Ending Cyber Risk for SME's in Australia with Steve Hunter from Arctic Wolf

[Music] hello and welcome to Red's Business and Technology podcast I'm your host Jackson Barnes I'm your co-host Brad Ferris and today we're sitting down with Steve Hunter who's a director of sales engineering for Australia New Zealand for Arctic Wolf and we're currently cover often on this episode his journey to end cyber risk down under Steve thanks for coming in I really appreciate it did you want to start off with your background before we get into what you're doing now um and what articlef does absolutely and thanks very much for having me Jackson and Brad we appreciate it um so I started my life actually not in the vendor on the vendor side so you know I'm four weeks into working with arctic wolf and I'll tell you a little bit about that story in a second but I actually started as a um with three mates back down in Adelaide running a very small reseller so I come out of sort of the SMB Market back in the early 90s and moved very quickly realized that running your own business is extremely difficult and you end up working full time 24 hours a day seven days a week and um shifted from there while I was at University to work for what was Western mining at the time is now BHP at their Olympic Dam operations in Outback South Australia so I was a programmer database analyst working on in the mine on the processing plan living in Outback sa and during the journey that I was there I actually became the it manager for BHP uh West mind at time uh at Olympic Dam uranium mine and ran a small team when I was in my early 20s of sort of six helped their staffs and ran I.T shifted from being internality at Western mining to work for a dark horning they're a international Chemical Company where I was doing networking and sysadmin and kind of it infrastructure all across Asia Pacific eventually moved to Sydney and started working as an I.T guy for a company hopefully that you know Cisco Systems networking company and I was an internal I.T guy for Cisco for five years which was awesome which was awesome so you know I was doing networking for a networking company yeah super interesting super challenging and in that process I was doing a lot of work with IP telephony back in the early 2000s just when I had first come out and so you know the the dominant vendors at the time were like Avaya and Nortel and Cisco is the little fish in the big pond of introducing ipt and discovered in that process of being in IIT that I really liked talking about what we were doing in Cisco it with external customers and so the sales teams would bring me in they say hey Steve tell us the story of Cisco on Cisco and what we're doing and how you're getting value out of the technology and what ended up coming out at the back of that was I got offered a role in The Cisco sales team to come in as a systems engineer and work with external clients on IPS at the time eventually we wanted to do Data Center and security and I moved to Singapore with Cisco wow where I married my my lovely wife Louise who I met at Cisco she's a Brisbane girl so my all my in-laws are up here um and I did that for I was up in Singapore for about eight years uh shifted out of being an individual contributor to Leading the the systems engineering team for Cisco uh looking after our 28 largest customers in the world um about team of 35 and did that until I moved back to Australia in 2015 and at that point I'd been at Cisco 16 years and an old colleague of mine who was with me in Cisco had gone off to join a pre-ipo cyber company called forska Oscar and force out competed with Cisco it was sort of the third place network access control vendor in the market in APAC and it competed against Cisco and HP Aruba and he convinced me to come on board not because of what they did with Knack but because they were addressing kind of a new capability that addressed a risk related to iot and visibility and security at the time I did that for the next five years based out of Sydney traveling around Asia we had about 800 customers for a forescat and then covert hit I was with still with forska sitting in my bedroom you know doing the working from home thing and some ex colleagues of mine from Cisco had gone and worked for Google Cloud uh had introduction to Google and then back in mid 2021 I actually got the opportunity to go work for a Google Cloud so that's where I've been up till about four weeks ago um what were you doing there so I'm head of customer engineering so I ran or led a team of of extremely smart Engineers across all Technologies it wasn't just cyber um for initially large Enterprise so very similar to what it is Cisco you know we worked the large end of time um but then all of this year I've been working with mid-market uh mid-market Enterprise and the digital native sort of startup community so fantastic um up until about yeah four weeks ago when I shifted to Arctic Wolf that's a that's a massive career already and uh no doubt Cisco when you started there and what you were doing the iptel they kind of dominated that market for a long a long time after they were a small fish when you started a bit different and then so you jump more into um when did you shift more into cyber security so it's interesting when I was in I.T um we didn't call it cyber back in the days this was all infosec um infosec was a sort of a part of that was a component of the role of being in citizens Administration and networking so it was network security and the systems admin security so I was part of the very early teams at Cisco that responded to code red um you know the Melissa virus the I love you virus if you remember that stuff from the early 2000s um so I got exposed to that but we always had a separate infosec function at Cisco when I shifted into pre-sales engineering uh at Cisco one of the topics that you cover is network security so there's a big product range that Cisco has with security and so about 2000 and 2008 2009 was when I started working with security products and security teams and customers but then dedicated to security and cyber only was 2015 when I moved to foreskin yeah right and that industry has gone nuts since anime will Circle back to that so just to finish that Journey then either now you're learning as director of science engineering for Australia New Zealand is Artic wolf which means you have left Google after depending just getting there which is pretty pretty rare why did you make that jump to from Google the massive giant which sounds like that was a pretty good role only after a year and a half to Arctic Wolf yeah that's a really good question and uh there was a little period of time a while ago I was asking myself the same question yeah um so they know let me say I was not in any way prepared to leave Google like in terms of as a technologist that it's doing super interesting stuff with customers Google is the place to be yeah um and interestingly Google's sort of the number three hyperscaler in Australia very similar to how Force out was the number three Knack provider in APAC and Cisco was the number three IP sort of telephony Provider when I started there I have a bit of a thing about going for the underdog um and so if you'd asked me six seven weeks ago you know what's your career plan it was to be at Google for the next three or four years um one of the advantages of being in a leadership role when you're working with technologists is you get to be a little bit smarter every day on the back of working with amazing people and so um a lesson I learned really early from a colleague of mine Cisco when when I was making the decision to become a people leader of smart folk rather than try to be one of the smart folk was then like um part of the job of the people that work with you is to teach you stuff that you find interesting and that they find interesting so being an SE manager a sales manager an engineering manager means if you've got the right ads you can get you can get a little smarter every day and at Google I had just some absolute weapons like there were amazing Engineers uh and so and across all topics so when it comes to AIML and data analytics and kind of running things at scale like Google scale uh that every week was a week of kind of learning something cool and interesting from one of my team or somebody that worked at Google so imagine with me you've been learning what Google's doing from a you know Forefront of Technology Global leader and then you've got your team as well you probably have some high-end customers you'd hear their unique problems and challenges and how to solve those you would have been learning a lot so uh why make the move yeah great question yeah and actually that's a great point the the customers the customers themselves like how they use the technology that's probably the most fascinating part of working in a pre-sales function is you get to see all the crazy stuff that people do so why leave Google um the story is actually interesting that I was having a one-on-one with one of my staff members one of my engineers and he had seen the Arctic Wolf was advertising to come to Australia and he asked me uh in our 101 he said Steve this looks a lot like what you did at forescar and they're just coming to Australia are you by any chance applying to this arctic wolf role and it turned out he had some mates that worked there and I said to him no uh arctic wolf never even heard of them yeah I finished the uh the 101 I went away had a look at the role and had zero intention to go leave Google but then I looked at the mission the Arctic Wolf is looking to solve for right and you said at the start right like the mission here is to end cyber risk pretty lofty goal um but it it's prevalent in its core to uh kind of how arctic wolf goes to Market and how we do and why we do what we do and so um I did what I think a lot of people would do I had to look through Linkedin I was like there's any do I know anybody that works at arctic wolf and an old colleague of mine from forsga had been an arctic wolf for about two years and so I pinged Jim in the US and just over LinkedIn I hadn't talked to him for a year and a half uh and said hey Jim can you I get five minutes with you just to find out a little bit about arctic wolf and what the Journey's like and I had that call with him and over 15 minutes he was so passionate and so excited after two years I knew him from foursca um that his enthusiasm just rubbed off of me and the mission the mission for Arctic Wolf is focused in the mid-market um is not the top end of turn and I'll talk about that in a second like why why I love that mission um and I convinced him to contact the hiring manager who I believed had already kind of gone a long way down hiring for Australia um just so I could get a chance to meet them when they came to Australia this is six weeks ago so excuse me um so I had the opportunity to meet the the worldwide head of engineering for arctic wolf guy called Lane who you might have on the show a little bit later of the year and laying if if Jim was like a 9 out of 10 passion for what he was doing Lane's like a 15 out of 10 passion and you guys have met Lane so I know a little bit what I'm talking about um and you know one of the big things about what arctic wolf does is um you know we're not we're not a product vendor so I've been in product vendor land there for 12 years um and even at Google you know we're solving some amazing they're solving some amazing problems but it was still sort of a product or a piece of software or a component or a jigsaw puzzle piece that we would um now convince you to use and you would assemble it yourself and you'd have to build it and operate it and whatnot and you can use Partners to do that but in the Cyber uh in the cyber world even with forska you know we were on a very pure mission to provide um you know visibility of you know identify the unknown unknowns in your environment so you can protect yourself and it wasn't for lack of um kind of a positive intent that Jesus had to do and so if I look at the End customer you know if I'm you know one of the big banks in Australia my cyber team's 300 400 people so when I take a meeting from a vendor who's got their new piece of Wares to sell yeah I can afford to take the time I can take a look at it I can see if it addresses a component of um of capability that I need to reduce risk or address an issue but uh and then then I can operationalize it because I've got loads and those in those people um if I'm in the mid marker and I've Got 5 10 15 IT staff and I've got to deliver value to the business and I've unfortunately put the word Security in my job title in LinkedIn 100 vendors are going to hit you up every week and try and sell you you know with all good intentions their product arctic wolf doesn't sell the product now we have a product we have a product that we have written and invested in and created for our teams to deliver outcomes to customers but arctic wolf is an extension of the customer's I.T team

addressing like with the the true objective is to reduce cyber risk and really end cyber risk for that customer and if you think about risk as defined by you know it's the the probability of something bad happening and then the impact of that bad thing happening if I can get either of those sides of the equation you know low and ideally zero effectively I have ended cyber risk for that organization that's a big thing and that's interesting we say about mid Market because and you're paying like five or ten people in the iot team then responsible for cyber as well people just expect that they are looking after cyber security in their business but even in smaller businesses um they're your general managers and CFOs who are responsible for cyber in a business and then in like in the I.T stuff is is kind of Beyond them well the risks are the same but to mitigate that risk it's just unfeasible and so that's why that Dr Wolf solution is so unique in the marketplace is because it does now make that mitigation strategy affordable for for everyone so so there's a little bit more on that um before you know questions so how does Arctic Wolf help businesses protect and therefore end cyber riskly what do they actually do for a business so the the core of what arctic wolf does um is it's really it's two things so um a term that most folk will know is manage detection and response right so we'll have an MDR as we're saying MDR offering and what that means is that using the tooling that you've already invested in and all the stuff that you've already got will take all which you may not be operating as effectively as you'd like and you're certainly not watching 24x7 we'll take all of that Telemetry and we'll bring it all back into arctic wolf and into the Arctic Wolf platform and we do that at scale and we do that for sort of four thousand plus customers worldwide today um but more than that so so that gives you the response piece the in if we think of um saying that in the the nist framework the the cyber security framework of you know protect you know protect detect um respond cover um this is the detect piece so you've spent all this money on tooling send it off to somewhere where we're going to be able to um watch and monitor give you a high fidelity alerts um do all the triage so that when you get a ticket or a contact from an arctic wolf engineer you know it's something you need to do something about yeah um but I'd almost got that table Stakes there's a lot of MDR offerings out there and people have been using MDR for a while that isn't the reason I came out to go off so um there's an approach that arctic wolf takes which is how do we deliver this service and there's a function we have called The Concierge security team and this is a named these are named Engineers we have them here in Australia now they're currently onboarding as we speak um who become an extension of the customer's I.T team they know the customer they are able to give the context that is needed to do proper event triage when we're ingesting all this Telemetry they have the customer context now in the event the nothing happens with a customer so if I'm a you know if I'm a small business and I've paid for all this tooling and I'm running my business for the year and I never get around somewhere incident and I never have um you know a business email compromise so I have a perfectly clean year and gosh I wish that that's the case what value did I get from the MDR service just by itself none well I got some productivity values yeah I wasn't looking I wasn't looking at the alerts okay so I didn't have to do that so my team my team gets some benefits because they're not processing alerts I'm not having to deal with it but outside of that not a great deal uh maybe tick the box for compliance too but in that year with arctic wolf with the concierge security team that team works with you to build a security Journey and that security journey is is specific to you the customer because you know that we work with you to know your business but it's leveraging the fact we've done this for 4 000 other customers and built uh these sort of packages pre you know um we call them spiders so security posture in-depth reviews but we pull together a journey of spiders which takes you from you know point a where you are now to the end of the year to be in a better place so that's effectively a bunch of best practice implementations that you can roll out to client depending on where they are in the in their security Journey yeah spot on exactly right so that every month you're getting better uh and we're taking on an intentional Journey but it's your journey not not our journey but it is prescriptive and it is best practice and it gets better every time because we're doing it kind of the collective defense piece we're learning from a thousand of these to put you know we're doing a um like an exchange uh sorry an active directory administrator account review for example that process of how you deal with privileged accounts and identifying the environment we're doing that for a thousand two thousand customers we make that better every time like as things move on so one of the big differences there is um you're not you are a service right not a tool to begin with but then you are essentially like a fully outsourced security operations um for a business is how they look at it when you know and helping them with their strategy as well as you are their MDR response and and everything else is that right spot on exactly and the um you know the the Arctic Wolf uh Cypress Creek operations center is one of the largest you know cyber socks in the world so the you know we have the benefit of collective defense related to that um but I think it's the journey that is the important piece uh it backed up by 24 response and all that because you want to be able to respond and detect but it's sort of a virtuous circle that the better we go on the proactive side the better we are at being intentional about security strategy and security posture uplift and user education and security awareness training the better we are at that the less the less we need the MDR like the the fewer alerts we have to triage and all that so the better we get at the front end the easier it is to identify the things we need to deal with at the back end when we're reacting um but that journey is kind of customizable because it might be that we're going to do a journey of the year to get certified for ISO 27001 maybe that's what we're trying to do but then um we might need to take a detour you know mid-year because you do have to be a business email compromise so you do have an incident and so then that does two things we've got to be able to respond and react to that and that's where instant response comes comes in and maybe other partner Services as well but then there's Fallout from that which is all right what do we what do we learn and what do we have to do differently moving forward okay let's modify the journey to incorporate that so we get those outcomes and then we go back and complete the rest of the journey and to me that's uh and the focus this is the awesome part the focus here is mid-market so we want to work with customers that um you know that have spent just a bunch of money on on tooling and whatnot to get the most value out of what they've already invested in but then get this security uplift over time and then we probably shouldn't touch on that engagement Model A little bit and then you know so for in that mid-market um generally partnering with someone like red um who's effectively playing that it team role for the client um and using all their expertise on the front end to kind of implement some of these changes these features these these events if you like that need to be implemented for the clients in their Tech stack spot on and so the role that um the role that like apart in our technology success provider like like red plays there it's really it's twofold it's leveraging the expertise that arctic wolf is bringing to the table related to well this is what you have and here's how you make what you have better and or you know already you guys are you know helping customers with that yep um but it may also be like there's missing capabilities um and rather than listen to you know yet another vendor pitch from you know yet another category of cyber security tools being intentional about what you want to look at next in terms of okay we want to be able to go to the board and say we're looking for an investment to uplift our capability well how do we quantify where we are today we do that as part of the Baseline service and then how do we quantify the risks we're looking to kind of address or mitigate with the investment that we're asking for and then working with a partner like red to get those Acquired and then implemented that's uh that's pretty unique actually because there's not a lot of there's a lot of servers out there that do the endpoint um detection response or MDR but then definitely not going to help you with strategy on cyber security in your business run there's a lot of network launching tools that do a similar thing but they're not going to come back to you and say this is where you're at today this is what you need to be and create that Journey for you so that's that's very unique actually yes and actually on that on that topic about like endpoint security so one of the other things I'm just getting exposed to now that I've been you know I'm in my fourth week arctic wolf is um argument with collects just a an epic amount of telemetry um and we're in the vicinity of two trillion events a week being ingested into our um cyber salt there's a lot of intelligence that can be extracted from that and we have a function inside arctic wolf called Arctic labs and I'm just coming up to speed on this now but one of the pieces of insight that they've shared with the teams is you know we we take Telemetry from lots of different places so we take it from endpoint we take it from Network we take it from SAS applications like you know email and Salesforce we'll take it from external threat fees as well so collect all of this information from lots of different places what percentage of the incidents that that we have to escalate to customers comes from the endpoint Telemetry would you guess Ed I'm not even going to try I'll say over half yeah so I would have I would have thought sort of 50 you know 40 something like that um it's in the vicinity of 15 to 18 really so it's less than a fifth that's interesting so 15 so just just clarify that 15 18 of um logs are coming from the endpoint antivirus tool so call it 20 let's call it you know 20 is that including the sensors as well 20 of the incidents that we have to escalate to a customer to manage the real incidents are sourced from endpoint Telemetry which means 80 of the incidents that we escalate to customers to we wake them up at two o'clock in the morning to hey you've got to do something eighty percent of those incidents are coming from other sources like Network sales yeah exactly um does it mean you can get away with not having endpoint protection absolutely not because if you didn't then it'd be like 90 is coming from that so that the the endpoint protection tools are doing their job 100 but it does mean that it's not a complete story if that's what you're looking at so what size business should consider Outsourcing their security operations is probably might be some value for the audience there because like that is very interesting and I'd say that definitely five years ago it was only universities and second agencies and defense and stuff had their own security operations and Banks those kind of things right but if you look at even like hospitals these days they don't have security operations internally and some are not even externally what size business should start to consider something like outsourced security operations yeah that's um you could almost look at like to flip the question around and go like what size business would it make sense for you to insource security operations and I think we're really only talking um you know very very large Enterprises and even very large Enterprises you know we'll Outsource some elements of the security operations but um two two windows I would look at that so there's the core versus context conversation like is security and is um uh sort of Rapid security core to the brand for what you're doing right so if you're a Visa or Mastercard you know security and Trust massive right so they they have one of the world's largest socks as well um but if I if my you know my mission is to deliver you know high quality refined manufactured goods you know in Australia for distribution around Australia um is security core to what I need to be delivering as an I.T function well unfortunately the answer is yesterday like absolutely like security is core for everybody but am I going to have the capability to hire the number of staff that I need you know put up a 24 7 monitoring environment um and then be confident that I can maintain that over time and get a good outcome the answer is no and the answer is no for pretty much everyone um you know under I'd be under a thousand employees you know under a thousand managed endpoints you know that is um before it is even semi-viable internalizing a security operations team is that what you're saying yeah exactly um and the figures are you know they vary a little bit if you look at sort of the Sans training related to this you're looking at six to eight people to staff at 24x7 Operation Center so we're gonna we're gonna generally want to Outsource um you know context operations for manage detection response a bit like log monitoring as well a lot of focus you know Outsourcing to Knox and manage providers for um for that but the um uh so yeah so that's the sort of where I would look at there is it's that mid-market where I I can't start like and Staffing a sub opportunity operations center by the way um you know I was at Google and I was trying to you know part of interview process trying to hire security people yeah if you can get them I I couldn't get I couldn't get people it took us a long time yeah it's crazy like the um the the skill set is is in such demand in Australia it is an absolute Challenge and then I don't know if you've seen in the Press bits recently they're viewing cyber sock analysts as the call centers of the IT industry in that the churn for people coming in burning out and then leaving yeah it's very high yeah I've heard that the burnout is for cyber Engineers is massive right now I I can imagine right you running 24 7 dealing with threats stressful environment and even recently we saw the big breaches in Australia that happened they've probably got a lot of questions fired back at them internally saying spotlights yeah that would be a big concern so it's from what you said Steve with all your years years of experience that let's have a thousand employees not don't even consider building an internal security operations um in terms of what size business would you advise should be considering Outsourcing their security operations is it down to like 100 people less or what does that look like yeah everything's a risk-based decision when it comes to this and I know it's a bit kitschy to say that when you're in it like or inside in infosec cyber security everything's a risk-based decision but it is so if you're um you know a great example like there's some amazing companies up here in Queensland that I work with in Google cloud like The Innovation coming out of Southeast Queensland it's the charts and there are companies that uh that are doing some amazing intellectual property development and I know you had an IP lawyer on here just recently um where the you know they're not massive companies they're 10 15 20 people but the value of what they're creating uh is in the tens of millions hundreds of millions of dollars now for them 100 I would be looking at a you know high quality High Caliber Outsource security operations but also secure you know long-term security strategy um because that is core to how they protect their business but in general outside of that in general it's going to be in that you know 50 to 50 to 150 50 to 300 sort of range as where you're going to get the most value uh in in Outsourcing a great deal and I was almost not Outsourcing because that sounds like you're deferring Outsourcing responsibility but having a external party be part of you know your security Journey just leveraging team of expertise a team of experts that you couldn't practically employ employ and manage internally yourself and one bit of a side by sort of injection here like when I first started working in networking when I was at Western mining had the opportunity to work with we had a problem with a Cisco switch and I was pretty new to networking at the time and I remember calling up Cisco tech if anyone remembers those guys back in the day and calling Cisco attack and getting help and you know Cisco had and to a degree still has the reputation for the best wholesale support uh and I work with this guy like these are these are technical support Engineers essentially in a call center that were just absolute weapons they were technical guns and they're amazing and when I joined Cisco excuse me I was in it and I was in the same building as Cisco tack down in Chatswood Sydney and I uh I was very curious to know like why would someone stay in a technical help desk like why would somebody stay in support and we had guys at Cisco that have been in support 25 years and the environment the the support managers created for the Cisco attack Engineers these guys are a ccie they're multiple ccie there they could go anywhere but they choose to stay in customer support because when I looked at them at the time they were on the phones for um taking calls typically for four hours out of an eight-hour shift and then the other four hours is recreate or playing pool or you know it back in those days it's like shooting Nerf guns around the office but the um the support managers realized that it's a hard job to get really skilled people to want to stay in and so they built an environment where the culture of that team was just amazing and I get a sense walking around the red offices that's what you're building here um arctic wolf takes the same approach for the Cyber sock so how do you get hundreds and hundreds of cyber security analysts to come work for you and have a journey like a career journey in in the sock which is this you know the call center of cyber um and it's to to essentially take the same approach so I'm looking forward to eventually getting out and seeing them overseas but they have an intentional approach to bring people in from industry at senior levels and from University early on and then give them a career journey in cyber where you might want to be in that place for three or four or five years that is one of the one of the highlights of this journey of building the relationship was arctic wolf is seeing that culture and media I've been lucky to meet a lot of the team overseas as well and it's just um yeah just everyone's so passionate really friendly great Vibe everyone believes in the mission so I really enjoyed that part of this journey with arctic wolf sounds like part of the reason you joined Steve is the passion you felt from a former employee used to work with over there right and then he had lay on the call and the passion was too much and it's easy for me to get distracted on tangents and I realized I didn't ask you a question before why arctic wolf so I met Lane and had this you know 30 40 minute conversation with him down in circular key and I walked away uh and I remember saying to him look I know maybe I'm not the guy you know maybe you've already picked somebody I get it and I hadn't applied for a job in 20 years it's mostly through networking and people that I've had my kind of career path this was a job that I applied for a canvas for because I met the team and was like this is really going to help the middle part of Australia and as sort of being in cyber security Australia like you've got to think of it like the team Australia approach right like we all want to be successful we all want to reduce cyber risk we want to do good things for Australia overall um and bringing arctic wolf here um and they're very intentional by the way so I think we've been around for 11 years um has you know in excess of 4 000 customers one of the world's largest cyber socks and has never come to Australia until two months ago and one of the launch part I actually launched partner here with red just amazing they didn't go to Europe until April last year so they're super intentional we are super intentional about coming in and doing it seriously um and you know we're growing by the way people listen to this podcast and are interested in a career in cyber please look me up on LinkedIn because we're hiring and we're growing yeah but the mission is the mission is amazing yeah I do want to touch on the Australian plans um shortly but before we get there um one of the challenges I think that I team managers and cios people responsible for technology who get bucket with cyber as their responsibility as well which is like 99 of people we speak to I'd say um the cyber security gets buckled with the IT team as their responsibility how what advice do you have them for going to their board or CFO or CEO with this we wanted to get Arctic War for our source security operations we have this much risk for example what how would you go about that if you were sitting in their shoes as a CIO I'm responsible for cyber as well and but don't have any cyber operations now basically so interesting actually having been an I.T manager in uh my pre-vendor career I have a lot of respect and kind of admiration for people that choose to be in that role today it's a very um the the legal requirements that are increasingly put on putting upon directors of companies um is is significant um and I think if you look uh just you know if the listeners or the viewers um take a look at the uh there was a corporations act um Asic versus um RI I think you could search it for on Google but essentially yeah oh I didn't know I was in Brisbane I just I saw it in the press and I looked at it and went oh that's concerning like uh you know as in terms of a duty of care as a corporate director under the corporations act now you if you're not showing due diligence related to cyber you can potentially be taken to court now we understand um that you know there's the Privacy Act and there's like Australia's you know generally pretty good with the regulations that we have to comply to under the you know Australian Privacy Act and and align to the Privacy principles and whatnot but um to ask you a question like how do I go to the board and justify investment in cyber but the reality is you're not justifying investment in cyber what are we doing we're looking at addressing business risk yep um how do we do that we start with quantifying what that needs to look like you know or what what the business risk is today um and the you know the the I guess the good news on that is this is very topical it's certainly very topical the last three months with everything we've seen but it's increasingly there's education in um you know in the director's training uh and you know from you know legal advisory and from professional advisory as well there's very uh familiar with quantifying business risk and helping you get to a position where you can say actually we know we know where we're at right now uh the investment by the way is not like the investment something like um MDR is it's not a massive investment no right especially compared to the amount of risk that you mitigate by investing in it but to answer your question it is about having a risk-based conversation yeah understanding your risk um and taking it's a business conversation yeah a risk conversation that's definitely the approach that makes sense and that's that's good advice um and you have the ri advice case they actually go like uh three quarters of a million dollar fine for not listening to advice from their current ID provider so that was definitely scary and um there's other cases where directors are you know getting um more more scared about what's going on and though the the maximum penalty um just just got approved actually from 2.2 million dollars up to 50 million or 30 of turnover which is um even more I guess highlighting the risk um and and we've talked about this I believe on different episodes but again again for listeners viewers the Australian interview company directors has just published quite a good guide around principles around cyber governance and how to manage that so definitely would recommend anyone just type that into Google and and pulling those up are we taking show notes somewhere surely yeah I'll talk on the show that's a good idea um so that's good advice for IIT manager CEOs going to the board and having the risk conversation um you just want to get your feedback you've been around in the infosec OR cyber security industry in Australia for a long time at a pretty senior level um where do you think the current state of cyber security Market is in Australia now and what does Arctic Wolf bring to that so one of the interesting things about Australia is as a country we we punch well above our weight uh when it comes to technology we tend to go early with advanced technology we you know we're very um we're very sophisticated uh sort of user base if you like and I saw this at Cisco I saw it at Foursquare I saw to Google um and I'm hoping to see you again at arctic wolf um the um I spent a little bit of time uh pre-joining arctic wolf I went down to Canberra and did some training um for uh from the IRA processors program with the acsc um and and their authorized providers and the the thing that I feel good about being in Australia right now is that the the government is taking it seriously and not so much on the regulation the penalties because there's you know there's a great argument like you know if you increase the speeding fine does that mean people that's like like the speed maybe maybe not but the um the push from the uh from the government to be more publicly focused and Company focused rather than Commonwealth focused around cyber education and helping companies navigate this new world that we're living in today um they're playing a very active role in that and I know you've talked about essentially on the in a few podcasts with a few um uh guest members but the you know the acsc is taking a very deliberate and um and public stance around cyber education and capability uplift in Australia for the good of Team Australia and you know to ask you a question what do I see the state of the market we're shifting away from a tools market right and as I look at um vendors that are coming to Australia and just the the startup ecosystem there is a shift to outcome versus just capability or or you know technology um and I think that Australia is going to get there very very quickly in the same way that I've seen us adopt Advanced Technologies rapidly this shifts away from technology to outcome uh it delivered ideally through you know Innovative and scalable you know technology platforms Etc as opposed because it can't be a people it can't be sold with people because we don't have enough people skilled in the right places we're not bringing them in you know the sort of a a net decline in technical capability in Australia um so it needs to be that combination of you know government uh with you know with regulation with education technology capability coming in from vendor land to address the kind of Technology challenges in innovative ways uh with a mindset that is very Australian which is we're going to lean in and we're going to do Innovative things quickly um you know we are often The Underdogs you know we're a country of 20 million people that punches with 25 million people that punches well above its weight um in terms of you know how we consume technology and what we use it for uh so I feel optimistic um but uh I feel optimistic but the the challenge is definitely significant yeah that's it is good actually there has been a lot recently since these big breaches that have happened that it's just getting spammed out from an Australian cyber security who do a good job and an aicd in a bunch of other organizations so that's that's really good one one comment I'll just throw in there which is um is certainly not for lack of two like these breaches that have happened just recently it is not for a lack of tooling and is not for lack of good intention that we have these problems um the the challenge is really no different like with the the Optus breach for example which I know you talked about on an earlier show and there's a bit more information out now out there now than there was but yeah there was you know was it um was it was the tooling doing what it was supposed to do absolutely yes did anybody respond to that tooling unfortunately not how different is that from 10 years ago 2014 when when Target got breached and the tooling that they had was lighting up of the you know malware is moving laterally alerts alerts um but it was just lost in a sea of noise you know the in the Target sock so in that respect nothing has really changed in the last sort of eight nine years um the tools tools got better right there's certainly more of them you know and every the frustrating thing with cyber for me um when it comes to talking about it with uh with any organization is that it's one of the few areas of Technology where we don't see a lot of consolidation you know if you're an old guy like me you had uh choices in networking before tcpip and Ethernet there were options back in the you know we were decknet and fddi and token ring and stuff um and you know Microsoft Exchange and active directory wasn't always the directory service that you were using you might have been using Banyan vines or Novell or something like that but over time you tend to find that there's consolidation in technology except for cyber um if you've ever been to RSA you know there are 3 000 cyber vendors trying to sprout their Wares and there are seven or eight hundred of them that are new every year so how does a it manager or a CSO stay across all of those as well as everything else they do in their job so why do you think that is ah it's interesting I think it's because um security is often something that's thought about late when new technology comes out so security isn't part of what we think about when we create new offerings and the perfect example is the iPhone you know 2007. so you know we

finally cracked the code on antivirus and managing Windows endpoints and then okay so Mac came in so we had to deal with that yeah but we got that sorted and so you've got your AV on your mat then 2007 comes along the iPhone launches and what happens every executive and every end users like this is fantastic it's great for my productivity let me bring it into the company and can what happened well we had to create an entire new category of security tools related to mobile device management do MDM and it's like all right every new innovation that comes along has a has a knock-on effect related to security it comes with a risk and it comes with a risk and it always comes second it's not like we were like well we're not going to release the iPhone until we've got a way to securely manage them in the Enterprise well they're trying to innovate as well right Apple's always been about creating a new thing and cannibalizing that old product and moving forward so when you do that it's hard to pause for six months uh with that crushing new technology while we figure out the side by side so it does always come after exactly right and it's one of the the challenges I see with csos and with it managers that have Security in their portfolio in their remit is how do you how do you how do you innovate safely you let you know you let enough new stuff come in um but you've got the guardrails around it so that you're not exposing yourself overly but you can never be you know you can never be fully fully fully secure yeah um but uh yeah you just got to do it to do it in appropriate fashion but I I mean I actually saw it at Google too A lot of the Innovation that's coming out there what are the security implications of AIML and robotic process automation all of that like I haven't seen the tooling or the category for that yet I am sure it's coming yeah and there's iot and that kind of things I could ask a lot of questions but I know that you're watching the clock so I'll let you know you go stick with no you get one question Brad well I do want to talk about what's coming up so yeah yeah I do understand as well well I think I do want to touch on um before we get to that we'll finish on that um you've LED teams in you know it and cyber and dynastical in physics for a long time now um what makes you good at managing technical teams um because that's essentially what you're going to be doing at arctic wolf right how do you um find someone good retain them and manage them ongoing now I almost don't want to answer this question because you guys are going after the same folk that I'm going after um will be nice the uh I mean it is literally the best part of this job like when you move into people leadership there's a lot of not fantastic stuff that comes with it there's a lot of administration Etc um the the best part of this job is being able to work with smart people um people want to be good at they want to have an expertise and they want to be able to show it and they want to be able to use it they want to be kind of operating in the place that they're the strongest and they want to get better over time in most cases and so you know My Philosophy around leading technical teams uh first up is um you know I'm privileged to say that I've LED teams a lot lot smarter than me um and that I'm not intimidated by it but I I love it because if your job a little bit of your job every day is to make me a little bit smarter that means that I've got 10 volt that are making me a little bit more educated every day and I love to learn right you have to if you're in this industry I think um and so you know it is you know My Philosophy around sort of growing and leading technical teams is to appreciate and understand what the you know what the passion for what we do you know how do you drive the passion how do you support the passion for what we do um because it is you know a lot of what we do today didn't exist five years ago so you can never be more than a five-year expert in some area of Technology now so the fact that I've been around 25 years in Tech Technologies means I've done the five-year thing five times yeah um and the uh you need to have something exciting like it really it's the mission you know so when we were we were revolutionizing telephony um back in the day we were The Underdogs that was a fantastic sort of experience and I did that as an engineer as opposed to a manager um and at article wipe the engineers that I'm talking to are excited to come on board has to do with two things it's it's the mission that's the purpose the vision for what we're trying to do that is pure we can 100 get behind that but it's also how we're doing it and so kind of the the technology and The Innovation and the um kind of hyper nerd engineering stuff that's under the covers is uh interesting to Engineers so great Mission Great Tech and then ideally the managers just get out of the way and let them be amazing yeah it's good advice it's good advice all right Brad did you wanna go the next question um so we have had a pretty conversation around um the data sovereignty conversation um because that does come up a lot when we're talking to clients and you know what's the difference between offshore or unsure what kind of data and I know we'd had a pre-conversation and this was a little bit above my knowledge but um you had some great words of wisdom so I just like to unpack that a little bit with you okay so for um for the lessons for a little bit of History I um actually had a chance to catch up with Braden Sydney just a couple days ago and this topic comes up a lot and I'll frame so I'll talk about data sovereignty now full disclosure I'm not a lawyer secretly appropriate legal advice to your specific situation um but I am seeing this um this challenge in the industry related to the term data sovereignty if you Google you know data sovereignty Australia you're going to get a lot of Articles saying we must ensure that we have our data sovereign um so you know full disclosure right now arctic wolf does not have a presence in the Australian uh data in an Australian data center is coming but it's not here yet um so what does that mean in terms of um kind of data data residency and data sovereignty and how should you be thinking about it if you know we're talking to you um so first up uh I've been guilty of this vendor vendor through tend to co-opt um industry buzzwords and uh I saw it with visibility at forescat then it was zero trust AIML did it like a little stint in the Cyber lands a couple years ago and now data sovereignties um quite rightly um a a topic a topic that needs to be discussed um the my view on this is first of all skip the skip the vendor marketing stuff right so if you're seeing you know a local Sovereign data center talking about like the only way to be safe and secure with your data is to ensure that you've got it from Australia uh no not really the only way to be safety with the data is to show that you've got it classified properly and you've got to protect it appropriately because if it's onshore and poorly protected versus offshore and well protected I would take off your remote protected every time my sort of guidance on this is um to to take a look at you know if you're not in a highly regulated industry you know you're not in a in in government or you're not dealing with health records um in general um the Australian privacy uh the Australian Privacy Act is the overarching act that governs um what we need to do with relate to protecting the privacy of Australians data and there are the Australian privacy principles that you should align to and this is not just vendors this is you as a company I need to align the Privacy Act the Privacy principles to ensure that we're treating the collection and the management and the disposal of Australians citizens data appropriately and that's the approach that we're taking arctic wolf as well which is we're aligning to the Australian privacy the Privacy Act and the Privacy principles related to data residency um and ensuring that like there is at the moment there is actually no requirement for you to have your customer data even your customer databases uh onshore that's not part of the the Privacy Act and it's not part of the Privacy principles and actually I think it's private principle I want to say eight that deals with the appropriate handling of offshore offshore data so the more important question you need to be asking both yourselves and any vendor that you're working with is how are you protecting my data that I trust you with and how are you aligning to destroying privacy acting Australian privacy principles and we might we might see that change in the future there might be you know there might be a need for onshore residency for some sorts of data outside of health and and government but that's not the case today it's really good advice actually yeah I I do agree that if you can um offshore but it's protected secure with the trusted brand and the proper processes that makes a lot more sense in going with something you know you can um go and have a look at but it's unsecure um in Australia so that's under unsecured locally is still therefore exposed yeah internationally or offshore as well yeah and I do feel like apologizing to the listeners on behalf of all the vendors that you know it's a force of habit to take whatever the topic the Jour is and then morph your product into being that thing yeah yeah um yeah exactly one of the reasons I'm glad I'm no longer at a product company yeah fair enough all right so what's next for arctic wolf in Australia um ending cyber risk um just launched did you want to and it's honest I mean four weeks but uh you want to share a little bit about what the plans are for article for entering Australia yeah 100 so um I mean the plans here is exactly that you know the mission is to end cyber risk for the mid Market in Australia it would be great to say for everyone in Australia but you know we're related to focused on the people we want to work with and the people that we want to help protect um that means growth um we a very common pattern for vendors is to land a whole bunch of sales teams and then go solicit you know business and then eventually maybe they'll put in some customer service people and whatnot um arctic wolf today we're 12 weeks in the country um I'm employee number four um we've got 12 on board now there is one sales team one there's actually only one salesperson everybody else is working on customer success um kind of customer project management uh security operations like that all exists in Australia today and so the mission from here is is growing those teams it's exciting so what was it gonna look like in 12 months time oh who knows I mean based on what we saw at Europe though so in uh in Europe they went from zero to 100 we went from zero to 100 people in about 14 months um because we're investing in a in an area that is um really crying out for some help uh and the approach that we take is is a people-oriented approach rather than a product oriented approach um beautiful thanks for coming in Steve really appreciate it thanks for sharing all your insights on how you manage a team the cyber security market right now in Australia you've shared a lot of good insights so really appreciate it absolute pleasure thanks to my family [Music] um

2022-12-16 02:36

Other news