‘I believe zero trust is a big game changer’

15 Oct 2021

Devin Ertel. Image: Menlo Security

Menlo Security’s Devin Ertel talks about the growing trend of zero trust and how the threat landscape has changed.

Devin Ertel is the chief information security officer for Menlo Security, a web security vendor founded in 2013 in California.

Menlo Security has taken a zero-trust approach to security, which centres on the idea that an organisation should trust nothing inside or outside its perimeters and must instead seek verification for everything.

Future Human

It’s an approach that many top experts agree is the future of cybersecurity, and several CIOs and security leaders Siliconrepublic.com has interviewed in recent years have agreed that it’s the best way forward, including Slack’s Larkin Ryder and BT’s Dónal Munnelly.

In fact, a recent IBM report found that companies that adopted a zero-trust security approach were better positioned to deal with data breaches.

Ertel is another major advocate for zero trust and sees it as a game changer for the security industry. Prior to Menlo Security, he was CISO at fintech player BlackHawk Network and head of security and IT at Guidebook, a venture-backed global SaaS company, where he built and oversaw the security programme.

He also held security positions in several Fortune 100 organisations as well as the US Federal Reserve, where he had hands-on experience mitigating large, high-profile breaches and dealing with global threat actors.

In his current role at Menlo Security, he is responsible for providing internal cybersecurity guidance and policy insights to both the company and its customers. “I’m also focused on reducing the company’s risk and security exposure,” he said.

‘Imagine not having to worry about threats because you’re able to prevent attacks from getting in’

Are you spearheading any major product or IT initiatives you can tell us about?

Menlo Security is already doing a lot right. My focus is to make it even better and harden our best practices and procedures. I am, and have been since before the pandemic, very focused on zero trust.

One of the things I especially like about Menlo Security is our approach to security. It is all about prevention. How do we stop threats from getting in, rather than how do we stop and remediate threats after they’ve gotten in.

I am also focused on how to help our customers ensure that they have the best protected environment. That means reducing online threats to their users and their business.

How big is your team?

Menlo has a security team of around 20 and still growing. We have open positions with more to come.

What are your thoughts on digital transformation?

This change was bound to happen and only accelerated during the pandemic. This also changes the threat landscape considerably for security teams. We have more to protect, and in ways we have not seen before.

In this era of remote and hybrid work, and digital transformation, technology is not just a support for business, but the foundation of a business. It interconnects multiple local data centres, remote cloud applications, the supply chain, remote customers and all connections between them.

Without the right security posture, this can be an environment ripe for attack. Think about all the attacks we are seeing today.

What big tech trends do you believe are changing the world and the security industry specifically?

I go back to zero trust as something I believe is a big game changer. Imagine not having to worry about threats because you’re able to prevent attacks from getting in.

Another trend happening is security is now a C-suite and boardroom issue. Every company is thinking about what happens if it is attacked, particularly in the wake of recent high-profile ransomware attacks we’ve all heard about.

Most work today is happening in the browser. Companies need solutions that prevent web-based threats from reaching users while protecting the organisation’s productivity.

But security should not diminish the user experience or productivity. However, experience has taught me that organisations are often under the impression that productivity or user experience must be sacrificed to achieve security. I don’t believe that is true.

I’m eager to build a security programme that not only addresses industry challenges, but also enables our customers to do the same for their respective businesses. Menlo Security provides an innovative, differentiated approach to securing work for the modern business and I’m excited to be a part of the journey.

In terms of security, what are your thoughts on how we can better protect data?

First, if you don’t need it, don’t store it. Secondly, understand where all your data is, who has access to it and what technical controls are in place.

From there, continue to improve your processes and procedures around data governance.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.