On this episode of The Future of Security Operations podcast, Thomas is joined by Andrew Santell. Andrew is an experienced security leader who worked for the U.S. Navy for over a decade before moving into the private sector. In 2021, he founded the Security Operations program at Netflix, and recently, he joined edge cloud platform Fastly, where he is the Director of Security Operations and Cyber Defense.

In this episode, Andrew and Thomas discuss:

• Navigating the unique challenges of the Navy, from log management to prioritization
• Making the leap from the Navy to tech
• Building a security operations team and program from scratch at Netflix
• Red teaming phishing response playbooks at Netflix to test their effectiveness
• Recognizing the value of good processes
• Why teams should design processes first, automate later
• Creating a feedback loop between teams at Fastly
• How “shifting left” has helped Andrew’s team reduce vulnerabilities
• Using automation for risk assessment at Fastly
• Andrew’s approach to incidents like the Log4J vulnerabilities
• Why growth in the vendor market is a good thing for practitioners
• Why automation should be a requirement, not just a best practice
• What advancements in AI mean for threat detection
• The importance of risk-based decision-making
• The potential of self-remediation
• Why good security leadership starts with taking care of your people

The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows. https://tines.com/solutions/security

Where to find Andrew Santell:
LinkedIn: https://www.linkedin.com/in/ajsantell/
Fastly: https://www.fastly.com/

Where to find Thomas Kinsella:
Twitter/X: https://twitter.com/thomasksec
LinkedIn: https://www.linkedin.com/in/thomas-kinsella/

Resources mentioned:
Google’s SRE handbook: https://sre.google/sre-book/table-of-contents/
Netflix’s 2018 blog post on SOCless: https://www.linkedin.com/pulse/socless-detection-team-netflix-alex-maestretti/

In this episode:

[02:05] Andrew’s career journey so far

[05:35] The unique requirements of working in the Navy

[09:12] Risk-driven decision making

[11:11] Self-assessing phishing response controls and mitigations at Netflix

[14:28] Andrew’s decision to leave the Navy and his transition to the private sector

[16:12] Comparing approaches to security at the Navy and in tech

[19:26] Breaking free of bad processes

[23:20] Broadening roles to include pen testing, application security, and vulnerability management

[27:27] How Andrew approaches automation at Fastly

[31:56] Protecting Fastly’s infrastructure

[33:57] How SecOps has changed and where it’s going next

[40:18] Embracing automation for vulnerability management

[42:45] Taking care of your people as a security leader

[44:56] Making engineering and automation part of prioritization

[47:19] Connect with Andrew