‹ All episodes

Resilient Cyber

S6E3 - Ross Haleliuk - Cyber for Builders & The Cyber Ecosystem

January 20, 2024 Chris Hughes Season 6 Episode 3
Resilient Cyber
S6E3 - Ross Haleliuk - Cyber for Builders & The Cyber Ecosystem
Info
Resilient Cyber
S6E3 - Ross Haleliuk - Cyber for Builders & The Cyber Ecosystem
Jan 20, 2024 Season 6 Episode 3
Chris Hughes

- First off, tell us a bit about your background and how you got to where you are now in your career

- What led you to write the book? Tell us a bit about the process and the experience so far, given you didn't take a traditional route with a standard publisher etc

- Your book is broken into different sections, such as security as an industry, understanding the ecosystem and trends shaping the future of cyber. Lets dive into some of those

- You talk about how Cyber is horizontal, not vertical and the role of trust. Can you elaborate on that and how it makes our field unique?

- You talk extensively about the role of capital, the different types of capital/investors and how it prevents cyber companies from failing at standard rates, or avoiding natural selection as you call it. I suspect this contributes to what some perceive as having "too many security vendors". Do you think that's the case, and is there any merit to the too many vendors argument?

- You dive deep into the role of industry analysts, how they impact purchasing decisions especially among large established firms and organizations. Do you think industry analyst firms have the same impact as they did a decade ago? What impact do you think social media, and "influencers" and practitioners themselves being more vocal about products, tools and methodologies is having?

- One topic you speak about that I really enjoy is moving from promise based to evidence based security. You talk about outcomes over promises and buzzwords, but we also know it is hard to quickly determine if a tool or vendor keeps promises, and it isn't only on tools, there are resources, staffing, internal expertise and bandwidth that all play a part. Can we delve into that topic a bit?

- Do you think security practitioners being more involved in the buying process is also driving change?

- Let's pivot a bit to founders. You have produced incredible pieces of the founder ecosystem, pioneer firms who led the way, the role of large publicly traded cyber firms and the role of networks among military, Israeli and repeat founders. It feels like the old saying success begets more success. Do you think there's lessons from these pioneer and repeat founders that some new founders neglect and are there opportunities for new founders to disrupt the way things worked in the past?

- You also stress the need to validate problems before going all in on a company focus and product. This is one I am passionate about, as often cyber feels like a hammer looking for a nail. You discuss how problems experienced among the cyber "1%" such as silicon valley and cloud-native startups are much different than big enterprise firms, but the latter is where the money is. I assume it is tempting to focus on the sexy and shiny issues but not realize it's not always where the money is?

- Looking to the future, you discuss the convergence of software and engineering with security, with the push to everything become as-Code, the adoption of DevOps, now DevSecOps and the Cloud of course. What do you think security practitioners of the future look like in terms of key differences from today?

- I personally think it is very important for security practitioners to step back and actually understand the ecosystem they operate in, as it is easy to get caught up in a specific product, platform, or cyber role and lose the bigger picture. Your articles are among the best on this topic in my opinion, especially for products, vendors, capital and more. What advice do you have for security practitioners when it comes to needing to better understand the broader aspects of the ecosystem they operate in?

Share
Apple Podcasts Spotify Amazon Music Overcast Castro Castbox +
Show Notes

- First off, tell us a bit about your background and how you got to where you are now in your career

- What led you to write the book? Tell us a bit about the process and the experience so far, given you didn't take a traditional route with a standard publisher etc

- Your book is broken into different sections, such as security as an industry, understanding the ecosystem and trends shaping the future of cyber. Lets dive into some of those

- You talk about how Cyber is horizontal, not vertical and the role of trust. Can you elaborate on that and how it makes our field unique?

- You talk extensively about the role of capital, the different types of capital/investors and how it prevents cyber companies from failing at standard rates, or avoiding natural selection as you call it. I suspect this contributes to what some perceive as having "too many security vendors". Do you think that's the case, and is there any merit to the too many vendors argument?

- You dive deep into the role of industry analysts, how they impact purchasing decisions especially among large established firms and organizations. Do you think industry analyst firms have the same impact as they did a decade ago? What impact do you think social media, and "influencers" and practitioners themselves being more vocal about products, tools and methodologies is having?

- One topic you speak about that I really enjoy is moving from promise based to evidence based security. You talk about outcomes over promises and buzzwords, but we also know it is hard to quickly determine if a tool or vendor keeps promises, and it isn't only on tools, there are resources, staffing, internal expertise and bandwidth that all play a part. Can we delve into that topic a bit?

- Do you think security practitioners being more involved in the buying process is also driving change?

- Let's pivot a bit to founders. You have produced incredible pieces of the founder ecosystem, pioneer firms who led the way, the role of large publicly traded cyber firms and the role of networks among military, Israeli and repeat founders. It feels like the old saying success begets more success. Do you think there's lessons from these pioneer and repeat founders that some new founders neglect and are there opportunities for new founders to disrupt the way things worked in the past?

- You also stress the need to validate problems before going all in on a company focus and product. This is one I am passionate about, as often cyber feels like a hammer looking for a nail. You discuss how problems experienced among the cyber "1%" such as silicon valley and cloud-native startups are much different than big enterprise firms, but the latter is where the money is. I assume it is tempting to focus on the sexy and shiny issues but not realize it's not always where the money is?

- Looking to the future, you discuss the convergence of software and engineering with security, with the push to everything become as-Code, the adoption of DevOps, now DevSecOps and the Cloud of course. What do you think security practitioners of the future look like in terms of key differences from today?

- I personally think it is very important for security practitioners to step back and actually understand the ecosystem they operate in, as it is easy to get caught up in a specific product, platform, or cyber role and lose the bigger picture. Your articles are among the best on this topic in my opinion, especially for products, vendors, capital and more. What advice do you have for security practitioners when it comes to needing to better understand the broader aspects of the ecosystem they operate in?