“Our technologies encompass a full spectrum of endpoint management tools, ranging from traditional IT operations workflows such as inventory and patch management.”
Hi Jake, welcome to our Interview Series. Please tell us a little bit about your role and responsibilities in your current company. How did you arrive at Tanium?
Prior to Tanium, I spent seven years running IT teams in the commercial airline industry. This was an incredible period of growth for me; my first five years were spent as an IT leader for Virgin America where technology was a key component of redefining all facets of the guest experience. As an example, we built and launched the very first “single page booking experience” for any travel or hospitality website. The following two years were spent with Alaska Airlines following their acquisition of Virgin America. As one might expect, merging two airline systems, two cultures, and a wide variety of teams can be quite a challenge. Once enough post-merger progress had been made, a planned exit made sense for me – and it just so happened Tanium was looking for their next IT leader around that time.
As the CIO for Tanium, I’m responsible for all facets of enterprise IT and security. On the IT side, this includes everything from business systems and enterprise architecture to IT engineering and helpdesk. On the Information Security side of the house, our CISO reports to me, along with our teams dedicated to Security Engineering, Security Operations, and GRC.
Beyond the foundational services we provide for stakeholders across Tanium, it’s notable that we’re also “Customer 0,” meaning we consume the breadth of our product portfolio internally. My teams often test and roll out new capabilities and features before they’re available to our customers and provide product and engineering teams with critical feedback. A great example of this is our recently launched Mac mobile device management (MDM) capability, in which our IT and Security teams had a direct role in guiding feature development. We ultimately migrated our entire corporate fleet of 2000+ Macs before the product was publicly released.
You have been in the IT security industry since 2000. You must have seen some major transformations in the IT security landscape. Could you point out some of these for our readers that made a profound impact on your vision toward becoming a CIO?
For me, it has been fascinating to witness the emergence and proliferation of self-service technologies which focus on all manner of information workers as opposed to IT professionals. Consider low-code technologies like Workato, for example, in which complex integrations can be assembled in a fraction of the time (and with a fraction of the training) required by legacy tools.
Alternatively, spend a couple hours fooling around with Microsoft’s Power Automate and you might just be astonished at the level of capability and automation which is now available to the masses. Low-code tools like these significantly decrease the barrier for entry and allow businesses to tap into the creativity and passion of a much broader group of professionals.
Read More: CIO Influence Interview with Conor Egan, VP of Product and Engineering at Contentstack
Could you tell us more about Tanium and what are your core offerings?
Our technologies encompass a full spectrum of endpoint management tools, ranging from traditional IT operations workflows such as inventory and patch management, to comprehensive cyber hygiene, compliance and vulnerability management, enterprise risk assessment, and highly advanced information security tools which provide proven, comprehensive detection and response capabilities. This is all backed by a platform which has proven to allow for real-time operation in some of the world’s largest, most secure and complex networks.
To encompass these technologies, we pioneered the Converged Endpoint Management (XEM) product category. Our platform provides holistic and real-time visibility, control, and remediation – regardless of the size of your estate, ensuring comprehensive discernibility and complete management of all endpoints so IT and Security teams can manage, investigate and respond to incidents in real-time.
It’s important to understand that XEM is more than just a product category, however. XEM ensures our customers not only benefit from these individual technologies, but also that deep, native integration ensures IT and Security teams always operate from a single source of truth, within a single pane of glass, and without the inefficiencies which often come from attempting to integrate stacks of disparate third-party tools or, worse, repeatedly requiring teams to compile, rationalize, or pit one tool’s claims against another.
Ultimately, we deliver comprehensive visibility and control for every endpoint—across users, clouds, and IoT devices—enabling CIOs, CISOs, and their teams to know definitively and instantly whether thousands (or hundreds of thousands) of assets are installed, configured, patched, used according to corporate policies, or at risk for any reason.
The Tanium platform has proven time and time again to be a scalable, flexible solution for virtually any industry and can acts as an “easy button” for IT and security teams to mitigate risk, drive efficiency, and reduce complexity – all within a single platform.
In a recent report, it was reported that security features are one of the most important aspects of the software buying journey. How do you approach security frameworks before investing in any enterprise or stand-alone technology?
AND
Data security and data protection challenges are keeping CIOs busy. What advice or recommendation would you like to give to CIOs and CISOs when it comes to picking a product or software suite for their organization?
I don’t typically start with the frameworks. If we’re talking about a software-as-a-service (SaaS) product, I want to know that the company in question maintains a strong ISO27001 or SOC 2 certification, or any framework applicable to the data which may be exposed or stored within the technology (PCI, HIPPA, etc.), but all of that is really table stakes at this point.
Instead, before investing in new technology, I need a comprehensive understanding of the fundamentals which will define the risk profile of the proposed technology:
- How will this tool be used within the business?
- Will sensitive or proprietary data be stored, and if so, where?
- Does the technology have reasonable levels of support for identity management and role-based access control?
- Are there implications for collaboration or features which enable sharing or exposing information outside the company?
If we or our business partners can’t answer the questions or if the answers present unreasonable levels of risk, chances are we need to explore alternatives or reconsider the approach to the underlying business goals.
I’ve found that it can be incredibly useful to ask these questions as part of a streamlined enterprise architecture program. Before dragging a security engineer to the table for his or her assessment, an enterprise architect can ensure we have clarity on the “why” behind any given technology being proposed. Not only does this serve to answer the previous questions I mentioned, but it also allows for functional overlaps with existing technologies to be identified and rationalized before security resources are pulled in or procurement processes are kicked off.
Read More: CIO Influence Interview with Joe Ramieri, VP of North America at Instabase
What kind of content do you like to read and refer to as part of your buying decision? How do you discuss your learning with other stakeholders in the company?
I often find that the best content and the best advice comes from CIO/CISO forums and leadership peer groups. That said, I also place value in maintaining long-term relationships with VARs who invest time in understanding the competitive landscape and learning about new technologies, as opposed to those who simply push products from a handful of technology providers.
As far as communication goes, direct one-to-one engagement with senior leadership across the company is a must. This can be challenging to maintain as organizations scale but is essential to ensure the technology organization remains in lockstep with the changing needs of the business and can react appropriately as priorities change and pain points emerge.
Beyond that, I’m a big fan of focused steering committees or any other periodic meeting which brings IT leaders and business stakeholders together to discuss priorities, backlogs, and the state of work in progress. On either side of the equation, we’ve all fallen victim to the “IT is a black box” problem at some point – where business stakeholders don’t know what IT is doing and IT isn’t clear on how priorities have shifted or where attention is really needed. Any technology leader worth their salt already knows that regular and transparent communication is absolutely essential to drive and ensure alignment.
Your take on the future of AI-powered IT security and monitoring solutions:
It doesn’t take a genius to see that meaningful advances here are both inevitable and imminent. The meteoric rise of ChatGPT and related algorithms have clearly demonstrated that while far from perfect, the rate of progress here is incredible and disruptive; foundational change is coming for most corners of the technology industry as a result.
That said, most legacy AI or ML-driven technologies focused on security and/or monitoring have chased the simple dream of improving the signal-to-noise ratio for massive volumes of monitoring data and related telemetry, in theory making it easier for analysts to spend their increasingly l*********** on the most important, most relevant information.
As we move into an age where the rate of progress in ML/AI algorithms spikes and the corresponding applicability widens, security teams will undoubtedly benefit from faster investigations, less time spent on false positive events, and ideally, automated remediation which can safeguard data with remarkable levels or responsiveness.
Unfortunately, the same is true for bad actors, who will undoubtedly take advantage of very similar algorithms to lower the barrier to complex automated attacks while also vastly improving the quality of phishing and social engineering programs.
Beyond pure monitoring and response, one doesn’t have to look too far ahead to envision a future where attackers spend more time gaming AIs than they do searching for new vulnerabilities, especially if one assumes AI-driven security technologies will become an essential real-time component of safeguarding the biggest risk of all: human behavior.
Read More: CIO Influence Interview with Jim Alkove, CEO and Co-Founder at Oleria
Thank you, Jake! That was fun and we hope to see you back on cioinfluence.com soon.
[To participate in our interview series, please write to us at sghosh@martechseries.com]
As chief information officer, Jake McClean leads the teams responsible for the strategy, operations and evolution of IT, enterprise security and business systems across Tanium’s technology estate. Given Tanium’s mission, this naturally includes a heightened focus on endpoint cyber hygiene and an enduring commitment to work closely with Tanium’s product and engineering teams to continuously adopt and provide feedback on the latest products and features.
Prior to Tanium, Jake worked for Virgin America and Alaska Airlines, where he ran teams responsible for IT operations and security, ranging from kiosks to mobile apps, internal systems, and consumer-facing websites. Notably, Jake was a key leader within the systems integration effort, which formed following the acquisition of Virgin America by Alaska Airlines.
Tanium, the industry’s only provider of converged endpoint management (XEM), leads the paradigm shift in legacy approaches to managing complex security and technology environments. Only Tanium unifies teams and workflows and protects every endpoint from cyber threats by integrating IT, Compliance, Security, and Risk into a single platform that delivers comprehensive visibility across devices, a unified set of controls, and a common taxonomy for a single shared purpose: to protect critical information and infrastructure at scale. Tanium has been named to the Forbes Cloud 100 list for seven consecutive years and ranks on Fortune’s list of the Best Large Workplaces in Technology. In fact, more than half of the Fortune 100 and the U.S. armed forces trust Tanium to protect people; defend data; secure systems; and see and control every endpoint, team, and workflow everywhere. That’s the power of certainty.