Reframing cybersecurity automation and its uses

[00:00:00] Chris Sienko: Is Cinderella a social engineer? That terrifying monster trying to break into the office? Or did he just forget his badge again? Find out with Work Bytes, a new security awareness training series from InfoSec. The series features a colorful array of fantastical characters, including vampires, pirates, aliens, and zombies as they interact in the workplace and encounter today's most common cybersecurity threats. 

 

InfoSec created Work Bytes to help organizations empower employees by delivering short, entertaining, and impactful training to teach them how to recognize and keep the company secure from cyber threats. Compelling stories and likeable characters mean that the lessons will stick. So go to infosecinstitute.com/free to learn more about the series and explore a number of other free cybersecurity training resources we assembled for Cyber Work listeners just like you. Again, go to infosecinstitute.com/free and grab all of your free cybersecurity training and resources today. 

 

Today on Cyber Work, I'm talking to Leonid Belkind, Chief Technology Officer and Co-Founder of Torq, a no-code security automation platform. After I asked him buckets and buckets of questions about the day-to-day work of a Chief Technology Officer or CTO in the tech field, we get into a fascinating discussion of all the ways that automation will change the work of cybersecurity, allowing professionals at all stages to work at higher order problems. While the great automated data sifters do the high-speed data analysis beyond our cognition below. This one gets pretty heavy, folks, especially once we compare CTOs to orchestra conductors. Come along with us. I swear the metaphor totally works. That's all coming up today on Cyber Work.

 

[00:01:43] CS: Each week, we talk with a different industry thought leader about cybersecurity trends, the way those trends affect the work of InfoSec professionals, while offering tips for breaking in or moving up the ladder in the cybersecurity industry. Leonid Belkind is a Co-Founder and the Chief Technology Officer at Torq, a no-code security automation platform. Prior to Torq, Leonid co-founded and was CTO of Luminate Security, a pioneer in Zero Trust Network Access and Secure Access Services Edge, where he guided this enterprise great service from inception to Fortune 500 adoption, to acquisition by Symantec. 

 

Before Luminate, Leonid managed engineering organizations at Check Point Software Technologies that delivered network, endpoint, and data security products to the world's largest organizations. So when Leonid contacted me today, he pointed out that there are other uses of automation that aren't just developer-focused. I'm always up for learning something new. So I'm very much looking forward to getting some insights here. 

 

Leonid, thank you for joining me today, and welcome to Cyber Work. 

 

[00:02:46] Leonid Belkind: Thank you, Chris. I'm very excited to be here. 

 

[00:02:49] CS: Great. So let me start with your origin story, your background. How did you first get interested in computers and tech? I mean, based on your career path and the jobs you've held in the past, it seems to go back very, very far. What was the initial draw? Or have you always just been a computer person or a tinkering person? 

 

[00:03:06] LB: I've been born to this. Both of my parents, my late father and my mother, are in the industry. My mother was a software engineer, and my father was doing a lot of digital video, multimedia stuff, et cetera. So I could say it's a family business, not in a sense that family owns it, but in a sense that family deals with it. 

 

[00:03:27] CS: Yes, for sure. Now, so you say, okay, software developer mom, audio-video dad, and son who works primarily in security. Was there a specific sense of like, well, they have these niches and then this? Or was it just that that was what interested you?

 

[00:03:45] LB: Being an Israeli, I got a chance to serve in military units that deal with security technology. This is where I got exposed to this world. It made me very passionate about it, and I have been applying this passion in the commercial world ever since. 

 

[00:04:04] CS: Yes. Now, I've had several guests who had similar stories of coming up through the Israeli military and the service now. I’m going to ask you the same thing I asked them. Did the knowledge you got on that job, was that something that you came in with and were put into that position because you already had that knowledge? Or was it I'm here, I want to learn this thing? Then they said, “Well, okay. We'll put you in this particular area of like security tech.” 

 

[00:04:32] LB: Yes. I don't think it was about the knowledge. So I grew up as what we call in Israel, and it's an actual term, a PC kid, which means kid that deals with computers from a very early age. I was working for a software company, digital video streaming one, when I was in high school, getting normal paychecks like a grown up person would. I think it's this general knowledge not particular around cyber security that positioned me for that kind of a service. From that point on, as you said, you learn something. You feel passionate about it. So you take up in your free time and learn more about it. That's how you get the snowball rolling. 

 

[00:05:14] CS: Yes, yes. So by the time you were in the service, you already had a series of skills that you could sort of show and say, “This is stuff I can do really well.” Then they were able to sort of –

 

[00:05:24] LB: It’s a good starting point. Absolutely. 

 

[00:05:26] CS: Yes, yes. So before we can begin our topic discussion today, I want to talk a little bit about your professional career from then up until the present day. So you've held numerous positions with increasing responsibility, complexity. But the two types of positions that show up multiple times, there's Chief Technology Officer, CTO, and variations on the concept of endpoint security, as well as mobile information protection. 

 

I'm guessing that endpoint security is one of your chief areas of interest. Can you tell me about the types of projects you worked on in endpoint protection or mobile info protection, some of the more interesting aspects of these things and what they hooked you with? 

 

[00:06:05] LB: Absolutely. So growing up as a manager in a large cybersecurity vendor, back in the days it was Check Point Software Technologies. During the first decade of the century, they were probably the industry's largest and most comprehensive cybersecurity vendor. I got a privilege to, first of all, get exposed to how world's biggest and most important enterprises around their cybersecurity and also to contribute around multiple areas. 

 

Cybersecurity, as you perfectly know, has the notion of defense in depth, right? There is no single, “This is the layer that is superior to others in importance.” I had the privilege of leading some traditional network security products, then moving to work a little bit on remote access, identity and access management layer. Then, indeed, for a long period of time, I was leading Check Point’s endpoint security efforts. 

 

This is, by the way, where the industry was beginning to go into endpoint detection and response. I was very privileged to work with the early teams that did threat research, threat prevention. We were among the first in the industry to realize the power of combining endpoint site detection and prevention with network site detection and prevention. During the same periods, enterprises started seriously considering going into mobile devices as means of an increased productivity, which is wonderful, but which introduced a new frontier of security challenges. 

 

This is how I moved from more traditional enterprise centrally managed endpoint, which used to be a desktop and a laptop, to a slightly more difference but not less important and not as sensitive in terms of the information you can get access to mobile, right? So it was a – working for a large vendor gave me a tremendous opportunity to actually go around multiple layers of this defense in depth, organizational policy, and serve them from the technology side. 

 

[00:08:16] CS: Yes. Now, I mean, do you feel like endpoint, as the sort of area of focus, has changed dramatically in the last three years or so with a mass work from home and so forth?

 

[00:08:28] LB: Absolutely.

 

[00:08:29] CS: Yes. It seems like it really is like the cutting-edge thing right now. What are you seeing in terms of that?

 

[00:08:35] LB: Philosophically, right? When we started the security journey, we were all very much perimeter-centric, right? Our perimeter ran around our offices where we all [inaudible 00:08:45] every morning. 

 

[00:08:46] CS: Yes. You really were thinking of it like a moat around your office –

 

[00:08:49] LB: Absolutely. That is – the castle with a moat with a couple of gates and the security focusing on these gates and what passes through them, indeed, was the early sort of like paradigm of security. Even before the pandemic happens, and everybody started to work either predominantly from home or hybrid and so on, this moat thing started falling apart. Cloud deteriorated. It took a part of it. Mobile actually contributed to that process and so on, right? There has been a ongoing decentralization process when it comes to organizational infrastructure, so IT services and so on, for the past decade, right?

 

Now, when we look at it, and we ask, like think about an information employee, where do we draw the protective layer? Actually, it comes around their identity and their endpoints that they use to perform whatever operations that they are doing on a daily basis. That is why the importance of this particular protective unit has tremendously grown throughout the past decade. 

 

[00:09:59] CS: Yes. Yes, no. It's gone from protecting the castle to protecting a series of tents out in the woods or something like that. Yes. 

 

[00:10:07] LB: Because that's where we are right now, right? 

 

[00:10:09] CS: That’s where we are. Yes. [inaudible 00:10:10]. 

 

[00:10:10] LB: Very few things are in the castles. Every tent became a very, very protected compound. 

 

[00:10:16] CS: Yes, yes. As one falls, so follow the others somehow. Yes. So we talked to a fair few CISOs, Chief Information Security Officers, and CEOs, but we don't get as many CTOs, Chief Technology Officers. So a good portion of this podcast is helping new listeners to understand what the day-to-day work of certain job roles is. So can you tell our listeners about your average kind of day as the CTO of Torq and how that work differs at all from past CTO roles you held at companies that you didn't sort of co-found? 

 

[00:10:50] LB: Absolutely. So a Chief Technology Officer’s role is much less well-defined, in my humble opinion, then Chief Information Security Officer or CIO. Even more so, it is much more vertical or even domain-specific. Let me give you an example. It is very true that, for example, if you're a Chief Information Security Officer in, say, a pharmaceutical industry, sure, I mean, you can move from a smaller company to a bigger one. But it's not entirely out of contention that you would move and become a CISO at, say, financial or maybe retail, et cetera, et cetera. Yes, you will need to learn new technologies, et cetera. But the main gist of the profession, head of the cybersecurity program, and the components of the program remain. 

 

Similarly, we could talk about infrastructure, the on-prem cloud or hybrid, and how, indeed, manufacturing companies has a vastly different infrastructure than, say, fintech. Still, as a Chief Information Officer, there are a lot of commonalities. CTO, in my experience, is particularly being CTO in technological companies, meaning companies that either develop and deliver a technological product or provide a technological service, right? Service providers also have CTO. 

 

In there, the role of a CTO is dual. The best definition of it is, believe it or not, in my humble opinion, what you do not do. If you find a CTO that says, “Oh, I manage the product development, et cetera,” it will probably mean that they're not really doing the CTO job. They're doing the VP R&D job. We have, for example, with Torq, and at my previous companies, very capable vice presidents of R&D. In some cases, they would report to a CTO. In other cases, they would not. It doesn't really matter. Of course, there's a lot of synchronization. 

 

As a CTO, I have two sides. The outbound side, talking to our customers, our prospects, thought leaders, et cetera, is where I represent the technological vision of what we deliver. I evangelize it. I do a lot of in collaboration with our very capable head of product management. I do a lot of work on product strategy, again, from the technological perspective. I do a lot of higher executive planning of the company strategy, large investments, et cetera, et cetera; looking at the business units; bringing in my technological perspective the same way our, say, CFO brings their financial perspective. Our Chief Human Officer brings their human resources perspective, et cetera. This is more like the outbound world.

 

I also have a half of my role that is more inbound in which I take the learnings from where the market is going, what the analysts are envisioning, what the customers and prospects are looking for. I influence our internal organizations, the field engineering, product engineering, product management, internal IT technologies, et cetera with this thing. This is a CTO role. As you can imagine, it is very tightly dependent and connected to what the company is actually doing. 

 

[00:14:16] CS: Yes. To just get it even a little more granular, can you give me an example of like a type of decision you would have to make both in the sort of outbound CTO role and the inbound? What is a something in terms of like – is it like deciding to use this piece of tech or that piece of software or – 

 

[00:14:37] LB: Oh, absolutely. No, it's less about using. You know what? Let's take Torq as a very concrete example. Explain in a sentence or two what we're doing, and then take some of the decisions I made and how to implement. Torq, we are a security hyperautomation company. We deliver a product that allows people reporting to Chief Information Security Officer, be it incident responders, application security architects, cloud security architects, et cetera, et cetera, et cetera to automate processes that they would otherwise do manually. Click here. Take this. Take it there, et cetera, et cetera, et cetera. 

 

Now, that's what we deliver. There is a very deep value proposition in it. Now, as a company, we make a lot of investments in developing this technology, a lot of investments in partnering with other technological vendors. How do we prioritize it? What use cases would our users want to automate with Torq? Or maybe not necessarily want with automate but discover the Torq can automate and benefit from it, et cetera, right? It's the connection of. So as a result, do we need as an organization to invest more in AI and machine learning? 

 

No, no, no, no, no. We need to invest more in big data because we'll be crunching terabytes. We need to invest more in mobile technology because our users interact with our information via mobile devices rather than – these are very important decisions for the company, carry a lot of weight, or opens a lot of investments, et cetera. They are, for example, being driven by me as a CTO. That's more inbound. 

 

Now, let's talk about outbound, right? We have a lot of industry events. We need to position ourselves in a certain way. Of course, we have extremely capable marketing people, be it product marketing or brand marketing, et cetera, et cetera. But still, it is my role to tie the messaging to provide a lot of technological expertise, et cetera. So that's the CTO role. In a technological company, that's the kind of thing. I can talk about cybersecurity companies in particular because that's what I've been doing for the past too many years for me to admit.

 

[00:16:50] CS: Now, I swear, I mean, I have other questions here. But I want to just keep going a little deeper into this because I really like – I mean, you're really giving me the sense that there's almost kind of like a philosophical component. You're almost kind of predicting the future in terms of and predicting market trends and predicting –

 

[00:17:09] LB: To make a successful business? 

 

[00:17:10] CS: Functionality. Well, yes. 

 

[00:17:12] LB: Wayne Gretzky once said, “A good hockey player is skating to where the puck is going to be and not where it is right now.” A good business leader is taking their business to the place where the market is going to be and not where it is right now. 

 

[00:17:28] CS: Where are you gleaning these predictions from?

 

[00:17:32] LB: Wow. First of all, a lot of – that's a good one, right? You try to be as data-driven as you can. In fact, you know what? It's a combination, right? It's, A, you have to listen. You have to listen very closely to your customers. On the other end, you know what? Big visionaries. You know what? The founder of Ford Motors once said that, “Hey, if I only listened to my customers and did exactly what they asked, I'd be breeding fast horses rather than making automobiles, right?” But still, right, Ford Motors has listened a lot to their customers. It's just that they took this information and asked the question, why. Why do they want to get to where they want to get and tried to say, “Okay. Do we have maybe a better way to give them that? Why?” 

 

Exactly the same way as I know Apple, a company that has revolutionized the way we look at smartphones, the way we're hearing, we’re listening to music, et cetera, right? They will listen to people. They said, “Oh, people love listening to music on the go.” So Sony Walkman back then was the standard of how people listened on the go. They said, “But why do people like to listen on the go? How do they want to get their music? How many of it do they want to get?” Et cetera, et cetera, et cetera. I think they have a totally different approach to it called the iPod that we all know today. 

 

That is the way. You have to listen. But then there is an absolutely critical stage of asking why. If you don't think you got it right, you should ask it twice, thrice, and more. Before you can take it to the third stage, generalize and say, okay, if this is the why, then this should probably be the best possible solution delivering this why. 

 

[00:19:24] CS: Do you think that there are certain inborn like skills or talents that make a good CTO in this regard? If someone is saying this sounds interesting, but they don't necessarily know that they can be that sort of like puppet master that’s seeing all the crisscrossing forces and so forth. In your experience, working with other CTOs or just seeing them in the world, like what makes a good CTO in terms of skills? 

 

[00:19:50] LB: That's a good one. First of all, I don't think you were born a good CTO. 

 

[00:19:54] CS: No, right. 

 

[00:19:55] LB: A good CTO, in general, you can definitely become. 

 

[00:19:57] CS: Yes. But in terms of like interest and – yeah. 

 

[00:19:59] LB: Sure. There are skills that will get you there, right? First of all, I think agility is very much needed. You said it yourself, right? Sort of like the link in the chain connecting multiple things, which means that you need to be able to process information coming from multiple sources. You need to be able to do this thing efficiently. You need to be able – you know what? To know when to dive deeper and when to stay shallow, right? You need to be very, very pragmatic. 

 

One thing you cannot afford yourself to do is to go too deep or to invest in just one direction. Yes, that is a skill, and that is also a knack. Some people love dealing with a lot of information sources. It's the other way. If they only need to do one single task, they feel bored. They feel underutilized, etcetera. Other people, it's the other way around. They like to go deep. They like to complete something in its entirety before. So I truly believe that former skill sets is better suited, again, for a particular CTO role I'm talking about. Maybe if we talk about a CTO in deep algorithmic research, for example, there it will require some different skill sets. 

 

[00:21:24] CS: Nice. So because you co-founded and were CTO previously of Luminate, Security, which was a pioneer in Zero Trust Network Access, before we get to automation, I wanted to get your insights on a topic we discussed in previous episodes. So as someone with a considerable amount of Zero Trust implementation in their background, what do you think about the timeline and/or logistics of the recent Pentagon directive that its entire network should be completely Zero Trust by 2027?

 

[00:21:49] LB: First of all, I read it. The date was made public with a lot of interests. I'm not familiar with the complexities of Pentagon networks with generations of technologies used there. Therefore, I can’t say much about this particular application. Holding a number of patents on Zero Trust Network Access, et cetera, I do have an experience with large enterprise networks adopting this approach. It’s not a flip-a-switch thing. 

 

Furthermore, enterprises tend for a good reason to run in parallel on two or three overlapping generations of technology, right? You would have something cutting-edge, then you will have something recent, and you will have something older. [inaudible 00:22:41]. 

 

[00:22:41] CS: Yes. Doing kerosene-powered in the basement that's like coughing and choking [inaudible 00:22:46]. 

 

[00:22:46] LB: Hopefully not kerosene-powered. Let’s say, I don’t know, IBM mainframe or some old generation of Unix-powered, et cetera. This is where the proverbial rubber hits the road because it is much easier if you and I established a new company right now to decide, “Hey, let’s go Zero Trust network from the get go. And we will deal with a lot of challenges, but that would be possible.”

 

Going into a major enterprise network that has these two or three generations of technology still running in production, relying on it – you know what? 2027 is in, what, four years. That is tough. I would be –

 

[00:23:28] CS: That’s an ambitious ask, for sure. 

 

[00:23:29] LB: That's a tough. That's a tough one. We could talk about a percentage off. We could talk about, hey, we'll cover 20% this year. 

 

[00:23:38] CS: Yes, yes. The old [inaudible 00:23:39] put a perimeter around your garbage and things like that. Yes. 

 

[00:23:42] LB: Exactly. Unless it – to answer that question, I would ask one myself. So what is the full technology replacement cycle in your organization, right? What is the oldest tech running right now? If you tell me, “Ooh, we are rigorous. We have four years of tech replacement cycle.” In four years, you can be 100% Zero Trust. If you’ll tell me, “Oh, you know what? Main tech, six, seven years more on the outskirts. Maybe 8, 9, 10,” I'll say you're not going to be 100% Zero Trust because your tech does not allow you that. You will need that tech because you haven't yet replaced it. That’s my answer. I hope it makes sense. 

 

[00:24:24] CS: Yes, yes. No, totally. Yes, appreciate it. Sometimes, I like to see – as long as a person has a specific knowledge, then we can continue the conversation from previous episodes. But the topic of discussion that you brought today, Leonid, is “reframing how we look at automation, not just software developers, but now more accessible.”

 

For various reasons, we've had several guests in a row discussing AppSec, DevSecOps, the role of automation in these processes, both as time savers but also as things that need to be used carefully so as not to introduce issues to be found later. So, Leonid, tell me about reframing our idea of automation and its uses. What are the applications for automation right now that are going unused or underused? What are we not using it for right now that we should? 

 

[00:25:07] LB: You see, an initial assumption that people make about automation is that, oh, it saves us time, right? It takes something that we would have done step-by-step manually, time after time after time. It does so automatically. It does, but here's the deal. That is why when we look at the world of automation at Torq, we look at the term that was relatively recently coined, for example, by Gartner that is called hyperautomation. 

 

Now, how is hyperautomation different from automation? That carries its applications to different fields. So hyperautomation is defined as a business-driven, disciplined, well-managed approach to identify that and automate as many business and IT processes as possible. You see, the starting point of hyperautomation is I don't just want to help my operators cut some corners, improve some things. 

 

[00:26:13] CS: Yes. I always hear it as a narrative of cutting out drudge work. 

 

[00:26:17] LB: No. I mean, that may be the lowest hanging fruit. 

 

[00:26:20] CS: Right. Yes, exactly.

 

[00:26:21] LB: But it’s not the end game. Hyperautomation is based on the principle that is, by the way, hopefully, something that we can agree on, is that, look, there are so many processes in which the computer can be so much better than you and I because we're humans, right? It’s not only about saving our time. Some of those processes, Chris, they take up on jobs that human cannot be doing. 

 

Let me give you a very, very difficult security example. I believe that in various discussions that you have had on the podcast, you have heard the term living off the land when it comes to cyber attacks. Living off the land means that an attacker will not bring in malicious devices or malicious – or those scary things that people love to tell night stories to their children about, right? They will use relatively normative steps like, “Hey, I forgot my password. Let's reset it.” Or, “I bought a new phone. Let's reset my multifactor authentication.” Or, “I'd like to get a temporary access to some –” Right? 

 

Living off the lands means, in cybersecurity attacking terms, that our attack will consist of mostly mundane events that happen in huge quantities in a regular enterprise. Now, without automation, let's say what? What would you do? How would you even deal with that? Would you hire an army of analysts that will review every login?

 

[00:28:06] CS: Yes. And then cross-check them and check for patterns. Yes, sure. Yes. 

 

[00:28:11] LB: It is not humanly achievable, but it is very achievable with automation that doesn't care to process 1,000 events a second ; 10,000 events a second, et cetera, however many. Filter them. Cross them with historical events. Figure out if they stand out from any perspective, et cetera. Hyperautomation allows you to not only boldly go where no one has gone before, but actually to boldly go where no one has dreamed of being before. But guess what? You kind of have to be there. These images we will have from funny movies where the hacker like intensively push us out, that’s not how it works. 

 

Attacking organizations also uses a lot of automation, uses a lot of volumetric attacks, and so on, without introducing automation in your analysis, investigation, containment, and eventual remediation of various security signals. I'm not even talking about incidents. Many of the signals come before and allow you to handle them so that you don't get an accident later on. That's what hyperautomation is all about, right? So that people not only automate away things they were doing manually, which is fun, but actually go ahead and automate things they could not have physically done, manually. 

 

[00:29:32] CS: Yes. It almost – I think another guest have said that. But the way that you're able to see things that are happening in sort of parts of the network that no one ever really looks at, it's almost like you're kind of making like a 3D rendering of like it almost has that kind of asset visibility aspect to it, where you're really watching like the pipes. Every single transmission happened between them and you –

 

[00:29:54] LB: Can you be simultaneously? It's every junction where something happens and process everything that happens there. You and I can't. Automation, sure as hell can. 

 

[00:30:04] CS: Yes, absolutely. So I want to sort of move from there. You mentioning that automation is now more accessible, I'm wondering if there are uses of automation that could accommodate accessibility issues and users with disabilities. Is this primarily the realm of security engineers and implementation experts? Or, as you say, moving things, getting large volumes of network things? Or did automation have use for regular non-security users as well, Leonid? 

 

[00:30:33] LB: Look, if my mother can buy a smart light and smart switch, and using consumer services like IFTTT and others, say that every time the door opens, turn on the switch there. Every time the air conditioning goes off, turn off the switch and so on. These are very simple automations. But then, again, she's using them in a very consumerized environment. Now, if she could do that, let's talk about people who are technologists like security analysts, like security architects, et cetera who don't have a goal of, “I'm an engineer. I have to write something. I have to build something. This is my purpose in life.” No, their purpose in life has to prevent security issues from happening.

 

Now, the bridge between me being able to tell you, “You know what, Chris? If I got such a signal, this is what I do to investigate it. And then if the investigation would have yielded this result, that's what I would have done to contain it.” If I'm able to tell you that thing in decent English or any other language in that sense, I should be able with the right tool to turn it into something that a computer or a bunch of computers will do for me. This is a thesis that we have proven over and over and over again, right? Simpler automation processes using larger building blocks. We using predefined blueprints and then just adjusting them to your particularities and so on is accessible even to very junior people, right? It does not have to be as skilled-requiring as software engineering. 

 

By the way, if you do happen to have software engineering skills to a certain degree, then you can take it even further. One of the bigger challenges of simplifying automation and making it more accessible is that technologies up until now had this glass ceiling. If I give you a automation tech for newbies, if you don't mind me using this word, that is great for newbies. But for people with experience, they feel caged. 

 

One of the biggest challenges that we took upon and according to our customers we managed to deliver on, by the way, a lot of CTO research went into that if you ask me, is how do you deliver a tool simple enough for, yet very powerful enough so that extremely experienced people with 20, 25 years of experience don't feel caged in any way, don't feel glass ceiling, can keep on expressing themselves, and actually get their productivity boost? That was a real challenge for us, and that's what we focused on. 

 

[00:33:15] CS: Okay. So I want to – I’m doing a bit of a balancing act. I don’t know if I could pull this off. But I want to tie in our previous talk about CTOs, and the way that you're acting is sort of this analyzer of mass data and trends and then automation, which is – so I'm wondering if there's some sort of like an automation almost like think tank going on in terms of the way people are thinking about how to use this and especially with an eye towards. 

 

I know that this is more of a news story issue or whatever. But there's always the talk of like, “Oh, automation is going to automate people out of the job.” Then other people say, “No, no, no. Automation is going to help you do your job better or at all.” Because, like you said, there are certain things automation can do that humans can't do. So I guess I'm just trying to get a sense of like where the big discussions are being had around all of these different pieces. 

 

[00:34:13] LB: First of all, indeed, a lot of discussions are being held, right? Automation and security is defined by all analysts as one of either top two or top three topics for this year, the next year, et cetera, which is a good thing, right? It brings a lot of people with a lot of experiences and a lot of opinions, a lot of opinions too to this think tank. 

 

Now, you're right. Or at least I agree with you. Hopefully, we're both not wrong. Automation is not built to replace people. It is built to augment people and help them focus on where their impact is critical. That is something that we follow a lot. A lot of automations, you mentioned it, I think, in your opening statements. Sometimes, when people think about automation, they say, “Oh, I don't trust it. It does things by itself. I don't know what it does,” which is absolutely 1,000%, if so many percents existed, wrong, right?

 

We do a lot of what we call human-in-the-loop automation, where the actual security decision, which has a lot of maybe business impacts, maybe financial impacts, et cetera, is being made by human. But guess what? Thousands of information collection, processing, sifting through steps take place before that. When the human makes their decision on which way we're going, is it route A or route B or route C, again, tens, hundreds, thousands of steps are being executed. The human is only involved where their ability to process recommendations, data, signals. Combine it with some background and context they only have on the business, et cetera, where it brings the critical impact. 

 

I truly believe that this is where the decision on, yes, we're an organization that will adopt hyperautomation. This is where it lays. I'm a big fan of science fiction myself. So all the ideas where robots are flying airplanes and so on and so forth, they are very appealing to me. This is not what we're talking about. We are talking about, for example, decisions. For years, many organizations had operation centers where people would work in shifts, where people would come in and have a huge queue of tasks. At the end of their shift, they would say, “Okay, how many tasks did you take off the queue? How many of them you'd processed, et cetera, et cetera? 

 

That's a tough job. People get burned out. People – an average time spent on such a job is not great. It's always – instead we can take these very people and those that are their closest colleagues and turn them into, yes, engineers in a sense. You know what? When you come to think of it, the word engineer comes from root engine, right? Engine does something for us. It takes us distance instead of us walking. It allows us to haul some cargo instead of us doing it manually. 

 

[00:37:17] CS: And, ultimately, we're harvesting its use. It’s not just running off in a direction. 

 

[00:37:21] LB: Exactly. This is, by the way, where we are at our best, understanding how to harvest the use. This is now you need to be able to build these engines. Indeed, in the past, there was a significant barrier of entry there. You needed to have many, many more skills, and bringing this barrier closer to you by easier tools, better user experience, leveraging of AI in order to help you build faster, doing this in 100% controlled environment, things that are built for enterprise. Understand enterprise processes, enterprise permissions, enterprise role-based access control to assets, et cetera. That is what it's all about, and it is amazing. 

 

I have seen organizations that managed to achieve security posture and efficiency of operations that is 10 times higher than what I've seen at other comparable sizes of organizations with like 30% headcount invested in it. That is the kind of impact that’s – to round off the CTO story. How do I measure myself? Did I do a good chief technologists job, like a medium one or a mediocre one? The impact. What is the impact of the technological solution that my organization delivered on the customer is? 

 

When I'm hearing from a customer, “Oh, my God. You reduced our mean time to resolve a problem by 700%.” Not 20, not 30, which would have been nicer. But 700, I'm like, “Okay, that's an impact right there.” But what I'm saying, wow, we doubled the size of our IT estate, and we managed to deal with it and keep it secure with the same size of a team or a slightly larger team, but by no means double-sized team, that is an impact, right? Because you can’t grow your business by growing the headcount to the same extent. 

 

That's – you said it yourself, right? Building engines that do the hard work for us, this is ultimately the job of a CTO. Sort of like the satisfaction you derive from it is by watching these engines work and deliver business outcomes. 

 

[00:39:40] CS: Yes. Well, I want to also just tie that to the notion of what your entry-level job is versus where you want to go eventually. I think any – I don't know. I don't care what level you are in your company. When you get to that quarterly or yearly review, there's always, “Well, I did really good work on all the things that had to be done on a day-to-day. But I had all these stretch goals or I had all these ambitious things.” You just never get past that sort of – the brute force like nine-to-five. These things have to be done. These things have to be done. What you're saying here is not that we're not going to need that worker anymore. It's that now you can start working on those kinds of like higher order issues more easily if you're not sitting there and doing just the sort of raw scans and raw –

 

[00:40:28] LB: Absolutely. That's where you can be creative. That's where you can think proactively, right? If you are constantly being pulled down by the weight of, “Oh, you have 100 tasks to complete today and then 100 tasks for tomorrow,” et cetera, your ability to sort of like run twice as fast as in order to have extra is evidently lower, right? This is, by the way, the biggest impact of adopting hyperautomation state of mind. 

 

We have certain organizations, just to give you an example, that direct, maybe even enforce, that every security signal has an automatic investigation and filtering attached to it, right? They buy or introduce to their infrastructure another security detection system that identifies yet another type of an attack on their mobile, on their data, on their cloud, on their identity, on their endpoints, on their whatever. This system is not considered production grade, until you have automation handling the events it generates, producing it, driving it to resolution. Because buying yet another detection system and saying, “Oh. Now, somebody will have to go look there and manually handle,” is a recipe for disaster. 

 

All major security incidents that we read about in the papers from recent years were not because, “Oh, this organization was so cheap. They didn't acquire sufficient security protection.” No, it's because their data flow was too cumbersome. They were not correlating it properly to identifying the attack. They did not have efficient means of containing, remediating. That's where the problem, again, talking about enterprise security here, usually is. 

 

[00:42:21] CS: Yes, that's great. Yes. That’s super exciting and super inspiring. So I want to tie that directly to the future automation tech thinkers, CTOs of the world. For listeners who are just getting started and have a passion for this kind of tech-heavy work and user protection, automation, want to work towards the CTO position and starting to think about and do these things, what are some skills and experiences and projects and other indicators of competence that they should be doing now to sort of show that this is the direction that they can really be useful in?

 

[00:42:58] LB: Absolutely. So one skill I would recommend acquiring is you need to spend some time on the front lines. You don't need to spend your whole career on the front lines. But you need to spend some time there so that any –

 

[00:43:14] CS: When you say front lines, do you mean like – 

 

[00:43:16] LB: Security front lines, not the real war front lines. 

 

[00:43:18] CS: No, no, no. But I mean with like your company. You’re in a SOC or something like that.

 

[00:43:23] LB: Absolutely. Spend some time with working closely as an app. Now, why is that? Because, you know what, some experiences, some understandings of the real challenges are intangible. I could interview you all day long, and I wouldn't necessarily comprehend all the challenges you have, for example, now, as a podcast host. If I did all that and would at least sit in with you on a number of podcasts, be a co-host, maybe try a smaller thing, I would gain a invaluable understanding of the world of challenges you are facing on a daily basis. That will make my ability to deliver a better solution for you significantly higher. So that's number one. You need to have some experience on the front lines, not necessarily to be a front-line veteran. 

 

Second point is you need to be a little bit of a rebel, right? Wait a second. Don't – let's not get dragged over with this analogy. But, yes, I firmly believe that in order to change things, in order to make an impact on a certain level of magnitude, you cannot be that conformant, right? When you are 100%, “Okay, that's how they taught me to do things. That's how I'm doing these things,” you will limit your own ability to come up with truly original solutions, right? No. No need to break any – let's break every rule we see in the book and see how that works. No, definitely not. Not jumping off any tall buildings. But you need to have this bleep methodical ability to question why are we doing it this way? What is the – maybe we could do it better. 

 

Third is that you need to have a certain agility with the technology. Like I said previously, being a CTO is about being able to understand how deep or how shallow you need to stay on every like question or issue, right? Another, and that will probably be last, CTO, like the title, I truly believe it's a people profession. Only achievements we make is not because we build something by hands, but we influence people. 

 

So whether you are going to be directly managing a lot of people or indirectly impacting a lot of people, you need to be a people person. You need to understand the angle people are coming with. You need to understand their challenges. You need to understand how to motivate them to do something. You need to understand the [inaudible 00:46:18] for them in certain things and sort of like drive the conversation around it. 

 

Eventually, you know what, maybe it could be said for every high-level executive position, be it financial officer, people officer, marketing officer, or technology officer. You have to be a people person. Lone genius – if somebody is, I’m not, by the way, it doesn’t cut here, right? You need to be able to build a team around you. Trust the team around you. Get the best of the team’s ideas. 

 

It's almost like a conductor in the orchestra. Is that person always the best musician? Can they play the violin better than the prima? No, probably not. Maybe the piano? No, not the piano either. But they do this orchestration, and everybody in the orchestra is looking at them to deliver them to where they need to be. Kind of like that. If that perspective of being the orchestra director is appealing to you, probably, you are the right person to try this [inaudible 00:47:23]. 

 

[00:47:24] CS: Yes. I mean, I guess that also requires a fair amount of confidence in your own skills and abilities that you're able to sort of see them all looking out at you and say, “I am the person that's going to be able to sort of move these energies around.” Yes.

 

[00:47:39] LB: The first time I walked into a room where 20 people were looking at me and waiting for me to say something, it was not an easy moment for you. I can tell you. I've been in rooms with thousands of people looking at me as well. It’s something you –

 

[00:47:51] CS: No. Watch the first 40 episodes of the show if you want to know how bad I was at the start. You learn by doing in that regard, I guess, but yes. But, yes, just in terms of like – I think not even in terms of like Dale Carnegie type stuff, but like in terms of like formulating a large plan like that and having the sort of confidence of like this is the thing that we're going to do. We’re going to marshal the troops, and we're going to implement this across all levels. I think that's important. 

 

I also just want to sort of break apart what you said about being a people person because we hear a lot on here that soft skills like communication skills are very important, which I understand. You have to be able to decipher geekspeak into C-suite budget lingo and stuff. But I think we don't talk enough about the fact that you need to be a people person in the idea that you have to like being around people. You like helping people and not have this feeling of like, “Well, we just got to get through as best we can. So I'll be the dutiful soldier or whatever.” 

 

[00:48:59] LB: No, no, no, no, no. If you're looking at communicating with people as the necessary evil, probably you have other positions where your talents will be applied to a much better result. It needs to be a goal. You need to be truly curious about people. You need to truly enjoy conversations you have with people. You need to be able to have this information exchange. Actually, two people exchanging information, and suddenly they get to some ideas that 10 of them separately had before that. You need to drive this synergetic thing. Absolutely, right. 

 

By the way, especially around people with a high technical acumen, this usually is a skill that requires much, much more focus, right? So how many times have you heard, “Oh, I'm much more comfortable with a keyboard and a screen than with a person.”? Yes, I have been there. To achieve much more, you need to be more comfortable with the person and then another person and then another 10 people. Each of which has a keyboard and a screen. 

 

[00:50:02] CS: Yes. Ideally, you should be as excited as the person at the bottom who has just discovered a new use for automation that makes their job easier. If you're as excited –

 

[00:50:10] LB: Or even more excited than that person because you're saying, “Oh, my God. I did something that [inaudible 00:50:14].

 

[00:50:15] CS: It’s all starting to come together. Yes. 

 

[00:50:17] LB: Exactly. Imagine like even if I come up with a great idea every five minutes, I'll only have 24 hours divided by five minutes worth of new ideas. But if I empower 100 people to do this thing, I'll generate amounts of or I'll cause the generation of amount of ideas that I personally could way out of my reach. 

 

[00:50:37] CS: Imagine that a first-time conductor like doing a certain sweep of their hand, and the entire violin section just follows it perfectly. How would that feel? I think this is –

 

[00:50:46] LB: It would be out of this world. 

 

[00:50:48] CS: Yes, yes, exactly. You feel like you're commanding the cosmos. So as we wrap up today, we discussed your job tasks as CTO at Torq, and I really went deep on that. But if you'd like to discuss Torq, the company, more, especially the types of services you provide, let’s do that now. 

 

[00:51:04] LB: Absolutely. So as I already mentioned, at Torq, we provide a enterprise-grade security hyperautomation solution. Our users belong to different departments in enterprise. Cybersecurity organizations use Torq, again, not only to automate away their today's existing manual tasks, but actually to venture to processing the amount of signals and correlating the amount of data that they never managed to do manually. 

 

As Torq, we see ourselves not only as a provider of technology but actually as an advisor. We engage a lot with our enterprise security customers to help them design and then drive their hyperautomation strategy. Now, we do that because we carry the combined experience of working with different organizations in different verticals. We bring in security architects that have assisted in such projects that have seen organizations they worked with convert their way of thinking and reach outcomes that are far greater than they believed in. 

 

I promised myself after a few technological positions I did in the past that I will not be delivering what we call shelf wear, something that you buy, and you put on the shelf, and it sits there, and it collects dust. This is the motto we carved on our flag at Torq. We deliver outcomes. We are licensed by outcomes. We are tracking these outcomes with our champions. This is the feedback we are constantly getting. So that's our motto. I am a CTO that doesn't want you just to deliver a technology. I want to help you reach a certain outcome in your business that is reached by adopting a technology. 

 

[00:53:03] CS: All right. Well, one final question. If our listeners want to know more about Leonid Belkind or Torq, where should they go online? 

 

[00:53:10] LB: First of all, about Torq, you could go to httpstorq.io. We also have a YouTube channel, Torqio. 

 

[00:53:17] CS: That’s T-O-R-Q as well, right? 

 

[00:53:19] LB: T-O-R-Q. Absolutely the [inaudible 00:53:22] short spelling. Absolutely, torq.io. Myself, from LinkedIn, I guess you could get to all kinds of blogs or magazine articles that I publish from time to time. Hit me up on LinkedIn. I will be very happy to continue the discussion from there. 

 

[00:53:42] CS: Great. Our listeners do that all the time. So check your inbox. Sometimes, you [inaudible 00:53:45]. Leonid, thank you. 

 

[00:53:47] LB: I’m all for it. 

 

[00:53:48] CS: Thank you so much for your time and insights today. This was an absolute blast. I really appreciate it. 

 

[00:53:52] LB: Loved it a lot. Thank you so much, Chris. 

 

[00:53:54] CS: And thank you to all of you who have been listening to and watching our Cyber Work podcast on a massive scale. I haven't recorded the official intro, but I found that we just hit 70,000 subscribers on YouTube. So thank you so much. We're really, really glad to have you along for the ride. 

 

Now, before I go, I want to invite you all to visit infosecinstitute.com/free to get a whole bunch of free stuff for Cyber Work listeners. We've got our new security awareness training series, Work Bytes, which is a scripted live action video featuring a host of fantastical employees, including a zombie, a vampire, a princess, and a pirate making security mistakes and, hopefully, learning from them along with you. 

 

Also visit infosecinstitute.com/free for your free cybersecurity talent development e-book. It’s got in-depth training plans for the 12 most common roles, including SOC analyst, penetration tester, cloud security engineer, information risk analyst, privacy manager, secure coder, and more. Lots to see and lots to do. Just go to infosecinstitute.com/free and check it all out. Thank you once again to Leonid Belkind and Torq, and thank you all so much for watching and listening. As always, we will talk to you next week. Take care now.