Data Security Decoded

Episode: The State of Data Security: A Distributed Crisis

Host: Caleb Toland, Rubrik
Guest: Joe Hladic, Head of Rubrik Zero Labs
Date: April 22, 2025

Episode Overview

This episode explores Rubrik Zero Labs’ new report, “The State of Data Security: A Distributed Crisis.” Host Caleb Toland speaks with Joe Hladic, Head of Rubrik Zero Labs, about his experience in incident response, how the threat landscape has evolved, and the urgent challenges posed by data sprawl and cloud environments. The conversation covers trends in both attack motivation and organizational security strategies, with a special emphasis on the intersection of identity management and data security.

Guest Introduction: Joe Hladic’s Background and Motivation

Joe Hladic shares how his move from city life to upstate New York was motivated by a desire to be closer to family and enjoy both urban and outdoor experiences.

“I love city life, but I also like remote life… I live in the best of both worlds.” (01:36–01:54)
Transition into cybersecurity:
- Started as a software engineer; drifted toward security due to an interest in detection engineering, vulnerability research, and red team operations (02:46–05:23).
- Prefers detection engineering “because it provided me sort of the best of both worlds… you have to know how threat actors are behaving, the techniques they're using, and then that informs how you hunt for them.” (04:15–05:06)

Key Discussion Points & Insights

Evolution of Threats and Industry Response

Major Milestones in Cybersecurity (05:45–07:27):

Initial Epoch: Nation-state attacks (e.g., APT1 report) on private industry.
Mid-Epoch: Politically motivated attacks (entertainment/media as targets).
Current Epoch: Emergence and refinement of ransomware, now a sophisticated, multifaceted cybercrime economy:
- “You have access brokerage, like people who specialize just in selling initial access to other threat actors.” (06:42–07:23)

Attack Motivation and Complexity (07:43–10:25):

Motives are mixed—financial gain dominates cybercrime, while espionage remains for nations.
Blurred lines between nation-state and cybercriminal groups; e.g., ransomware gangs sponsored by nation-states to avoid sanctions.

“We’re even seeing now where nation states and criminal organizations are also working together.” (09:48)

Obstacles in International Response:

Challenges in global law enforcement and prosecution due to jurisdictional boundaries.

“It’s not like robbing a neighbor’s house… the perpetrator could be in Africa [while] attacking an entity in the United States.” (08:51–09:19)

The Vulnerability Management Gap

Why Organizations Struggle (10:25–15:26):

Vulnerability Exploitation: Threat actors and red teams often possess knowledge of vulnerabilities unknown to vendors—the high value of “zero day” exploits.
Disclosure Dilemmas: Security professionals must delicately balance notifying affected vendors and clients, patching the flaw, and releasing information publicly.

“You have to delicately balance, okay, who do I communicate with first? Because the victims ultimately are going to be the customers…” (11:30–12:14)
Resource Constraints: Deciding to patch or delay a major software release is a risk management question—a single vulnerability might disrupt business priorities.
DevSecOps & Prevention: The incorporation of security earlier in the development cycle is essential, though not foolproof.

Report Spotlight: Data Sprawl as a Crisis

Central Findings from “The State of Data Security: A Distributed Crisis” (16:11–21:28):

Data Sprawl Defined:
- Sensitive data organically spreads across internal and external platforms as it evolves from a simple idea to classified information.
- “What is data sprawl?… As you’re sharing that file, it branches out like a tree… The data is not just sprawling through an identity space, it's also spreading through a platform space.” (16:36–18:31)
Risks of Sprawl:
- Lack of visibility and control as files proliferate across email, Google Drive, SharePoint, Slack, etc.
- The challenge of enforcing access controls retroactively.
- “That gets unmanageable very quickly. So you need automation, you need technology to solve these problems.” (20:49–21:11)
Importance of Data Security Posture Management:
- First, organizations need to know where sensitive data exists and who has access.
- With visibility, they can enforce policies, automate controls, and scale security efforts.

Identity as the (Shifting) New Perimeter

Why Identity Matters (21:28–25:13):

Identity is the entry point to resources in modern hybrid/multi-cloud environments.
- “Identity acts as the perimeter to hybrid multi cloud environments because the identity is the one that basically governs access…” (21:48–22:13)
- But: “Identity isn't a static perimeter, it's dynamic… identities are managed, they're created, federated, expire constantly.” (21:48–22:53)
Oversimplification Warning:
- “I think it's a great slogan, but I think in many ways it oversimplifies the challenge.” (21:42–21:47)
- Identity is a dynamic attack surface, not just a perimeter: onboarding, access requests, federated identities, and approvals can all introduce gaps.
What’s Needed:
- Like old network perimeters (monitored with firewalls and packet sniffers), identity requires “visibility and detection mechanisms for policy enforcement.” (24:14–24:25)

Looking Forward: Priorities for Zero Labs and the Industry (25:13–28:15)

Incident Response Integration:
- “How do we move [backup data] earlier into the pipeline? So when an investigator is sweeping… why not loop in the backup data too?” (25:49–26:11)
Building on the Report’s Foundation:
- Future reports will expand on AI/data security intersections and deep dives into identity management.
- “That all applies to things like AI… Your data lake… you want to make sure your data lake is secure, you know where your data is, how it's classified… before you start feeding it into an LLM.” (26:29–26:50)
Identity and Data Security as Intertwined:
- “The whole point of an identity is really to govern data access and then track it and monitor it so they're intrinsically linked.” (27:28)

Memorable Quotes & Moments

On the messy reality of vulnerability response:

“Do we release the software, move forward with the vulnerability, make everybody vulnerable… or do you pull back and delay and fix that patch? …It becomes a risk, like a business risk management situation.”
(13:33–13:58, Joe Hladic)
On data sprawl and its complexity:

“That’s kind of the… where data security posture management comes into play… Where are all my sensitive files? Where are they located? That at least provides me information that then I can start making decisions.”
(20:13–20:49, Joe Hladic)
On identity and its limits as a solution:

“It’s easily manipulated, easily exploited… It’s not just a perimeter… it's more of like a shifting attack surface.”
(23:08–23:28, Joe Hladic)

Key Timestamps for Important Segments

| Topic | Timestamp | |--------------------------------------------------|:-------------:| | Joe Hladic’s personal background/introduction | 01:36 | | Evolution of security career and incident response| 02:46–05:23 | | Breach history and changing threat landscape | 05:45–10:25 | | Vulnerability management challenges | 10:25–15:26 | | Report findings: Data sprawl in practice | 16:11–21:28 | | Identity as a dynamic perimeter | 21:28–25:13 | | Zero Labs future focus: IR, AI, identity | 25:13–28:14 |

Tone & Style Notes

The episode maintains a conversational, accessible tone, breaking down complex cybersecurity concepts into easily digestible stories and analogies (e.g., data sprawl as a “branching tree” or identity as a “shifting attack surface”). Both host and guest balance technical rigor with a sense of shared mission and curiosity.

Summary Takeaway

The landscape of data security is rapidly evolving into one defined by complexity, sprawl, and interconnectedness. Rubrik Zero Labs’ research finds that as sensitive data and identities proliferate across clouds and platforms, visibility, posture management, and automation are not just best practices—they’re survival strategies. The episode both underscores the complexity of the threat landscape and offers a call to action for organizations to get proactive, especially as AI and sophisticated attacks redefine the rules of cyber risk.

Data Security Decoded

Episode: The State of Data Security: A Distributed Crisis

Host: Caleb Toland, Rubrik
Guest: Joe Hladic, Head of Rubrik Zero Labs
Date: April 22, 2025

Episode Overview

Guest Introduction: Joe Hladic’s Background and Motivation

Joe Hladic shares how his move from city life to upstate New York was motivated by a desire to be closer to family and enjoy both urban and outdoor experiences.

“I love city life, but I also like remote life… I live in the best of both worlds.” (01:36–01:54)
Transition into cybersecurity:
- Started as a software engineer; drifted toward security due to an interest in detection engineering, vulnerability research, and red team operations (02:46–05:23).
- Prefers detection engineering “because it provided me sort of the best of both worlds… you have to know how threat actors are behaving, the techniques they're using, and then that informs how you hunt for them.” (04:15–05:06)

Key Discussion Points & Insights

Evolution of Threats and Industry Response

Major Milestones in Cybersecurity (05:45–07:27):

Initial Epoch: Nation-state attacks (e.g., APT1 report) on private industry.
Mid-Epoch: Politically motivated attacks (entertainment/media as targets).
Current Epoch: Emergence and refinement of ransomware, now a sophisticated, multifaceted cybercrime economy:
- “You have access brokerage, like people who specialize just in selling initial access to other threat actors.” (06:42–07:23)

Attack Motivation and Complexity (07:43–10:25):

Motives are mixed—financial gain dominates cybercrime, while espionage remains for nations.
Blurred lines between nation-state and cybercriminal groups; e.g., ransomware gangs sponsored by nation-states to avoid sanctions.

“We’re even seeing now where nation states and criminal organizations are also working together.” (09:48)

Obstacles in International Response:

Challenges in global law enforcement and prosecution due to jurisdictional boundaries.

“It’s not like robbing a neighbor’s house… the perpetrator could be in Africa [while] attacking an entity in the United States.” (08:51–09:19)

The Vulnerability Management Gap

Why Organizations Struggle (10:25–15:26):

Vulnerability Exploitation: Threat actors and red teams often possess knowledge of vulnerabilities unknown to vendors—the high value of “zero day” exploits.
Disclosure Dilemmas: Security professionals must delicately balance notifying affected vendors and clients, patching the flaw, and releasing information publicly.

“You have to delicately balance, okay, who do I communicate with first? Because the victims ultimately are going to be the customers…” (11:30–12:14)
Resource Constraints: Deciding to patch or delay a major software release is a risk management question—a single vulnerability might disrupt business priorities.
DevSecOps & Prevention: The incorporation of security earlier in the development cycle is essential, though not foolproof.

Report Spotlight: Data Sprawl as a Crisis

Central Findings from “The State of Data Security: A Distributed Crisis” (16:11–21:28):

Data Sprawl Defined:
- Sensitive data organically spreads across internal and external platforms as it evolves from a simple idea to classified information.
- “What is data sprawl?… As you’re sharing that file, it branches out like a tree… The data is not just sprawling through an identity space, it's also spreading through a platform space.” (16:36–18:31)
Risks of Sprawl:
- Lack of visibility and control as files proliferate across email, Google Drive, SharePoint, Slack, etc.
- The challenge of enforcing access controls retroactively.
- “That gets unmanageable very quickly. So you need automation, you need technology to solve these problems.” (20:49–21:11)
Importance of Data Security Posture Management:
- First, organizations need to know where sensitive data exists and who has access.
- With visibility, they can enforce policies, automate controls, and scale security efforts.

Identity as the (Shifting) New Perimeter

Why Identity Matters (21:28–25:13):

Identity is the entry point to resources in modern hybrid/multi-cloud environments.
- “Identity acts as the perimeter to hybrid multi cloud environments because the identity is the one that basically governs access…” (21:48–22:13)
- But: “Identity isn't a static perimeter, it's dynamic… identities are managed, they're created, federated, expire constantly.” (21:48–22:53)
Oversimplification Warning:
- “I think it's a great slogan, but I think in many ways it oversimplifies the challenge.” (21:42–21:47)
- Identity is a dynamic attack surface, not just a perimeter: onboarding, access requests, federated identities, and approvals can all introduce gaps.
What’s Needed:
- Like old network perimeters (monitored with firewalls and packet sniffers), identity requires “visibility and detection mechanisms for policy enforcement.” (24:14–24:25)

Looking Forward: Priorities for Zero Labs and the Industry (25:13–28:15)

Incident Response Integration:
- “How do we move [backup data] earlier into the pipeline? So when an investigator is sweeping… why not loop in the backup data too?” (25:49–26:11)
Building on the Report’s Foundation:
- Future reports will expand on AI/data security intersections and deep dives into identity management.
- “That all applies to things like AI… Your data lake… you want to make sure your data lake is secure, you know where your data is, how it's classified… before you start feeding it into an LLM.” (26:29–26:50)
Identity and Data Security as Intertwined:
- “The whole point of an identity is really to govern data access and then track it and monitor it so they're intrinsically linked.” (27:28)

Memorable Quotes & Moments

On the messy reality of vulnerability response:

“Do we release the software, move forward with the vulnerability, make everybody vulnerable… or do you pull back and delay and fix that patch? …It becomes a risk, like a business risk management situation.”
(13:33–13:58, Joe Hladic)
On data sprawl and its complexity:

“That’s kind of the… where data security posture management comes into play… Where are all my sensitive files? Where are they located? That at least provides me information that then I can start making decisions.”
(20:13–20:49, Joe Hladic)
On identity and its limits as a solution:

“It’s easily manipulated, easily exploited… It’s not just a perimeter… it's more of like a shifting attack surface.”
(23:08–23:28, Joe Hladic)

wavePod

The State of Data Security: A Distributed Crisis

Powered by Wave AI

Summary

Data Security Decoded

Episode: The State of Data Security: A Distributed Crisis

Episode Overview

Guest Introduction: Joe Hladic’s Background and Motivation

Key Discussion Points & Insights

Evolution of Threats and Industry Response

The Vulnerability Management Gap

Report Spotlight: Data Sprawl as a Crisis

Identity as the (Shifting) New Perimeter

Looking Forward: Priorities for Zero Labs and the Industry (25:13–28:15)

Memorable Quotes & Moments

Key Timestamps for Important Segments

Tone & Style Notes

Summary Takeaway

Summary

Data Security Decoded

Episode: The State of Data Security: A Distributed Crisis

Episode Overview

Guest Introduction: Joe Hladic’s Background and Motivation

Key Discussion Points & Insights

Evolution of Threats and Industry Response

The Vulnerability Management Gap

Report Spotlight: Data Sprawl as a Crisis

Identity as the (Shifting) New Perimeter

Looking Forward: Priorities for Zero Labs and the Industry (25:13–28:15)

Memorable Quotes & Moments

Key Timestamps for Important Segments

Tone & Style Notes

Summary Takeaway