Doran Blinderman - How to Combat Unmanaged Cloud Sprawl

Mover-and-Shaker
Written By Michael F. D. Anaya | Founder
Doran Blinderman
Up and to the right graphic

Critical Stats

LinkedIn: https://www.linkedin.com/in/doranblinderman/

Started their cybersecurity journey in: 2019

Most passionate about (in cybersecurity): Raising awareness of the pitfalls of the Shared Responsibility Model

Favorite zero-day: Log4Shell (CVE-2021-44228)

Favorite song: “Seek & Destroy” by Metallica (Hell’s yeah!)

Introduction

Doran is a distinguished technology leader with a proven record of driving innovation and operational excellence across diverse and dynamic organizations. Doran's expertise spans the full spectrum of consulting, cloud infrastructure, automation, and security.

Doran is a mover and shaker!

We selected Doran because he's a mover and shaker! He has held key leadership roles at Palo Alto Networks (the premier player in cybersecurity), Expanse, Revinate, Anki, Oportun, and Accenture. Throughout his career, he has consistently delivered transformative solutions that optimize infrastructure, enhance scalability, and improve system reliability.

Doran's career is marked by a commitment to leveraging cutting-edge technologies to solve complex challenges and empower organizations to achieve their strategic objectives. His extensive experience, coupled with a passion for driving operational efficiency, makes him a highly respected and impactful leader in the technology industry. I can personally attest to this, as I have had the privilege of working alongside him.

Without further ado, we asked Doran our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

There are a few things that come to mind, but the top one is unmanaged cloud sprawl. By that, I mean organizations are growing so fast in the cloud that they lose track of where they are and what they manage.

The proliferation of cloud infrastructure has brought enormous opportunity for companies to take advantage of the speed to market, scalability, recoverability, and flexibility… maybe a bit too fast.

I say that because the risks of unmanaged cloud sprawl can increase attack surface and reduce visibility, making it hard, if not impossible, to defend against surprise unknown threats. How can you protect something you don’t know is yours?

2. How can we address unmanaged cloud sprawl?

You can’t rely on human intervention. Security needs to shift left, earlier in the software development lifecycle (SDLC), and down to the platform level.

To be more precise, we should factor in security considerations at the beginning stages of the software development process, when planning your project, rather than waiting until the end (such as during testing or after deployment). In addition, security should be built into the platform level (the underlying infrastructure, operating systems, networks, and cloud platforms) on which the software runs, not just at the software level. If we move in that direction, we can begin to solve the problem at its root.

Content by decodingCyber

Like our content? Let us do the same thing but for you. Interested? Let’s chat!

3. What are three actions a CEO can take to protect their company from cyberattacks?

CEO’s set the culture, and the best protection from cyberattacks is a strong security culture. CEOs should:

  1. Care about security outcomes, and ensure security is part of everyone’s job. Set goals and KPIs to support performance ratings that take into account security hygiene and outcomes for every employee.

  2. Build an environment of no blame and fast iteration. Drive awareness and understanding when security mistakes are made. If done well, you can quickly fix systems and processes to close security gaps without putting your workforce on the defensive. It's possible to build a strong security culture while also improving employee morale.

  3. CEOs shouldn’t accept compromises on product security; cybersecurity has to be a table stake, not an afterthought. Invest in integrating security tooling into the SDLC, require security as a product requirement, and allocate engineering time upfront to prevent security issues instead of being reactive to them. 

Pro-tip: Being proactive is one of the best ways to stay ahead of the threat! Never tell a security leader, “No,” if their ideas help prevent a security incident.

4. What are the best resources for learning more about cybersecurity?

I have three resources I would recommend:

  1. Read krebsonsecurity.com - It offers in-depth, yet easy-to-read, technical investigations on current cybersecurity trends and risks.  My favorite articles detail the steps of an attack and the associated mistakes organizations have made in addressing it.

  2. Use Google Cloud Platform and Amazon Web Services free tiers to learn - You can get hands-on and learn infrastructure fundamentals! I think the best way to learn is to build a simple three-tier web app and then start securing users’ identities, network, instances, and data. Implement basic monitoring and alerting for critical events. Then break something on purpose and see how long it takes to recover. Take any learnings and try to rebuild or recover in less time, and you’ll be well on your path to understanding the impact of DevSecOps!

  3. Read The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations by Gene Kim -Although it’s focused on DevOps, world-class cybersecurity organizations follow the same principles of systems thinking, culture, and technical practices.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

A common theme I hear from cybersecurity professionals is that there is just too much work to do. The only way out of this problem is to focus on collaboration and automation. Collaboration is so critical because security problems are cross functional and don’t fit neatly into any organizational structure or team responsibility; the people I’ve seen who have the biggest impact on security can work across teams and levels, build shared understanding across silos, and build strong culture of continuous improvement. I’d love to see more people with strong collaboration skills from other industries and backgrounds polish up a few basic technical skills and get into cybersecurity!

In other words, if you want to get into cybersecurity, focus on your collaboration skills and find ways to partner and cooperate with those in the cybersecurity field. By making their job easier and helping solve their problems, you will be top of mind when they want to expand their team.

Float like a butterfly, sting like a bee, and share like a vampire bat… LOL, Google it! Vampire bat are known for sharing. #facts

Michael F. D. Anaya | Founder

I’m a techie who’s been in cybersecurity for over two decades. My passions are being a top-tier dad, helping others, speaking in public, and making cyber simple. I am also partial to cheesecake and bourbon, but not together… well, come to think of it, it might be a killer combo! TBD.

https://www.mfdanaya.com
Next

Tamika Bass - AI Threats and Leadership Strategies