When we talk about the software development lifecycle, we often focus on the product and engineering functions, potentially leaving out a critical team: Sales, and specifically Sales Engineers. To add a little color to this role, we invited Chris Goodman, Director of Integrations and Alliances from SentinelOne. Chris gives a different look at customer empathy – one that’s directly tasked with helping customers figure out the problems they really have, and how to solve them. At the end of the episode he shares a succint and powerful approach to help engineers stand out and secure coveted roles.
Chris Goodman has over 20 years of experience in the Cyber Security and Information Technology field. He leverages his years of experience in Incident Response, Cyber Security Operations, Security Architecture, and Cyber Security Strategy to continually improve and transform how his customers deal with today’s and future threats.
Ledge: Chris, thanks for joining us. It’s good to have you on.
Chris: Thank you so much. I’m excited to be here.
Ledge: Could you give a two- or three-minute intro of yourself, your work, and what you’ve been up to just so the audience can get to know you?
Chris: Fantastic! My name is Chris Goodman and I’m a director of integration at SentinelOne. Before that, I was also a sales engineer. I know what an API is and I know a little bit of what Python coding is. I got promoted.
I’ve been at for SentinelOne for two years as an SE. I doubled my quotas and knocked it out; so, now, I’m really interested in trying to build out our integration platform as well.
That’s where I’m at.
Ledge: So many engineers do not understand us, sales folks. I’ve been in the sales seat and there’s a big difference in the culture.
So having sat in both seats and done integration engineering and even some code, you know what things are and you actually have to sell it to customers, what’s the recommendation for how you make success out of dealing with the on-the-ground product engineers?
Chris: I’m fortunate enough to work for a startup that has a listening ear. I’m out in the field often talking to other folks, other large organizations saying, “Hey, guys, I used to sit in your seat. What would make things better for you?”
For instance, SentinelOne’s got five of the top Fortune 10. I sit down with those guys and we figure out, basically ─ and forgive me, everybody, for saying this ─ one pane of glass. We always hear it within the community as to how easy it is.
But I’m really trying to make a difference and trying to help our customers with trying to put together some type of framework where they just go to one place ─ typically, the SentinelOne console ─ and then just do whatever they need to do. That’s either threat hunting or taking a file and putting it up into some type of sandbox or something low level as taking all that threat detail and then pivoting it into Recorded Future or other vendors.
That is the key crux thing that I do and I try to make it happen.
Ledge: So we should step in and say that cybersecurity, obviously, is SentinelOne’s area of work and that’s a hot topic right now. Are you helping people not become the next Equifax? How do you do it?
Chris: Fantastic question! SentinelOne’s based off of three pillars. Our first pillar is called our deep file inspection engine. I really wish I could sit down with some of the engineers like Matt Wolf. He’s a genius. That guy is awesome. He’ll come in with flipflops and a hoodie. When Matt comes in, that’s a legit dude who knows his stuff.
But, next off, is our patented behavior engine.
As things happen in the process and as things get exploded and as spawn out, we watch every single process and determine within our own special sauce if it’s legitimate or malicious.
For instance, let’s take Adobe Reader, which is a piece of crap software as it is but it’s what we all use, what happens is that the Adobe Reader spawns different processes as it goes through.
At that moment, we make a decision saying, “You know what, time out. That’s malicious behavior. I want to stop it dead in its tracks.”
But we don’t stop there because, then, what we do is spin that and look at it. Of all the artifacts the come down, we start doing true EDR where we can hunt and see if any other of our endpoints are affected by this type of malicious email or a website or even a USB stick that they stuck in to take a look at.
So that’s what SentinelOne is known for. It’s really our behavior engine and then our static engine and, lastly, our EDR capabilities.
Ledge: Talk about endpoints. I’ve heard the term “attack vectors” or “attack surface.” How do that fit together with endpoints for the business listeners in the crowd?
We talk a lot about technology and deep dive stuff. But let’s zoom out a little bit. Talk to us about the vocabulary there.
Chris: An attack surface is really just a machine that has vulnerable apps or something of that nature where the bad guys, then, try to exploit those vulnerable apps.
And so, that’s where we come in ─ SentinelOne. We really look over the whole machine holistically and make sure that nothing malicious gets entrenched on it.
How we do that is what we have described with our three pillars of technology; but, also, from a business sense, everything that we have is automated.
And so, this is the key aspect that I truly am passionate about. Not only is our product automated in the aspect that it’s really a hands-off once you install the thing but we also have over 250 read-and-write APIs where we can then hook in and then pivot.
Let’s say, you like Palo Alto Network’s firewall, the best firewall in the planet according to me. I love that stuff. And so, we can pivot and take all those threat details, IPs, hashes, etcetera, and dump it into the firewall to make both products better.
Let’s say, you don’t have a SentinelOne agent, or a phone or something crazy, a webcam, we can still protect those endpoints by leveraging the technologies that surround us so we can hook into a firewall saying, “Hey, you know what, we’re not going to allow anything to happen or traffic to go out to this known bad vector.”
So that’s how it works.
Ledge: Talk about the industry at large. People are trying to attack ─ I mean, endless numbers of cybersecurity sort of products and tools and you could integrate it into your desk cycle and you can take it from inside the firewall, outside the firewall.
How does anyone make sense of this?
SentinelOne is a cool, great product. And then, there’s this empire of a thousand different things. There are so many products and services.
How does anyone make sense of this ecosystem from a buying standpoint?
Chris: That is truly the hard part. Sometimes, people leverage firms like Gartner or NSSLabs or Forrester to help them narrow down their selection criteria. Typically, that’s the first kind of thing.
Frankly speaking, all those places ─ Gartner, NSSLabs, Forrester ─ are all kind of biased, anyway. They say they’re not but they are, and that’s the reality.
What you have to do as a business person or an engineer is to put on your goggles; look at those reports as some type of guidance like, “Oh, okay, they’re in a visionary quadrant or in this bubble for Forrester of being visionary.”
That’s something to be noted on but not to be decided on. You can’t make a decision just based off of that specific report.
What you really need to do is define your problem. Say, “My problem really is.. maybe I have a problem with too many logs everywhere.”
So what do you do?
You have to aggregate all those and stuff it into something. So you use Splunk or Exabeam something like that.
Then, you try to define a process of when you bring those vendors in saying, “Hey, I want you to do X. Show me how you, guys, do X.” And then, after that, you bring it to the table tossing it into a proof of concept and making sure what they say is real.
We all love marketing. Everybody listens to marketing as it is but what really happens is the true test is bringing it into a proof of concept base. And that’s usually thirty to sixty days; or you kick the tires really hard, and then make sure what the vendor says, they can really do.
Ledge: Obviously, you’re talking about the solution that huge enterprises are using and a lot of clients are on that side and then a lot of clients are also on the other side. It’s like one, two, three people literally writing the first lines of code.
I wonder, how do you think about security planning for people who can’t possibly afford a product at scale but need to address these issues from literally from the engineering footprint upwards?
Chris: I am a huge proponent of two-factor authentication. Right off the bat, if what your business people really want is something to lock down without buying really expensive products, first off, get something two-factor authenticated.
There are fantastic studies on this kind of stuff. Just that alone will help circumvent all types of phishing attacks. So that’s number one from a business case.
But from a coding aspect, maybe you’d want to dive into looking at some of the new frameworks that are coming out.
For instance, GitHub is our friend. There are guys out there who just constantly churn out stuff that are just really stellar. Frankly, Google is a frontrunner in this type of stuff. They’re giving away a lot of tools that we can leverage and, frankly, monetize on as well.
Ledge: Talk about some of the open source stuff that you’re familiar with, maybe some hits there. You could search GitHub all day long for small things. But what’s top of the heap?
Chris: Frankly, right now, what I’m looking at is a lot of PowerShell stuff, a lot of frameworks just developed by PowerSchool and things like that. I mean, Google’s got their own kind of cool thing called Statuscope which is really hot. It really brings into the kind of nature of looking at the event itself. It’s more EDR driven than anything. So that’s from a Google standpoint.
Personally, from my standpoint, a lot of people are still Windows. Windows rules the world. It’s just what it is today.
You can be a Mac zealot or a Linux zealot. I know that all of our server farms web pages and whatnot are Linux based. But at the end of the day, it’s all Windows based for the consumers and enterprises.
So with that said, that’s why I’m focusing on the PowerShell environment and leveraging of the ability to take ─ there’s the framework and really bring that home and do memory dumps and search registry keys and stuff like that. It’s going to be huge for me in developing my product further.
Ledge: How are the vectors ─ you’ve got your mobile devices and you’ve got your ─ most of the stuff that we’re seeing. They’re going to run in an environment like Sandbox in the browser. Are those things on those other machines? Are you relying just upon that upstream vendor just to make sure that everything is taken care of?
Chris: Fantastic question! My two cents is the sandboxes are dead. They’re ninety seconds to a hundred twenty seconds too late. You need something that’s designed on the endpoint itself to really drive home and look at it itself, and them move forward with that.
So mobile is huge. Android and IOS are the future. So whenever I develop anything, I develop a mobile first.
The mantra for me and my team is “Guys, when you’re out at a Starbucks and you need to look at some threat detail, do you open your laptop or do you look at your phone?”
It’s always looking at your phone, right?
So when I think about developing and helping my community, it’s really a mobile first ─ a way of developing things.
Ledge: Last question: So lots of our engineering friends would love to understand the mind of sales, self-promotion, developing more business ─ at least, just know “Hey, how do I properly put myself out there and display my skills, my abilities, and get hired by some of these hot clients?”
What’s the advice there?
I do a little bit of coaching along those lines but I’m just curious. You’re out in the field with some big shots. What would you advise?
Chris: A hundred percent GitHub.
“Show me. Don’t tell me. Don’t tell me how wonderful you are. Show me. Throw some stuff up on GitHub and update your LinkedIn profile to showcase what you’ve done.”
A hundred percent of the time, that’s what I do when I look for new hires. I go out and say, “Okay, this guy is very knowledgeable with React or some other framework. Okay, he says that. What has he done?”
And so, you really need to build up a portfolio in LinkedIn or some other methods ─ even having your own website ─ showcasing what you’ve done.
That’s to get your foot on the door.
Next up, when you start to be interviewed, just be likeable. Don’t be a dick. Don’t be a jerk.
I mean, we’re all here on the same boat trying to help others; and if you’re hot and you’re amazing, great! If I can’t work with you and give you suggestions, I’m going to pass on you.
So showing me what you’ve got and being likeable and professional are really the key things that allow these organizations ─
And there’s zero percent unemployment rate right now for these engineers. So if you’re thinking to yourself today, I’ve got some good skills, well, then, yes, you do. You’re probably a hot commodity and you can really go for a decent salary. But what you need to do is show me and then also tell me in a very articulate and kind way that you can work with others.
That’s my advice.
Ledge: Thanks so much for those insights. Chris, it’s great to have you here ─ love the attitude.
Chris: Thank you.