ExtraHop’s Rafal Los on Avoiding Strategic Advisement Mistakes
Welcome to Team Cymru 's newsletter, The Future of Threat Intelligence.
Twice a month, we take deep dives from our podcast interviews with leading cybersecurity professionals and distill their insights right here for you.?
In our latest edition, I speak with Rafal Los, Head of Services Strategy & Go-To-Market (GTM) at ExtraHop, who shares his extensive experience in cybersecurity, offering insights on transitioning from technical roles to strategic leadership positions. He discusses common misconceptions in strategic advisement, the importance of understanding the business context, and actionable advice for aspiring leaders.?
Here are the top takeaways from the interview.?
#1: Bridging the Gap with Effective Communication?
“I have that ability to translate between the technical language and the thing that you really want to solve. So we have those conversations over lunch and dinner and whatever meetings, and then I get involved in customer acquisition, so when we have large, complex customer situations, I get involved in those because I've been here long enough so I can pull the right people and answer some questions. And if I don't know it, I know a guy.?
“And then on the customer success side, helping, you know, going beyond just deployment, I think the biggest disservice a vendor can do to a customer is sell it to them and then wish them good luck. Which there's a lot working out of. There's too much. And then people say, well, the product isn't working. No, the product works great. The problem is, we sold you a 10,000-Lego brick thing, and we sold you the picture of what it's supposed to look like. And then, like, good luck. And you're like, wait.”?
Actionable Takeaway: Translate technical jargon into practical solutions during customer interactions. Beyond deployment, ensure continuous support to prevent frustration. Understand customer needs deeply and provide guidance throughout their journey. Avoid the pitfall of selling complex solutions without adequate support, ensuring a seamless experience from acquisition to implementation.?
#2: Reduce Complexity to Minimize Risk?
“I think the one that I've been harping on for a long time, and I'm glad every time I get a platform to say this is, stop making it too complicated. There is this crazy mindset, and I don't know where it came from. I don't quite understand how it got there. But there seems to be this from somewhere, this misconception on that if I make it super complex, then it means it'll be secure. No, in fact, it's the exact opposite.?
“The more complex it is, the more complexity you add to a system, the harder it is to secure. And this goes for how do we keep people from clicking on phishing emails to secure software development, to system design, literally everything, including human interaction. The more complex it is, the less likely it is that it will be risk averse. I hate using the word “secure" because nothing is. But the less likely it is to introduce a large amount of risk.”?
领英推荐
Actionable Takeaway: Simplify security processes and systems. Complexity increases vulnerability, making it harder to secure. Focus on clear, straightforward designs and practices across all aspects, from user education on phishing to system architecture. A simpler approach reduces risk and enhances overall security.?
#3: Strategic Planning for the Unexpected in Risk Management
“Have a strategy for things, right? Strategies generally survived contact with the enemy, and, you know, everybody's got a plan to get punched in the face. I get all that. However, I have been in too many situations where it is necessary to go into action. Something bad happened. And if it is something that you've never even thought about, you're going to have a bad day.?
“So as boring as it can be, look at the way things fail. All the way from the common, all the way up the scale to the exotic. Whatever you're protecting, whatever you're defending from a business angle, have that business angle on it and think about how it can fail. And then start asking yourself, what's the likelihood? What's the impact? And be critical.”?
Actionable Takeaway: Develop and maintain a strategy for potential failures. Assess common to exotic failure scenarios and their business impacts. Regularly evaluate likelihood and impact to refine your strategy. Proactive planning ensures better preparedness and resilience when unforeseen issues arise, minimizing disruptions and ensuring effective responses.?
Listen to our latest episodes: