The Red Report 2024: The Top 10 Most Prevalent MITRE ATT&CK Techniques
Q&A with Picus Security’s New VP of Marketing
Today, we’re excited to announce that Trevor Daughney is joining Picus Security as its Vice President of Marketing. With decades of B2B cyber security marketing leadership experience — at Symantec, McAfee, Exabeam, Ping Identity, etc. — Trevor has a ton to share about marketing enterprise cyber security software. We sat down with him to chat about that, and to get to know him better as a person and a leader.
What interested you about joining Picus Security?
In my work I have frequently heard from chief information security officers (CISOs) that they are struggling to assess their security posture. I am excited to join Picus because it allows security leaders to know whether their security controls work as they are supposed to. They can answer questions like ‘will my security controls prevent our systems from being breached?’ and, ‘will I be able to stop an attacker who is inside my systems from accessing business critical assets?’. Picus also overcomes the limitations of traditional approaches such as penetration testing by continuously and automatically testing organizations' defenses.
And while it is the capabilities of Picus’ modern cloud platform that initially drew me in, it is the impact on Picus’ customers that I really sold me. In my research I saw that ING Bank called the Picus Platform a “game changer.” I also saw that Migros, a leading retailer in Europe, uses Picus to conduct over 4,000 simulations daily to validate the performance of its network, endpoint and email controls. It also didn’t escape me that Picus has a 4.9 out of 5 stars in Gartner Peer Insights.
What is your outlook for security operations going into 2023?
The biggest change in cyber security in 2023 is going to be increased involvement from the CFO. As a result, CISOs need to show ROI of their current and future investments. This is a change from the past 2-3 years where CISOs have been given a lot of flexibility to spend on new tools to help their organizations adapt to working from home. The current uncertainty about the strength of the economy has changed that. CFOs are going to be asking if CISOs are getting the best return for their security spend.
These new business requirements for CISOs were another reason I joined Picus. Picus gives CISOs the confidence that their cyber spending is aligned to the most significant risks that their organization faces. The situational awareness they gain allows them to test and measure the performance of security controls, both individually and collectively, across both prevention and detection layers. Said another way, Picus helps CISOs demonstrate that the security controls and tools they have spent significant time and budget to implement are actually working as they should. As a result, they can maximize the return of their security investments without creating an additional strain on resources.
How will you apply modern marketing strategy at Picus?
There has been a big shift in enterprise software marketing towards product-led growth, where end-users can purchase applications directly. The trend originated with products built for engineers but has started to take hold for more operational domains like security operations. I am looking forward to accelerating the bottom-up organic adoption of the Picus Platform to complement Picus’ traditional top-down go-to-market motion.
This can only happen because Picus has made its platform really easy to use. First of all, it’s easy for prospective customers to test the product since Picus already provides its customers with the ability to do a free 14-day trial. Second, it’s easy for customers to onboard as the Picus Platform has a modern SaaS architecture with dozens of API-based integrations. Third, it’s easy to use, with automation and out-of-the-box playbooks available for simulating attacks and remediating issues available for red teams and blue teams, respectively.
Security teams can also easily operationalize the MITRE ATT&CK framework by using Picus to emulate the tactics, techniques and procedures (TTPs) used by threat groups such as state actors or ransomware gangs.
What is your favorite Picus feature?
My background is product marketing, so I definitely spent time looking at the product before joining. My favorite feature is the new SIEM rules validation capability. It helps folks in a security operation center (SOC) ensure that the right detection rules are in place and that alerts are triggered for critical security incidents. I previously spent time working at McAfee and Exabeam, two SIEM vendors, where I saw how challenging this can be to do manually by the SOC team. They can spend days creating a new detection rule and additional hours validating that the detection rule is working the way they should. When you consider that they have hundreds of rules in place, it’s easy to see how much time can be saved by automating this task.
I’m also looking forward to helping Picus complete the transition to being a platform player, something I’ve done successfully in my prior roles. Picus announced in November that it expanded from offering a point product to offering a security validation platform. The platform now includes Security Control Validation, with vendor-specific mitigation insights; Attack Path Validation that can be used to discover the shortest paths to a Windows Active Directory; and Detection Rule Validation which I just mentioned and can also be used to identify redundant and obsolete rules.
I also can’t wait to help make some noise about the other innovations coming from the engineering and product teams as Picus expands beyond its origin as a breach and attack simulation provider.
What else are you looking forward to at Picus?
I’m looking forward to joining an established global business. Picus has hundreds of customers around the world. That maps to my own international experience. Picus also has a huge growth opportunity in the USA, where much of our executive team is located, including myself. The marketing team itself is spread across 5 countries with a modern hybrid of folks working from home and in our regional offices. It’s going to be great to learn from each other’s local experience. As someone who likes to travel, I’m already looking forward to meeting the team in person in the coming months. I was fortunate to be able to continue to travel over the past couple of years during the pandemic but I expect that will only accelerate as I ramp up at Picus.