Inside the day-to-day challenges of Splunk's CISO Jason Lee
In a revealing interview with TechDay, Splunk's Chief Information Security Officer (CISO), Jason Lee, has shed light on the multifaceted nature of his role and the unique challenges he faces at the forefront of cybersecurity.
Splunk relies on Lee not only to protect its own infrastructure but also to demonstrate the effectiveness of their products to customers.
"One of the unique parts of the job is as a CISO for a security company that has security products. One of the unique things we do is showcase to our customers how we use our own products to protect our own company."
Lee elaborated on his involvement in customer relations and media engagements, adding a significant layer to his role.
"I have standard meetings where it's helping prioritise what things we should be fixing, what sort of risks we should be focusing on. Do we have budget for it or not? Then I also get to go to the customer side and media side as a spokesman. It's a week that can go from having an interview to talking to a customer, to then working on what are the security problems that we're trying to work through."
One of the current projects at Splunk, Lee mentioned, is their role as 'customer zero' for new product features.
"One of the projects that we're working on is we have new products that we push out, and we consider ourselves customer zero."
"New features that are coming out in Splunk that we get to work on quite a bit - we're beta testing and providing feedback to our product group," he added.
Lee emphasised the importance of planning and teamwork in this endeavour.
"We have a whole programme that is, how do we engage the product team, and how do we make sure that we provide the feedback in a way that's meaningful for them, so that they can use it and turn it into future changes."
Integration with Cisco, which recently acquired Splunk, is another major focus.
"We have a lot of integration projects to make sure that Splunkers have an easy transition into getting access to Cisco networks and being able to get into their environments," he stressed.
On the topic of cyber threats, Lee discussed recent trends and the alarming findings from their report on the hidden costs of downtime.
"We looked at interviewing the Global 2000, and it was about 400 billion a year. From a CISO perspective, there were several interesting things that popped out. 53% of those are security incidents, and the number one cause is human error. It really reinforces that you can add all these technical controls, and it still comes down to educating humans to make the right decisions."
Ransomware also remains a significant concern, with many companies being impacted.
"It was 67% of the Global 2000 CFOs who would tell the CEO to pay the ransom," he explained. "From a security perspective, we usually want to be like, 'Don't pay.' You're funding the economy of ransomware. So, it's crucial to have a conversation with your CFO and decide how to approach such situations."
Lee stressed the importance of resiliency, not just within the company but also among their vendors. "We really focus on the resiliency of our company for our customers and the resiliency of our vendors that we rely upon to operate."
Addressing the connection between human error and downtime, Lee explained: "A human error is looking at an email and thinking it's safe, clicking on it, and causing ransomware to enter an environment. There's a direct link. With AI and phishing getting more sophisticated, it's crucial to keep everyone aware of these evolving threats."
When asked about cyber threats specific to regions like New Zealand, Lee noted Splunk's critical infrastructure role in Australia.
"We are considered as critical infrastructure for Australia, which underpins how to respond and detect incidents. We have to protect against all adversaries, regardless of the region."
Lee also highlighted what sets Splunk apart from its competitors.
"The Splunk ecosystem, our customers, and engineers love our product. The power of our ecosystem and our approach to AI, which involves keeping a human in the loop, is crucial. AI is not going to solve all problems; it's about enhancing productivity while having humans make critical decisions."
And on the global front, Lee believes in prioritising resiliency, adding he's "a firm believer that many businesses will experience a breach within the next two years."
"It's about understanding your most important intellectual property and planning how to recover efficiently. You need to detect and contain threats quickly."