Filling a crucially important role, Brad Smith’s key duties and responsibilities include overseeing Automox’s entire IT infrastructure. From the initial build to uptime and staying reliable, as the Director of Site Reliability, Brad ensures we’re always delivering high-quality code to our customers in a fast, effective and secure manner.
In this week’s Get to Know the Automox Team blog post, Brad shares details about his role as Director of Site Reliability, his feelings on the cybersecurity industry and why every business is different when it comes to cybersecurity.
Cybersecurity = Making a Difference
As cliché as the phrase has become, especially for startup companies, Brad believes the most rewarding part of working in the cybersecurity industry is knowing that we actually make a difference in the world. Until the last few years, cybersecurity didn’t receive as much attention as it should have, but as people began to realize that all of their data can be made available to anyone that wants to pay for it, the focus on securing sensitive information increased.
“The free lunch is over for people burying their head in the sand when it comes to cybersecurity. The most rewarding part of working in this industry is actually making a difference for people and companies, allowing them to do what they do and know that we, as their partners, are taking every reasonable step to secure their data.”
Brad believes that cybersecurity is not often prioritized at companies because it’s not the money-making portion of the business and because security can be very difficult. In fact, most of the time, implementing effective cybersecurity measures can be disruptive to an organization’s operations, like forcing employees to change to a different strong password every quarter.
That’s something Automox is trying to change, Brad explained. Automox strives to make endpoint patching easy. Cybersecurity is more important today than ever before because machines, services and so on have become faster which means that the knowledge of how things work is becoming more widely known and the tools available to people to infiltrate or try to crack systems can be downloaded anywhere.
"Everybody’s data is way too important… It’s scary stuff that we just can’t overlook anymore.”
Incorporating Cybersecurity into Your Everyday
One of the best things an organization can do to ensure they’re not overlooking the security of their IT infrastructure is to establish cybersecurity as a part of the everyday operations of an organization. Everyone is a target. Just look at your logs from either a server or a web application, and you’ll see that you are a target. Hackers and bad actors aren’t specifically targeting large companies all of the time, they’re doing wide scans looking for vulnerabilities, and they don’t care if you’re a small local company or Equifax. If they find a hole in your defenses, they’ll drill down in an attempt to gain access to any sensitive data you may have.
When building out features and trying to attain more customers, Brad feels that security and safety need to be an integral part of the “recipe.” Whether it’s saying, ‘we’re going to work 80 percent of this week on the feature we’re trying to deliver to customers, and 20 percent is going to be figuring out whether its secure,’ or simply making sure systems are patched and people are rotating through passwords, good cyber hygiene habits can mitigate a lot of issues.
“When you look at a lot of the past breaches, many of them are the result of outdated software and known security holes, not zero-day attacks. Patching and security best practices and hygiene need to be a part of the everyday recipe of success for a company.”
Proactive vs. Reactive
Brad’s advice for IT managers regarding endpoint protection? Just patch it. Be educated. Know what software is running on people’s machines. Communicate with people because you can’t assume everyone knows the right thing to do when it comes to security.
Cybersecurity readiness is in its infancy, according to Brad, but as it evolves the focus needs to move away from being reactive to being proactive about security. Too often, companies look at an incident after the fact and then try to solve it. Hopefully, businesses will continue to move towards being proactive instead of reactive, meaning that anomalies are being detected before anything bad actually happens.
Brad believes we’re going to get better at anomaly detection, whether that’s by way of artificial intelligence (AI) or very good trained data sets. Companies like Google and Amazon have begun offering security services as a service, and we’re going to see more integrated security, better patch management, more visibility into exploits and increased bandwidth, especially when looking at detections and ways to scan software, too.
“I think a part of the build process for software engineers getting software into production is going to be security auditing of dependencies and/or code, and I think you’ll start to see that more in an automated way… You want to start simple, then expand out. It’s easy to start large and then miss some of the simple things.”
Benefits of Open Source and Automation
Any time that Automox releases software, Brad says that we do it with the best security practices in mind. This involves always making sure that we have a patching strategy in place, meaning that our hosts or servers are up to date, the app software we’re using is the latest and greatest, and if it has any known vulnerabilities, we do not use it.
According to Brad, when we bring on any new software or tool, we definitely want to look at open issues in the source code.
“The beauty of using open-source software and using that to our benefit is that we can always look at the source code to see what the application is doing before we make a decision on whether or not to use it.”
Unfortunately, Brad notes that humans are oftentimes “messy” and “lazy,” so automation is critical for getting things accomplished. We’ve become so dependent on machines and technology that automation is able to mitigate the problems that arise when life becomes a priority and gets in the way of accomplishing tasks. Automating things like patch management and security threat detection is a good way, and one piece of the puzzle, to ensure something is happening on the cybersecurity front.
Every Business is Different, but Education and Patching Remain Important
Today, there is an increased focus on the cloud and cloud-based security as businesses increasingly adopt this new approach to IT infrastructure. However, every business is different, and they need to do what’s best for their customers and for them.
“By having open-source software, you get to peek behind the curtains and have a better shot at finding vulnerabilities than with a closed-source product. Not to say that closed-source products don’t do a good job of updating the software, but you’re kind of at the mercy of that vendor.”
Especially when dealing with cloud-based infrastructure, patching is “super important.” A lot of times, engineers will spin up stuff in the cloud using an outdated image that they don’t ever go back to update. Consequently, when they’re still pushing code to an outdated image two years later, where there’s known vulnerabilities, and then in the event of a breach, everyone wants to blame the software when it’s really the process that’s broken.
As a result, you need to have cybersecurity education in place to protect your people. Companies have to know what the risks are because the cloud is a very dangerous place, and there’s a lot of easy mistakes you can make that can cost people a lot of money.
“It’s a vast, vast area for software, there’s a lot of attack surfaces to be aware of.”
Fortunately, Brad believes the goal-driven team at Automox is actually making a difference in the expansive realm of cybersecurity, ameliorating the vast threat surface and making protecting your IT infrastructure easier than ever before.
“I think the people that we’ve assembled so far are very goal-driven, very smart. What I like is that we are all entrepreneurs underneath, and I enjoy working at small companies where everybody has a little bit of ‘startup’ in them. That’s a very, very good recipe for success.”
Automox is a cloud-based patch management and endpoint protection platform that provides the foundation for a strong security framework by automating the fundamentals of security hygiene to reduce a company’s attack surface by over 80 percent. A powerful set of user-defined controls enables IT managers to filter and report on the vulnerability status of their infrastructure and intuitively manage cross-platform OS patching, third party patching, software deployment, and configuration management. To sign up for a free, 15-day trial of Automox’s cloud-based, automated patch management solution, visit www.automox.com/signup.