Joshua Scott Podcast Transcript
Joshua Scott joins host Brian Thomas on The Digital Executive Podcast.
Brian Thomas: Welcome to Coruzant Technologies, Home of The Digital Executive Podcast.
Do you work in emerging tech, working on something innovative? Maybe an entrepreneur? Apply to be a guest at www.coruzant.com/brand.
Welcome to The Digital Executive. Today’s guest is Joshua Scott. Joshua Scott has spent nearly three decades in the trenches of security and technology helping companies turn complex risks into clear business advantages today as vice president of security at Hydrolix.
He’s responsible for protecting a platform that ingests data at mind. Bending scale terabytes to petabytes and delivers answers in seconds. His mission is simple. Make security a value driver, not a roadblock. At Hydrolix, the results speak for themselves. The company has redefined what’s possible with log data, making it affordable to retain for years.
Lightning fast to search and powerful enough to give consumers instant visibility into incidents. Trusted by forward-thinking enterprises, hydraulics, combines performance and security in a way that’s reshaping the data landscape.
Well, good afternoon, Josh. Welcome to the show.
Joshua Scott: Hey, thanks for having me on.
Brian Thomas: Absolutely my friend. I appreciate it. And you’re hailing outta that Los Angeles area. I’m in Kansas City, two hour time difference. But I appreciate you navigating time zones to get on the podcast. So, Josh, jumping into your first question, you’re known for translating technical risk into actionable business decisions.
What advice do you have for CISOs and security leaders who struggle to communicate effectively with executives or boards?
Joshua Scott: I think the biggest piece of advice I could give, give to anyone is make sure that you’re speaking the business language. So we’ve gotta turn those technical risks and some of the, that, the details that we ultimately provide and remove all the jargon and remove all the technical items and translate it to a business item so you know, the downtime of an asset loss to money, et cetera.
That’s really the best way to get across the security risks to the business ’cause. They’ll understand it in that way, and you gotta find those pain points that they understand as well. Find out what keeps them up at night, find out their concerns and make sure you’re addressing things in that language.
Brian Thomas: Thank you. I appreciate that. And being in technology for a lot of years it was important, especially as you moved further up into, for example, the C-suite. Gotta make sure you are speaking the business language, get rid of the acronyms, the jargon you’re not there to impress them.
They want to better understand. And a lot of times, it’s about relating, the risks to the financial bottom line. And I think that’s really important. And then you also mentioned finding out their pain points. What can you do to help them? So I appreciate that. And Josh Hydraulics processes data at enormous scale, terabytes to petabytes with near instant search.
From a security perspective, what are the biggest challenges when protecting data at that velocity and volume?
Joshua Scott: I think it’s still the same type of concerns and challenges you have with any type of dataset, right? Knowing that, understanding what the data is there for understanding, you know, how to actually leverage that data.
If it’s simul related data or log related data, you wanna be able to actually use it because there’s also, there’s still a cost to all of that data. So getting the most value out of it, and also making sure that it is still actually going into the platform and going there reliably and your.
Putting enough protections around that data. So it’s, are you using it well? Are you protecting it when it’s actually in the, you know, the data store? And then are you getting the most value from it? ’cause there’s so much data within security, we’ve really gotta be mindful of, hey, let’s make sure that we’re actually generating data that’s actually gonna be useful for us too, even though we generate lots and lots of data, let’s make sure that the data’s also useful and helpful for the business.
Brian Thomas: Absolutely. I appreciate that. And, there is especially hydraulic processes, a ton of data. I was reading up on what it can do and the timeframe it can do it, which is pretty cool. But understanding what the data is there for is important understanding the data itself. Protecting that data and making sure that you are truly getting the value out of that data, as you mentioned.
So, I appreciate your insights and Josh Security teams today are navigating multi-cloud AI driven workloads and increasingly complex infrastructures. What capabilities or mindsets will separate the next generation of successful security leaders from the rest?
Joshua Scott: Automation. I think with the amount of work that we have within security within technology, the only way to effectively manage, multi-cloud AI driven workflows and just the complexity that we have, with SaaS platforms and, and all of that is finding ways to automate.
The security controls that we have in place, the, monitoring the detection and response, basically as many aspects as you can. We’ve really gotta think through, all of that. I mean, the, the analogy I often use is there’s a hundred things to do in security, and we’re generally staffed to do about 10.
That’s just kinda the reality of it. So that means you have to prioritize effectively. But if you can. Remove, take that number of a hundred down to like 90 because you put in some automation, that’s a win, right? Because we only, we will only see more complexity and more, more clouds and more systems.
Just as a, as technology continues to evolve and we’ve gotta find ways to stay ahead of the problem instead of, continually falling behind.
Brian Thomas: Absolutely. And it’s so timely. We talked about that. I just mentioned before we hit record on the podcast that I attended a CISO CIO event this week.
And you just learned so much from so many different people in different verticals about this. But, automation was a key component of the discussion to manage all these multi-cloud environments, the various complex infrastructures, et cetera. And with technology, automation and ai we’re certainly going to, help our, our people out, but also be a little bit more focused on those higher level tasks when we can again, automate some of those routine and mundane tasks.
Joshua Scott: Yeah, exactly. And even from an AI standpoint, we should be leveraging those types of tools to help us do some of that work.
Right? AI is a great enabler, but it doesn’t mean that. We need to be using, actually AI in the workflow. We just need to be using AI to help us create some of those automations. Use AI to help us with some of the, simple deterministic type items. Identifying an email address, those kind of things.
It can do; it can create scripts for you really easily. So that’s, we have the tools, we have the capabilities. Now it’s just a matter of how do we actually use them to make a difference.
Brian Thomas: Absolutely. A hundred percent agree. Josh, the last question of the day. If you’re, as you’re looking ahead, what emerging threats or technology shifts, maybe AI generated attacks, identity misuse, supply chain breaches, data sovereignty pressure are most likely to reshape how security programs operate over the next three to five years?
Joshua Scott: I definitely think the AI generated. Attacks are part of it, but at the end of the day, there’s still just a regular attack. Like anything else, it’s just, the cyber attackers are using it to automate, to simplify their workflow. It’s no different than, my previous answer on how do you actually make a difference within your security program.
So, I think it’s still gonna be the same type of threats. It’s just they’re gonna be moving us significantly faster. They’re gonna have a lot more capability. When you look at like things like phishing, for example, right? With ai, they have the ability to write really good. Phishing messages, whereas, you know, back in the day it was easy to spot a phishing message.
It’s like, oh yeah, there’s grammar issues there’s punctuation, whatever it happens to be. But these days with, tools like ai, they can actually, make things look as legitimate as, anybody else creating it. So it’s just AI is an enabler for not only the defenders, but also for the attackers.
So, I definitely see that increasing quite a bit over the next three to five years. And that also factors into, identity misuse, supply chain breaches. ’cause we’re going to see. More of that just because of the ability for AI to, to actually breach a supply chain, right? To, an open source project that starts getting used in a lot of places and then, somebody gets compromised and they’re able to quickly rewrite that and change things within, you know, the kind of your, within your supply chain or even you’re using a legitimate vendor who has an AI component and then.
There’s some type of jailbreak or something along those lines where now something in your supply chain is actually compromised. So I definitely think there’s gonna be a lot of things that have ai related attacks in it. But it’s not necessarily like AI itself, that’s gonna be, it’s, it’s the use of AI and the enablement from ai.
Brian Thomas: Absolutely. Thank you. And you’re absolutely right on that, AI is going to be an enabler, it’s gonna help automate tasks for the attackers, right. The bad actors, but mm-hmm. As you mentioned, these AI generated attacks may be more prevalent in the future, but they’re not going to, they’re still gonna be similar as the human level attacks.
Stuff that we need to be aware of. It’s just a lot, probably a lot faster and more volumous due to the way they can leverage the technology and AI. So I really appreciate that. Yep. And Josh, it was such a pleasure having you on today and I look forward to speaking with you real soon.
Joshua Scott: Yeah, definitely. I enjoyed it. So, I look forward to talking again.
Brian Thomas: Bye for now.
Joshua Scott Podcast Transcript. Listen to the audio on the guest’s Podcast Page.
