Barracuda's Adam Khan on AI-driven XDR and plugging the cybersecurity skills gap

Written by Thomas Kinsella

Published on April 8, 2024

In this week’s episode of The Future of Security Operations podcast, I'm joined by Adam Khan. Adam is a cybersecurity and technology leader with over 25 years of experience working at Fortune 500 companies. He has a proven track record of building and managing global security teams, leading engineering, infrastructure, application, and product, and is currently VP of Global Security Operations at Barracuda.

Adam and I discuss:

  • Building discipline and resilience by working on SRE teams

  • How a well-known DDoS attack changed his career path

  • Using automation to reduce alert fatigue

  • Strategies for plugging the security skills gap

  • The potential of AI-driven XDR

  • How cyber attacks are evolving in the age of AI

  • Lessons learned from researching the history of cybersecurity

  • Empowering teams to do their best work

  • Creating a culture of continuous learning

The Future of Security Operations is brought to you by Tines, the smart, secure workflow builder that powers some of the world’s most important workflows.

Where to find Adam Khan:

Where to find Thomas Kinsella: 

Resources mentioned:

2023 Global Cyber Threat Report by Adam Khan

Adam's five-part cybersecurity history series on smartermsp.com

DarkReading

BleepingComputer

In this episode:

[02:10] Switching from site reliability engineering (SRE) to SecOps

[03:40] How the DDoS attack on Amazon, eBay and Priceline in 2008 piqued his interest in security

[04:37] Building discipline and resilience by working on SRE teams

[09:05] Navigating Barracuda's acquisition of SKOUT

[10:22] How growing companies can benefit from a external XDR platform

[11:50] Prioritizing the alerts that matter most to customers

[13:03] Using automation to enrich threat intelligence and root out false positives

[14:50] The potential of AI-driven XDR

[16:40] How cyber attacks have evolved as adversaries use AI tools like FraudGPT and WormGPT

[19:30] Adam's three key takeaways from researching the history of cybersecurity

[23:20] Strategies for tackling the talent shortage

[25:15] Empowering teams to do their best work

[28:10] How Adam stay on top of the latest security trends

[31:35] The importance of making mistakes

[32:20] Promoting a culture of blameless incident reviews

[34:40] Predictions for the future

[35:50] Connect with Adam

TL:DL? Read Adam's take on…  

Working in SRE:

"You have to be sharp at all hours of the day. We would get calls at 2AM, 'Hey, certain components of the databases are having an issue...' And you had to know each of these, and how to hunt and look for them. So it's similar to cybersecurity, you're hunting in logs to identify the security threat."

How the 2008 attack on Priceline influenced his career path:

"I had to build in multiple automation scripts, as they were bringing down some of our infrastructure and causing high traffic, to be able to handle that load. And it really got me interested in thinking from an adversarial perspective... And then came various projects from handling cross-site scripting, and on-web servers and things like that. So having the variety of skills across the different infrastructures and having that mindset of, these things can be extremely damaging to businesses, that's how I really became interested in security."

The value of an external XDR platform:

"It's hard to find security professionals, they have to know pretty much everything right across the tech stack. Having those types of skill sets and acquiring them becomes rapidly expensive. For companies who are trying to grow their business, leveraging an external company who does this as as their core competency allows them to utilize their full tech stack."

"The introduction of LLMs and AI, it's going to have a hugely positive effect on XDR. I think it allows us to take advantage of these emerging technologies, and, at the same time, ask the right questions with applications like ChatGPT."

AI's benefits for defenders:

"The only change is going to be like an uptake. You have it on both sides. I think on the security side, we're getting smarter and at the same time these attackers are also finding evasive techniques. It's gonna be a constant battle, I think. There are a lot of great professionals out there in the security space where we're doing good work. I'm proud to be a part of the community where we're all moving forward and trying to do the right thing."

His learnings from researching the history of cybersecurity:

"The three biggest takeaways for me were to embrace continuous learning... leverage new technologies to take action on what you've learned... and contribute to and take advantage of the knowledge shared across the security community."

Solving the talent gap:

"When you're building a team, you need to look at the different aspects and the skill sets. You could have a developer on your security team that is actually great at coding, and somebody who's great at administering or great at recognizing different types of threats. But if you put them together, the knowledge sharing and the skill sets that are passed on are really massive."

"To augment tools like Tines with the security expertise and threat intelligence and automation to be able to not just send relevant information, but also take action in real time, it's been a a massive help to us and our customers as well. And response times have drastically reduced because of implementation of Tines."

Continuous learning:

"I like to tinker with things all the time. So I'm always playing around with tools and researching and coding and building little apps and seeing what what type of results and outputs I get."

Making mistakes:

"I think mistakes are very important... I wouldn't be where I am, and I don't think the team would be where it is, if we didn't have those failures. If we didn't have the failures, we wouldn't have the learnings, right? We wouldn't have the struggle to get to where we are today and and be sophisticated, when it comes to our maturity of our SOC and our team. I honestly wouldn't change a thing, even at Priceline, the hundreds of on calls and late nights when stuff was breaking down and getting getting to resolve those, those are all learnings for me."

Listen to more episodes of the Future of Security Operations podcast.

Built by you,
powered by Tines

Already have an account? Log in.