BizTech Next Level BizTech Podcast

Ep.137- Mastering Cybersecurity Sales with Proven Strategies for Fortune 500-Level Success Pt 2/3- Eric Fromm

October 2, 2024

Subscribe to the Next Level BizTech podcast, so you don’t miss an episode!
Amazon Music | Apple Podcasts | Listen on Spotify | Watch on YouTube

Join us today for an action-packed episode full of security tips as we’re joined by Eric Fromm, Director of Security Engineering at Trustwave. Eric kicks us off with the wealth of products they offer unpacking things like Telemetry, MDR, Security Operations Center, Pen testing, and Database Security, along with their FED relationship and their monster Microsoft relationship. Don’t miss this as he uncovers key conversation starters, what he sees customers experiencing now vs in the future and how we wedge into all those conversations using Trustwave as your swiss army knife!

Welcome to the podcast designed to fuel your success in selling technology solutions. I’m your host, Josh Lupresto, SVP of Sales Engineering at Telarus and this is Next Level BizTech.

Hey, everybody, welcome back. We are continuing the dive into security and today we are joined on with Mr. Eric Fromm of Trustwave, Director of Security Engineering. Eric, welcome on buddy.

Thanks for having me, Josh.

I’m excited, man. We got an interesting topic today. So today’s topic is mastering cybersecurity sales with some proven strategies for the Fortune 500 level success. Like everybody wants, everybody wants to know what are the Fortune 500s doing? How do we replicate that down? So we’ve got some, we’ve got some good stuff to cover with you today. I’m excited, man. So let’s, let’s kick this off. For anybody that doesn’t know you, just tell us a little bit about your story. Take us back. How’d you get into this field? Where did the career start? And you know, any wild windy stuff you got along the way? Let’s hear it.

That’s a great question. You know, I’m actually a mechanical engineer by trade. I went to Ohio State. And when I was in college, I picked up a job working at CompuServe on their help desk.

And by the time I graduated, I progressed up through the ranks in CompuServe and I figured out I could make a much better living in IT than I could in mechanical engineering.

So I, from there, went over to a gas company and started off in the networking field.

Did the CCNP, the CCDP, all those fun things. And about three years in, my boss came to me, he said, “Eric,” he’s like, “we’re thinking about starting up a security group. Would you like to head that up?”

So, absolutely love a challenge. And actually, it’s the first time building a SOC from scratch. And I’ll have to tell you, over the first six months, I made a lot of mistakes. And probably, realistically, I made a lot of mistakes over the next year to two years. But it’s really where the industry was evolving at that time.

From there, I got recruited to come down to Florida, which is where I reside now. And there’s a large rail organization that runs up and down the East Coast that had a pretty significant outage, which actually took out the rail from operating for about three days. And they basically ended up firing the entire staff. They brought me in to rebuild the security program. And I ran that for about 17 years before coming to Trustwave. And so, been at Trustwave now for six years. And it’s been a wonderful ride and definitely love being a part of the Trustwave family.

I love it.

I have not heard a CompuServe reference in a while. I grew up in that era, right? I remember the AOL 1.0 disks and you know, all this stuff that MSN and all these competitors, Prodigy and all these guys. What a fun run that had to be, right? To see some crazy growth in that era, I have to imagine.

Yeah, definitely. It’s interesting to look back at the evolution of security over time. I still look back 20 years ago, you’d have a firewall and you’d be, you know, pretty secure. But today, you need all of these other components, which, you know, really talks about how we’ve evolved from a security industry and how the threats have evolved.

Yeah, well, so we’ll, we’ll get into Trustwave here in just a second. One more thing before you can kick us off, we’d love to hear, everybody’s had a lot of great mentors, bosses, you know, things like that, or maybe just learned some hard lessons. So walk us through something over the last number of years, any of those that you’ve learned from somebody previous in the past?

Yeah, I’ll say probably the biggest thing is I look back over my career, moving into the sales side of the organization was a big change. And I was nervous about it. And I took a lot of speaking classes and still something I work on. But as I started to look back on my career, I was doing selling all along while I was in operations, I was selling to the board, I was selling to directors, I was selling to different groups and different teams. And, you know, really coming into this field, you know, from an SE perspective, it’s been interesting, because I still get a chance to communicate with people and help them evolve their program, look at what their problems are, and share some thoughts around how to make their current, you know, program better. So that’s probably the biggest thing is I look back over my career, I really have enjoyed.

Love it. Love it. Good. All right, so Trustwave time. So first of all, start us off, this is a big loaded question.

Tell it for anybody that has no idea who you are, walk us through Trustwave, your role, and then you’ve got a lot of products, a lot of incredible products that you’ve brought into the channel, right? You got you got Garrett over there heading up a tremendous channel organization. So look, we’ve got we got telemetry, we got MDR, we got Microsoft, we got SOC, we got pen testing, you got database, you got a play with the Fed space. I mean, all this stuff, start us off with tell us about, you know, tell us about the company. And let’s just dig into a couple of these top products.

Yeah, company is amazing company, it really is. And part of the reason I’m there is, and have been here, you know, it’s an innovative company, not only the products that we have, sort of are some of the pillars of a core security program, it’s just not MDR, to your point, right? We’ve got pen testing, we’ve got offensive and defensive types of capabilities.

And this is where, you know, we’re able to help clients on all different aspects, depending on where they’re at, and what their challenges are. So, you know, for me, it’s it’s one of those things as well. You know, our Microsoft relationship, there’s been a lot of movement in that sim, EDR space. I think one of our superpowers among many is we can meet clients of where they’re at today, and the technology that they have today.

If six months from now, they pick up an E5 license or a Microsoft license, we can help them along that path as well. But it’s really understanding their their problems, their needs and helping them with the developer program. And I think that’s where Trustway is really uniquely fit to bring in some of these capabilities.

I’ll just mention one last thing, it touched on the Fed component of things. You know, this is a, you know, for those folks that didn’t know this about Trustway, we actually have a FedRAMP moderate certified team called Trustway Government Services.

Everybody within that group is secret, top secret clear. But it’s just not for federal folks, right? A lot of these new regulations with CMMC are having folks like that everywhere from a, you know, folks that are in building manufacturing, any of these things that want to do work and bid on these contracts have to fall under the CMMC guidelines. And this is an area where we help folks and we have solutions to help fit all various aspects of CMMC. And we’re one of the few companies out there that actually have that certification.

Yeah, definite, definite uptick in the requests, right, that we see from an engineering perspective of who can play in this Fed space. And I don’t, and it’s not always the Fed entities that are the end customer. But to your point, I think with what what the rebrand of CMMC has done is it’s, it’s required so many companies that do a little bit of business with anybody in any Fed space, you have to have these things. And so that’s just not something traditionally that the channel providers have been used to, right? We’ve gone through that, obviously, a lot of, you know, channel integration with global and Fed and sled teams from the connectivity perspective in years past. But this is this is such a new refreshing dynamic to see that you guys, you’ve got expertise. It’s not just, hey, I think we should be able to do that. It’s no, no, no, we do it. We’re really freaking good at it. Bring us that business, right?

Absolutely. Yeah, that’s where I think all the pillars, you know, we can offer both on the Fed space and our commercial space. And this is where some of these clients have a mix of their networks that we can actually separate those out based on the requirements. So yeah, so

Alright, so maybe one question before I go on to the next one, then.

How do we help partners understand? I mean, you mentioned we talked about this a little bit before, wedge services, you know, it’s not, hey, we just do this one thing, we are here when somebody has a need for this one thing, we do these six, seven, eight or nine things. So we’ll dive into I want to pick apart one of those in just a second. But how do you see with with what you guys do, right? This is a hot space insecurity. How does Trustwave dive deeper? You know, how does Trustwave stand out?

So, you know, we have a bunch of marketing things that say, hey, we detect things faster, we detect things better, you know, but really, it gets into a couple of areas. One of the things that we noticed are, you know, clients definitely want white glove service. And as a result, the way that we structure our teams, when we bring on a Kubernetes SOC, or SIM client, we basically put them into what we call a pod of healthcare specialists. And what they get is weekly meeting with account general manager, account delivery manager, and our information security advisor. And what this people will do, first of all, they’re going to know, we’ll just talk about healthcare, they’re going to know HIPAA, they’re going to know high tech. But as such, they’re also interfacing with their other healthcare clients, and they’re sharing that information and bringing that together. And that’s a big part of, you know, our organization, what clients want, they want us to not just know the SIM, they want us to be, I should say, they want us not to just be a vendor, they want us to be a partner. And being a partner means understanding their business, understanding the threats that are specific to their vertical. And that’s where I think, you know, it’s one of our big differentiators. And I’ll just leave you with the last part, which is really our what we call our information security advisor. This is a technical resource that we put on each account, it’s a designated resource. And they will not only be in a client’s SIM tuning that day in and day out, bringing new policies in, does not just set it and forget it, right? Sims are challenging, and they need work, and we realize that. But more importantly, that individual will know if there’s if the client’s running SolarWinds, right, they know their technical stack. And as such, if there’s a new Solar Winds exploit, they’re going to be coming to the client say, you know, hey, we just saw this threat out here about Solar Winds, we want to bring a policy in to help protect your organization. I think that’s really what clients are looking for at the end of the day is that true partnership.

Yeah.

Okay, so let’s, let’s play a game. Let’s play the OEM game. This is one of my favorite things to talk about, I think is I look at you guys, what I want partners that are listening to understand is you’ve got, you’ve got, you know, let’s pick on telemetry for a second, right? Telemetry by itself isn’t a, you know, it’s, it’s, it’s not an OEM, it’s not a skew. But what telemetry does, in my mind, for having, having someone like yourself in the portfolio as a provider, is it allows you to interface with so many different OEMs. So maybe just when it comes to kind of this telemetry and sim and MDR world, you brought it up earlier, you’re going to meet people where they are. And that what that translates should be for the partners is whatever your customer has, all that central trust wave is that central point. So maybe just walk us through who are the OEMs that you see the most interface with that you pull telemetry from and then do the things that you do after?

Sure. You know, I’m going to step into that question, if you don’t mind, you know, you look back of years of past, right, clients would just, you know, say, Hey, throw all of your telemetry in this bucket, and then write rules and policies. And with today’s day and age, it’s one of these things where again, telemetry is expensive, right. And one of the first things that we do when we engage with a client is we look at what telemetry they’re collecting into their sim and how that’s being leveraged. In a lot of cases, we’re able to save them a lot of money, because a lot of that telemetry is not being used. There’s nothing that’s there’s not a compliance requirement, right. And so part of it is understanding the policies that we want to put in and just really defining the telemetry that is needed to actually fuel those policies. And we’ve actually saved clients 30, 50, $70,000 on their yearly bill by stripping out some of this telemetry that was not really being leveraged in their site.

Now, telemetry, obviously, that’s important to us at the top of the stack is EDR, right, that’s probably the highest telemetry component.

You know, when we see things that are being collected, like maybe routers and switches, you know, the value of a security of a port going up and down is relatively low.

And so this is where that discussion comes in. I would say the Microsoft telemetry is phenomenal. You know, some of the information that we’re collecting there, especially around the defender suite. But we understand that, you know, maybe clients don’t have that suite. And this is where CrowdStrike, you know, Palo any of those, you know, data sources, we can pull in ingest, we’ve got rules that we can basically build for a client’s environment to really leverage that that telemetry.

I love it. Maybe talk, yeah, talk, talk for real quick. We’re gonna talk a lot about database security on this podcast. And seeing that you guys just, I don’t know that we think of that in a lot of these conversations, right? We assume, you got a SQL database, you got a DynamoDB, you know, whatever, you got security, right? So just give us a give us a quick glimpse into what can you guys do from a database security perspective?

Sure. So we really have two main products. And database security is one of those things that are often forgotten. And I’ve looked at my previous career. Again, it’s always been there, the threats have always been there. But but why? Why is that typically overlooked? And a lot of times, it falls into a different group outside of security, the security team manages firewalls, they manage router or IDS is, but it’s one of the areas where, you know, when a hacker gets into your your infrastructure, where where is the value, right? It’s in that data. And that data is all hosted within the databases, whether it’s PII, PHI.

Now, we have a solution where we can call app detector pro can actually run on a desktop. And this is where you know, they can, you know, clients can use it to go from site to site or to use it more as a pen testing tool. But then we also have a product called database or DB protect. Now, that has three modules into it, we look at vulnerabilities as one of the key modules. And you know, a lot of people say, well, you know, I’ve got database checks in my tenable solution. Well, tenable checks, maybe 300 different checks, we’ve got over 3000. But most importantly, we provide fixed scripts for administrators to get into that database. So it’s just not applying a patch, right? There’s a script that clients can run within that database.

There’s also configuration standards. So CIS, FISMA, any of those types of things where a client needs to conform. You know, we see most common thing we say is how many databases do you have in your environment? We typically will get like maybe 100 or 200. Come in, we run the scan, we discovered over 1000. This is where shadow it is, you know, is alive and well today. The last two pieces is really around monitoring the databases. EDR does a great job at monitoring the OS. But once you get down into the application of a database, it really loses sight of that. And that’s where our product comes in as well as seeing what’s happening at the database level, what the administrators are doing, the commands that are being executed. And then the last part is really around privileges. We see overprivileged privileging a lot. And this is where controlling those privileges to the people that actually need those is a big part. So at a high level, that’s our database story.

I love it. I love the privileges too. I mean, if you do the if you’re a nerd like me, and you read some of these, how did these breaches happen, right? So you can kind of reverse engineer and help people understand where the gaps are. So many of it’s just been lateral movement and privileged access so that that people shouldn’t have have so you you compromise one person with the wrong access and it’s came over. So I love, love seeing more database security come into the channel. I think that’s just that’s another awesome wedge to for partners out there. So good stuff. All right. So let’s talk about it’s been 17 minutes and I haven’t said AI yet. So my pay might get docked if I don’t. So we’ve got that out there. But I mean, with you guys do have a very unique play here. Now, if we talk about AI, and everybody that wants to build and integrate with a large language models, let’s think about co pilot for a second, right? We got Microsoft’s tool set there. But I think there’s an inherently huge importance in before you’re ready to go do that, we’ve got to make sure you’ve you’ve got this data strategy, data security, but really the data classification. So you guys have a killer offering and a practice wrapped around Microsoft’s product purview for data classification. So can you walk us through what that program is, what your relationship is there and kind of what the opportunity there?

You know, data classification has been around for ever. But the reality of it is, you know, there’s still when we start working with organizations, there’s only a very small number of them that have went through that process of classifying data, labeling it,

saying what that data can do. And this is really where we come in with purview. And it’s really the start of the AI journey. And it should be the start of the AI journey is right is identifying what information is sensitive in your environment, right, making sure it’s labeled, making sure that it has the proper controls on it. When we start an engagement, the first thing we ask clients is, do you have a data policy, right data classification policy? If they don’t, you know, we’ll spend a few minutes and start to share, hey, here’s something based on best practice, you may want to look at, you know, leveraging this moving forward. And we start building out the purview environment based on some of these foundational things, right? But, you know, PII, PHI, right, this should be like critical classified, you know, you should have labeled information around that.

But where this comes in is, you know, when you start getting into the co-pilot and some of those things without having the proper controls around this data with purview, what happens is, if you have a user that asked co-pilot a simple question, and that question basically pulls in sensitive information into that document, that can very easily be placed outside the organization and public forum. And we see this actually happening to a lot of organizations today. Unfortunately, there’s a lot of information even in chat GBT, that shouldn’t be there. And it’s, as we go down this AI path, it’s part of that evolution of learning what to do and what not to do. But this is part of our, you know, our path, right, is educating people, putting helping them put controls in play, and then also helping them leverage the technology.

And, and I think the the great thing the, we’re bringing this up because you have a great product, you know, this, this engagement, this consulting, this, you’ve really got a purview accelerator program, right? So the, if somebody wants to go down this road, what’s the path? Maybe just walk us through a little bit about what’s that journey? What’s the accelerator program? What’s the capabilities there?

Yeah, so the program is really a six week, six to eight week engagement, right? We start off with, again, first week of identifying what they have, right, what their goals, right, of the purview are, right, and they vary a little bit.

We ask them to fill out some information about security policies, data compliance, you know, where they’re at in that continuum.

Once we understand that piece, depending on what type of information we get back, we’ll either necessitate some additional discussion on, hey, this is what we recommend from a best practice perspective around data compliance, data controls, right? But once we get through that foundational component, then we start building out the purview environment. And part of that is building out scanners. So we can actually scan for that sensitive data. We typically start with phase one of actually looking for data within the Microsoft suite. And then phase two is really looking for devices that are outside of the Microsoft suite that may be in BWS and some of those other components.

Right. And this is, you know, once we scan that information, pull it in, then we start the labeling process, right? Here’s what we know, here’s what we identified for PHI, PII, here’s where it’s located. These are, you know, based on the recommendations, we start putting labels and controls on each one of those various components.

And then at the end, we set up the scanners to run on a regular basis. So if there is new information that’s brought into the environment with which we can purview can identify as sensitive, label it and control it.

Love it.

That’s it.

Yeah, I love that. Appreciate that explanation. I mean, I think too, right, this is a, this is a wedge product, a wedge product for just the foreseeable future, right? With everybody being told you have to do something here. Everybody’s in this recon and research, right? There’s, there’s not a day that goes by that we don’t talk about an LLM or a classification or, you know, whatever that need is. And what I love about this is that you guys have figured out, okay, we have a bunch of wedge products. And guess what, if somebody gets in and sees how successful we are with one, probably going to tune into the other because they’ve you’ve probably helped them call out, oh, we’re not doing things that we should hear. I wonder what else these guys could help us with.

That was scary. It was that black hat last week. And, you know, one of the talk tracks are how to exploit a copilot. And this is another area where whether it’s copilot or chat GBT, right, the hackers are out there exploiting it. And if your data is not controlled and your solution is not controlled, it will be compromised. It’s not a matter of it. It’s just a matter of when.

Always. Okay, walk us through, walk us through an example. I want to hear about a win. So tech stack or business problem, kind of what it was before, how did that environment look like? And then where did this thing go? What did you ultimately, you know, what was the solve? What was the products put in place?

So we actually, back in 2021, we started working with a Fortune 500 client. They, they just bought the E5 license, they had a very immature in their processes. They were looking for a co-managed SOC leveraging Microsoft Sentinel. But more importantly, when we worked on this RFP and actually won it, right, big part of this is they wanted somebody that just didn’t know Microsoft Sentinel or Microsoft Defender. They wanted a partner that understood the E5 stack and all the various components and how they basically fit into their environment.

And this is where, you know, we, I think the RFP process was almost a nine month process that we won. But that partnership started with building out their, their SOC and their SOC infrastructure. But really, I think where we evolved with them is, you know, we started getting into DFER and building out IR policies and testing IR policies, right. And this evolution just kept going down the path, you know, leveraging database security, right, those components. And this is really where our solutions are all aligned to various pillars of security. Now, we just did a NIST assessment with them, with this organization, probably about six months ago. And we were actually looking at where they were in 2021. And how much the NIST assessment showed the change, it was 180 degrees, still a client to this day, still a great partner with us. And we continue to work to evolve their, their security program together.

Awesome. Good story.

Final, final couple thoughts here. So if I’m a partner, and I’m listening to this, what’s the best way, just in Eric’s opinion, for me to get in, you know, to get a little more dialed in with some of these security transformation journeys? I mean, how do you, how do you want them to open up some of these conversations and get more up to speed in this?

You know, it’s definitely an art, you know, a lot of the things I always tell people, you know, when you start meeting with some of your clients and partners, you know, asking some simple questions about, you know, where’s your program? Are there any areas that you know, we can basically come in and help? Obviously, Tawaris has a large group of folks that could come in. But it’s also understanding like the business and the individual that you’re speaking to.

A big part of, you know, again, is our success of not just that pod. But again, our solutions are very much tailored to the industry.

We have threat intel specifically for healthcare, and we put out a threat intel, healthcare briefing, we do a manufacturing briefing for OT, we actually recognize that gap there and that side. Same thing on the federal side. But, you know, security, although foundationally, it is the same. Still, as you’re meeting with clients and talking with clients, they really want that security to be applicable to their environment. And so I think this is where asking not only what are your problems? Well, you got ransomware, you know, but how did this impact your environment? Right? What are some of the things that you’re looking for in a potential solution going forward?

Love it.

Good.

Alright, final thought. Let’s let’s look in Eric’s crystal ball here. Seems like we’re at the pace of innovation where there’s a paradigm shift about every quarter at this point.

And it’s tough to keep up with this. But, you know, look, look out, you know, 12 plus months or so, you know, from your perspective, what’s an innovation that you’re looking most forward to? What do you think happens next?

So I still think, you know, AI is, is really the biggest innovation that we’re going to see the next year, two years, three years. And in some cases, AI is not new. We’ve all had AI for last five or 10 years. You know, just recently here, we’re getting more innovations around the IT field. And I always think of things more from a Tesla perspective, you know, Tesla has self driving cars, right? And they gauge everything from a level one to a level five. And, you know, there are a level three right now where you still have to have your hands on the wheel every, you know, every minute, two minutes. I think that’s really where we’re at from an AI perspective. You know, we’re progressing, we’re in the middle of the road, we’re not at the point where we can just say, hey, secure the environment, and AI takes over. And by the way, I don’t think we’ll ever get there.

But I think in the next year to two years, we’re going to see much more adoption of the AI, not only with socks around the world, how they leverage it, how they respond, we’re using it today to basically use it to help us do analysis on various attacks, right that are coming in. But I think you’re going to see a lot more of that. And it’s going to be a lot more integrated into, to various systems. So those are things that I’m looking forward to going forward, is how AI is going to help security evolve.

Love it. Yeah, all right. Well, the robots aren’t going to come get us yet. It’s only a matter of time, but not today. Not today.

Terminators, terminators.

That’s right. Elon thinks this is the next, you know, everybody’s gonna have three to four of them in the house. I mean, we’ll see this guy cranks through technology and put some pretty wild stuff out. So I’m excited to kind of see what it looks like. So good. Good stuff. All right, Eric, that wraps us up for today, man. I really appreciate you coming on, buddy.

Yeah, thanks for having me. It’s nice to meet everybody out there.

Awesome. All right, Eric from director of security engineering over at Trustwave. And again, just remember, everybody, these things are dropping every Wednesday, wherever you’re coming to listen to us from, whether that’s Apple Music or Spotify, go ahead and jump in there so that you can get those you know, subscribe, get those notifications right away and get it before your competition does. So I’m your host, Josh Lupresto, SVP of Sales Engineering at Telarus. This has been mastering cybersecurity sales with strategies from the

Fortune 500. Till next time.