Offensive or defensive security: Which career is for you?
When it comes to your career, should you go red team, blue team or both? Today's guest is QuoLab Technologies Co-Founder Fabien Dombard, who's had roles ranging from penetration tester to malware incident responder to company founder. Fabien shares share thoughts on the skills, disposition and training needed in both defensive and offensive security roles, as well as tips on why you shouldn't be "networking," you should be "making new friends for the future."
With over a decade of experience working in several diverse positions, as well as experiencing firsthand the evolution of security practices and technologies found around the world today, Fabien Dombard has been an integral part in building his new company, QuoLab Technologies, a developer of a collaborative and threat-driven Security Operations Platform (SOP). Prior to QuoLab, Fabien began working in small shop penetration testing roles in several European nations, and his renowned expertise and work ethic eventually led to him heading the Malware Incident Response Team for Deutsche Bank — one of the largest financial institutions in the world. He then founded QuoScient, located in Frankfurt, Germany, with the aim to reconcile humans and machines in the context of security operations, incident response and threat intelligence, and it is actually where QuoLab spun out from. Fabien is committed in his professional endeavors to reconcile human creativity and intuition with the complexity of information technology in the context of security operations. It was precisely this passion that drew him to conceptualize QuoLab and is what brings focus to him and his team moving forward.
[00:00] Chris Sienko: It’s celebration here in the studio, because the Cyber Work With Infosec podcast is a winner. Thanks to the Cybersecurity Excellence Awards for awarding us a Best Cybersecurity Podcast Gold Medal in our category. We’re celebrating, but we’re giving all of you the gift. We’re once again giving away a free month of our Infosec Skills platform, which features targeted learning modules, cloud-hosted cyber ranges, hands-on projects, certification practice exams and skills assessments.
To take advantage of this special offer for Cyber Work listeners, head over to infosecinstitute.com/skills or click the link in the description below. Sign up for an individual subscription as you normally would. Then in the coupon box, type the word cyberwork, c-y-b-e-r-w-o-r-k, no spaces, no capital letters, and just like magic, you can claim your free month.
Thank you once again for listening to and watching our podcast. We appreciate each and every one of you coming back each week. Enough of that, let’s begin episode.
[01:04] CS: Welcome to this week’s episode of the Cyber Work with Infosec podcast. Each week, I sit down with a different industry thought leader and we discuss the latest cybersecurity trends, how those trends are affecting the work of infosec professionals while offering tips for those trying to break in or move the ladder in the cybersecurity industry.
A few weeks back we talked – We were quite glad to talk to Daniel Young, the managing partner and cofounder of QuoLab Technologies who told us not only by his current activities, but his time as a digital forensics expert organizing large scale cross-platform cyber corroborations in the Middle East and elsewhere. During our debrief of the episode, Dan suggested that an equally interesting episode could be made with this colab cofounder, Fabien Dombard.
Fabian started in a small shop pentesting positions in France, Switzerland and Germany before becoming the head of malware incidence response team for Deutsche Bank, one of the largest financial institutions in the world.
We’re going to talk today about the skills disposition and training needed in both defensive and offensive pentesting and cybersecurity roles as well as career opportunities to be currently found in both. With over a decade of experience working in several diverse positions as well as experiencing firsthand the evolution of security practices and technology found around the world today, Fabien Dombard has been an integral part in building his new company, QuoLab Technologies, developer of collaborative and threat-driven security operations platform.
Part of QuoLab, Fabien began working in small shop penetration testing roles in several European nations and his renowned expertise and work ethic eventually led to him heading the malware incidence response team for Deutsche Bank, one of the largest financial institutions in the world. He then founded QuoScient located in Frankfurt, Germany with the aim to reconcile humans and machines in the context of security operations, incident response and threat intelligence, and it’s actually where QuoLab spun out from.
Fabien is committed in his professional endeavors to reconcile human creativity and intuition with the complexity of information technology in the context of security operations. It was precisely this passion that drew him to conceptualize QuoLab and is what brings focus to him and his team moving forward.
Fabien, thank you so much for joining us here today from Germany.
[03:12] Fabien Dombard: Thank you, Chris.
[03:13] CS: I like to start each show by asking our guests about their tech and security development, their security journey if you will. You strike me as someone who’s probably always been interested in computers in tech to some degree. Is that the case or did you come to it later in life?
[03:28] FD: Yeah, absolutely. I mean, that has always been like my thing and I think I’m very fortunate that it all kind of worked for me, with it. Could have been something else which wouldn’t have worked at all. But tech and electronics, IT and stuff was been very much my topic. Yeah.
[03:47] CS: Yeah. I mean, let’s talk about your early years. You said you started as a pentester. Did you do other tech-related activities before that where you – Running the helpdesk in college and things like that or doing things as a kid or in your teens?
[04:03] FD: Yeah. Running it back a bit before, like, you know, work times, I think it always started with that, right? I mean, you always have a figure like that that is kind of pushing you for. Looking into the things, like as a kid just looking at gaming and doing this kind of stuff and very quickly just been putting a couple of breadcrumbs of interesting things to look at if I ever find the time between all of those gaming sessions. Because we had a computer, and that was some time ago, like pre-Internet sort of thing, and it was like smuggling games to myself and my brother and at some point he did the same with the soldering iron. That kind of piqued my curiosity and started off quite a big cascade of events. Along with it, at some point, I ended up with doing something different than just game with computer, because basically electronics was expensive.
In this time, nowadays we say like hardware is the new software because there’s a lot of interesting development around accessibilities nowadays. But back in those time, that was very much like the software is the new hardware, right? Because hardware is greatly expensive trying to do anything with that.
[05:22] CS: Right.
[05:23] FD: That’s how I started. I ended up like at some point like having a book on my table about Linux. That was like ’95-ish, something like that. I remember Red Hat 4.2. I think, yeah, ’97 to early 2000s. Moving that, using floppy disks between home and school. It’s exactly this kind of stuff, right?
[05:50] CS: Got to be real careful with them. Yeah.
[05:53] FD: Yeah. Well, the point is that if you show that to kids nowadays, it’s just –
[05:56] CS: Oh, exactly. Yeah. Like a relic.
[06:02] FD: Yeah, kind of. That’s how I sort of get started. This time, one need to realize that, basically, pentest was not really existing. Even like computer security was not taught at university, right? That was something that basically the IT people were building on the side. Not that kind of growing gray hairs now, but it’s kind of at the time where where basically that was easy and not easy at the same time to get into the field, because on one hand it was about getting access to this information. On the other hand, it was about like doing this professionally and only that. That’s how I got my first kind of jobs basically doing Linux hosting stuff.
I landed a job in a hosting company, and at some point, obviously since security was pretty much what I wanted to be doing, because these guys have been helping me to take in some responsibilities along with that. Trading the first company very early. I was – Before 25 with a couple of guys. We failed miserably, but learned a bunch out of that.
[07:15] CS: What kind of business was it? Was it pentesting?
[07:17] FD: That was more like the web development. I mean, the things which were paying dominantly at the time. A bit of consultancy on configuring like CISCO routers, these kinds of things. I started to like inject a bit of security in there, into what I was doing with my customer. At some point, I got a friend of mine who basically told me like, “Look, I’m not sure what you’re doing here, but I have a job for you.” That was in Switzerland back at this time. Basically, the job interview is you, you come, you work with us, and if you do the job, you can stay. That was probably a different life. At the time where they were not looking at your curriculum or whatever. You’re coming from the community. You know your deal. You’re doing the job. You’re getting paid and everyone’s happy. That’s how it started.
[08:07] CS: Okay. Yeah, you were saying that penetration testing and doing pentest work at the time was both hard and easy, and I imagine that just because there were so few people doing it and it was still kind of an untested territory or whatever.
[08:19] FD: Yeah. I mean, I’m not that old.
[08:22] CS: Right. Okay.
[08:24] FD: Obviously, there was already a lot of people doing it, but it was very like community-centered and it was a lot about – It already was a lot of information all night. It was not like back in the early 90s where people really had to like do like searching interactions to find information about this other system and stuff that you heard or you’ve seen in the movies, right?
At my time, it was already like the earlier generation already did all that grown work. We had a lot of things online. It was already starting to be a bit of trying to find the right information at the right time, which is today completely different. I mean, today you’re completely overloaded with all of these information available. You don’t know where to start, right?
[09:16] CS: Right.
[09:17] FD: I will define myself as a pre-Metasploit kind of pentester. Back at the time where pentesting, which sort of became reteaming now. Pentesting has very a different meaning nowadays.
[09:31] CS: Yes.
[09:31] FD: Pentesting was a lot of understanding your target, observing, building the codes, getting into was not the odd point. It was mostly about like understanding what you were getting with, right? What this landscape is looking like. We were super motivated. We are just a bunch of young adults with a well-paying job. Computer to play with all day, working in data centers, in different location, including bankers. Doing jobs for the big telcos or large industry and some garment, garment affiliated institutions.
It was like David versus Goliath and we’re just like this crazy kids doing funny stuff with computers and getting paid and the customer being amazed by the kind of reason we were able to bring. That was a big part of this aspect, the motivation aspect, which was really driving the need for learning and doing stuff in that time.
[10:32] CS: Right. Now, tell me a little more about that. I mean, I agree with you, that pentesting and red teaming and stuff, there’s so many sort of sub-divisions now that pentesting means something fully different. But like sort of, yeah, give us sort of like your thoughts on that. It’s obviously been sort of sub-segmented, because there’s so much to be done within the frame that you have to have to the sort of invasive people versus the sort of, like you said, the more defensive ones or the ones who are rooting around or whatever. What are your thoughts on that?
[11:04] FD: I think, obviously it diversified as you said very broadly. We have all of those different specialties and so on. One of the thing why I got into the defense side was that I was absolutely fascinated by basically the other side of the mirror and why is a cost of the defense so much higher than the cost of the offense. Like why just a bunch of teenager in a basement can make so much damage to something which is experienced to build and run, right?
That was how I got in there. With the term, I realized that it’s just the different side of the same coin, right? I think I will always remind – I will remain with nothing offensive sinking, and this is what is making me a good defender in the sense, right? That’s really like the scene in young sort of things, right? Things come together as a whole, and I will definitely encourage people to be coming back and forth between not only the blue and the red site, the defense and the offense team, but also between customers and vendors. This community is so strong and moving the frontier so much in the past year that you really can figure from here where you hop from the different things and become a very strong player by basically embracing and overarching across all those different things regardless or super specialized some of those things.
Obviously, not everyone can write like these crazy iOS exploits, right? But it’s not about that. It’s about like how do you place yourself in that game and obviously with the experience coming and the age, you’re sort of looking at it from more the big picture, its kind of fun from a different side.
[13:13] CS: Can you talk a little bit about that, about sort of what red teamers can learn from blue teamers and vice-versa? Because it gets very siloed and I think people feel like they need to just know one thing really, really well, right?
[13:27] FD: You know what? I think, it’s really got siloed on paper and it’s like a bit far reaching in that community. Sharing stuff, you know, or even like incident details and stuff and so on. Everyone was like, “Whoa! You cannot do these kind of things.” Well the truth is that we always been sharing, always been like exchanging, like tips and tricks and exchanging information about threat vectors because it might happen to you tomorrow. This sharing of stuff happened on all the different side, red and blue and so on, right?
[14:06] CS: Yeah.
[14:07] FD: That’s interesting, right? Now, we are a bit getting to the genesis of that with the operation of – That’s after a decade of development with the community. I’m thinking about like what’s happening with MITRE attack framework and all of those things. We’ve been building all of those different – All of these tech with all of the different methods and processors to like being to exchange, being able to understand.
[14:38] CS: Yeah, quantifying it. Yeah.
[14:39] FD: Exactly. At some point, we end up with – Right now we are getting with the tools to basically being learning from the different side. A lot of people see the attack framework, which is basically a way to describe all the technique, tactics and procedures to classify and quantify and measure the gap in terms of defense and so on, right? A lot of people are looking at it from the blue team only perspective, but people starting to using on it on the red team side.
It leads us to different things such as like the TIBER framework. The TIBER-EU is a bit less known on the US side, but basically the idea is that you’re taking what you learned from the threat actors to actually do a red team exercise, which is meaningful toward your organization. You’re not going to test about all the crazy things, because it’s obviously interesting if you know that some kind of alien hacker come to you and breached you. Well, you know what? He’s going to manage it. There’s always a way. But basically you want to basically test your team and shape your defenses and so on based on a reality kind of attacker that sort of, that guy will go after industry, right?
We started having these tools and we started also to have the concept. Beyond the blue and red team, you also have guys playing purple teaming. Basically, all the sort of circulate between those different angles and those different perspective in order to really maximize your investment to what building proper defense. Because the thing that we have to remember always is that the red team of the pentester back at this time, it just needs to be right once, or just to train of a couple of one-time success. The blue team has to be successful all the time.
[16:31] CS: Yes. Hundreds of times. Yeah.
[16:33] FD: Back to what I was saying. Basically, what’s fascinating me and what actually brought me to actually bond between the different side, is really trying to grow this understanding and see, “Oh! Does one comes into the other?” If that makes sense.
[16:47] CS: Okay. It does, yeah. I want to move from that. So sort of from the offensive to the defensive side. Can you tell me about the transition from these early assignments, your early pentesting to your work with malware incident response with Deutsche Bank? What are some of the projects, skill advancements, knowledge acquisitions? We like to talk about sort of like your professional development, not just sort of like war stories. But like what are some of the things that you learned that sort of like helped you move up the ladder to such a prestigious position? What were some of the things that the bank responded to in your background that let them know you were the right person for the job?
[17:25] FD: Yeah. I was. I’ve been working for banks before. I was skeptical at first at working in a bank rather than the bank as a customer. From the story, when I got I started working for the bank, my boss is speaking to me and say, “Oh! You’re working for a bank. That’s not somewhere you should be working at.”
[17:52] CS: Okay. Wow! I like your boss.
[17:54] FD: Like 2008 and the crisis and all of that and all of those things …
[18:02] CS: Yeah, it was not the same that it once was. Yeah.
[18:05] FD: Frankly, the thing is that you have some of those key verticals, and financial is one of them, are extremely adept towards this kind of topics like security, but also like data science, machine learning and all those things. Because those guys have a problem. They understand the problem and they have to money to solve it, right? That has been, for me, sort of – First off, I’ve been extremely fortunate to be working for very open-minded persons. I mean, these guys were starting to build a threat intel program in the bank in 2010. Threat intel was still a major expense. Nothing that the industry was really implementing as a way to gain disability into their product, right?
I got started with that team. Super excited, and my job was about to bring them some understanding of what about all this malware and all these things. In between the lines, they sort of wanted me to bring their – It takes a thief to catch a thief kind of spirit in the team to be like have them to look at the different perspective from that. Very quickly, we basically started to build our own capability, you may guess that no one wants a guy like me like building like a malware analysis capability inside their corporate network, right?
We had the credit to build our own lab and all our things. For quite some years I heard people saying, “Well, if you continue doing these kinds of things, you’re going to get fired But it was working pretty well. Including on TV you see this malware analysis lab in Germany and all the things, and at the end, well, we ended up like with having a fantastic workforce kind of capabilities. We’re actually looking to duplicate in some organizations.
Yeah, it was always a bit of luck obviously, or was a bit of you had the right spot with the right persons. I was really driven by this passion and this – I was really eager to understand this other side of the mirror and I just ended up like working for the finest persons. It could have been anywhere. The bank was just basically where you had this right combinations, and we’re very thankful for that.
[20:29] CS: I mean, if I heard you right, it sounds like worth nothing is that you were desirable to them because of how sort of audacious you were in your pentesting. You were saying like some of these things could get us arrested or whatever. Was your boldness kind of a selling point or –
[20:52] FD: Yeah. They had a need to understand what was going on on the other side, right? This is why they were building a threat intel program. I mean, that was for me like getting for them to hire me to show them this other side was basically the logical consequence of having built this threat intelligence program, right, then someone at the heart of it which can actually work them through what is basically an attacker will be doing. Since that was my job to do that, again, legally, I’m not getting behind bars for that. I think there’s enough work in the legal industry to taking stupid risk. You know I like to sleep at night and I absolutely like to not to have things I am getting caught [for]. I always chose the legal side.
Still, you can be a good person and obviously looking at it from the very offensive point of view and very creative.
[22:05] CS: Yeah. No. I was not implying that you were being criminal in anyway, but yeah, of course.
[22:08] FD: Yeah. I mean, just the term hacker is so much loaded, its less now, but it has been crazy at some point. I mean, this is what brought me in Germany, because the term hacker was basically nothing about a criminal. That was about doing also positive things, which was not the case back in time in France.
[22:30] CS: Yeah, most people see hackers in movies or on TV and they’re always bad or they’re at least rogue and chaotic, but with good intentions or whatever. The of just like –
[22:39] FD: Oh, yeah. We are not bad.
[22:43] CS: Right. No. Of course. Yeah. We totally agree. Yeah, speaking of day to day things like that, I was wondering if you could sort of walk me through your average work day here at QuoLab. I mean, you’ve done a variety of security related jobs through your career. You could sort of tell me what your day is like now and like how it sort of compares to the sort of like more Wild West days when you were really like out on the frontlines doing the work. Are you doing more sort of stuff with clients and sort of management type things now?
[23:12] FD: Well, a bit of the two. I mean, first of, I do not define what I’m doing as a work or a job or whatever. Again, very fortunate, fortunate to have found a passion which really like both help me to develop myself, being properly paid as well. That is – I’m just living it. To be honest, anyone will tell you that I’m working basically 24/7. Actually, today is a day off. I don’t know if you know, but in Europe, no one is working, and you see everything is empty and so on.
[23:54] CS: Yeah. Okay. Okay.
[23:56] FD: For me, it’s also as a father today to both finding the right balance. But basically, I like to work when I want to work and I’m always into this dynamic regardless if I’m in holidays or whatsoever. The truth is that for the kind of things I’m doing today, it’s not something I do at all or I could be just trying for for many years and obviously failing, because arriving too late on target. It’s about team and a lot of what we are doing is team effort and I’m really surrounded by self-minded persons as well. Working very odd, looking at the different problems and bringing passion into finding solutions for them. Trying not to shoot ourselves in the foot or working around with a harmer looking for a nail. Really trying to be open and critical to what the problem at hand and solving it. For that, sometimes it requires to be a bit more on the side on management to deal with some of this human aspect, because at the end it’s about humans, right?
I’m taking a lot of pleasure, I have to say, to converse with customers on the use case. Not only when they’re happy. When they’re also particularly unhappy, but a way that – A way that I’m seeing this done.
[25:20] CS: Yeah. It’s a learning experience to find out what they’re not happy with.
[25:23] FD: Yeah. No. It’s really like being supportive and supporting where it matters. Taking your space and just your space and doing it right and being focused. That’s the same. Yeah. No working schedule for me. No holiday schedule for me. My wife hates me for that. But basically it’s like, “Okay. You know what? Next week, let’s go in holiday.” Maybe that’s the best moment.
[25:48] CS: There you go. Well, okay. Well, I still kind of want to know, do you have an average day? It seems like it’s completely different day to day. But what are some things you do consistently each day? Do you have to check emails every day? Do you have to sort of check-in with key clients every day? What are some of the sort of like – Obviously, you’re not in like a conventional job role or whatever, but what are things that are sort of like constant in your career life?
[26:18] FD: I wake up early also because I have kids, and they wake me up early. Moreover, in this time of pandemic and staying at home and working from home, which is not a big very much of a difference than the way we used to do these kinds of things ourselves to be very honest. Waking up with the kids, taking breakfast.
I like to – I mean, the best work I do is before lunch in general. I either answer customer requests, or I still could be developing stuff. I have my own set of tickets that the team is letting me do. I don’t know if they really incorporate the code into the product, but that’s not a part of…
[27:05] CS: Yeah. That’s a whole other story.
[27:07] FD: They complain. Well, we have this you break it you own it kind of spirit. If ever my code is getting in the product and it’s broken, then that’s my problem to deal with. At least you know on this side. I like reading a lot. I read a lot. That, what I can I do by morning. Basically by afternoon, also because part of the team is overseas. It’s their morning, so we make sure that we keep the ball rolling between the two continents.
The best part of this thing that I had already in the sub-operation aspect, like when you’re really incidents between the guys from Singapore, the guy from Europe and the guy from East Coat US and so on is really also addictive, you know, time moves on. Basically, again, morning for me is generally like focused on myself, my learning, and supporting customers and all these things. By afternoon, it’s a bit of the strategy conversations and keeping the ball rolling.
[28:14] CS: Okay. I got a bunch of questions here, and I feel like we’ve already kind of answered them by talking about the sort of active and passive forms of cybersecurity and red teaming versus pentesting versus malware response and things like that. I think you’ve intro’ed us pretty well, but I kind of want to sort of spin put into that a little bit and just sort of get your advice on what sorts of things you recommend people who would be entering the industry now who want to do this kind of stuff. What should they be learning? What should they be doing in a hands-on way? What should they be able to demonstrate to potential employers? Where to start I guess and how to sort of decide? Because you’re saying red teamers can learn a lot from blue teamers and vice versa. What are your thoughts on learning to specialize or learning just to learn or learning in ways that employers can sort of see that you know how to do this thing? Where would you start if you are starting now?
[29:11] FD: I mean, frankly, back to the root, it’s all about curiosity. It’s not – I mean, obviously, there are some stuff that you need to be able to be doing and that depends on the kind of position that you’re going to, right? I mean, if today you apply to work in a hosting company and have no clue what’s Docker and Kubernetes. I mean, you’re not fit for the job, right? And the same on those aspects.
Some of these basics and those basics are I will not say easy to master in any sense, but at least you can very easily find some kind of roadmap to learn from it and so on and you should absolutely never take no as an answer. I mean, it’s all about motivation. If you’re also committed about anything, I trust you will succeed.
Frankly, in the cybersecurity industry, when you see like the scarceness of the resource and the need we have for people, I’m pretty sure you will find someone who gives you a chance. If you work out, you’re definitely going to make a career out of that. But it’s all driven by curiosity. You need to really want it, because this is such of a vast topic nowadays. It’s so many different things to be looking into. It’s hard not to become overwhelmed. The best people I’ve seen in that field over the years are very often the ones who are focused who have – Even if they’re a bit chaotic in their approach, they have kind of an idea of where to go with it and they really stick to it, right?
In my time, it was about like a normal set of chain of progression, right? You were starting to look at this thing and suddenly realize, well, you have to get access to this information, which is there, and for that you need a computer. How does it work? What about the networking part? How do you get to the information on the net and so on?
Today, I’ve been working with people who are amazing at doing really crazy things with stones and basically if you ask them to set up like basic network safety, right? It’s not so much about nowadays about like really having this logical progression. It’s basically keeping some focus on what you want to do and there would be a spot for you and trust on that.
[31:46] CS: Yeah. Yeah. Yeah. Yeah. For people who are – That was sort of like good advice for people just getting started and stuff. Do you have any sort of thoughts for people who might feel kind of stuck in their current position or don’t really know how to sort of move to the next level or they’re working on a help desk or they’re reading long reports all day or whatever. What are some things they could do today that sort of will jump start them and sort of re-spark what it was that they liked about this in the first place before they got stuck?
[32:15] FD: I mean, that’s not a question that – No. The reason why I’m here and the reason why I’m living in different countries and native country and stuff is because I could not just wait on the so far all these things to be coming at me, right? I mean, my best advice is don’t let that happening to you that you realize one day that you just dropped them on a good chance.
I mean, it’s worth not trying than failing at trying. See what I mean? You don’t want to watch yourself in the mirror and realizing that you could have been someone else and at least tried it. Even if you fail, so what? Not trying is the worst I think to be honest. Again, if you’re serious in what you’re doing. I think part of my learning is on the side of working. A lot of people are doing it. Learning – There are so many different sources. You have local user groups, local community around security in your town, but you do also have that online if you don’t want to step out of your home. I mean, there are so many way to access the right persons. Just don’t take no for an answer and just don’t do that to you. Just keep trying.
[33:37] CS: With the world currently kind of on locked down, has that changed how you do your work right now and do you think it sort of changed anything about people sort of networking or trying to sort of finding new positions? I mean, have you seen a big sort of change in the way that you do business right now with COVID-19 and everything?
[33:58] FD: Yeah. I mean, past the moment where everyone was sort of bracing for impact, and we had a lot of that. I mean, Europe was hit before that the US did. We are just starting to get out of from that and really like really slowly have been careful not to have the second wave.
But it obviously changed a lot of things. A lot of people are speaking about the new normal. I will say we do also have a new cyber normal in the sense that along with the lens of the management of the economy and as well as with all those changes, the acceleration of the digitalization. So all those program, which were like taking ages suddenly just got through.
[34:47] CS: Yeah.
[34:48] FD: And suddenly everyone can work from home. A big surprise. In fact, that was all possible before, it just like we didn’t look at it seriously enough. Not enough, right? But this is definitely changing the landscape in terms of what that means for cybersecurity, because you have, some of it shifts from what you were sort of expecting the enterprise sort of umbrella to take care of and the risk sort of shifted to the end user basically at a home with his VPN trying to do some work and so on.
It changed a lot of things. One of the outcome of that is a good one for us in the cybersecurity industry. I mean, we knew that cyber was here to stay and is definitely here to stay, right? It’s, again, like the best moment to also getting into that industry, because there are jobs to take, right? These jobs are – They are solid and they will remain, right?
But on the customer side, that obviously has been a bit of time to understand, “Okay, where is my budget going? Where should I put this or that, or the networking,” the relationship with the customer has been disrupted and no one can deny that has been a bit of I will say like two, three weeks, everyone was sort of wondering what’s going to happen. As soon as people realized that, the old normal is not going to come back. I think we moved very fast and I think, yeah, we can be quite product of the community itself and not only ours, but a lot reading, following the same trend.
We moved a lot of conferences online. There’re a lot of virtual things happening, and our self, we shifted a lot to what like better communication and so on, and this again an opportunity. I’m a very opportunistic person. I can only speak the good things out of that.
[36:48] CS: Right. No. Please.
[36:51] FD: One of the interesting aspect is that basically it’s putting a lot of the competition at the same level, right? Because you cannot just engage like an incredible amount of money into the next RSA or the next big kind of conference. Everyone has to play with the same tools, right?
It’s sort of reshuffled the cards a bit and that’s a good thing. But I think back to your question on networking, I mean, I think networking is when you’re here trying to sell something and we are not trying to sell something in the sense that what we do with these tools strongly into, we know that when people see that and understand that use case and when we’re working together, it’s something that we truly see is a game changer for the ways that they operate. This is not about making a sale. This is about like working together. I really see my customers as partners and not as just someone buying a license of what we do. Things that come along with that is basically don’t do networking. Make friends. Work as people generally.
[38:07] CS: Yeah, networking is sort of –
[38:10] FD: Yeah. Sorry, go ahead.
[38:10] CS: I was going to say networking also sort of implies that you’re only there to sort of get something, whereas if you make friends with them, then there’s a give and take. You have something to provide to them as well rather than you’re just basically asking them a favor.
[38:23] FD: Yeah, it’s kind of – It’s back to quality. This is what startups are very much about, because we have this relationship with the early adapter, with the one taking the risk along with us. That’s why, again, customers are partners. This is about like really supporting them on their journey and they become friends. For that, I cannot just have like two hundred of that.
[38:52] CS: Yeah. Right. That’s true.
[38:53] FD: I mean, it’s really something that we work very closely and so, and somehow the problem brings people back together at some point. This is why I take that very positively. That’s what’s been reflecting on the human aspect much more than what we had in the past couple of years on making the revenues and I’m sort of happy with that.
[39:17] CS: Yeah. You’re clearly a very sort of ambitious-driven creative person. Can you sort of tell me about your personal goals for the future both with QuoLab and just as a cybersecurity professional? What are some things that you hope to still accomplish in the years to come?
[39:34] FD: Yeah. I keep repeating that I’m grateful because that’s really true. I don’t take anything for granted and I know that with the rights are coming the responsibilities, right? Ambitious, I don’t know. I certainly want to have some level of impact with regard to my environments, and my environment are the people out there. The real job with security is really like being an enabler for the different industry where those are people who are also having jobs and it’s what bringing all that together. That’s what I wish for myself really and still being supportive and building things with amazing persons and building cool things altogether is what I wish to myself.
The fact that is QuoLab is sort of reflecting directly out of that in the sense that QuoLab is a substrate for other ideas and all these things. QuoLab is this platform with this capability for people to collaborate on investigations and so on. It’s really like it’s not necessarily just something for cyber. It could be for a project and so on, and this is a substrate on which we are growing different ideas with communities and people.
We, and I, really the commitment is on building the tooling for reconciling the human and the machines and sort of getting those things to be working together. Yeah. I mean, in a sense, my personal goals, the company goals and what we do is directly, obviously, very overlapping.
[41:26] CS: As we wrap up today, a couple of last questions here. Can you just tell me a bit about QuoLab? What it’s all about and what some of the exciting projects you have going on right now?
[41:33] FD: Sure. Absolutely. QuoLab is a distributed data vision platform with a corroborative analysis capability. It has been mainly built for cybersecurity operations. From the threat monitoring to threat hunting, incident response, malware analysis, these kinds of things, we observe that in a lot of different SOCs, it was like being worked out by different teams. Driving the incident or driving an analysis means like being also able to zoom out and see the big picture, and we’re really lacking of the tools to actually like bringing all those guys to be working together with the data fused together and these kinds of things. That’s really what QuoLab is about. It’s really like bringing all those data points, all those people to directly be working on the matter through the access of, let’s call it a workbenchful analytics and analytics tools. Again, same story, bringing people together. Good product made by people who used to that for quite sometimes themselves and who were looking for tools they could not buy. So there we go. We did it.
[43:00] CS: You did. One last question here. If people want to know more about Fabien Dombard or QuoLab, where can they go online?
[43:09] FD: Jokingly, I could still say maybe I’m on the IRC somewhere. I mean, some people are.
[43:14] CS: All right. [laughing] You heard it here, man. Go check IRC.
[43:19] FD: I mean, obviously, social network is where you can find us… following us on Twitter, LinkedIn and so on. Get in touch. DMs are always open. So please feel free. Obviously, we love to have you, just come visiting quolab.com, offering you gmail, giving you a proof concept, having some fun together, looking at cool data, maybe having a beer.
[43:43] CS: Perfect. I like all those things. Fabien, thank you so much for your time today. This was really a lot of fun.
[43:50] FD: Thank you, Chris. I appreciate that.
[43:52] CS: Thank you all today for listening and watching. If you enjoyed this video, you can find many more of them on our YouTube page. Just go to youtube.com and type in Cyber Work with Infosec. Check out our collection of tutorials, interviews and past webinars. If you’d rather have us in your ears during your work day, all of these videos are also available as audio podcasts. Just search Cyber Work with Infosec in your podcast catcher of choice.
For a free month of our Infosec Skills platform, just go to infosecinstitute.com/skills and sign up for an account, and in the coupon code type cyberwork, all one word, all small letters, no spaces, and you can get a free month.
Thank you once again to Fabien Dombard and QuoLab and thank you all for watching and listening. We will speak to you next week.
Cyber Work listeners get a free month of Infosec Skills.
Use code “cyberwork” to get access to hundreds of IT and security courses today.
About Cyber Work
Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.