Security: The innovation enabler. Building better teams and relationships with Wes Mullins, CTO of Deepwatch

33:36 VIDEO

This episode of Code to Cloud features an interview with Wes Mullins, Chief Technology Officer at Deepwatch. Deepwatch’s innovative cloud platform and borderless SOC extend their customers’ cybersecurity teams and proactively protect their brand, reputation, and digital assets. Wes has a rich industry experience spanning nearly 20 years, initially starting his career as a developer, then transitioning into networking and finally, cybersecurity.

Time Stamps

From CISO to CTO
What are the critical qualities a security leader should have?
How do you tailor your leadership approach to each customer?
What factors does Wes consider when selecting potential partners?
What’s the most exciting security trend currently?
Open Transcript

[00:00:23] Tim Chase: Welcome to Code to Cloud. I am Tim Chase Field ciso. At Lacework and today I'm looking forward to talking with Wes Mullen's, chief Technology Officer at Deep Watch, deep Watch's innovative Cloud platform and borderless SOC extends their customers cybersecurity teams and proactively protects their brand reputation and digital assets. Wes has nearly 20 years of industry experience having started his career as a developer, then working in networking, and finally cybersecurity. And prior to Deep Watch, Wes was the VP of Global Cyber at Nielsen. Wes, welcome to the show.

[00:00:57] Wes Mullins: Thank you for having me, Tim. 

[00:00:58] Tim Chase: so I have known you for a while, and obviously I knew you back when you were, at Nielsen, but, I did not know you when you were a developer. So, I'd love for you just to kind of talk through,that phase of your career. What did you do from a developer and how did that. get you involved, uh, into it and security.

[00:01:15] Wes Mullins: so I started out building websites like most people did in the early two thousands cuz it was a pretty hot commodity and everyone wanted a website, so, Even though no one knew what content they wanted, so you spent most of your time like, what do you actually want to tell people and what is it this website is supposed to do? that then drove me into kind of just tinkering with other things. So I got really active in the Python development, really active into c development. some of the first stuff I wrote, was IRC bots, so, did a lot of IRC stuff back in the day. Some very good, some of it very horrible, but it got the job done. and that led into several contracting gigs where I did some contracting, for government agencies, primarily doing C development. and got really burned out, to be honest with you. it wasn't fun anymore when you were constantly being hammered on something, something, something that was changing, changing, changing. but I did a ton of research on at the time, the DNS protocol, which was the primary focus for the drivers I was writing. that then led me into networking. So I got super big in a layer two, layer three, did a lot of Cisco Alteon, Riverbed, Nortel. and then that kind of was just a natural progression in a tech. and I think I, I like to tinker with things. I get bored really, really quick. Yes, I'm a millennial, so I do three and four and I'm like, yep, no, all I need to know, which led me down dabbling with, IBM a x, did a lot of stuff with that. Primarily DV two administration. stuck on the open source Linux route for a while, which I guess wasn't open source. and then just kind of found my way into cyber via a couple friends that were like, Hey, you're kind of doing this over here, but it's not really part of your job. You know, you can go over here and people will pay you a fair amount of money to do it day to day. and I was very reluctant for a long time and I stayed. On the networking route, and a lot of the back office admin stuff with Active Directory and PKI and Exchange Bridgeheads, before I made the commitment to move into cyber and, uh, never looked back.

[00:03:15] Tim Chase: That's awesome. So I know you wanted to stay a developer for a while, so and then you made that move in, into security, but there, that's a big leap from there. Into kind of being a VP at, Nielsen and running a big, part of their cyber. was it something that just kind of happened naturally or, or how, what made you kind of go be able to do that? Go from developer, up to, to leading a big cyber team?

[00:03:36] Wes Mullins: I had a push by someone I would, I would call a mentor. I don't know that he would, At the time I moved over to, PWC and was doing AppSec over at pwc basic AppSec stuff. and really didn't have a big interest in being a people manager. but ended up kind of being very vocal in a lot of conversations that were cross team, cross line of service, different countries, um, and was kind of, you know, nudged into like, Hey, we're gonna have this other role open up. It's not just AppSec, it's got a little bit bigger scope. and it's got a couple direct reports. and I took it and that kinda changed my trajectory. I fought it for a while because there does come a point where you're not in an i d e, you're not in Burp suite, you know, you're not in a command line. You're primarily focused on leading and then allowing those people to manage their day to day. and I struggled for a little while, but then kind of got the hang of it and now, I'm at where I'm at because of it, and I'm extremely grateful for that individual and, and his push.

[00:04:39] Tim Chase: I love that good mentors are, sometimes hard to come by, but they're always, they're always really helpful. But the other part of that, Story that's interesting is, you know, you went into cyber, but now you're actually a cto. And I haven't, I haven't seen that a, a ton where, you know, CISOs become CTOs, CTOs typically, you know, may make their way up from, VP of engineering or something along those lines. But, how did you find that transition? You know, how did that happen and how have you found it?

[00:05:06] Wes Mullins: it was not part of the plan at any means. You know, the, the goal for me was always to get the CISO title. you know, it's kind of once you get into cyber, You know, there's a, you're gonna go this route, you're gonna go that route. My route was always be the ciso, be accountable, responsible for the entire cyber org. which is what I came to Deep Watch to do. so in 2019, you know, when we were created and spun out, you know, that was my primary focus along with back office. It, and through changes at the top, strategic shifts of where we wanted to go as a company. The opportunity was there and I would've been an idiot to say no to it. so definitely took the opportunity to kind of grab the bull by the horn, so to say, and, um, are extremely proud of, what we built as a company, not just what I've contributed to, but the people that were, you know, there before me that kind of laid the foundation for us to be where we're at. And, uh, I'm really excited about the future. What will be the next 1224 months?

[00:06:03] Tim Chase: how does the, the CISO. experience, help you be a better cto? does it provide you with something that you think that maybe other CTOs don't have? Because I mean, we've all read into it before where like the CTOs couldn't, you know, give a care about security. so does it give you a different mindset as a CTO that you were like, man, I wish other CTOs had this experience, or knew that 

[00:06:26] Wes Mullins: it definitely gives you a level of empathy, because, you know, when we were on the cyber side, it's typically hard nos on a lot of things, but it's not, no, you know, you gotta say, Hey, look, we can't do that, but here's one or two other options that are suitable for you to still be able to do what you need to do to accomplish your business goal. But done with a minimal amount of a risk where the cyber team accepts it. But each of those additional options means new rework in code, new, rework in database, new rework in off. so now having been on the CTO side where my keen focus is shipping features as fast as we can ship features, I am typically torn in the, Hey, do we really want to push, you know, the CISO forward, David's our, our CISO now awesome guy. Have a great relationship with him. but also don't ever wanna put him in a position to be in a hot seat that we can avoid. so I, I think it, it helps, you know, weigh the risk of shipping features fast and pushing product as fast as you can. where, you know, typically the, the CTOs, the CIOs, the VPs of it, they're just worried about speed and get it out and get it there. And if it's buggy, let the devs handle it. they can kind of, you know, push off a lot of the, the less cyber aspect, but, From a CISO side, like the CISO role in the industry these days is not just about cyber, it's about business enablement. So how do you have, a cyber program where you have support from the board and support from the devs and the cloud team and the database team and the open source team and the Linux team. and it's a struggle. I think I have benefited greatly from having dabbled in my career in a lot of other different roles and technologies, that I could see an individual just coming up the pure route of being a dev, becoming r and d, being a vp, doing cto,maybe not having could put you in some really sticky spots.

[00:08:17] Tim Chase: So kind of based on what you've learned, both as a ciso. cause I'm not sure that we covered that before. You were the CTO at Deep Watch. Just to be clear, you were actually the ciso, at Deep Watch and then you kind of moved over to this role. And so you've got, you know, not only the leadership experience at Nielsen, but the CISO at Deep Watch and then the cto. Like, what do you think are some of the, the most critical qualities, that a cyber leader should, possess? Cuz you know, things are changing. all the time. Right. You know that better than anybody being an MDR solution. Like what are some of the most critical qualities you think a security leadership possess?

[00:08:50] Wes Mullins: first one is culture and people. you know, we can talk about technology and amo AI and automation. I think any good leader, whether it's cyber or any other role, like needs to have a good handle on culture in the people, it needs to have a great relationship with the people team itself. something I have, I have learned here, And am excited to carry on throughout my career preach to others is, the HR team or the people team, whatever they're called, wherever you're at, like, they're your advocates. Like they're there to help you protect you, like, ensure that you're doing the right thing. and typically, you know, it's always kind of been the, oh man, we gotta talk to the HR team. You know, kind of know how it goes. But I've been afforded the opportunity here to have a really close relationship. With our people leader, and seeing how that's been able to actually allow me to move faster with people and get people promoted and build an org that is primarily built from internal promotions year after year, after year. And I think that is very, very critical. And also understanding the fact of you can teach. Aptitude, but you can't teach attitude. So how do you find the right people that maybe don't have the experience that's on the job description, that maybe don't meet the requirements that the recruiters want or the hiring manager want, but know that they can still do the job and afford them the opportunity to do that and put people in tough positions to fail. Cause if they're never put in those spots, they're never really gonna break the mold and succeed. the second one I would have to say is building relationships. one thing I think, you know, both of us probably learned at Nielsen, is if you don't have good relationships with the other parts of the business that you have to work with, it's gonna be a struggle cuz you need to get their buy-in and having a great relationship cross or cross line of service across B a u BU Opco sub code, whatever they call it. things just become, you know, things on spreadsheets and swapping head count and swapping budget and. Moving priorities up and back, become, you know, random phone calls on a Friday. And that's the type of relationships you want to have. So, you know, I think people and culture and then building cross relationships, are probably the big ones. And that's not really specific to cyber or CTO or ciso. I think that's just good leadership in general.

[00:11:04] Tim Chase: I, I think that's spot on. I think, you know, kind of fostering that collaboration, across teams and it can be hard sometimes, you know, with a company as large as Nielsen, obviously, you know, with three different business units and different leaders for each business unit. it's extremely hard, but I think that's how you get the buy-in for security. And I, I've heard that a few times from, some other people that we, that we've talked to. Right. Ultimately, security, like you said, it's just kind of a, a number on a balance sheet or a, person, on, on a sheet. It's one more thing they have to do. Right. So, you know, getting that collaboration, and aligning kind of some of those stakeholders, really help security succeed.

[00:11:38] Wes Mullins: yeah, and if, if done properly, you know, it goes back to the. You know, security shouldn't just be considered a call centeBuiBr. And most CISOs that are doing it well these days, like it's not considered a call center. It's considered a business enabler. you know, and just imagine the organizations where, you know, the networking team didn't have a good relationship with the cyber team during Covid when the entire company had to go remote. there are situations that will continue to happen where, you know, security is gonna be your enabler to go as fast as you can go. because they're gonna let you know the minimum level of acceptable risk to go ship those features and make those changes that you need. but it all starts with, you know, I'm not saying everyone needs to be best friends and go out and have drinks with each other. I think getting to that point in a career, It's just a byproduct of a good working environment, but you gotta be able to trust those individuals, whether you like their personality and what they do outside of work. As long as you know that when it's eight to five and they're, talking about your organizations and they're making decisions on behalf of your organization, that they're doing it with the company in mind, then like those tend to be super successful teams in collaboration efforts where you can move mountains really, really fast.

[00:12:44] Tim Chase: I love that, to kind of go along with the whole building and, getting respect across different. teams, you know, I, I think you, at Deep Watch are in a, a unique position that not everybody is where, you talk to a lot of different clients and a lot of different prospects. and so, I think every one of those,

[00:13:03] Tim Chase: teams probably are different. Every one of those clients are probably different. And so how do you tailor. maybe like your leadership approach to, to all of these different clients, right? to give a, you know, maybe like, have an example of a successful client engagement. Like it feels like you have to tailor it for, for each one. So I'm just curious how you approach that.

[00:13:19] Wes Mullins: I definitely tailor the demeanor and the approach. I think any good first customer engagement. is a fact finding session. You know, like not selling anything, not pitching anything, not comparing anything. Most certainly not talking about competition, but really trying to find out what that individual wants, what they need, what they're trying to get, that individual or that organization, and what is their problem. Like why are they in a room talking with you and giving you the opportunity when. They're equally as busy as everyone else is in the world right now. and then, you know, like some people have different personalities and part of politics is figuring out a personality and someone you can be very direct and rude and crude with that will appreciate it and will let you fly for an hour straight. others want to get coddled, let's just call it what it is. Like they want to be the smartest person in the room. and you can't. Go in with too much confidence and too many right answers, because then that's not gonna sit right. And that's, that's in every aspect of, business, not just cyber. so I like to go in, you know, kind of feel the room, let the questions be asked, see what it is they're, they're kind of looking for. Some of 'em are gonna wanna play stump the chump because some have a very technical background. And those turn into, you know, Who has the more technical acumen? some of them don't know anything about the tech and they have their right hand man or woman sitting there that's really probably gonna be the decision maker at the end of the day. They just wanna know if it's gonna be financially viable. Your company isn't gonna go bankrupt, isn't gonna get acquired, and that you have reference customers. So it's figuring that out for the first little bit and then, you know, going left and going right through the rest of the engagement. so I don't, I don't think there's a silver bullet in one way. You approach every customer, cuz every customer is different and they're all trying to solve what we would consider the same problem, but they're going about it their way, which is not the other organization's way.

[00:15:19] Tim Chase: Meet them where they're at, kind of deal. I mean, that's typically, I. You know, a little bit of a consultative style, like where you're a consultant, you don't come in with any assumptions or you shouldn't, and just, talk to them and what, what are your problems? What are you most concerned about? Some may have all the money in the world but they have no process. Or maybe some people have a process, but they don't have people and just understanding,

[00:15:39] Wes Mullins: No budget.

[00:15:40] Wes Mullins: smartest team in the world, but no budget. So can you build it, you know? Yeah. There's, there's, there's a lot. And every organization is, you know, they're going through the same shifting and, you know, economics that the rest of us are, and. You've got budget on Monday and you don't have budget on on Friday and unlimited hiring on Monday, and we're laying people off on Friday. And that is a, common thing. That's not just a cyber thing. Like that's, the world and most people, you know, that have been around long enough have gone through two or three different companies and each of those different scenarios and there's no right answer. Like until you're that person in that seat at that time, you can only be so prescriptive.

[00:16:19] Tim Chase: Yeah, a hundred percent.let's talk partnerships a little bit about, I love, I love good partnerships like, I like to have those, those partners, those people that you could, depend on, right? Because security can be daunting. So, how does modern security and partnerships drive value for your organization, do you think?

[00:16:34] Wes Mullins: I will say the most important aspect is probably not the tech, although I think we all love a lot of the tech and the tech that comes in play with it. It's the relationships, and having partners that have their own set of customer profiles and being able to figure out what are they trying to solve and do they have a problem that either we have a solution for, someone else has a solution for, like I think it expands the net when you wanna talk about customer satisfaction and customer solutioning. having partners that all have different relationships with different people. Cuz you know, like Deep Wash would be naive to be like, yeah, we know everything about every prospect. Like we don't, same thing as Lacework doesn't know everything about every prospect. but being able to have partners that can bring the right individuals into the conversation. When the customer's trying to solve a very specific solution, you know, it's like that Rolodex, that Glen, Gary, Glen Ross, like perfect list of people, you know that are gonna answer. having that means a lot. And I think that's why you, you see the channel being as successful it is and the entire partner community and, and now you have organizations like aws really, really leveraging it and getting down deep into it. Ultimately, yes, it's, it's about technology and it's about additional markup and, and everything else, but it's really about the relationships that allow us collectively as an industry to help the customer in a more holistic manner, where it's not just spray and pray and hoping that something sticks.

[00:18:02] Tim Chase: Yeah, that, that makes sense. And you guys have done a pretty good job, I think, of, of kind of having some successful partnerships, um, in the space. You know, like right now, I know, you know, you're, uh,aws, MSSP competency partner, right? I think level 

[00:18:14] Wes Mullins: we are, level one and multiple competencies.

[00:18:17] Tim Chase: Yes, exactly. So that's an example of a great partnership. So what do you think, what are some insights or some factors that you consider when you select potential partners?

[00:18:26] Wes Mullins: think the, big one is the partner's reputation. You know, obviously, AWS is aws, like they kind of have one of the best reputations in the world out there. but other partners we have just like, you know, the partnership we have recently announced with Lacework was very much on, you know, what do your current customer base say about you? What do your employees say about you? And we, we look at all that and we have those phone calls. We look at what's on the internet, we talk to people. We know people that work there. like the technology has to be able to do what it's gonna do. but there are a lot of people that have really great technology, but they suck at partnerships or they suck at running a company and building successful relationships. So the technology is really just what I would call actually a small component of it. are you gonna help the customer and are you gonna help the partner do what they need to do to deliver something to a customer? So, in our space, mine specifically, like there's a big difference between lacework serving. Deep watch who's running a managed place work offering versus you serving an individual enterprise? We're gonna have a different level of expectations. And a bug for us could impact hundreds of customers, whereas a bug for one customer may just impact them. So I think there's a different level of, of trust, transparency, expectations, that have to happen in order for those to be successful. And you kind of figure all that out in the very beginning, like just on. How do you work together and how are these emails and how are these meetings going and does it seem collaborative? Does it seem one way? and I think it, a lot of it goes back to the culture. and are we a good culture fit for one another and going after the customer the same way? And, you know, you have your different arch types on, super aggressive and very humble and, should be a nonprofit. it's the how are y'all trying to solve what is a very similar problem and are y'all trying to go about it the same way? 

[00:20:14] Tim Chase: exactly. I think kind of making sure you're on the, on the same line, and I know, you know, Lacework and Deep Watch kind of think along the same lines there. Right? Which is why, we are partners and we are, good partners together. So, I love that. but what, you know, when we're talking about Deep Watch, I think one of the things you've said is, you know, every customer has the cloud, but they struggle in the cloud to get deep, watch what they need, to deliver mdr. So, what does that mean? Like, can you expand upon that and then, just maybe talk about how you deliver, like what kind of effective communication

[00:20:42] Wes Mullins: Yeah, definitely. so, you know, our, our average customer today is sending us a 130 plus individual log sources technology types. some of our larger ones have 300 plus. I mean, at some point during, you know, either onboarding or bau, like cloud comes into play, whether it's AWS and that's Azure or that's gcp and. Those crazy people that are still rocking Oracle and all that other stuff out there. and a lot of times those conversations become conversations where there's three different people on it. You have the security team, which is working with the MDR provider, you have the cloud team, and then maybe you have the DevOps DevSecOps team, and it's a, Hey, how do we actually get them as your event hub? And that becomes very, what we would call consultative type of work. for a bunch of individuals who, they're not AWS experts, like they're Splunk experts, you know, and they're threat hunting experts and they're, detection engineering experts. and we have all the documentation that can be provided. But what we have looked to do is to kind of expedite that, Obviously key reason why we recently announced, uh, the relationship with Lacework is it's easier for us to go to a customer and say, Hey, you know, you've got 35 AWS accounts, half are in control, tower, half are not. You've got 12 Azure accounts that are all standalone. Instead of you trying to shotgun spray getting us every single one of those one at a time, why don't you go work with a partner that does a little bit better job? Of onboarding, gaining visibility into that, and then simply send us the output of that, that rapidly increases the, the time to value for those customers, but selfishly gives me what I need so we can start alerting on, malicious activity because you can't say when you wind up on the news. Well, the customer didn't give us all the data, so we had blind spots and that's never a position we want to be in, nor. is that a position a customer wants to be in? So it's, it's having the, candid conversation of, you know, the sooner you get us x, the sooner we can bake that into threat probability value and start providing the actual managed detection and response capabilities you're paying for. or we can continue to go at it one at a time and maybe in 12 months when your Azure admins and your GCP admins and your your AWS admins, which are all different, that all then have their own dev teams. Can figure out how to get this data, then we'll get you onboarded. and no one wants to wait, that timeframe. we've also spent a fair amount of time on the AWS built-in program. so it reinforced, we announced our AWS built-in partnership. one of the first to get launched in that well, which is basically gonna allow us to have customers run, automations that we have built internally. that's how we build our environment. They've been vetted by the AWS internal cybersecurity team, and we will be allowed to pivot into their environment and launch them and do a lot of that initial grunt work upfront. 

[00:23:39] Tim Chase: Yep. you know, for, I guess for everyone who doesn't know that, you know, maybe talk a little bit more about what that is. It's just kind of a quick way for you to get really interconnected in customer environments, real quick without you having to, tell them to do that at the very beginning. Right. With like, like you said, the spray and pray.

[00:23:53] Wes Mullins: yeah, believe you guys are one of the first 10 that got got launched as well. it another example of, you know, we both chose. actually I think they chose us cuz there was a long list. So let's, you know, be a little prideful here for a little minute, Tim. You know, they chose us and said, Hey, we like what you're doing. We like what your technical team has done. you know, we've probably both gone through a vast amount of audits with distinguished engineers and all the different exams. and it's like, Hey, we wanna solve a problem for a customer. But we're, both of our organizations are kind of, you know, handheld by. We don't own the account, there's only so much we can do. And you know, AWS sees that on their end as well. and those are their paying customers. so how do we work with each other to where they're paying customers can feel more comfortable about their sensitive workloads in aws. and built in is the byproduct of that. So, you know, taking our custom cloud formation stacks and having all the automation in play to go do post build config. at the point of a button. and you know, that's gonna allow us for customers that want to take that route, to go launch that, but that will then pre-configure those native services inside of aws set up everything they need, start auto log and forwarding for us. So selfishly we get the logs so we can see what's going on in the environment and we can start delivering on our service. and I think you guys are in a very similar boat, guys and gals in a very similar boat. With y'all's recent approach with builtin as well.

[00:25:22] Tim Chase: Yeah. We are, and that certainly makes it a lot easier for, the customer when they're trying to get it spun up. and so, you know, we've talked a lot about kind of setting the customer up and having them succeed. But, you know, on the flip side of that, how, how do you make sure. That, you guys are staying up to date with the threat landscape, right? Obviously, it's always changing. customers are shipping all this to you. Assuming that Deep watch knows what they're doing and what they're talking about and that they're staying up to date, like what do you do to to to manage that threat landscape?

[00:25:48] Wes Mullins: Oh man. well I don't do anything cause I'm not the CSO anymore. Um, no. Um, you know, I don't, I don't wanna say too much. You know, I don't, I don't wanna be out there trying to put a target on, David and his team's back, but we eat our own dog food. all the tech that our customers get. We also use internally, we have a really strong team under David and Chad that kind of handle the day to day. I mean, it's, it's kind of it, man. Like we have no secret special sauce. We're not gonna tell you we're running g PT six internally and, or, or, or any of that. I mean, we are following the same approach that we afford to our customers and we follow Mitre mapping and where our coverage is. And NIST and cis, limited span of control. Zero trust everywhere we can. Zero trust, uh, no VPNs, no site to site, no remote access. it's a very methodical approach. but that's also what people get when they sign up for Deep Watch. So we, we try to not steer too far left and right from what people actually pay us for. a, I think the perception would be really, really bad, but we got a lot of really smart people that work in our delivery organization, that work in our solutions engineering organization that work in our A t I Adversary Tactics and Intelligence organization. And they. You know, that's what they do every single day. Like they are looking at threats, they're honing in on threats. we have a awesome opportunity because we're channel only to dabble with lots of different pieces of technology. I don't wanna say we're always ahead of everyone else, but being a startup, living in the space that we're in, kind of affords us the opportunity to, to get in front of some of the, what we would call more innovative products. that's really it, man. without saying too much, which that was a ramble, so.

[00:27:25] Tim Chase: No, that's all good. There's a lot of, a lot of stuff that goes down on the back end with the threat intelligence and the way you guys do it and having a dedicated team. that all obviously goes into it. okay. Time for rapid fire questions, with, wes here. Are you ready? All right. Get your brain in gear. What's the one tool that you can't live without?

[00:27:42] Wes Mullins: I hate to say it. Ugh, cuz I hate it. But Slack, and we've got Slack bots and we've got Slack integrations like it is a. Kind of single point of, I can look at JIRAs in Slack. I get updates on JIRAs, I can look at Confluence, I can look at integrations we have with all of our threat intel platforms. it is a way that I consume information in most cases without having to go to my team and ask them, So as much as I hate it like it is, I consume a lot from it, and it's how I consume a lot of internal information, 

[00:28:14] Tim Chase: Yeah, ditto there. what emerging technology or trend in cybersecurity excites you the most 

[00:28:20] Wes Mullins: I'm not saying generative ai, which I do think is really exciting. now granted there are companies that are out there that have been doing it for a very long time. that's great that the rest of the world now knows about it. and it is gonna change things the next two or three years, but I wouldn't say it is. The most innovative, that's hard to say, man. I didn't, there was not a lot I saw at RSA this year that impressed me and I'm not, not impressed me as not great tech, but not what I would call new tech. It's a, Hey, we know we've been doing this as an industry, but we're gonna do it a little different. It's the, what is the first real new stuff that is out there? man, don't know.

[00:28:59] Tim Chase: It, it's tricky. There's not a lot sometimes when you, when you look out there, like people are trying to latch onto the AI thing, but a lot of it is, is just kind of expanding. like they're adding data

[00:29:08] Wes Mullins: What someone else has already done. Yeah. They're, they're extending the models, adding a whole bunch of different new attributes. I mean, I, I personally like, am a big fan of identity and like, getting rid of the password. But I don't know that anyone's ever done it well. Like, we have dabbled with pretty much every passwordless vendor that is out there. but they're all just still generating Windows, passwords and storing them and LSAs like everyone else. You just don't see it anymore. They just abstract the token from you. and there are companies out there that are troop, you know, biometric and some others. But that is a space that I still think has allowed opportunity to improve, where it doesn't require you completely revamping your entire infrastructure. So a lot of them are like, oh, well we can do it, but every single laptop and every single server has to have a way to do a fingerprint or eye scanner. And it's like, well, if you're only getting rid of your user base, but then you still got 12,000 servers that all still have. Route slash route 1 23, like, did you really solve the true problem? so I would like to see identity as something. Obviously ai, ml, all of that is great. Everyone's doing it. it's trendy, just like the cloud was trendy, like after people had been doing distributed computing for a decade. So I think AI and ML will be. Pretty cool, in the next three to five years, like there will be a lot more mature, useful use cases than what we have now, which a lot of it is marketing.

[00:30:45] Tim Chase: Fair enough. All right, last question. How would you describe your leadership style in three words?

[00:30:50] Wes Mullins: get shit done.

[00:30:52] Tim Chase: There you go. That's our motto too. I love it. 

[00:30:55] Tim Chase: All right, that does it today. Listeners, thank you for listening to another episode and great conversation. If you like what you heard today, don't forget to subscribe, and we will catch you next time on Code to Cloud.

About the guest

Wes Mullins
Wes Mullins

Wes Mullins is the Chief Technology Officer at Deepwatch. Wesley is responsible for Deepwatch’s product and solutions vision and roadmap and also leads the organization that develops the Deepwatch platform used to deliver the company’s managed detection and response service. Previously Wesley was the CIO and CISO of Deepwatch leading teams responsible for Security, Risk & Compliance across Deepwatch, as well as back office systems and all customer facing platforms. Wesley’s IT career spans nearly 20 years, starting out as a developer, moving into networking, and then to cybersecurity. Before joining Deepwatch, Wesley was the VP of Global Cyber at Nielsen and prior to that held various cyber roles at PwC, & TECO Energy.

Try Lacework for free

Spot unknowns sooner and continuously watch for signs of compromise. Take us on a test drive to see for yourself.