Why I’ve joined Hunters as CISO-in-Residence
- Oct 20, 2022
- By Rob Geurtsen
- 4 minutes to read
Rob Geurtsen, a 35 year technology veteran and executive, has been working in the area of Information Security since 2009. After 29 years, Rob retired in 2022 from Nike Inc. where he was the Deputy Chief Information Security Officer. In this role he was responsible for all combined Cyber Defense and Response functions, globally.
After his retirement from Nike Inc., Rob founded Blitz! Cyber Security and advises corporations on strategies that reduce the risk and impact of the rapidly evolving cyber threat landscape. As no two companies are the same, he determines, based on what their unique risk situation is, what the right steps and priorities are in building a mature and highly capable cyber function.
Since 2018 Rob has been active in the venture capital world. He is a Venture and Investment Advisor at YL Ventures as well a permanent advisor to the CEOs and founders of Satori Cyber, Hunters, Vulcan Cyber, and Eureka Security.
Originally hailing from Utrecht, The Netherlands, Rob and his wife have been living in Oregon, USA since 2004.
It was 2019 when I first spoke to Uri May, Hunters’ CEO & Co-Founder. At that time the company was still at its very early stages.
Back then, but already with a clear vision in mind to revolutionize the way Security Operations were being done, there were three key items that we discussed during that initial conversation, all revolving around the challenges that Security Operations teams are burdened with in the current cyber landscape:
- Any Security Operations Center (SOC) and Incident Response team has challenges with security data: One never has enough of it, while at the same time facing cost-prohibitive models to collect and retain it all for querying and analysis. Ideally these teams have 14-18 months of data available in order to do proper detect and in depth incident root cause analysis. That’s a lot of data for any size company.
- The process of collecting the data and having alerts generated from it is very resource intensive: people, time, budget, etc. It’s complex, needs constant maintenance and simply takes too long. When platforms go live, detections need to be enabled immediately. Not several weeks later.
- Traditional SOC platforms don’t provide context very well. There is a lot of console-jumping by analysts to understand whether an alert is positive or a false negative. All that switching is time consuming, error prone, and simply impeding a good workflow for the analyst, let alone boring and a major reason why SOC analysts look for other roles.
Having built a global cyber operations function, including a SOC at Nike Inc., and leading it for nearly a decade, many of the above challenges were familiar and often discussed in my circle of peers.
Fast-forward to today
While I initially joined Hunters as an Advisor in 2019, I’m thrilled to now have joined the team as the CISO-in-Residence. This role gives me an increased ability to be ‘the voice of the customer’ for all the teams that are building this exciting new platform that intends to be the nerve center of the SOC.
The SOC platform that Hunters has built really addresses the items I discussed with Uri back in 2019:
- It provides vendor-agnostic data ingestion and normalization across all the security data and tools at a predictable cost, removing the overhead of creating and maintaining security data streams.
- The platform delivers many detections out-of-the-box, eliminating the pain of rule-writing and maintenance and the resulting noisy signals, but also allows customers to customize their own rules as required.
- The automatic investigation and correlation capabilities of the platform ensure that analysts don’t just receive an alert, for instance, from the firewall, but the platform automatically correlates that with activity in your directory, desktop application and file share.
Ultimately, the platform allows analysts to detect and mitigate threats faster, with more confidence, and frees up time to focus on important cyber work that doesn’t revolve around chasing false positives and tedious data streams and rule maintenance.
I believe that the team at Hunters, which counts with deep expertise in cyber security and security operations, are really building something unique. I’m truly excited to be part of this journey.