Our “holiday” edition of Sitdown gives you the gift of Todd Pigram, who began his IT career in the late 1990s as a laptop repairman. His lengthy tenure in the IT space has truly come full circle, as his role now involves helping to protect those popular endpoints, especially vulnerable in the era of heavy remote work. In addition to learning about his current position, Pigram unwraps his thoughts on the powers of Python, shares his dream encounter with an industry luminary, plus much more!
I am the director of managed security services for MRK Technologies. I am responsible for the operations and products that we support within the SOC. Security operations play s a huge role in all our services, and our managed orchestration workflow allows us to be product-agnostic while supporting our clients.
I am going to date myself here, but I started back on the Commodore 64 in 1984. I continued with computers but only as a hobby until 1997, when I started in the IT field repairing monitors, printers and laptops. I switched to the software side of the house in 1999, doing Novell, Windows NT 3.51/4.0, Citrix WinFrame/MetaFrame and Active Directory when it came out.
For many years I rode the enterprise Citrix wave, which includes many facets of security, remote access, SSL VPN, centralized management and application firewalls. Most of that time was in health care, delivering EMR via Citrix to comply with HIPAA and ensure that PHI stayed in the data center. In 2011, I moved to the VAR side and have been involved with MSP and MSSP since then.
MSSPs must evolve just like their clients. As clients move to a more hybrid cloud model, using SaaS services, MSSPs must adapt their methodology as well. The relationship should evolve to the point where the MSSP or SOC becomes an extension of the client’s team.
In my opinion learning to program Python is the hard skill I would recommend. It can be used for red-team or blue-team purposes. As for a soft skill, it must be teamwork. As security professionals, we can sometimes get lost down rabbit holes while investigating potential issues. The ability to collaborate and build a cohesive team is extremely important in a SOC.
As with most everyone, the biggest concern is ransomware. I was formerly part of an incident response team, and the devastation from ransomware can be severe.
As someone who worked construction for 10 years prior to starting in IT, you need to be a hard worker and have the ability and desire to learn. While you will receive on-the-job training, there will be times when you must just put in the work and learn on your own time. It’s the difference between a job and a career.
As most companies are now having to contend with greater remote work, the times of hardening the perimeter and keeping bad things out doesn’t really help on an end-user’s home network. Companies need to invest in an EDR/MDR product to help protect all their devices. All work-from-home employees should have an EPP/EDR solution installed on their devices.
This may seem simple but basic patching of endpoints and servers would help alleviate some breaches. Zero-day exploits aside, patching security holes with fixes that vendors make available should be a priority. I would even extend this to router and switch firmware. It’s just good basic cyber hygiene.
One of my proudest moments was back in 2013 when I finally got to meet (former) Citrix CEO Mark Templeton in person. As someone who built their career on Citrix technologies, I was honored and privileged to finally be able to meet him at the Citrix Synergy conference.
When I am not working, I love spending time with my family and gaming together. I also sometimes use off hours to learn new skills.
The best value a SOAR will bring a SOC is assistance with noise reduction. The ability for analysts to only work on real threats is invaluable. With the automation portion, you can close alerts automatically without analyst involvement. A SOAR can also make the SOC product agnostic as well.
You can connect with Pigram on LinkedIn here.
Are you or someone you know a SOC star whose insights would be valuable to share in this space? We’re always looking for new candidates! Just email Content Director Dan Kaplan.