The LogRhythm Champions Network is an exclusive community of LogRhythm’s most passionate and strategic customers. This elite group of customer leaders in the InfoSec community are experts in all things LogRhythm. The LogRhythm Champions Network works to recognize these leaders for their advocacy efforts, connect them with fellow experts, and empower them to reach their personal and professional goals. Learn more about the people who choose to partner with LogRhythm.
This Champion Profile showcases Dan Ney, Security and Risk Lead for Baker Tilly. Here is Mr. Ney’s story, condensed from a recent interview.
What organization do you work for and what is your current role?
I am the Security and Risk Lead for Baker Tilly, US LLP. As the Security and Risk Lead, I’m responsible for the care and feeding of our SIEM, as well as manage the perimeter security of our network, our endpoint security, and the security of all our cloud instances. I also work to investigate any security events or incidents that occur in our environment.
How long have you worked at Baker Tilly?
This is a killer, but I’ve worked at Baker Tilly for 19 years. I’ve been around so long that when I first joined the company it was called Virchow, Krause & Company, LLP until the company rebranded in 2009. Only a few of the original employees are still around and it’s always interesting to reminisce and think back to how dramatically the company has changed.
19 years is a long time, what has kept you at Baker Tilly for so long?
I think it really comes down to always learning and growing. I’ve been fortunate enough to change job focus within my role quite a bit over the years. I started as a systems administrator back when the company was only 700 people: now we are over 5,000 people, globally. I transitioned to a Senior Systems Administrator and then I became a manager of that team. My next opportunity came up after a large merger where management decided to start a security department. I had always had an interest in security and enjoyed it, so I made the move to the brand-new security division within IT.
It’s been a ton of fun to see the company grow to where we are today, and I think the ultimate thing that has kept me around is I love working for Baker Tilly. They treat me well, overall, everything’s been fair, and they’ve been very accommodating to my family life. I love what I do, and I love the company I work for.
What did you do before your current role? What are your previous work experience and educational background?
I didn’t have a formal education in security. Right after I graduated from school, I immediately got a job in consulting. It was the late nineties and at that time consulting firms would take anybody that knew even the slightest bit about IT. As luck would have it, I started my career as a network engineer. From there I went on to be a Microsoft systems engineer and eventually a NetWare engineer as well. I’m really dating myself now…
What drives you to continue to work in cybersecurity?
I’m a technical guy. I’m driven by technology and I love the interesting, challenging, and meaningful work that our team does every day. My team also motivates me. We work great together, and while we face a lot of challenges, we also solve a lot of problems. Even when I think of the days when I wish that I wasn’t in security, by the end of it, I know I’ve learned a valuable lesson I can use long into the future. This job definitely keeps me on my toes.
The other thing that keeps me in the industry is that as a security professional my role is constantly expanding. In the early days, I was just the tech guy. We were the people working in the back rooms that were only called up when technical questions needed to be answered or an investigation required an in-depth explanation. Nowadays it’s very different. We’ve very much become business enablers and are invited to participate in business solutions in the beginning, not just after something has happened. I consistently work with enterprise-wide risk committees and different groups around the organization to help them drive the business. I really enjoy that part of my job because I’ve met a lot of people within the company and at the end of the day, they understand us a little bit better and vice versa.
What is your cybersecurity philosophy?
Cybersecurity is constantly shifting. It’s never standing still. This means the foundations we’re working on need to be sound, and it needs to be fluid. We have to keep moving alongside the threat landscape or we’ll be the ones hurting in the end.
I also believe that as security professionals we need to constantly take business requirements into consideration. Managing security isn’t a simple task. We’ve got a myriad of different internal partners all with different viewpoints and objectives. We’ve got different types of technologies, data, and even regulatory requirements. The key to navigating these elements is to truly understand the business’ goals and what the business needs from us. That way we can solve problems and protect the business without hindering it in the process.
Which concerns you the most from an InfoSec perspective?
The reality is the pandemic forced changes in business much faster than anyone anticipated. Take work from home as an example. Almost instantly some of a business’s most important assets are not within the walls of the organization, they are at home. For us, we’ve got employees doing taxes and audits at their houses. Very sensitive information is outside of our boundaries and in volumes we’ve never seen before. We had a remote workforce as a small percentage of our overall employee base, but now it’s 99% or even 100% of the workforce. As this change suddenly happened, I immediately saw a massive increase in attacks geared towards the remote worker. That definitely has me concerned as I go to sleep.
The second biggest concern is that we’re seeing more vulnerabilities popping up in products and even security products. Think about the latest SolarWinds and FireEye breaches. Attacks are coming so fast and furious that even the best patching deployment process struggles to keep up. Nearly every week there is some major critical vulnerability or some zero-day exploit that I have to go fix or defend against. If you think back to what I said around my security philosophy, it is. more complicated than simply patching a system or making an update. We must continuously evaluate the risks of the business. I can’t simply take critical systems offline in the middle of tax season, especially multiple times a month. We have employees working worldwide, what would be the impact of that be?
Finally, what also concerns me is the amount of time vendors are taking to disclose these vulnerabilities. I understand that they have to perform an internal investigation and they don’t want to disclose anything too soon, but it would be nice to know about problems a month or two earlier. At the end of the day, I’m the guy that has to protect our stuff as well.
How do you feel cybersecurity has evolved over the years?
When people ask me, “what was security like in the nineties?” The answer is simple: antivirus. I call it the antivirus craze. The craze was a result of the release of the first big virus, Love Bug. There were also firewalls, but they just blocked ports and that’s it. It was all pretty basic stuff and those tools weren’t very effective at actually preventing compromise.
Fast forward to today and just look how far we have progressed. We’re doing advanced threat hunting and security analytics using AI. Security has changed dramatically, it’s amazing.
What do you do for fun? What do you enjoy outside of the office?
Outside of work, I love to do what we call, “family adventures,” with my two sons and wife. For us, this could include trying a new food or traveling. Pre-pandemic we used to travel a lot. We try to be as diverse as possible and visit different cultures around the world. To name a couple, we’ve visited Honduras, the Philippines, all over Europe, and even Dubai. It’s a lot of fun.
Recently, because of the pandemic, we’ve had to stay a bit closer to home. But we’ve still enjoyed going up north and spending quality time together camping, kayaking, four-wheeling, and boating. If it’s just me, my kind of getaway is flying. I’m a pilot and I love to fly. There’s nothing better than a beautiful day just hanging up in the clouds, looking down.
Why did you join the LogRhythm Champions Network?
It was an easy decision to join the Champions Network. If I believe in a company and its product, then I can be a passionate advocate. Everything that I’ve seen from LogRhythm over the years has proven it is worthy of my partnership.
Being a LogRhythm Champion is a terrific way to get a voice at the table and provide feedback directly to the LogRhythm team. LogRhythm has consistently asked for our opinions and how to make the product better. The best part is the team actually listens and evolves the product based on feedback we’ve provided.
With the security industry changing rapidly, I look forward to networking with other Champions to exchange ideas and stay on top of developments. At the end of the day, we use the same products and try to accomplish the same goal. I’ve found I can learn a lot from other customers, as well as help others out by sharing my ideas.
How will your participation in the program impact your partnership with LogRhythm?
I hope my participation in the program will help my relationship with LogRhythm continue to grow. I also plan to use this opportunity to connect with the wider InfoSec community. It doesn’t matter where you’re from or your walk of life. We, as security professionals, are on one team, trying to accomplish the same goal.