Gallo

What Has Your Professional Journey Been Like So Far?

I have a diverse professional background that has its roots in application development. Early in my career, there was no security team at the organization I worked for. I found the work interesting and transitioned into systems engineering and security, taking up the mantle of endpoint security, network security and information security analysis.

Over the years, I have also delved deep into the risk and compliance side of things, working on SOX, PCI, GDPR and HIPAA.

At Gallo, I lead a team of professionals comprising analysts, engineers and architects who cover all security domains, including endpoint security, network security, cloud security, application security, identity access management, security operations, governance, risk and compliance, ERP security, threat and vulnerability management and human factor security. We strive to cover all security aspects, providing comprehensive solutions to our business partners.

Could You Elaborate On The Challenges Prevalent In The Industry?

Maintaining an optimal risk posture amidst the constantly evolving threat landscape and shifting business priorities is a significant challenge. As security professionals, it’s imperative for us to align our strategies with the company’s vision and goals. We must ensure that our team’s capabilities and resources are utilized effectively to enable the business to securely venture into new opportunities.

The overwhelming amount of threat and vulnerability data and alerts from various sources, such as servers, endpoints, network devices and application security, makes taking suitable action difficult. We need to navigate through the noise and focus on the critical issues that demand immediate attention.

Is There Any Initiative Or Program Within Your Organization That Helps Your Team Derive Meaningful Insights From Collected Data?

To effectively secure businesses, it is crucial to identify data flows and understand the assets most critical and exposed. By pinpointing key applications and infrastructure for business functions, we can assess each asset’s exposure level. This involves examining the accessibility of applications through the web, any connectivity between the cloud and critical systems, and any flows from the web to the servers. This information enables us to prioritize our parsing rules based on the risk level of each asset. Rather than treating every log event with the same severity level, we can focus on critical systems and infrastructure.

This approach provides more context and allows us to manage our digital assets more effectively. It is, however, important to note that keeping this information up-to-date and accurate requires manual effort and ongoing management. Overall, this process has proven useful in managing our digital assets and ensuring that our data remains secure.

Could You Please Shed Some Light On How Vulnerability Management Facilitates Staying Abreast Of Evolving Federal Regulations?

Developing robust relationships with internal legal, compliance and enterprise risk teams is critical to managing IT compliance. The IT department must be an integral part of the enterprise compliance committee and collaborate closely with these teams to comprehend the regulatory requirements that apply to the business. This facilitates the identification of any requisite changes necessary to ensure compliance with regulations, which can be worked into the IT roadmap within the prescribed lead time.

IT compliance should not be viewed as a mere box-ticking exercise for passing audits but must be aimed at managing risks to the organization. Staying up to date with the latest regulatory requirements and seamlessly integrating best practices into a strategic IT roadmap is imperative. This proactive approach ensures that the team is not scrambling at the last minute to implement changes required for compliance, thereby avoiding a reactive mode.

By adopting a proactive approach and effectively managing risks, the IT department can ensure that the company is less vulnerable and minimize risks to the business.

As We Anticipate The Next 12-18 Months, What Technological Advancements And Best Practices Should Enterprise Leaders Keep An Eye Out For?

The use of AI in offensive security is gaining popularity, but there are potential benefits beyond that. AI can be used to test internal platforms and can even replace or augment a managed security service provider or internal security operations center. By leveraging AI for anomaly detection within logs and parsing, it can perform the initial screening of security threats and reduce the need for human intervention. However, while technology is important, it is not the ultimate solution to security risks. People and processes are the main culprits. Even with the most advanced tools, policies and security awareness training, human error still poses a significant threat. Recent trends indicate that a significant number of breaches are identity-based, often stemming from human error across various organizations. So, it is crucial to focus on building solid, hardened processes that minimize opportunities for errors and ensure that policies are followed.

What Advice Would You Offer To Your Peers And Aspiring Industry Professionals?

Understand the business. It is crucial for anyone looking to enter or advance their career to have a deep understanding of the business. The primary goal of IT security professionals should be to support the business and not to hinder its growth by imposing restrictions or denying project approvals. It is necessary to establish meaningful connections with individuals working across various teams such as product development, finance, sales and marketing to achieve this objective. This allows professionals to better comprehend the business’s goals, requirements and challenges and find ways to assist them.

Building trust and becoming a reliable advisor to these teams is also essential. This ensures that they seek guidance and advice rather than try to bypass leaders in the decision-making process. It is, therefore, pivotal to work closely with different teams to ensure that they feel comfortable approaching security for assistance.