Clarke Rodgers:
I’m Clarke Rodgers, Director of Enterprise Strategy, and I’ll be your guide through a series of conversations with security leaders. Today’s guest is Mike Britton from Abnormal AI. Please join us as we discuss security leadership, security career paths, and agentic AI, and more.
Mike, thanks so much for joining me today.
Mike Britton:
Thanks. It's great to be here.
Clarke Rodgers:
Please introduce yourself and your role at Abnormal.
Mike Britton:
I am Mike Britton. I am the CIO of Abnormal. I've been there for four years and part of my job is running our internal IT program, security, customer trust, and anything else my boss asks me to do.
Clarke Rodgers:
So you've evolved to the CIO role from being a CISO. Can you tell me how that transition happened?
Mike Britton:
That's funny. Throughout my career, I've always been willing to take on new challenges. I've owned IT before at previous roles, previous life, and I got here at Abnormal when we were about 100-120 employees and we didn't really have an IT team. So it's something that I'm very comfortable. I'm very hands-on. I love technology, and so I just kind of evolved and as I've grown at Abnormal over the past four years as we were talking with my CEO, who's also my boss, just the conversation came about what's next, and we've got a lot of exciting challenges as we continue to grow, and I really thought it was a great opportunity to broaden and look at our technology transformation and how we're really evolving as a company.
Clarke Rodgers:
And then as CIO, you can now ensure that security is everyone's top priority throughout IT. Correct?
Mike Britton:
Yes. I often tell my teams because there's always that natural push-pull between IT and security, and it's always nice to be able to say, you guys all work for me. Get along.
Clarke Rodgers:
That's right.
Mike Britton:
I need my IT team to be security focused, and I need my security team to also have the internal customer in mind. So it's not about zero risk, it's about productivity, it's about achieving business objectives, and sometimes that means we can't have a perfect world.
Clarke Rodgers:
For sure. In addition to your CIO role, you're also leading the AI focus at Abnormal. Can you talk a little bit about how that came onto your plate, for lack of a better word, and then how you're thinking about AI not only internally as a sort of business tool, but then maybe from an attacker perspective and how you're protecting the organization from AI?
Mike Britton:
Yeah, it's interesting because Abnormal's always been an AI company. We always like to joke we're AI before AI was cool. Evan and Sanjay are two founders. They started the company as abnormal AI. And I think the feedback they got from the market was, whoa, this is too new, too soon, too scary. So we're like, “Okay, let's go with Abnormal Security.” And now we're in the right time, the right place to go back to our original roots. So that's why we've rebranded to Abnormal AI.
And so we do so many great things from a product perspective for AI, and there's so much opportunity. You see it in some of the smaller startups that are just now starting. They're able to leverage AI on the development side. They're able to leverage it internally. We have to be able to be agile in our business. We have to be able to scale. I love the concept of every person at the organization needs to be the best AI enabled version of themselves. And so part of that is looking at new opportunities, looking how do we scale? It's not about replacing jobs. It's about how do I grow 10X over the next five years without hiring 10X more people?
Clarke Rodgers:
With the proliferation of AI tools that your business users are using, how do you think about the securitization of those and then prior to vending them out to those users, what kind of guardrails are you putting in place for this?
Mike Britton:
Yeah, first and foremost, I want my business to come to me. I want them to come to me at the idea state. I want them to come to me with, “Hey, we're looking to solve this problem.” It's so easy today for them to put in an email address, not even have to put in a credit card and off to the races they go. And so as security, as IT, I can't take the head in the sand approach of, “We're going to block it all, stop it all.”
Clarke Rodgers:
Right.
Mike Britton:
I need to usher them to come work with me to help them try things quickly, to fail fast, to see what works, what doesn't work, and help them also articulate the return on investment. It's not only the cost, but it's the speed to implementation, the real-world effects of how using that tool can help us out. And then honestly, we're in this weird age of 8,000 versions of everything out there on the marketplace and new things coming up every day. And as much as I'd love to have five versions of the same thing, we do want to rationalize tools and technology and helping usher people into the right solution.
Clarke Rodgers:
So how have you built the security culture at Abnormal to facilitate just that. You want to protect the organization, but then you also want to allow people to move quickly and innovate. So how have you found that balance so that you're not viewed as the department of no, but you're also implementing sensible security rules?
Mike Britton:
Yeah, it's a balance. We don't live in a black-and-white world. It's always operating in shades of gray. Any organization, whether you're a tech company like I am or brick-and-mortar, you have to take certain business risks to be successful. It's all about navigating and engaging those risks. I've often looked for opportunities to show that security can also be a business enabler, whether that's moving to passwordless or being there at the early stages to guide and navigate through the right steps. I'm not wanting to say no. My team, I'm very much push back when it's a no first attitude. It's more of a consultant. It's almost like I'm the advisor to the organization, advisor to the product, advisor to the business to help them navigate, to make the right decisions and move as fast and take as much risk as the organization can tolerate and just move quickly.