Sign up to save your podcasts
Or
Share How to Become Cloud-Native and Why It's Important with Nick Vigier
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How to Become Cloud-Native and Why It's Important with Nick Vigier
Episode Summary
Cloud security looks a lot different to an outside observer than to an insider. And everyone thinks that some companies are further along in their cloud maturity journey than they really are.
But there's still a lot of work to be done regarding cybersecurity, so organizations should focus more on becoming cloud-native rather than going for the less-demanding "lift-and-shift" migration method.
In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Nick Vigier, CISO at Talend. They discuss the downsides of using the forklift migration method, the importance of shifting perspective, and why there is no security career ladder.
Nick has a history of innovation as a CISO in cloud hosting (DigitalOcean) and identity verifcation (ID.me) as well as a CIO in financial services (Gemini Trust Company) with over 20 years of experience in the security industry. Heβs now the CISO at Talend, a strategic advisor, and a student of how to make security a strategic partner to the business while giving his teams and organization the safety to innovate quickly.
##
Guest-at-a-Glance
π‘ Name: Nick Vigier
π‘ What he does: CISO at Talend
π‘ Noteworthy: Former CISO at ID.me & DigitalOcean.
π‘ Where to find Nick: LinkedIn
##
Key Insights
β‘ Using a forklift migration approach is tempting, but it's not always ideal. The "lift-and-shift" migration method appeals to most organizations, as it's the easiest to employ. But some potential issues may arise with this strategy. Nick and Andy touch upon some of them in this episode. Nick says, "From what I've seen in the field, from a CSO perspective, you have a lot of companies that have forklifted from more physical infrastructures straight into the cloud, and it just doesn't work that way. You can get away with it, but it's going to cost you a lot more. It's going to be a lot more inefficient, and getting cloud-native is really what organizations should be focusing on in a very real sense β which requires a very different set of skills."
β‘ A perspective shift can go a long way. Instead of spending too much of your energy on convincing others to see things your way, you can focus on helping them make better decisions. It's just a matter of shifting your perspective. Nick explains, "That's not my job. My job is to give them an understanding of GroundTruth and help them make an informed decision. And their decision isn't right or wrong β it's just different. And so that allowed me to take a step back from feeling like the decision was personal and more of just everybody comes to the table with different perspectives. And as long as I can give them the facts and help them understand the risk that they're taking, it's neither right nor wrong; it's just different."
β‘ There's no security career ladder; it's a jungle gym. Security is a broad field with massive potential for specialization in different areas. Nick says, "If you look at security in a broad enough sense, it is everything from your engineering work to your product security, application security work, your investigations, your incident response, your governance risk and compliance, privacy, and even physical security, and there are roles in there for everyone. And I think it's key to understand that security isn't just pen testing β a number of people who are early in their career say, 'I just want to be a pen tester.' Well, as someone who had to go through that for a year to realize that it wasn't for me, Iβm trying to help people understand where they fit into that journey or what they might have aptitude for."
##
Episode Highlights
Why CISOs should reach out to their communities
"In that type of role, it really allows you to touch a variety of industries and mindsets, but in my experience, only about 20% of the CSOs that you interact with want to engage. [...] I would encourage CISOs to reach out to their communities and partner with people and especially when they are people that are not trying to sell you but are literally just there to try and help to take them up on it. It can't hurt. What do you have to lose?"
The ability to rethink things has changed
"As the cloud changed and networking changed, and other organizations moved to the cloud, some of these considerations that led to, 'Oh, we have to be on-prem,' have gone away. It's been really good to see regulators warming up to the cloud because that's always been a hindrance. Even CMS on the Medicare, Medicaid side has always been very anti-cloud and is now finally coming around. And that eliminates a lot of those hurdles, a lot of those intellectual gut reactions or fight-or-flight type of conversations around the cloud, and you can have a much more objective conversation around what is the best approach. And the feature sets are obviously a lot more complete and mature. So, the ability to rethink things is great from a cloud perspective."
Let's leave automation to the machines and let humans innovate
"There are things that machines do really well, and there are things that people do exceedingly well. People are great at things like pattern recognition, but they just have to be presented in the right way. And so, being able to let the machines do what they do well and automate those things, and then letting the humans be the creative entities that allow the business to innovate versus just doing busywork, or just working harder, is the real promise and what I'm really excited about."
This podcast is hosted by Orca Security
View all episodes
By Orca Security
5
88 ratings
Episode Summary
Cloud security looks a lot different to an outside observer than to an insider. And everyone thinks that some companies are further along in their cloud maturity journey than they really are.
But there's still a lot of work to be done regarding cybersecurity, so organizations should focus more on becoming cloud-native rather than going for the less-demanding "lift-and-shift" migration method.
In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Nick Vigier, CISO at Talend. They discuss the downsides of using the forklift migration method, the importance of shifting perspective, and why there is no security career ladder.
Nick has a history of innovation as a CISO in cloud hosting (DigitalOcean) and identity verifcation (ID.me) as well as a CIO in financial services (Gemini Trust Company) with over 20 years of experience in the security industry. Heβs now the CISO at Talend, a strategic advisor, and a student of how to make security a strategic partner to the business while giving his teams and organization the safety to innovate quickly.
##
Guest-at-a-Glance
π‘ Name: Nick Vigier
π‘ What he does: CISO at Talend
π‘ Noteworthy: Former CISO at ID.me & DigitalOcean.
π‘ Where to find Nick: LinkedIn
##
Key Insights
β‘ Using a forklift migration approach is tempting, but it's not always ideal. The "lift-and-shift" migration method appeals to most organizations, as it's the easiest to employ. But some potential issues may arise with this strategy. Nick and Andy touch upon some of them in this episode. Nick says, "From what I've seen in the field, from a CSO perspective, you have a lot of companies that have forklifted from more physical infrastructures straight into the cloud, and it just doesn't work that way. You can get away with it, but it's going to cost you a lot more. It's going to be a lot more inefficient, and getting cloud-native is really what organizations should be focusing on in a very real sense β which requires a very different set of skills."
β‘ A perspective shift can go a long way. Instead of spending too much of your energy on convincing others to see things your way, you can focus on helping them make better decisions. It's just a matter of shifting your perspective. Nick explains, "That's not my job. My job is to give them an understanding of GroundTruth and help them make an informed decision. And their decision isn't right or wrong β it's just different. And so that allowed me to take a step back from feeling like the decision was personal and more of just everybody comes to the table with different perspectives. And as long as I can give them the facts and help them understand the risk that they're taking, it's neither right nor wrong; it's just different."
β‘ There's no security career ladder; it's a jungle gym. Security is a broad field with massive potential for specialization in different areas. Nick says, "If you look at security in a broad enough sense, it is everything from your engineering work to your product security, application security work, your investigations, your incident response, your governance risk and compliance, privacy, and even physical security, and there are roles in there for everyone. And I think it's key to understand that security isn't just pen testing β a number of people who are early in their career say, 'I just want to be a pen tester.' Well, as someone who had to go through that for a year to realize that it wasn't for me, Iβm trying to help people understand where they fit into that journey or what they might have aptitude for."
##
Episode Highlights
Why CISOs should reach out to their communities
"In that type of role, it really allows you to touch a variety of industries and mindsets, but in my experience, only about 20% of the CSOs that you interact with want to engage. [...] I would encourage CISOs to reach out to their communities and partner with people and especially when they are people that are not trying to sell you but are literally just there to try and help to take them up on it. It can't hurt. What do you have to lose?"
The ability to rethink things has changed
"As the cloud changed and networking changed, and other organizations moved to the cloud, some of these considerations that led to, 'Oh, we have to be on-prem,' have gone away. It's been really good to see regulators warming up to the cloud because that's always been a hindrance. Even CMS on the Medicare, Medicaid side has always been very anti-cloud and is now finally coming around. And that eliminates a lot of those hurdles, a lot of those intellectual gut reactions or fight-or-flight type of conversations around the cloud, and you can have a much more objective conversation around what is the best approach. And the feature sets are obviously a lot more complete and mature. So, the ability to rethink things is great from a cloud perspective."
Let's leave automation to the machines and let humans innovate
"There are things that machines do really well, and there are things that people do exceedingly well. People are great at things like pattern recognition, but they just have to be presented in the right way. And so, being able to let the machines do what they do well and automate those things, and then letting the humans be the creative entities that allow the business to innovate versus just doing busywork, or just working harder, is the real promise and what I'm really excited about."
This podcast is hosted by Orca Security