Shannon Lawson, CISO for the City of Phoenix, and Geoffrey Coulehan, Head of Sales for MixMode recently joined forces for a fireside chat at the Evanta CISO Summit in Phoenix, AZ. Lawson and Coulehan have been partnering together for almost three years to transform the City’s cybersecurity initiatives and Security Operations Center (SOC).
In the session, they discussed a real emphasis on business outcomes as it relates to cybersecurity rather than an investment in legacy acronyms or platforms (i.e. SIEM, SOAR, NTA, UEBA, XDR, etc.)
Coulehan explained saying, “The approach that we’re hearing from both the analyst community and from our customers is that the business outcome is the number one priority, and the biggest challenge associated with achieving the desired business outcomes is the volume of data and the disparity and the types of data that are required.”
Lawson agreed pointing at today’s issue of tool sprawl and siloed tools within a SOC or better yet, across multiple departments in large municipalities. He says, “Back in the day, siloed tools might have been the only way to go. That’s what you had. But we are moving away from that. […] The other perception is that we don’t have an army of people. So even if you had each of these siloed tools, we don’t have analysts to actually run these tools.”
Lawson and Coulehan continued the discussion into automation and the practical applications of a self-supervised Cybersecurity platform to transform the City’s SOC. Deploying an intelligent, automated AI platform to combat known and novel attacks designed to bypass legacy rules-based systems, including nation-state sponsored and zero-day attacks, helped the City not only detect novel attacks that other platforms missed but also achieve significant cost savings through tool optimization, no maintenance, no rules, and lower storage fees.
Lawson explained in part saying, “For us, we needed something that could adapt to this very radical environment where what’s going on in Aviation is completely different from what’s happening in PD and Fire Department and Water and all the rest of the departments that go in between. And how can we consistently approach alerts that are coming in and figuring out if these are false positives or are these legit issues that we need to go look at. And lastly, I don’t want [my analysts] to go to a whole bunch of different consoles unless we absolutely need it.”
To hear more about the City of Phoenix’s cybersecurity program, their experience combating zero-day, non-signature attacks, their practical business applications using MixMode, advice for CISOs evaluating security platforms, and more, click on the video below to see the full session from the Evanta CISO Summit: