Magazine Button
Go Phish: Bernard Brantley at Corelight

Go Phish: Bernard Brantley at Corelight

AnalysisCloudCybersecurityDeep DiveEnterprise SecurityIndustry ExpertNetwork

We ‘go phishing’ Bernard Brantley at Corelight, who tells us about life inside and outside the office.

1. What would you describe as your most memorable achievement in the cybersecurity industry?

I am really proud of the work I did at Microsoft. I was able to revamp how network security was viewed and executed within some of their most sensitive environments. It was a challenge and a half, but so rewarding upon completion.

2. What first made you think of a career in cybersecurity?

It took me a little while to realise that my passion lies in cybersecurity and that I could have a fulfilling career in that field. But I got there in the end! The multiple jobs I’ve had in sales, finance and construction never truly satisfied my inner curiosity. I am a problem-solver at heart, so when I started working with Linux operating systems in the late 2000s, it sparked some ideas for my next career steps. My first IT job was at a data centre, then I moved on to roles as an infrastructure engineer, security analyst and security researcher. Just before joining Corelight, I architected and managed security infrastructure at Microsoft and also led a threat hunting and threat intelligence team at Amazon.

3. What style of management philosophy do you employ in your current position?

I am a firm believer that leadership is the most important aspect of any job. I was once told that ‘alone we can go fast, but together we can go far’ – and there is an unexplainable beauty and privilege in encouraging a great team on collaboration, freedom and flexibility to, later on, see the paths people have taken to reach their dreams.

4. What do you think is the current hot cybersecurity talking point?

I am a big fan of graph technology and thinking in graph. I believe it to be the most important effort in improving our ability to defend against the evolving and increasingly complex threat landscape.

John Lambert, said: ‘Defenders think in lists, attackers think in graph.’ We must get to equal footing with those who intend to do us harm. While not a trend, I feel the worst thing for the industry is the lack of understanding around AI and ML; everyone thinks they need it while very few understand how to use it or how to apply its outputs properly. This is something I’ve definitely identified as a talking point in the cyberspace.

5. How do you deal with stress and unwind outside the office?

It brings me great joy to finish work and spend quality time with my family, especially with my two youngest children. I’m also an avid sports fan; I can’t get enough of watching and playing football and golf.

6. If you could go back and change one career decision what would it be?

Honestly, I wouldn’t change a thing. Every step I’ve taken along the way got me to where I am now and where I need to be. While there have been challenges and missteps, I am grateful for all the things I’ve experienced, all the people I’ve met and all the knowledge that has come from those interactions.

7. What do you currently identify as the major areas of investment in the cybersecurity industry?

I see a lot of investment being made in Cloud Security Posture Management (CSPM). I also see challenges in leveraging the native tools and visibility from core cloud providers paired with organisations trying to move fast in the space. If I think about security as managing pre-flight activity (DevSecOps), in-flight activity (network and log analysis) and post-flight or environment state (asset management, policy management, etc.), CPSM provides a relative ‘easy option’ for post-flight.

8. Are there any differences in the way cybersecurity challenges need to be tackled in the different regions?

I recommend a general approach to leveraging regional compliance requirements as a basis for innovation. Rather than managing the specific regions, I ask myself: are we able to execute security initiatives that provide broad coverage of all required controls?

While it may require additional resources, I believe that effective control implementation creates whitespace for defenders to mature their protection, detection and response mechanisms and that managing this as a complete program rather than at a regional level reduces randomisation and improves the overall efficiency of this cycle.

9. What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?

I am just at the 12-month mark as a CISO so I’ve not seen much unexpected change; however, I anticipate greater parity between business objectives and security objectives as time progresses.

10. What advice would you offer somebody aspiring to obtain a C-level position in the security industry?

It’s important to be vulnerable and not afraid of failure. If there is one single truth in cybersecurity, it is that at some point, the adversary will win. If we take that mindset and look at failures as our route to learning what’s required to minimise the future impact of adversarial activity, we will all be better for it. Additionally, cybersecurity professionals must determine ways to convert the learnings from those failures into institutional memory. In order to improve cyber-resilience, we must disseminate those learnings in ways that weave it into the cultural and operational fabric of the institution at large.

Click below to share this article

Browse our latest issue

Intelligent CISO

View Magazine Archive