Endace Packet Forensics Files: Episode #45

Michael talks to Dimitri McKay, Principal Security Strategist and CISO Advisor at Splunk

By Michael Morris, Director of Global Business Development, Endace

Michael Morris, Director of Global Business Development, Endace

Increasingly complex systems, expanding threat landscape, and explosion in the number of potential entry points all make managing security at scale a daunting prospect. So what can you do to implement effective security at scale and what are some of the pitfalls to avoid?

In this episode I talk with Dimitri McKay, Principal Security Strategist and CISO Advisor at Splunk, about where to start addressing the challenges of security at scale. He highlights the importance of robust risk assessment, developing clear security goals and ensuring leadership buy-in to the organization’s security strategy. And the importance of balancing the needs of users with the need to secure the enterprise.

Dimitri discusses some of the pitfalls that organizations often fall into, and what security leaders can do – and where they should start – to avoid making the same mistakes. He talks about the importance of thinking strategically not just tactically, of being proactive rather than just reactive, and of creating a roadmap for where the organization’s security needs to be in a year, two years, three years into the future.

Dimitri also highlights the need to collect the right data to ensure the organization can accomplish the security goals it has set, to enable high-fidelity threat detection and provide the necessary context for effective, and efficient, threat response. Security teams started by collecting what they had he says – firewall logs, authentication logs etc. – but this isn’t necessarily sufficient to enable them to accomplish their objectives because it focuses more on IT risks, rather than on the critical business risks.

Finally, Dimitri puts on his futurist hat to predict what security teams should be on the look out for. Not surprisingly, he predicts the rapid development of AI tools like ChatGPT and OpenAI has huge potential benefits for cyber defenders. But these tools will also enable cyber attackers to create increasingly sophisticated threats and circumvent defences. AI is both an opportunity and a threat.

Other episodes in the Secure Networks video/audio podcast series are available here. Or listen to the podcast here or on your favorite podcast platform.