Security has always been important to Miguel Carrero, a former HP executive. That passion recently led him to join Siemplify, a security operations (SecOps) upstart, as executive VP of strategy and business development.
Siemplify develops ThreatNexus, a security operations platform that allows MSSPs (managed security services providers) and enterprises to manage, investigate, and automate threat response from a single pane of glass. Siemplify reduces alerts by 80 percent, triples analyst efficiency, and slashes response time from days to minutes, the company claims.
Carrero's personal role is clearly defined: He will oversee strategic partnerships, drive key client relationships and utilize his extensive domain knowledge to help bolster adoption of the ThreatNexus platform globally, the company said.
Carrero became familiar with Siemplify after a potential investor asked him to look at the company. Carrero quickly came to embrace Siemplify's mission, telling ChannelE2E the company has a clear vision of how to tackle SecOps. “Almost from the very beginning I truly understood the pain point they were trying to address,” he says.
SecOps: Identifying the problem
That pain point, says Carrero, is the bottleneck created in the SecOps field when people get involved. Or more basically, human error can cause problems. “Attacks are becoming more complex and more numerous, and because of that the industry generates more technologies to detect them,” he says.
Those detections ultimately require human expertise to determine the potential size of a threat, along with the resources required to mitigate the threat. It’s a pervasive problem, according to Carrero -- one that existed before Siemplify set out to solve it.
“It's not one of those situations in which a startup creates a technology and then almost needs to look for a problem to solve. This is addressing a clear problem,” he says.
SecOps: Solving the problem
Siemplify’s flagship platform, ThreatNexus helps to alleviate data overload -- reducing the amount of data security professionals must navigate. In many security breaches, security pros and MSSPs just don’t connect the dots in time to recognize a threat. Carrero points to the famous data breach at Target in 2013. In that incident, 40 million customers had their credit card data compromised.
“Target was a clear example,” he says. “It was detected but it was neglected" perhaps because of data overload. If experts are receiving 1,000 notifications, but only have the capacity to deal with 100, Carrero says that means 900 alerts are going to be overlooked. “Freeing up that capacity is a way to allow people to detect more things,” he says.
ThreatNexus is designed to free up the valuable personal bandwidth of security experts. By collating information as it comes in, the platform allows the user to zero-in on potential threats. It then presents findings in an easily digestible graphical user interface from a single screen. The visual, contextual information allows security pros to see the big picture instead of getting bogged down in redundant alerts.
The system can be fully automated, but also allows for human supervision. Carrero points out that often times, before dealing with a likely threat, human intervention is needed. “So you can actually get the discipline of the systemic approach to the processes,” he says. “So the security personnel is not getting drowned by a whole bunch of activities that they have to do manually. Now the technology is helping you progress through that.”
From Madrid to Silicon Valley
Carrero cut his teeth working for Hewlett Packard in Spain. In 2006 he moved to Silicon Valley where he led product and solutions worldwide for ArcSight before the company broke into two separate businesses (HP Inc. and HP Enterprise).
After getting to know Siemplify and speaking with its investors, he joined the company's advisory board. At the same time, Carrero was beginning to tire of working for a large company. “I was looking to do something in a smaller company in which you can be more nimble and agile,” he says. “So we decided that it was the right thing for the company and for myself to join the team on a day-to-day basis.”
Carrero says the Siemplify team is perfectly suited to address SecOps challenges. “It’s a team that really performs very well. It’s very agile, very nimble, very focused on the mission,” he says.
Additional insights from Joe Panettieri.
