Risky Business News - Episode Summary: Sponsored: Breaking the Deadlock Between IT and Security Teams
Podcast Information:
- Title: Risky Business News
- Host/Author: risky.biz
- Episode: Sponsored: Breaking the Deadlock Between IT and Security Teams
- Release Date: November 24, 2024
Introduction
In this episode of Risky Business News, host Tom Uren engages in an insightful conversation with Mike Wiachek, the CEO and founder of Stairwell. Stairwell specializes in a file analysis platform designed to detect malware and potentially malicious files within enterprise networks. The focal point of their discussion centers on bridging the often strained relationship between IT and security teams within organizations, exploring strategies to foster collaboration and mutual understanding.
Understanding the IT and Security Teams Dynamic
Tom opens the discussion by inquiring about the typical dynamics between IT and security teams. Mike provides a nuanced perspective:
“The security team, while responsible for controls and securing machines, ultimately is beholden to what the IT team is willing to deploy. Any new security software ends up costing political capital with the IT team or the administrators to actually get that rolled out.”
— Mike Wiachek, [00:51]
Mike highlights a common challenge: security teams often introduce tools that require IT teams to allocate resources for deployment. This can lead to "agent fatigue," where IT teams are overwhelmed by the multitude of security agents running on each device, potentially impacting system stability.
Overcoming Adversarial Perceptions
Addressing whether the relationship between IT and security teams is adversarial, Mike emphasizes a collaborative mindset:
“You're all on the same side. The security team wants to keep data safe... The IT team is focused on stability... I don't think it's a good idea to view it as adversarial.”
— Mike Wiachek, [02:04]
He advocates for viewing IT and security as partners with aligned goals—security ensuring data integrity and IT maintaining system stability. This unified approach can transform potential conflicts into win-win scenarios, where both teams derive value from new security solutions.
Demonstrating Mutual Value
Tom probes into how security solutions can demonstrate value to IT teams even before installation. Mike shares Stairwell's strategy:
“We solve it as a data search problem... This allows you to get instant visibility into anything like that.”
— Mike Wiachek, [03:36]
Stairwell’s platform collects and analyzes data centrally, enabling various use cases that appeal to both IT and security teams. For instance, by aggregating executable files and their versions across the network, Stairwell can inform IT teams about outdated software versions, facilitating proactive patch management without overburdening system resources.
Engaging IT Teams Early in the Sales Process
Discussing best practices for cybersecurity startups, Mike advises:
“Go talk to IT managers or CIOs... understand what their priorities and concerns are.”
— Mike Wiachek, [07:15]
Stairwell's initial focus often lies with security team members, but Mike underscores the importance of involving IT teams early to ensure that solutions align with their objectives. This dual-focus approach ensures that security tools are not only effective but also seamlessly integrate into existing IT infrastructures.
Real-World Insights and Lessons Learned
Reflecting on his experiences, Mike shares pivotal moments that underscored the necessity of bridging IT and security:
“These guys are bothering Me again. And I'm just trying to figure out like, how do you come in there and be an ambassador of stability.”
— Mike Wiachek, [09:11]
He recounts instances where security initiatives faltered due to a lack of IT collaboration and how proactive engagement with IT teams led to successful deployments. One notable example involved addressing a vulnerability in OpenSSH—a collaboration between IT and security was crucial in effectively communicating and mitigating the risk.
Extending Value Beyond Security
Mike elaborates on how Stairwell's platform uncovers additional value propositions beyond traditional security use cases:
“The value of the data set... is only limited by the imagination that we have to actually see the use cases that can exist.”
— Mike Wiachek, [04:07]
By centralizing data collection and analysis, Stairwell enables IT teams to leverage this information for diverse applications, such as patch management and vulnerability assessments. This multifaceted utility ensures that both IT and security teams find tangible benefits, fostering a collaborative environment.
Promoting Holistic Security Hygiene
Concluding the discussion, Mike emphasizes the importance of foundational security practices:
“Security most of the time, all the time, most of the time is a hygiene problem... I need to make sure my patches are installed.”
— Mike Wiachek, [11:44]
He asserts that while advanced threats like Stuxnet are significant, maintaining basic security hygiene—such as timely patching and proper software configurations—is paramount in mitigating a vast majority of risks. By ensuring these practices are upheld, organizations can significantly enhance their overall security posture.
Conclusion
Mike Wiachek's insights shed light on the intricate balance between IT and security teams within organizations. By advocating for collaborative strategies, mutual value creation, and a focus on security hygiene, Stairwell exemplifies how cybersecurity solutions can bridge departmental divides. This episode serves as a valuable guide for cybersecurity startups and organizations aiming to harmonize their IT and security efforts, ultimately fostering a more secure and resilient infrastructure.
Notable Quotes:
- Mike Wiachek [00:51]: “The security team... is beholden to what the IT team is willing to deploy.”
- Mike Wiachek [02:04]: “You're all on the same side... I don't think it's a good idea to view it as adversarial.”
- Mike Wiachek [07:15]: “Go talk to IT managers or CIOs... understand what their priorities and concerns are.”
- Mike Wiachek [09:11]: “How do you come in there and be an ambassador of stability.”
- Mike Wiachek [11:44]: “Security most of the time... is a hygiene problem.”
This comprehensive summary encapsulates the key discussions, insights, and practical recommendations shared by Mike Wiachek, providing valuable takeaways for listeners interested in enhancing collaboration between IT and security teams within their organizations.