Every week, Casey Cammilleri interviews an expert leading the charge on empowering security experts and practitioners with the knowledge and insights needed to excel in the future of cybersecurity.

In our latest edition, we dive into our interview with Dan Creed, CISO of Allegiant Travel Company. Here are the top takeaways from the interview.

#1: Foster and Maintain Humility in Risk Management

“One is be humble about it. Your job is not to be the ‘no’ person. Your job isn't even to accept the risk. It's a business. It's the board's business and leadership's business to determine what their appetite for risk is. Always keep in perspective that your job is to identify the risk, to help quantify what that risk is, and then to help weigh in so that they can make an intelligent decision on if the risk is acceptable, if not. And be willing to say, like, you know, I don't think this is a good idea. I'm not willing to accept the risk."

“But if the business wants to accept that risk and feels it's within the appetite of risk of the business, the business is free to sign off on that risk. And don't take it personal. It's business. You have to make money. And if you get bit by that risk, you did your due diligence, you communicated and quantified what the risk was, and the business decided to accept it. It's just part of business. You can't do business without risk. If you have a customer, there's a risk. If you have an employee, there's a risk.”

Actionable Takeaway: Being a security professional isn't about saying "no" or shouldering all the risk. Your role is to identify and quantify risks, allowing leadership to make informed decisions. Accept that risk is inherent in business, and if leadership accepts it, your job is to ensure they understand the consequences. Always prioritize communication and clarity over taking ownership of risk.

#2: Conduct Simulations of Threats to Improve Security

“We've started to implement where we do monthly exercises of actually simulating a threat actor inside of our environment. And we'll do stuff like reactivate a retirees account, give them some elevated access and start them performing and doing actual lateral movement things without giving any knowledge to the rest of the security team to then actually monitor how long it takes us to detect it and how we respond."

“And then do kind of like a purple team engagement after that, where we follow up like, okay, let's sit down after that, do a debriefing after-action report and figure out, you know, if we didn't detect it, why not? If we did, how quickly did we detect it? Can we improve upon that? If we didn't, how can we write something better to detect it? And coming up with new ideas every month where we're simulating different methodologies and using actual TTPs that somebody already inside the network would do."

Actionable Takeaway: Regularly simulate threat scenarios to assess your security team's response. By reactivating accounts and mimicking insider threats, you can measure how quickly your team detects and responds. Use these simulations to refine detection strategies, reduce response times, and improve overall security. Continuous testing is key to staying prepared.

#3: Master Multidisciplinary Security Knowledge

“To really be good in security, you need to learn to at least have a mid level of competency on all the different technologies because then you understand as well how lateral movement works and they move from one piece to another piece. And, I mean, you're the same way.

It's not just one area of focus because resources are thin to begin with and budgets are thin that no company out there hires this is my Linux security team. This is my Windows security team. This is my network. It doesn't scale that well but the expectation is my security people know the security components of all these things.”

Actionable Takeaway: Security professionals must develop a broad understanding of various technologies, from Linux to Windows and networking. This holistic knowledge is essential for identifying and mitigating lateral movement in attacks. Given limited resources, your team must be versatile and knowledgeable across all platforms to effectively secure the organization.

Listen to full episodes out now:

For more information about Ahead of the Breach, please visit www.sprocketsecurity.com/aob-podcast. Episodes are available on all major podcast platforms.

Apple

Spotify

YouTube

We look forward to bringing you more conversations with actionable insights that help in your pursuit to protect your most valuable assets — and help clients do the same!