Interview with Tyler Young, CISO at BigID, a data discovery, data classification and data security posture management company based in New York.
Hi Tyler. Can you please tell me a bit about your background and your current role?
When I started my career, I went to school for cybersecurity, mainly focusing in digital forensics. While in school, I had the opportunity to intern with a local police department, doing forensic investigations on evidence collected from digital crimes. Before I graduated, I was selected to do an honors internship with the Department of Homeland Security, focusing mainly on digital forensic investigations. That was a great way to start.
My first job out of college was with a consulting firm doing digital forensic response, and over time, I continued to grow as a security leader and as a technical security practitioner. The consulting firm led me to a large insurance company where I had the ability to build out a global Digital forensics program. I eventually moved on to Relativity, where I worked for more than four years, building out their security program. Then I had the opportunity to come to BigID to build this cutting-edge security program (focused on Product Security, Cyber, and GRC). That’s what I’m doing now, and in my spare time, I’m working with different VCs and helping startups build their go-to-market motions and build products that are applicable to security problems. My main responsibility is building our internal security and leading our product security. My team works closely with our product management team on features and testing.
Tell me about BigID and what makes it different from other cybersecurity companies.
BigID is a data discovery, data classification and data security posture management company. We play in three different verticals. First, we’re in the data governance space where you can understand your data, build your data product, catalog your data. Second, we have the privacy space where you can do privacy impact assessments, Data Subject Access Request (DSAR), and use the product for more advanced privacy automation capabilities. And third, we have Security, which is focused around understanding your data, being able to classify that data, and then being able to understand the risks associated with the data. Overall, what we’re doing is giving you full visibility into all of your data regardless of what your job is and then helping you take action on the data.
What do you see as some of the biggest challenges when it comes to serving your customers?
The Security governance piece around your data is paramount. I think every day there seems to be a new regulation, whether it is privacy related, security related or financial related – there’s always something new coming down from regulating or governing bodies. The goalposts are always moving and it’s very difficult to keep up with all these shifts and understand what laws are applicable. On top of that data sprawl is happening at an exponential rate. We have more applications than ever. We have more users accessing the data, and that leads to more data being generated. Most organizations have no clue what data they even have. We can help our customers stay on top of that and help them understand the compliance, security, legal, and regulatory issues in any environment—on prem, SaaS, hybrid.
Do you have any new technologies or products that you’d like to tell us about?
We’re continuing to grow our end-to-end discovery and remediation capabilities with a focus on automation as much as possible. We have automated discovery where you can connect to a cloud environment, identify all the different data stores. We are leveraging AI to help our customers in something we call Big Chat, where you can get 24/7 help support while using our product. We also have some really cool security features coming down the line, something called Security Center. We also have tons of integrations with SOAR and orchestration. Our goal is to provide actionable security-related data events while taking a posture approach and addressing the risks associated with your data.
Recently, we announced our pioneering patent for identity-aware AI. Our identity-aware AI can automatically connect a person's name to their customer ID, birthday, and social security number, even when stored in different places. Not to give too much away, but we have many more new and exciting capabilities planned this year.
Everyone is talking about AI. How is AI impacting your customers’ security and how can it help you secure and protect their data?
Being a data security company, we’re in a unique position to help our customers solve some of their problems. One thing we’re seeing is a lot of our customers are starting to use BigID to scan the data they want to curate, looking for sensitive data that they can remove, all through AI algorithms. And generally speaking, I think the biggest thing top of mind for everyone's how do you enable your organization to use a new technology so that you can continue to move the business forward, without putting security roadblocks in everywhere that AI is being used. AI is solving some problems, but it will be a balancing act of how CISOs and security leaders use the technology to ensure your business is secure.
What are some of the biggest concerns around security that your customers have?
It’s all the new regulations coming down and figuring out how to stay on top of them. Sometimes regulators don’t give you much time to make the changes needed, and they’ll hit you with some audit findings. It’s imperative to have a tool that can inventory all of your data and can tell you things like what type of data is stored, where it is stored, who has access to that information. As new laws get passed, you can be on the cutting edge and more easily meet the requirements without stressing about it.
What do you wish your customers knew about governance, privacy and security?
I think if customers, both regulated and non-regulated customers, realize the power of understanding where data is and being able to classify it and know who exactly has access to it, that would make the entire world safer.
Finally, what do you see as the biggest security challenges in the coming months and years?
We’re always focused on the next big breach or the next big technology advancement. But the majority of breaches over the past 20 years come down to three core issues: it’s either a type of identity and access problem, some type of vulnerability or a lack of asset inventory. I think that going forward we have to focus on the simple things like keeping up with patching, access control, and knowing where your assets are. Before we focus on the new attacks coming down, we can’t lose our focus on the basics.
By Sue Poremba
To stay updated on cybersecurity regulations, please see our Complete Coverage of News about Cybersecurity Regulations, with updates available in real time via our API. Additionally, we offer a Dark Web API that grants access to more than 18 million posts, articles, and documents monthly from the Tor network, pastebin sites, Telegram, as well as a variety of marketplaces, forums, networks, and free speech platforms.
