Skip Navigation
Get a Demo
Resources Blog Opinions & insights

What Makes a Great Security Team? 4 Standout Qualities

Ben Johnson
Originally published . Last modified .

This guest post was contributed by Ben Johnson, co-founder and CTO of Obsidian Security, a stealth startup based in Southern California. Prior to Obsidian, Ben co-founded and was CTO of Carbon Black.

In infosec, we are often quick to call out the people, processes, and technology that we believe are selling snake-oil, are needlessly inefficient, or don’t perform as expected. We are skeptics, we are paranoid, we are protective of those we deem “in the community.” The long hours and bombardment of data, events, and attacks only compound these feelings.

I want to talk about the opposite, about something good. I’m impressed with Red Canary and their people, processes, and technology. Let me tell you a few reasons why.

1: The People

It all starts with people. The Red Canary roster is world-class and very mission-focused. I worked alongside some of the Red Canary members during our days in the intelligence community and have seen incredible efforts and successes in the classified trenches. Others have blown me away with their abilities to defend (or break into) corporate environments, often on the order of 100,000 endpoints. This team is hungry to solve problems, is experienced in solving those problems, and wants to make sure customers are driven to positive outcomes.

In terms of the customer-facing roles, Red Canary has placed extremely experienced and knowledgeable people on its front lines. When you talk to the team, you get subject-matter experts who have excelled as practitioners. This is a rare trait.

2: The Processes

The Red Canary team is focused on operationalizing security technology for its customers in order to successfully achieve security outcomes. I love this. The challenge of implementing and maintaining the security stack is a big one, and the more aid organizations can get in extracting value from their solutions, the better. This isn’t about waiting for syslog alerts to make their way to some database and then having a Tier 1 analyst look at it. This is about operationalizing advanced technology with proper rules and analytics, and then pushing as much knowledge and context back into customer organizations as possible.

3: The Technology

I am certainly biased in favor of Carbon Black. Red Canary’s utilization of CB technology has been phenomenal. By using existing technology, the engineering team can focus on building a purpose-built platform that enhances their human analysts and delivers to their target customers precisely what Red Canary has been charged to do. The focus is on customized detection, presenting information to in-house analysts that allows them to move fast, and delivering reports and alerts to customers in the way customers need. These elements really showcase what existing technology with a layer on top of it can bring.

4: A Bright Future

Red Canary doesn’t just stop at selling something, they give back too. Whether it be through informative blog posts or sharing on GitHub, they want to drive successful security outcomes. With a focus on growing methodically and purposefully, keeping the hiring bar really high, and building cutting-edge capabilities, I’ll repeat myself: Red Canary is doing it right. I’m excited to see where this team goes in 2018, and I encourage you to keep an eye on them too.


How AI will affect the malware ecosystem and what it means for defenders


Why Taylor Swift fans should work in cybersecurity


Drawing lines in the cloud: A new era for MDR


Couples counseling for security teams and their business partners

Subscribe to our blog

Back to Top