ESW #307 – Raffael Marty, Jim Routh
Full Audio
View Show IndexSegments
1. MSP = More Security Please? The state of Managed Service Providers – Raffael Marty – ESW #307
The MSP space has undergone a lot of changes in the past few decades, with the emphasis on security increasing dramatically in the last 5-10 years. We discuss how ConnectWise, which builds and sells solutions to MSPs, has tackled this challenge. We'll be asking questions both from Raffael's point-of-view, selling to MSPs, but also from the customer point-of-view - small to medium businesses with a need to outsource IT and security functions.
Announcements
Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!
Guest
Raffael Marty is EVP and General Manager of Cybersecurity Management at ConnectWise. As part of the executive leadership team, he carries the responsibility for all aspects of the cybersecurity business. His executive track record brings over 25 years in the cybersecurity industry to ConnectWise; from the development of innovative cyber approaches for the intelligence community to leading big data analytics and artificial intelligence projects for Fortune 500 companies.
Marty has been in critical roles at prominent cyber companies and is an investor and advisor. Before ConnectWise, Marty was head of research and intelligence at Forcepoint, leading the development of novel approaches to solving the cybersecurity challenges for governments and intelligence agencies across the globe. At Sophos, Marty ran security analytics and oversaw the big data strategy, which he helped pioneer as the founder of analytics companies PixlCloud, and Loggly, the first cloud-based log management solution. Additionally, Marty held key roles at IBM Research, ArcSight, and Splunk, developing solutions for Fortune 500 organizations.
Marty is one of the industry’s most respected cybersecurity data analytics, big data, and visualization authorities. He is the author of Applied Security Visualization and the “Security Data Lake” and a frequent speaker at global academic and industry events.
Hosts
2. Detecting Breaches In Apps & Why Every Security Team Needs Data Science – Jim Routh – ESW #307
Today, we talk to Jim Routh - a retired CISO who survived the job for over 20 years! He'll be sharing some wisdom with us, like how analytics and data science can help detect malicious insiders. Also, more generally, Jim will help us understand how data-science-backed tooling can help move the security market forward and help security teams and programs mature.
Segment Resources: https://www.reveal.security/resources/whitepapers/
Announcements
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Guest
Jim Routh is currently on the Boards of Supply Wisdom, GrammaTech, Savvy, Accountable Digital Identity Association and the Global Resiliency Federation. He is the former Board Chair for the Health Information Sharing & Analysis Center (H-ISAC) where he served for five years and former Board member for the Financial Services Information Sharing & Analysis Center (FS-ISAC). Jim is a former CSO/CISO for American Express, DTCC, KPMG, Aetna, CVS and MassMutual. Jim brings to the boards a vast business and technology background and is considered a digital and cyber security industry expert and thought leader. He has prepared and delivered several customized education sessions to Board members for the National Association of Corporate Directors (NACD) based on leading cyber security practices. Jim is currently an advisor for Transmit Security, Wiz, Devo, Netskope, Armis, Virsec, Securiti, Gurucul, Data Theorem, Cleer Security, Picnic, Saviynt, Legit Security, Reveal Security, and Graphite Health. He serves in an advisory capacity and investor for cyber specific venture funds including: Syn Ventures, CyberStarts, Security Leadership Capital, Ballistic Ventures and Rain Capital. Jim is an ICIT Fellow and an Adjunct Faculty member where he teaches cybersecurity for the NYU Tandon School of Engineering.
Hosts
3. Deepwatch Series C, SPAC Fads, LastPass, & Tyler Trades Adrian’s Info for Chocolate – ESW #307
This week in the Enterprise News: Deepwatch Announces $180 Million in Investments, VulnCheck Raises $3.2 Million to Solve Prioritization Challenge for Enterprise, Government and Cybersecurity Solution Providers, Zscaler to Acquire Israeli Startup Canonic Security, Palo Alto Q2 Fiscal Year 2023 Earnings Call, Tech’s hottest new job: AI whisperer. No coding required, How data breaches affect stock market share prices, & Kenyan Innovator Creates Smart Gloves That Translate Sign Language Into Audible Speech!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. FUNDING: Alphabet spinoff Sandbox AQ raises $500 mln for cyber security, other quantum work
- 2. FUNDING: Cloud Security Firm Wiz Raises $300 Million at $10 Billion Valuation
- 3. FUNDING: Deepwatch Announces $180 Million in Investments
A $180M series C brings MDR services vendor Deepwatch to a total of $256M raised since it was founded in 2019. 100% YoY growth for 2022 is claimed. The round was comprised of "equity investments and strategic financing from Springcoast Capital Partners, Splunk Ventures, and Vista Credit Partners.
- 4. FUNDING: Descope Launches Developer-First Authentication and User Management Platform
$53M in Seed funding, led by Lightspeed and GGV Capital. Building a passwordless authentication and user management platform for both B2C and B2B use cases. Has a very generous free tier!
- 5. FUNDING: PayPal co-leads $20M seed funding for on-chain risk optimizer Chaos Labs
- 6. FUNDING: Metomic Raises $20 Million to Protect Sensitive Data in SaaS Applications
- 7. FUNDING: Entitle Launches With $15M in Seed Funding to Bake Security Into Permissions Management
- 8. FUNDING: Riot prepares your team against highly sophisticated cyberattacks
$12M Series A led by Base10. French-based cybersecurity awareness platform.
- 9. FUNDING: CyberSmart Raises £12.8M in Series B Funding
- 10. FUNDING: Sendmarc secures $7 million in Series A funding for email and domain security protection
- 11. FUNDING: Procyon raises $6.5M to provide multicloud access management for DevOps teams – SiliconANGLE
- 12. FUNDING: VulnCheck Raises $3.2 Million to Solve Prioritization Challenge for Enterprise, Government and Cybersecurity Solution Providers
- 13. FUNDING: CommandK Raises $3M in Seed Funding
- 14. ACQUISITIONS: Zscaler to Acquire Israeli Startup Canonic Security
Less than a year after introducing AppTotal, the SaaS Security startup Canonic is picked up by Zscaler. AppTotal is a handy research tool. Drop the ID of a chrome browser extension into its search engine, and it will tell you if the extension is requesting more permissions than it really needs!
Boris Goren was formerly the CTO of FireLayers, a CASB that ended up as part of Proofpoint. The other founder, Niv, professes his love for the DVORAK keyboard layout in his bio.
- 15. ACQUISITIONS: Cisco to acquire startup Valtix to beef up its multi-cloud network security
- 16. ACQUISITIONS: Trend Micro Acquires SOC Technology Expert Anlyz
- 17. ACQUISITION RUMORS: Noname Security in negotiations to be acquired for hundreds of millions of dollars
- 18. BANKRUPTCIES: Cyren Announces Liquidation
- 19. BANKRUPTCIES: Cyren Announces Nasdaq Delisting Determination
- 20. TRENDS: The SPAC Fad Is Ending in a Pile of Bankruptcies and Fire Sales
This is my shocked face -_-
- 21. TRENDS: ZFOX performance not looking great
Speaking of SPACs, Ironnet got an 11th hour lifeline, but now ZFOX, which also went public via SPAC, is teetering on the brink of being delisted.
- 22. NEW COMPANIES: Introducing Sublime: A new, open approach to email security
- 23. NEW COMPANIES: The IAM Copilot for Machine Identities – Save valuable engineering time
- 24. NEW FEATURES: Canarytokens.org welcomes Azure Login Certificate Token
- 25. LAYOFFS: I’m a Stanford professor who’s studied organizational behavior for decades. The widespread layoffs in tech are more because of copycat behavior than necessary cost-cutting.
- 26. LAYOFFS: Even hackers are reportedly getting laid off by organized crime groups
- 27. REBRANDING: ShiftLeft is Now Qwiet AI! – Preventing the Unpreventable
- 28. PARTNERSHIPS: Let it snow! Wiz and Snowflake join forces to power insights with actionable intelligence
- 29. SURVEY SAYS: What we say vs what we do about privacy (via Ethan Mollick)
What we say vs. what we do about privacy: ????27% of people said they would hand over their unlocked phone to an experimenter to look at privately, 98% of people did ????People give away their data for small payments as long as they can actively avoid learning what is done with it
- 30. TRENDS: BEC attacks surged 81% in 2022, 98% employees failed to report threat
- 31. TRENDS: Palo Alto Q2 Fiscal Year 2023 Earnings Call
This item is here for one reason: perspective. We don't talk a lot about SASE, or 'legacy' technologies on this podcast, but it's important to keep things in perspective. Here are some interesting facts about Palo Alto Networks that will help with that perspective: 1. $56.6B market cap (more than the entire industry was worth a decade ago) 2. $2B in billings... last QUARTER ($1.655B revenue) 3. $1B in R&D spending (12 mo trailing) 4. $40M SASE deal done last quarter - that's a single deal
- 32. TRENDS: Tech’s hottest new job: AI whisperer. No coding required.
- 33. TRENDS: 2022 Biggest Year Ever For Crypto Hacking – Chainalysis
Also North Korea's biggest GDP in many years! Coincidence?
- 34. TRENDS: Auto dealers are prime targets for hackers, warn researchers
Low hanging fruit.
- 35. TRENDS: The norms of cyber insurance are unsustainable in today’s landscape
- 36. TRENDS: IPO Statistics and Charts
- 37. ESSAYS: Debating SIEM in 2023, Part 1
Anton is at it again...
- 38. ESSAYS: Benchmarking your cybersecurity budget in 2023
- 39. ESSAYS: We Need More FUD
- 40. ESSAYS: So you want to be a SOC Analyst? Intro
- 41. REPORTS: Enhancing Vulnerability Prioritization: Data-Driven Exploit Predictions with Community-Driven Insights
- 42. REPORTS: How data breaches affect stock market share prices – Comparitech
Great analysis here, solid methodology, but spoiler: "they don't"
- 43. REPORTS: Dragos Year In Review for ICS/OT Cybersecurity
- 44. BREACHES: LastPass says employee’s home computer was hacked and corporate vault taken
- 45. LEGISLATION: Cybersecurity Label for U.S. Coming as Early as April – EE Times
- 46. SQUIRREL: Romance scammers’ favorite lies exposed
Another reminder that ransomware isn't the only crooked game in town.
- 47. SQUIRREL: Kenyan Innovator Creates Smart Gloves That Translate Sign Language Into Audible Speech
- 48. SQUIRREL: Cancer diagnosis using urine!
Always excited to see easier methods for early cancer detection. First, we saw cancer detection via blood test, now urine! It's a good trend to see.