This post is the next in our series chatting to people at Octopus about their role, what they’re working on to improve the product for our customers, and more.
Here we talk to Kyle Jackson, Security Operations Manager.
What does the Security Operations team do?
The Security Operations team performs many functions, but we group our work into 2 main categories:
- Internal security
- Product security
Internal security focuses primarily on keeping our employees safe from attacks and securing the systems our employees use.
Product security focuses on securing the products our customers use, which includes working with our engineering teams, working with security researchers on our bug bounty programs, and communicating product vulnerabilities to our customers.
What keeps you busy every day as Security Operations Manager?
Every day is different, which is one of the things I like about working in security operations.
A big part of a typical day as Security Operations Manager is being an escalation point for the other Security Operations team members, plus working with other teams on their upcoming or in-progress projects, and general housekeeping.
Although every day is different, something that’s always consistent is multiple meetings!
What are some of the biggest security threats and how do you manage them?
Being a software vendor, our most significant security threats gravitate around our product. However, our internal systems, which support the business, attract their own threats too.
To manage our product threats, the Security Operations and engineering teams work closely together. Collaborating is vital so that engineering teams are aware of current and emerging threats and the Security Operations team is aware of upcoming features which could attract new threats.
For our internal systems, we rely heavily on identity and network segregation to mitigate malicious activity, implementing an almost zero-trust architecture. The key, however, is continuously reviewing the risks and the controls we implement to mitigate them.
What drew you to work in security operations?
I didn’t plan to work in security, I kind of fell into it. I was working as a consultant primarily on public cloud security and identity management and performing many security incident responses.
I left consulting to join Octopus Deploy as one of the first full-time security employees.
How do you plan for the future of Octopus Deploy’s security?
It’s a collaborative process that involves:
- Understanding what the product teams plan to ship to our customers
- Understanding what the business’s compliance needs are going to be
- Forecasting general security industry trends
- Identifying new threats that might impact Octopus Deploy
It takes a lot of time to gather information and plan for the future of Octopus Deploy’s security. It’s also important our team is agile and can adjust course if new threats emerge or existing threats change.
How do you unwind from your job?
Working in Security Operations is a hard job to unwind from as everything moves so quickly, so I spend time out of work hours keeping up with the latest information.
However, I find the key to unwinding is going to do something and leaving my phone and laptop behind, as it’s the only sure way to disconnect.