How Trellix is Staying at the Forefront of Security

Clarke Rodgers (00:10):
Martin, thanks so much for joining me today.

Martin Holste (00:12):
Sure. Happy to be here.

Clarke Rodgers (00:13):
Please tell me a little bit about your background and what brought you to Trellix.

Martin Holste (00:16):
So at Trellix, I'm the CTO for Cloud, and I handle our emerging technology as well, including AI.

So, you go way back, I ran a Security Operations Center for the state of Wisconsin for seven years. And when I was there I learned a ton about things like advanced persistent threats the hard way — because we found them.

Clarke Rodgers (00:34):
Right.

Martin Holste (00:35):
And so that was exciting. And from there, I went to Mandiant, and it's been a wild ride ever since. We were acquired by FireEye, and I learned a lot about cloud there. And then from there, we merged with Trellix. And so, it's been a real pleasure of an adventure here.

Clarke Rodgers (00:49):
So, you've been in the cybersecurity space for quite some time. How have you seen cybersecurity evolve from a business lens? We often joke that the security team is the team you keep in the basement until something bad happens and you need them to do something. But now we have CISOs reporting directly to the board and really being business leaders. Can you talk a little bit about the transition you've observed?

Martin Holste (01:14):
Yeah, I've seen that firsthand internally as well as working with customers. Seeing that the CISO now generally speaks directly to the board because they want to hear it directly from the CISO. They want to know exactly what's going on at all times. And that's certainly changed over, I'd say, the last five years. Before that, it was more of an IT function — more of the CIO reporting structure. And I think, that's really indicative of how that landscape has changed over that course of years.

Clarke Rodgers (01:42):
So, you have a deep expertise in Security Operation Centers (SOC). What are some of the best practices to help avoid burnout for that SOC analyst?

Martin Holste (01:54):
So that's really important. As we look at the skills gap that we see out there, you can't afford to be losing good people. And so, a big part of that is being able to use as much automation as you can so that they're not doing the boring stuff.

And that means that your staff needs to be talking with other people as much as possible, especially around incidents that they're working or things like that, or doing the investment work to where they're making sure they have things connected in so they have that business visibility that goes on.

Clarke Rodgers (02:21):
And then, if we step out of the SOC and just sort of the larger security team, as you well know, finding and retaining quality security professionals is difficult these days. What do you do at Trellix to help develop that security culture and make sure that that lone developer actually cares about security as they're writing the code?

Martin Holste (02:43):
Security is everyone's responsibility, and we certainly have that embedded in our culture overall. And it's hard not to when you're out there fighting bad guys every day. And so, you start to think like a bad guy a little bit. And even at the developer level, we try to make sure that they understand how our products work, how it matters to customers. And then just building in things like visibility from the beginning so that we know we're building it strong.

Clarke Rodgers (03:06):
And then, are there any sort of mechanisms or best practices that you do for the non-security professionals to make sure that security doesn't come down like a hammer, but it's much more of a, "Hey, you could have done this better," — more of a coach mentality

Martin Holste (03:20):
So we have a number of training programs that all of our staff follow. And in addition to that, as a security company, we're on the front lines all the time. And so, it really is embedded in what we do in our overall culture. Even whether you're in sales or accounting, we're always talking about security. And so, we make sure that that is, we're at the very forefront of it, and everyone, it's job zero.

Clarke Rodgers (03:44):
When you're speaking to customers around topics like multi-cloud and how to secure multiple workloads across multiple clouds, what's some of the advice you give them?

Martin Holste (03:55):
Complexity is the enemy of security. So, the very first thing is to make sure that you're doing things as simply as possible. And, generally speaking, having as few clouds as possible helps with the simplicity quite a bit. When you do have more than one, what I tend to recommend is that people treat one as their primary cloud and others as essentially on-prem or in a more data center-like approach. And then that helps to simplify it as either cloud or not cloud for the most part.

Clarke Rodgers (04:21):
So, another hot topic that's out there these days is generative AI. And when I talk to customers, and I imagine it's a similar story with you, there's really two points of view. There's one, look at all the potential that's out there from a positive perspective, from a business perspective, and then two, look at all the potential that's out there from a nefarious and attacker perspective. What do you think about generative AI and where do you think it's going to be taking us?

Martin Holste (04:47):
Well, in business terms, you have to start using generative AI or you're going to fall behind. So as a CISO, you have to find a way to allow your people to be productive, but also, do it in a safe way. So that means you need controls and policies in place to both allow them to do it, but to protect them and the business as they are using generative AI.

Clarke Rodgers (05:05):
And are you all using it today at Trellix?

Martin Holste (05:08):
Yeah, I'm a huge proponent of using generative AI as much as possible in a standard business. And so, we do a lot of training internally on how to use all kinds of different AI so that they can be more productive. Along those lines, we also have controls in place to make sure that it's impossible for them to accidentally copy and paste something to go where it shouldn't.

Clarke Rodgers (05:29):
Fantastic. Another hot topic, Zero Trust, right? Part of the challenges of Zero Trust, it may mean something different to me than it may mean to you. How do you think about Zero Trust?

Martin Holste (05:38):
Sure. There's two angles to it. And so, from our perspective, we look at it from an endpoint — so is that endpoint trustworthy? Yes or no? And one of the interesting things that's happened over the last few years with the launch of AWS Verified Access is now you can write a policy on the cloud side that interfaces with what we know on the endpoint. And so this has been a big shift in the industry, and I think it's a really important thing for customers of AWS and customers that we have, to all understand how this fits together.

Clarke Rodgers (06:03):
Martin, thank you so much for spending time with me today.

Martin Holste (06:06):
My pleasure.