Brad Bierman is the Manager of Security Engineering at Arctic Wolf Networks. As a technical security consultant with a lot of depth in the industry, Brad is now responsible for a team of 11 security engineers at this California and Waterloo-based startup. We caught up with Brad recently to hear about their growth and the ever-evolving security industry…which is top of mind for everyone these days!
Can you tell us about Arctic Wolf and the difference that your solutions make to your customers?
Normally small or medium sized companies can’t afford to hire someone to put in all the infrastructure, the software and hardware required for a security solution – it’s very prohibitively expensive for them. We provide a managed detection service where we have sensors inside the companies’ networks and we’re monitoring them looking for indications if their system is compromised. We then escalate it into the company and they’re the ones that actually fix it and handle that mitigation – we’re the ones doing the detection part.
There’s so many false positives when you’re doing that kind of work, we’re down to 95% false positive but when you start out there’s 99% false positive and that’s where the experience and expertise of the people that we hire comes into play. Each customer has a dedicated security engineer that is their advocate inside AW to make sure they get what they need so they feel comfortable and have a strong relationship. That’s the big differentiator, we have all this infrastructure that we’ve developed working to monitor these systems but then you have someone dedicated to using these tools to check whether your system is compromised, to answer questions, and to give you advice.
Tell us why you chose to join this team?
I was working for a big company back in 2014 and it was so hard to get things done. Although there were interesting aspects to the job there was so much you couldn’t do because it was another group’s responsibility. Everything moved slowly and that made me want to explore opportunities with a smaller company.
The fact that Arctic Wolf was a start up was very interesting to me. Meeting the founders really gave me confidence in the direction of the company and that they knew what they were doing. They are very senior people and have run large multi-national businesses before so they knew how to get something going. The fact that it was a really agile company, and that we were helping all these companies that couldn’t afford a good solution were factors that I found really attractive.
What has your experience been like since you joined AW?
It’s been incredible. Like with any startup, you have to work around things but it’s been great working directly with our developers and customers. It’s sometimes long hours which can be draining but it’s more a team than a company – it’s a very collaborative and accepting place and that’s one of the big drawing factors as to why people want to stay on here.
We’re not an argumentative place, everybody is accessible from the CEO down and that’s very nice to have within the organization. I started early so everyone knows me in the company – when we first started I was part of the technical sales team along with security engineering – it was interesting to see how we were really able to get our customers in.
We went through incredible growth and it’s part of the reason I was made Manager because we were growing so fast – initially there were 3 of us and now I run a team of 11.
Can you tell us about the role of a Security Engineer (SE)? What makes the difference for someone who is good and someone who is great in this role? (What skill sets are you looking for as you grow your team?)
The SE is responsible for the customer, they handle any kind of product updates and make sure somebody is working on it. There’s an aspect where they have to do some project management, they’re also typically fairly senior people where they’ve got a fair bit of IT & security experience as they have to answer a lot of questions like “What’s going on with my switch/or my firewall/or my proxy” so they have to have that understanding.
What makes a great SE is someone who enjoys talking to people, who has social skills and is able to communicate effectively. It also helps if they’re analytical, they like to dive into things and solve problems. There’s a time management aspect where they have to manage their time so they don’t go into rabbit holes trying to track something down. They have to be willing to ask for help. There’s obviously a technical background we have in mind but these are the soft skills that are needed and that help someone succeed in this job, the technical skills I can always teach.
What is the biggest myth companies have about their cyber security operation?
There’s a bunch of them – the first one is that antivirus is effective, it’s effective for about 30% of what’s out there. Companies assume that because they have a firewall or an anti-virus they’re good but they’re probably not. There’s very few that will be able to detect everything.
After a couple of days most of them are good at being reactive, but not good enough, and the security posture that most people have is they put in a point solution and nobody monitors those logs, nobody looks at what is going on. They feel safe and secure in that they have this coin security solution but they completely neglect the monitoring aspect of it where they’re not actively looking at the logs. When they do get compromised then they have a much harder problem because they typically haven’t found it right away.
What is your best advice for companies looking to establish a strong cyber defence strategy, especially given the current security climate?
The best thing they can do right now is have a backup plan and execute and trust it. You’re likely to get compromised at some point so make sure you have a way to recover from it. What happens if the server is no longer usable and has to be rebuilt? You don’t want to lose all your data so although it doesn’t seem obvious, backups are the biggest thing that people need to fix, they need to test their backups and make sure they can restore.
I knew a company that had been doing all kinds of backups but when they tried to restore they realized they hadn’t been doing it for months and they couldn’t recover everything. They had their data on paper (this is going back a fews years) so they were able to recreate a lot of it but they lost a whole bunch. With the climate of ransomware, the biggest thing people need to do is make sure they have a strong backup system in place that functions effectively.
What motivates you and and keeps you excited about your security career and about growing with the Arctic Wolf team?
My biggest motivation is helping people, it’s about offering people a solution that they don’t have. We’re able to help the community for the better, and growing the team means we’re able to reach out to more companies. I like seeing people come in that are passionate about it and I can help facilitate that passion where they want to help and do something. I love giving them the tools and responsibilities that help them achieve that goal.
I like working in security because it’s constantly changing and I like learning. That’s something that I always wanted. I don’t like stagnating, I don’t like cranking up widgets. I like that it’s challenging, that you have to keep up with things. It’s fast paced and exciting. It’s the reactionary part of it that I really enjoy, it’s why I like this specific aspect of security because it’s constantly evolving.
When we try new things it’s a broad overall way of doing something, it’s not technically specific and I find that interesting. I enjoy attack and even seeing what some of the attackers are doing. I find it fascinating to see how they figured it out, the technical abilities that they have – though I do wish they would use it for good.