In this week’s episode of The Future of Security Operations podcast, I'm joined by Raymond Schippers. With 15 years of experience leading detection and response teams, Raymond is a seasoned security leader with high-impact roles at Check Point and Canva under his belt. He recently became co-founder of Huntabil.IT, a Melbourne-based company providing organizations with tailored advisory services to align with their unique threat landscapes and business goals.
Raymond and I discuss:
Scaling incident response at Canva as the company grew 10x in just four years
Rethinking hiring to build more diverse and resilient security teams
Proven strategies to reduce burnout and alert fatigue in SecOps
The emerging threats Raymond believes are flying under the radar
Where to find Raymond Schippers:
Where to find Thomas Kinsella:
Resources mentioned:
In this episode:
[02:27] Landing his first security internship at Siemens as a teenager
[03:18] Reflecting on some state-sponsored attacks he encountered while working IR at Check Point
[04:45] Working with government partners to attribute and dismantle APTs
[08:10] The challenges of remediating threats for anonymized customers
[09:30] What inspired Raymond’s move from Check Point to Canva
[10:35] Building Canva’s blue team during the company’s phase of hypergrowth
[12:40] Rethinking the interview process to prioritize diversity in hiring
[18:02] Proven strategies for reducing burnout and alert fatigue in IR
[21:09] How Raymond's team used automation to scale security operations at Canva
[23:16] The state of AI in security - and its most effective use cases
[28:53] What inspired Raymond to found Huntabil.IT
[31:09] Raymond’s approach to working with non-profit organizations
[39:15] The under-reported threats that could reshape the future of SecOps
[44:06] Anticipating the biggest challenges security teams will face over the next five years
[46:42] Connect with Raymond
TL;DL? Read Raymond’s take on:
APT attribution and takedown on a global scale at Check Point
“At that time, Check Point was the leading cybersecurity vendor. We had incredible visibility from customers who opted into sending telemetry. Using that, we were able to understand what their behaviors looked like at a huge global scale, and then track that back to various infrastructure. We worked closely with government agencies as well, so they'd have other bits of information to bring to the party... together, we'd build up a very strong picture of what an adversary was doing, what their behaviors were. We weren't looking so much at IOCs, but the actual TTPs, the real behavioral indicators."
It was very interesting, playing that cat-and-mouse game with them. But it also really shows you how cyber is one of the few industries that’s working up against humans on another keyboard. We're not trying to troubleshoot a bug in some software - it really is human versus human.
The importance of automation during his time at Canva
“One of the first things we decided to do was ensure that people didn’t have to be in-depth software engineers - that we didn’t need everyone to be a Python expert. The original team we hired was reasonably strong with scripting, but hiring that next tranche of engineers was really limiting the talent pool. That’s one of the reasons we moved to Tines: to have low-code, no-code automation so we could scale up, bring in early-career talent, and continue growing the team.”
There was one time we needed to rapidly build a web app at insane scale to perform a specific task — most people expected it would take us weeks. Using automation, we got it done in 12 hours... I was very fortunate to have a large team, but we definitely couldn’t scale infinitely. Without automation, it would have been impossible to deliver what we delivered.
How Canva’s blue team prioritized diverse hiring practices while hyperscaling
“For interviews, we made sure we had a diverse pool of people that we didn't all look like me. We also had challenge interviews - a candidate could present on a specific topic that we informed them of beforehand, and we’d run them through some technical scenarios. Knowing their presentation topic helped reassure people and build their confidence."
At the end of the day in cybersecurity, we can teach the technical skills. It's the thought process and that really inquisitive mindset that we're after. Trying to tease that out through those challenge presentations was one of the really cool things that we did.
How AI’s rapid evolution has taken him from skeptic to optimist
“I've definitely started to see some strong use cases. There's absolutely still things it struggles with. A classic example is turning blog posts into STIX reports. It handles that, but those kind of arcane things, it's not amazing at... I have noticed that every company is trying to jam AI into things, and sometimes that causes a significant eye-roll for me. I don’t need AI to create dashboard widgets for me. The challenge with AI being everywhere is: Where’s all this data going? Who’s learning on what? There seems to be no clear, coherent approach to that yet.”
It’s definitely helping improve how we communicate as a cybersecurity community. It can also really help with tier 1 triage. It’s come a long way, very quickly, at analyzing alerts in a simple-to-understand language.
Huntabil.IT's approach to philanthropy
“I was really inspired by Canva’s two-step plan: become one of the most valuable companies in the world, but then do the most good that you can. Common wisdom always was, if you're going to do the most good that you can, it’s going to come at some kind of financial or other penalty. I think Canva has really led the way in showing that it doesn't have to.”
You can operate in a way that does immense good around the world. In cybersecurity, we really need to step up and do something similar. I’ve seen people charging charities and not-for-profits significant sums of money to do that, and I'd much rather work with them for free.
Listen to more episodes of the Future of Security Operations podcast.