Sumo Logic is a cloud-native log analysis and monitoring company that helps organizations enhance security, optimize processes, and drive business success through seamless integration and collaboration. In this episode, John Visneski, Chief Information Security Officer (CISO) at Sumo Logic, talks about the evolution of security and its role within organizations. Protecting the enterprise isn’t enough, Visneski  explains, “You have to protect it in a way that constantly helps them [teams] do their job better, faster and smarter.”

Visneski discusses the evolution of security over the last 15-20 years and its increasing importance to business success. Security has shifted from being a necessary component to a mission-critical element, essential for organizations to thrive in a competitive environment. Visneski highlights Sumo Logic’s dual focus on cloud-native log analysis and security observability as a way to stay ahead in this evolving space.

In the past, security has often been seen as a barrier or a cost center but Visneski argues that it should be seen as an enabler of business success. Aligning security programs with business objectives, developing key performance indicators (KPIs), and budgeting based on these goals can transform security from a compliance requirement into a value-driving asset. This approach enables security teams to support organizational growth rather than hinder progress.

Focusing on the optimization of security programs, Visneski uses the analogy of car safety features to explain that security should not slow down the business. Sumo Logic aims to tailor vulnerability management programs to reduce the engineering burden and free up cycles for innovation. By focusing on continuous improvement, security teams can empower other business functions, helping them do their jobs faster, smarter, and more effectively.

Visneski also talks about the collaboration between DevOps and security teams, emphasizing the need for true understanding and shared goals. Security incidents are often detected through DevOps monitoring, underlining the importance of seamless collaboration and shared data. By eliminating silos and working as one cohesive team, both security and DevOps teams can respond to challenges more effectively.

When discussing the cultural aspects of collaboration, Visneski acknowledges the potential friction between security teams and developers but stresses the importance of security teams reaching out first. Visneski suggests that security teams should use metrics and KPIs to demonstrate their value and build trust with developers, ensuring that developers see security teams as problem-solvers rather than roadblocks.

Finally, Visneski talks about emerging technologies, such as generative AI (GenAI), and how security teams must balance innovation with security. Visneski emphasizes the need to secure AI platforms, leverage AI for security purposes, and understand the new threats that AI can bring. By applying years of security experience to emerging technologies, security teams can help organizations stay secure while embracing the future.

Guest: John Visneski
Company: Sumo Logic
Show: Let’s Talk

This summary was written by Emily Nicholls.