Q: Can you tell us about your current role and focus?
A: I’m the VP of Engineering for our threat hunt products at Intel 471. A couple of months ago, we were acquired as Cyborg Security. My role involves overseeing product and development for our Hunter product, covering everything from product management to implementation and monitoring. We’re a small team, so I’m responsible for what we’re building, how we’re building it, and getting it out there.
Q: How did you end up in your current career path?
A: I’ve been in this field for about 15 years but didn’t plan on being in cybersecurity. I’m more of an engineer and product person in cybersecurity than a cybersecurity expert. I started with a software development internship during my first year of university, which led to my joining a small startup MSSP. We built a threat intelligence product, which was my first experience with integrations. From there, I moved to Swimlane, leading the integrations team and building integrations for about 300 security products. Then I joined Cyborg Security as head of product and development before our recent acquisition by Intel 471.
Q: Do you have an engineering motto or philosophy by which you work?
A: One principle I often share with our team is “build no more than you absolutely need to – no more, no less.” Getting caught up in the excitement of adding features during the idea phase is easy, but that can lead to unrealistic plans. I focus on addressing the next main blocker or objection, moving forward efficiently, and not overbuilding. The goal is to deliver what matters today without getting distracted by every little idea.
Q: Do you think development for cybersecurity products is inherently different from other types of products?
A: It’s hard to say definitively, but from what I’ve observed, cybersecurity tends to lag behind the broader tech and development ecosystem by about 3 to 5 years. We often adopt concepts that other industries have pushed forward, but we’re not very forward-thinking in terms of principles, philosophies, or approaches. Security and stability come first, with innovation and speed second.
This lag might be because cybersecurity product companies are often led by security practitioners first rather than engineers, developers, or product people. The industry isn’t always seen as exciting, which might not attract people interested in general tech products. Unless you have leaders who have been security developers their entire careers, the mentality and background of security practitioners often shape the culture from the top down.
Q: What do you think about the current trends in AI and its application in cybersecurity?
A: I think we’re moving past the hype cycle of AI right now. Companies that have been heavily promoting AI as a central feature might reconsider whether it’s truly crucial to their offering or if they just jumped on the bandwagon.
In cybersecurity, AI is a great starting point for many tasks. It’s useful for sifting through mass data or helping you get started on things like building queries for tools or starting integrations. However, it’s not yet at the point where it can fully replace a tier 3 person. We’re probably more than 10 years away from that level of capability.
Q: What tools do you find valuable in your engineering work?
A: I’m particularly enjoying tools that simplify infrastructure management. Platforms as a service like Render.com, Netlify, or Vercel are interesting because they allow us to focus on our core product without worrying about managing the underlying infrastructure. These tools represent a shift towards simplifying deployment and management processes, allowing teams to concentrate on building their actual product rather than maintaining infrastructure.
Interested to see where other tools like https://encore.dev/, neon.tech, and https://coolify.io/ go as the next wave of infrastructure abstractions.
Q: What’s your favorite aspect of creating security products?
A: My favorite aspect isn’t necessarily security-specific, but I love making products in general. There’s something magical about going from zero to creating something valuable. The ability to turn ideas into bytes that deliver real value feels almost like magic. As a tinkerer at heart, it’s incredibly fulfilling to create something from nothing that can significantly impact someone’s life.
Q: Where do you get your information? Are there any publications, podcasts, or influencers you follow?
A: Recently, I’ve been enjoying startup podcasts like “Acquired,” which deep dives into corporate history, and “Masters of Scale” by Reid Hoffman. I’ve focused less on engineering-specific topics and more on general startup discussions and communities. This shift is because I feel I’ve got a good handle on the engineering side, and now I’m looking to expand my knowledge in areas like marketing, raising capital, and overall startup building. These resources help me gauge what’s normal and exceptional in the startup world.
Q: What trends are you seeing in cybersecurity right now?
A: From my perspective in threat hunting, we’ve been focusing on how to arm professionals to look for behaviors rather than relying on traditional IOC-based alerting. It’s less about specific IPs or connections and more about understanding and detecting malware behaviors.
A persistent theme in cybersecurity is how to operationalize intelligence effectively. It’s not just about having more data but about condensing it into something actionable. We’re always asking: How can we coalesce this data into something consumable that we can actually act on, and what are the least friction points to doing that?
Q: What do you find most challenging about security integrations?
A: Integrations are challenging for several reasons. Customers often expect them, but they’re time-intensive to build and maintain. Getting access to develop integrations for security products can be difficult, let alone keeping them up to date with the latest versions of the tools you’re integrating.
There’s also a constant need for monitoring and troubleshooting. The breadth of integrations required keeps growing – you start with one, then you need three, then five, then a hundred. Often, the amount of work that goes into integrations versus the payoff can be skewed. It frequently feels like there could be better uses of time and resources.
Q: What are the implications if integrations are not a focus and resourced correctly?
A: If integrations aren’t properly focused on and resourced, the systems’ communication ability is greatly diminished. This means you can’t achieve optimal outcomes by having these tools work together.
You might see portfolio companies grow and build walled gardens where they maintain their own integrations within their product suite. This could lead to customers being required to buy all products from a single vendor to ensure they work well together.
Alternatively, you might end up with a kind of “black market” of integrations, where individual engineers build their own scripts to fill the gaps. This leads to a disjointed approach without cohesiveness, potentially losing a lot of value due to these tools’ inability to communicate effectively.
Q: What are your thoughts on Synqly?
A: I was excited when I first heard about Synqly. Their vision aligns with what I felt was needed in the industry – a solution that handles integrations seamlessly, like Stripe does for payments. At Intel 471, we’re building queries for security tools but don’t want to build all the plumbing for integrations. We don’t want to manage the systems or handle permissions – we just want to be able to run queries and get results. If Synqly can hide away all that complexity, I think they have a great opportunity.
Q: How would you describe the most valuable aspect of Synqly to a fellow engineering leader?
A: For anyone who has built more than a couple of integrations, I’d simply say that Synqly can be your integration provider – essentially, integration as a service. They’ll immediately understand why that’s valuable. For those new to integrations, I’d advise them not to build integrations themselves. It starts with one or two, but quickly grows to many more that you have to maintain. My advice would be to find someone like Synqly who can handle this for you. You don’t want to maintain this yourself – it’s a complex, ongoing task that’s better left to specialists.
Synqly offers the first Integration Platform-as-a-Service (IPAAS) for security and infrastructure vendors. The platform dramatically simplifies development, maintenance, and support of software integrations for product and engineering teams, reducing time, costs and complexity by up to 90%. Vendors use a single, standards-based data schema and query language for every integration with Synqly’s innovative abstraction layer to connection cybersecurity and infrastructure software, eliminating the need for vendors to learn every API for every target product. The platform’s Multiplex Connectors allow integration across multiple solutions within the same category from a single integration. With continuous performance monitoring and usage statistics, Synqly ensures integrations remain current and issues are swiftly identified and rectified. This empowers vendors to meet integration demands without sacrificing valuable engineering resources.
