Mark Wigham, Director of Technical Architects at Salesforce, works with the world’s largest companies to tackle complex security, data, and AI challenges. He joins us for this week’s episode of Speed Data to talk about data loss prevention, how to help overburdened security teams, and the fundamentals of cybersecurity.
Mark Wigham, Director of Technical Architects at Salesforce, works with the world’s largest companies to tackle complex security, data, and AI challenges. He joins us for this week’s episode of Speed Data to talk about data loss prevention, how to help overburdened security teams, and the fundamentals of cybersecurity.
#Cybersecurity #AI #Salesforce
Speed Data: The Basics of Cybersecurity With Mark Wigham
[00:00:00]
Megan Garza: Welcome to Speed Data, quick conversations with cybersecurity leaders. I'm your host, Megan Garza. Joining me this week is Mark Wiggum, Director of Technical Architects at Salesforce. Mark specializes in infrastructure and security and works with the world's largest companies to tackle complex security, data, and AI challenges.
Megan Garza: Welcome to the show, Mark.
Mark Wigham: Thanks for having me.
Megan Garza: Mark has an extensive background in cybersecurity, cloud environments, and solution architecture, and relies on his experience to lead teams in developing cutting edge solutions across sectors. Mark's unique dual perspective, both as an implementer of cybersecurity within organizations and as an external advisor, allows him to provide comprehensive and practical solutions to his customers.
Megan Garza: His commitment to innovation and excellence has helped make him a trusted advisor in the tech [00:01:00] industry, helping customers navigate and solve their most pressing infrastructure and security challenges. Mark, tell me a little bit about your day to day responsibilities.
Mark Wigham: my role is sort of split between, sort of hands on tactical aspect of supporting the team, any sort of operational challenges you may be having, any sort of areas we need to work on to make sure we're covering and supporting our customers needs as best we can.
Mark Wigham: and then on the other side into a more sort of strategic angle, so any new products that we're launching, any changes to our existing products or services, how are we going to alter our go to market strategy, any external factors, new sort of compliance regulators, anything that might, um, Impact our customers and their organizations.
Mark Wigham: Just trying to stay ahead of that process to make sure myself and my team are ready to support them through their sort of journey.
Megan Garza: And what's your favorite aspect of cybersecurity?
Mark Wigham: I think. The thing that sort of keeps me engaged with cybersecurity is how it is constantly evolving. The constant [00:02:00] change is just very, very enticing to me. I like solving problems and so constantly having new problems to address is, probably my, my favorite aspect.
Mark Wigham: Being able to work those problems to have a positive outcome for myself, my peers, for our customers, just really makes that sort of problem solving process feel, feel even more fulfilling.
Megan Garza: And I would imagine that the constant change can also work the other way, so what would be the hardest thing about your role?
Mark Wigham: I think this is probably a sentiment a lot of cybersecurity professionals would share is, But I think one of the hardest things or most challenging aspects of the role is how do we break out of our own bubble and sort of translate what we're really focused on in cybersecurity to people who, are not really living and breathing in that world every day.
Mark Wigham: Right? It's how do we explain the importance of these new technologies, these new threats, these new innovations? How do we, present that back to the business, [00:03:00] in a way that they can understand, they can consume, and then ground it within their reality?
Megan Garza: And what do you think is the number one rule for data loss prevention?
Mark Wigham: Data Loss Prevention. Data Loss Prevention is is a bit of a topic close to my heart. and I've sort of, for a few years, been talking around about DLP as an initiative. it's never something that is finished or complete. There's never an end, to, DLP. And it, it's definitely not a, a tool that you buy, even though there are plenty tools that will say they're a DLP tool, but, it is a multifaceted approach to achieve your sort of DLP goals. when I think about the number one role, I'd probably say, the basics right, Data classification, you know, what data do you have? where is that data? who has access to it? Who's the owner of that data? You know, the real fundamental principles are absolutely critical.
Mark Wigham: You could then talk about least privilege and role based access controls and just broader identity and access [00:04:00] management, or endpoint security, all these other things before you even got to a, sort of DLP tool that, that sat on top. But if you don't have that initial understanding and a plan that you're going to execute, there's always going to be gaps within those tools,
Megan Garza: And, you know, you mentioned DLP. We certainly love our acronyms here in security. Um, what is the most important acronym right now, today in your opinion?
Mark Wigham: I know there's a lot of acronyms in our space. I, I sort of don't love the overusage of acronyms for a couple of reasons. I think, one, it, causes greater confusion when we're trying to communicate with people outside of our sphere, outside of our bubble. and that's not good when we're trying to have, have good communication with the business.
Mark Wigham: I think it, is a barrier of entry for people trying to get into the field. You know, there's so many things, they don't really know what they are, it's not explained in plain English. but I think if I really had to say what was the most important acronym, I'd probably say CISO, C I S O, right? [00:05:00] if you don't have good oversight, you don't have a well articulated plan, you don't have somebody in the organization who is going to interface with senior leadership to fight for cybersecurity, to, to make sure security by design, security is integrated with the processes, the operations of the organization. Any of these, these great tools you buy on top, are still going to have risk, uh, around them and still have a, a chance of failure.
Megan Garza: and how do you get the board to view security as important as you do?
Mark Wigham: it's almost a little contradictory, right? I think you, you really have to. Have a really strong handle on the technicals, right? Initially, you really have to know what you're talking about because key decision makers are looking to you to provide the insight whether you're, you know, a security architect, whether you're an engineer, whether you're someone in incident response, it doesn't really matter.
Mark Wigham: You're a specialist function and the business leaders are looking to you to provide [00:06:00] insights. so you absolutely need that, but then on the inverse, you need to sort of take a little bit of a step outside of your bubble again and recognize that to these industry leaders, these business leaders, they just want the business to do well and making sure data is secured and is privacy is retained and availability is enforced.
Mark Wigham: All of those things are just things that lead to the business continuity. So, I think at times, we in the cybersecurity space can get a little bit on our high horse about, well, this is just how things should be done, and this is obvious, and everyone should listen to me because I'm right, and this is how the rest of the industry are viewing this risk, so I don't really have to make my case.
Mark Wigham: and that may absolutely be true, but you have to recognize you have to meet those people where they're at, with their appreciation and understanding of cybersecurity, and recognize that you have to look at the impact of this decision, this, purchase, whatever it is that you're, pitching, to [00:07:00] that leadership.
Mark Wigham: And put it in language that they're going to understand, to be able to translate it, and to be able to ground it in the business priorities. you know, how is doing this thing going to be positive, or is not doing it going to be negative?
Megan Garza: what do you predict to be the biggest shift in cybersecurity?
Mark Wigham: I mean, I think I could probably give this answer about a whole raft of, uh, the tech space right now. Um, but it's hard to not say AI. I think when I look at the sort of internal processes within cybersecurity teams, AI is, is absolutely perfect to, to augment that. augment those individuals in those roles.
Mark Wigham: I think anyone in cybersecurity space or most people in cybersecurity space, you know, probably feel this need to do more with less. There's always pressure on resources. There's always more work to be done than you're ever going to be able to do. I think we saw a lot of, of augmentation through the predictive AI era.
Mark Wigham: you know, processing large [00:08:00] volumes of data, trying to highlight threats or anomalies, you know, in cybersecurity, we're really looking for a needle in a haystack, but we don't even know if the needle's even there, right? So, we're just assuming the needle is in the haystack somewhere. And so these, these AI tools really are, are beneficial.
Mark Wigham: And I think it's going to be incredibly valuable and it's really going to transform, how much we can do, uh, in cybersecurity. But then on the other side of it is the sort of offensive side. these AI tools are scary, even to someone like me living in this space of how they're going to change. What a threat it is.
Mark Wigham: you know, I think we're all, fairly aware that, you know, we need to be careful about what we do when we receive an email from someone we don't know. I think even, my parents and grandparents are aware of that sort of stuff now. but as we see these AI, threats evolving, Those lines are going to blur, and what's real and what's not, is, is going to become much harder to decipher.
Megan Garza: .
Megan Garza: Can you [00:09:00] share one thing that you wish future cybersecurity professionals knew?
Mark Wigham: We really understand our world within, but we're talking a language that other people don't really. understand. They don't really see it. And so if you can translate and communicate very challenging, very technical topics to people who don't know that level of technical depth, you'll do really well in this space.
Mark Wigham: I think that's, that's really one of the key things that I look for in people on the team, and sort of when I observe it, from others, it's really sort of, I recognize the strength of that individual is, um, Not getting caught in those deep technical rabbit holes of being able to give people just enough information so they can make a decision without sort of drowning them in detail.
Mark Wigham: and I think again, that's something in the technical space, we're specialists. We really know this stuff. We're excited by it. We really want to sort of just Give everyone [00:10:00] every piece of information because it's interesting to us, but to people outside of that, sphere, it's too much. So being able to regulate and find that level of technical depth and find that the shortest path between starting the conversation and giving somebody all the information they need.
Mark Wigham: The shorter that path, the more effective you would be as a cybersecurity professional.
Megan Garza: thank you for joining me on Speed Data Mark. I appreciated your insight and point of view on Gen AI.
Mark Wigham: Absolutely.
Megan Garza: Thank you for coming on the show.
Mark Wigham: Thanks, Megan.