In this episode of The Future of Security Operations podcast, I'm joined by Prima Virani. Prima is a security engineer who worked across industries as varied as oil and gas and Fintech before becoming Principal Security Engineer at Twilio. With over a decade of experience spanning infrastructure security engineering, incident detection and response, and forensics, she's also shared insights at countless security conferences around the world, including SecTOR Canada and Agile India.
In this episode, Prima and I discuss:
The unique challenges of working in forensics
Her transition to detection and response and cloud security
Building a security detection framework at Segment
Reducing mean time to resolve through automation
Using data to prioritize which processes should be automated
Merging teams and technologies when Segment was acquired by Twilio
Joining the securing platform engineering team at Twilio
Designing a challenging and varied career in security
The influence of mentorship on career growth
Democratizing security through knowledge sharing
How security will change in the next five years
The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows.
Where to find Prima Virani:
Where to find Thomas Kinsella:
Resources mentioned:
In this episode:
[02:22] Prima's introduction to cybersecurity career opportunities as a teenager
[06:30] The shift from forensics to detection and response
[09:15] Gaining experience in vulnerability and patch management, and network security
[14:15] Building a security detection framework at Segment using SOCless
[18:10] Using automation to reduce alert noise and improve response times
[20:30] The impact of automation on security team burnout
[22:50] Merging security teams, practices and technologies during Twilio's acquisition of Segment
[25:30] Moving to the securing platform engineering team at Twilio
[27:40] Growing her knowledge of AWS, Kubernetes and GCP
[32:40] Prima's plans to embrace machine learning in detection engineering
[34:20] The importance of mentorship and knowledge sharing in career growth
[37:30] Prima's all-time favorite projects, including hosting FleetDM on AWS EKS
[39:36] The future of security operations through Prima's eyes
[42:01] Prima's advice for security practitioners
[43:58] Connect with Prima
TL:DL? Read Prima's take on…
Knowledge sharing:
"When a group of people acquire a set of skills - in this case it happened to be Windows server administration - it becomes a lot easier to then collectively manage them... The individual's journey, I think, is far less important than the collective journey."
Her automation strategy at Segment:
"You cannot automate everything. Sometimes you cannot automate due to technological limitations. Other times you cannot automate because an individual really actually needs to look at it. Whether or not something is good or bad is unclear - that's when you can't automate. So I figured out all the places where we could clearly define logic for what was good andwhat was not. Also identified the types of steps that were repeated across different types of alerts."
Automation's impact on burnout:
"Instead of having to respond to everything immediately like now, now, now, it gave us the opportunity to assign different SLAs to different severity of alerts. That gave people a lot more time, because now, whenever somebody was on call, they had up to a week to respond to certain low priority alerts and the high priority alerts got the urgency they needed."
Whenever somebody asks for help, and it takes me more than 30 minutes to do that particular thing, or it's very technology-specific, I just open a Zoom session and post the link in the team channel. That way anyone can learn more about that particular problem, and I get to offload that information and make it available to everybody. I don't believe in hoarding information in any way, shape or form.
Career growth:
"Be unafraid to put your hands up for things you know nothing about, because you can always learn. There are always people who know more than you about any given topic on any given day. And be open enough and humble enough to reach out to them when you need to. Your career is not just your career. It's collective journey, as I mentioned earlier as well, and you will only be as successful as the individuals you are able to empower and enable. So withholding information might seem like the way to protect your job but it's also, unfortunately, the way to stifle your growth."
The future of SecOps:
"I don't see anything being wildly different, even in five years from where it is today. A lot of evolution, I believe, happens really, gradually where you know, five years from today, maybe two out of 10 technologies might be different. 10 years from today. Maybe five out of 10 technologies might be different. The dramatic shifts only really happen once in a blue moon, has been my experience because the breakthroughs in technology itself don't happen that frequently. The really big breakthroughs take at least half a decade to a decade before they happen again. So the pace of security and security teams is going to be always in sync with the pace of innovation."
Listen to more episodes of the Future of Security Operations podcast.
