Startup Security Weekly #69

Recorded January 12, 2018 at G-Unit Studios in Rhode Island!

Hosts

Paul Asadoorian
Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .

Michael Santarcangelo
Founder of Security Catalyst, author of Into the Breach, and creator of the Straight Talk Framework.

Announcements

• If you work in IT and want to have access to an awesome library of OnDemand training head on over to ITPro.TV/securityweekly! They are now accepting requests for demos of the IT Team solution that allows you and your co-workers to access over 3300 hours of training at any time! Use the code SecWeekly30 for the 7-day free trial and 30% off!
• Also check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand. Currently On-Demand we have webcasts with: Cybereason, Black Hills, Onapsis, Signal Sciences, and Stealthbits!
• Check out our DomainTools Webcast. Hosted by Paul Asadoorian, Michael Santarcangelo, and Taylor Wilkes-Pierce. The Webcast is called Pivoting Through Malicious Infrastructure. You can find out more and register for the webcast at securityweekly.com/domaintools!
• InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW! You can catch talks from Adrian Sanabria, Diana Kelley and Ed Moyle, Jennifer Manella, Joseph Zacharias, Mark Arnold, Matias Madou, and Summer Fowler. Good job!

Breakdown Segment: Curiosity is the key to getting answers

5 Questions to Straight Talk

1. What problem are you trying to solve?
2. What value does the solution create?
3. What is the impact of the solution?
4. How do you measure outcomes?
5. Are we ready?

Curiosity is the key to getting answers

5 Whys

https://en.wikipedia.org/wiki/5_Whys

• Ask why five times to get to the root cause; it may require more iterations (or sometimes less)
• Try to avoid assumptions and logic traps
• Root cause is often a broken process or alterable behavior
• Avoid classic answers about time, money, resources, and the like
• Change to ‘how’ to focus on solutions

5 W’s (and how)

https://en.wikipedia.org/wiki/Five_Ws

• Who, What, Where, When, Why
• Add how
• Always start with What

Clarifying and Pushing Back

• What problems are they trying to solve?
• What are they looking for?
• How do they see the solution?

Article Discussion on Leadership, Communication, and Innovation

How to Be More Productive Without Burning Out

https://hbr.org/2017/12/how-to-be-more-productive-without-burning-out

• Missing the root cause: too much work
• Clarify focus, measure results
• Serial changes add up
• Do you have an accountability partner?

What It Takes to Become a Great Product Manager

https://hbr.org/2017/12/what-it-takes-to-become-a-great-product-manager

• Core competencies
• EQ
• Company fit

What Cybersecurity Chiefs Can Learn From Warren Buffett

https://www.forbes.com/sites/forbestechcouncil/2017/12/20/what-cybersecurity-chiefs-can-learn-from-warren-buffett/#11debdd723b1

• How well are your investments working?
• What do you have visibility into?
• It doesn’t have to be sexy to be good
• Can what you have do more?

The Importance of explaining “Why” before “What” when you need help

https://medium.com/swlh/the-importance-of-explaining-why-before-what-when-you-need-help-1590eca9230b

• People want to know why before what (in most cases)
• Why is a powerful word
• The bottom line: intentions and reasons matter

Getting The First 15% Right

https://artplusmarketing.com/getting-the-first-15-right-7bc09771a846

• Think before you act
• The trick is to move before you’re ready, but not too soon or too late
• Consider the outcomes and work backwards

Startup & Security News You Need to Know

SolarWinds acquired LOGGLY (undisclosed)

• https://www.owler.com/iaApp/123461/loggly-company-profile
• “Loggly develops cloud based log management and analytics platform that offers application debugging, deployment monitoring and alerting solutions”
• $47.4M raised over 6 rounds; last round was $11.5M in equity in June 2016
• https://www.owler.com/iaApp/103961/solarwinds-company-profile
• “SolarWinds develops a network monitoring software that allows to detect, diagnose and resolve network performance issues.”
• Part of the Silver Lake Partners portfolio
• “Private equity investment firms Thoma Bravo and Silver Lake Partners transitioned SolarWinds from a public to a private entity in February 2016.”

‘* https://www.solarwinds.com/company/home —> “IT management software that works for you—and that delivers on our promise of unexpected simplicity.”

Verizon acquires Niddel

https://techcrunch.com/2018/01/05/verizon-acquires-autonomous-threat-detection-startup-niddel/?ncid=rss

• https://www.owler.com/iaApp/6797969/niddel-company-profile
• “Niddel develops and provides machine-learning-based automated threat hunting solutions for IT environments.”

Cyxtera Technologies acquires Immunity (undisclosed)

https://www.cyberscoop.com/cyxtera-immunity-acquisition-dave-aitel/

• https://www.owler.com/iaApp/12374084/cyxtera-company-profile
• https://www.owler.com/iaApp/986510/immunity-company-profile

Arctic Wolf raised $16M in Equity

• https://www.owler.com/iaApp/2562200/awn-company-profile
• $50.5M over 4 (interesting) rounds
• “AWN is a Security-as-a-Service company that provides managed threat detection, cyber security, cloud monitoring and advisory services.”