Security Leader: Rob Dooley, VMware Carbon Black

Rob is the Regional Director at VMware Carbon Black for ANZ

Credit: Rob Dooley

How did you end up in your current role, and what attracted you to the industry?

I was working in sales at a local systems integrator back in 2005 and they needed someone to complete their security vendor certifications to achieve accreditation with some new vendors.  I was asked to do it and eventually ended up on the annual high achievers trip through selling security software and services.  I’ve just continued on focusing on security and sales ever since.

What do you see as the biggest threat we currently face?

Complexity in managing the security environment is a big threat all organisations face.  Every time there is a new attack methodology or technique, a vendor creates a new tool.  Now we’re drowning in tools and alerts, with not enough skilled practitioners in industry.

What are we doing wrong that means we’re unable to stop it?

We need to stop focussing on just detecting malware and adding new tools, and start focussing on the adversary’s behaviours. 

We’re regularly seeing new techniques, tactics and procedures for attack and it is impossible to detect malware or attack techniques that have never been seen before.  Yet there will always be a limit to ‘how’ an adversary can destroy or steal your information.   The ‘how’ is the behaviour and we need to focus on identifying malicious behaviour and using advanced automation, built into the environment, to prevent and detect attacks.

What security-related behaviour or policy have you changed the most in the past year?

Over the last 12 months, the cloud has transformed the way we can prevent and detect threats.  Carbon Black now has more than 15 million endpoints feeding our data set.  We collect all of the telemetry data from the end point and use the cloud for storage and analysis to provide a rich source of information regarding attacks from around the world.  The more we add to the data set, the greater the visibility to threats we have, and the faster we are able to respond.  Now that we’re part of VMware, the scale of this data set will just accelerate even faster.

What makes a CISO most effective, and what typically prevents them from achieving that?

Effective CISOs need to understand technology and risk but most importantly have strong relationship skills. They need to be the bridge between the board, the security team, the IT team and business stakeholders. If they don’t understand the motivators behind the stakeholders, and can’t build cohesion, they will be seen as an impediment rather than adding value.

How has the increasing climate of governance and compliance changed your approach to security, and changed your engagement with board members and executives?

We’ve seen a change this year with respect to compliance framework enforcement.  We’ve seen the introduction of CPS 234 and more government departments adhering to the ASD essential 8 and more audits of ISO 27001.  This has created a great opportunity for us to work as a partner with our clients rather than being just a supplier.  Our clients are coming to us to help them achieve compliance as opposed to just buying technology to solve a specific issue.

How do you keep up to date with developments in Digital innovation and Cyber Security, this is clearly a dynamic area and it must be challenging?

The security industry has a strong community.  It is essential that you belong to groups such as the Australian Security Information Security Association (ASIA) and other similar groups so as to share information and knowledge with the security community.  On top of this I’m fortunate to be connected to Carbon Black’s Threat Analysis unit for the latest insights from around the world.

What do you see as the biggest gaps in the functionality of current cybersecurity technologies?

The biggest gap in the security industry is the proliferation of point solution tools.  The tools create additional notifications which created the need for a SEIM to consolidate the information.  There are now tools to automate the management of all of the notifications in the SEIM.  However, it hasn’t led to security getting better.  With Mandatory Breach reporting, we’re also seeing record numbers of incidents. Our COO Sanjay Poonen uses the phrase “security is broken”.  This is very true. We need a new approach and that is to have security built into the platform and not bolted on.  The platform needs to do the heavy lifting and automate prevention and detection without the need to even send an alert.  This approach will be the future of security.

How has the nature of your engagement with customers changed in the last few years?

Our customers are well informed. They know us and our capability and we understand them and their challenges. They are looking for use cases of how others in their position have solved similar issues using our technology and services.  We welcome them to join our community of over 25,000 users that now openly share their experience.  The community is our greatest advocate when it comes to proving efficacy and value.

What has been your experience with data breaches over the past year?

Data breaches have increased exponentially over the past year. The one thing that has stood out for me is that no industry is immune.  We’ve seen major banks, utility providers, legal, charities, hospitals, schools and retailers attacked.  Every organisation is a target and can be attacked. It’s not a matter of if, but when.

Show Comments