are you able to unlock your full potential? Or are you stuck like Mr. V"?

 

Episode 5: Confessions of an Information Security Engineer 

Conversation with: Julian Waits, GM Cyber BU & Public Sector at Devo
Confession shared by: Mr B”

When businesses rely on their own infrastructure to protect their customers' products and services, security analysts are left with very little room for error and no time to waste. Long waiting times on database search results is most certainly not a good thing.

Many might be skeptical that the latest and greatest methods and technologies can meet their ever-increasing demands to see more log data, from more sources, in record time. This is understandable as many face the reality of living in the SOC that goes way beyond the newest data sheet. They attempt to dig through tons of firewall and intrusion detection logs as they battle their way through a security investigation. While not happy with it, they have become somewhat "used to" sifting through their data for days in an attempt to find what they are looking for—sometimes being forced to schedule the search, only to then watch the progress bar tick away in 1% increments every couple of hours or so.

The good news is that there is an alternative, and that's precisely what this confession is all about.

In this conversation, we speak with Julian Waits, GM Cyber Business Unit & Public Sector at Devo, about the confession "Mr B" shared with the Devo team.

"Mr B" described 3 main challenges faced:

1 - What do most legacy SIEM offerings forget about creating an environment that actually works for the business instead of against it?

2 - What about deployment and maintenance? T-shirts and swags help with that, right? Not!

3 - How does Devo help connect the dots between the logs, the security team's inherent creativity, and the company's security objectives?

In this confession, "Mr B" talks about the need for a new security log management stack that he and his security engineering peers could not only use to survive but to thrive on.

They must set aside decades-old mindsets for how data is collected, stored, analyzed, and presented. They need a solution that would give them the insights they need to make decisions when it matters most: right now.

If the investment in maintaining the security program and the increasing collection of logs outpaces outweighs the decision-making results, something got to change. Something in the organization's security posture is not correct.

It's time to re-evaluate, and possibly ditch, the 'good ole log database' for something that allows more data, more clarity, and more confidence.

The business will be grateful for it.


Log’s Honest Truth Video Series