Sitdown With a SOC Star: 11 Questions With MRK’s Managed Security Services Director Todd Pigram

Our “holiday” edition of Sitdown gives you the gift of Todd Pigram, who began his IT career in the late 1990s as a laptop repairman. His lengthy tenure in the IT space has truly come full circle, as his role now involves helping to protect those popular endpoints, especially vulnerable in the era of heavy remote work. In addition to learning about his current position, Pigram unwraps his thoughts on the powers of Python, shares his dream encounter with an industry luminary, plus much more!

1) Hi Todd! Thanks for (virtually) sitting down with us. Tell us about where you work, what you do there, and the role security operations plays there.

I am the director of managed security services for MRK Technologies. I am responsible for the operations and products that we support within the SOC. Security operations play s a huge role in all our services, and our managed orchestration workflow allows us to be product-agnostic while supporting our clients.

2) Describe your career path and what propelled you to want to work in security operations.

I am going to date myself here, but I started back on the Commodore 64 in 1984. I continued with computers but only as a hobby until 1997, when I started in the IT field repairing monitors, printers and laptops. I switched to the software side of the house in 1999, doing Novell, Windows NT 3.51/4.0, Citrix WinFrame/MetaFrame and Active Directory when it came out. 

For many years I rode the enterprise Citrix wave, which includes many facets of security, remote access, SSL VPN, centralized management and application firewalls. Most of that time was in health care, delivering EMR via Citrix to comply with HIPAA and ensure that PHI stayed in the data center. In 2011, I moved to the VAR side and have been involved with MSP and MSSP since then. 

3) Managed security is experiencing a boon – as Anton Chuvakin says, every SOC is a hybrid SOC nowadays – but so are customer expectations of their providers. How is the MSSP-customer relationship evolving? 

MSSPs must evolve just like their clients. As clients move to a more hybrid cloud model, using SaaS services, MSSPs must adapt their methodology as well. The relationship should evolve to the point where the MSSP or SOC becomes an extension of the client’s team.

4) What’s the most important hard skill(s) and soft skill(s) for an analyst or engineer to possess to move to the next level?

In my opinion learning to program Python is the hard skill I would recommend. It can be used for red-team or blue-team purposes. As for a soft skill, it must be teamwork. As security professionals, we can sometimes get lost down rabbit holes while investigating potential issues. The ability to collaborate and build a cohesive team is extremely important in a SOC.

5) Which common threat impacting organizations worries you the most/keeps you up at night? 

As with most everyone, the biggest concern is ransomware. I was formerly part of an incident response team, and the devastation from ransomware can be severe.

6) What’s one piece of advice you’d give for someone considering a career in security operations?

As someone who worked construction for 10 years prior to starting in IT, you need to be a hard worker and have the ability and desire to learn. While you will receive on-the-job training, there will be times when you must just put in the work and learn on your own time. It’s the difference between a job and a career.

7) With the uptake in cloud computing, digital transformation and remote working, the traditional SOC as we’ve come to know it is changing. How do you think companies should model their security operations in the “anywhere era”? 

As most companies are now having to contend with greater remote work, the times of hardening the perimeter and keeping bad things out doesn’t really help on an end-user’s home network. Companies need to invest in an EDR/MDR product to help protect all their devices. All work-from-home employees should have an EPP/EDR solution installed on their devices.

8) What’s one thing you wish was happening more in enterprise security that is still pretty rare to see these days?

This may seem simple but basic patching of endpoints and servers would help alleviate some breaches. Zero-day exploits aside, patching security holes with fixes that vendors make available should be a priority. I would even extend this to router and switch firmware. It’s just good basic cyber hygiene.

9) What’s your proudest professional accomplishment? 

One of my proudest moments was back in 2013 when I finally got to meet (former) Citrix CEO Mark Templeton in person. As someone who built their career on Citrix technologies, I was honored and privileged to finally be able to meet him at the Citrix Synergy conference.

10) When you’re not SOC’ing, what is your favorite thing to be doing and what do you like about it? 

When I am not working, I love spending time with my family and gaming together. I also sometimes use off hours to learn new skills.

11) What value does security automation and orchestration (SOAR) technology bring to security operations? 

The best value a SOAR will bring a SOC is assistance with noise reduction. The ability for analysts to only work on real threats is invaluable. With the automation portion, you can close alerts automatically without analyst involvement. A SOAR can also make the SOC product agnostic as well.

You can connect with Pigram on LinkedIn here.

Are you or someone you know a SOC star whose insights would be valuable to share in this space? We’re always looking for new candidates! Just email Content Director Dan Kaplan.