The Frontier podcast interviewed Chris Goodman, SentinelOne’s Director of Integrations and Alliances.
The Frontier podcast: When we talk about the software development lifecycle, we often focus on the product and engineering functions, potentially leaving out a critical team: Sales, and specifically Sales Engineers.To add a little color to this role, we invited Chris Goodman, Director of Integrations and Alliances from SentinelOne, on the pod. Chris gives a different look at customer empathy – one that’s directly tasked with helping customers figure out the problems they really have, and how to solve them. At the end of the episode he shares a succinct and powerful approach to help engineers stand out and secure coveted roles.
Proudly coming to you from Nashville Tennessee. This is the frontier podcasts. I’m your host ledge and we are powered by guns. I owe the engineers choice for engineering talent if you like what you hear. Please give us a review on iTunes and join the conversation at the frontier pod on Twitter. Giddy up. When we talked about the software development lifecycle we often focus on the product and engineering functions
Potentially leaving out a critical team sales and specifically sales engineers to add a little bit of color to this role. We invited Chris Goodman director of integration and Alliance’s central one. Chris gives a different look at customer empathy one that is directly tasked with helping customers figure out the problems they really have and how to solve them. At the end of the episode he shares a succinct and powerful approach to help engineers stand out and secure coveted engineering team roles.
All right Chris Hey man thanks for joining us. Good to have you on. Thank you so much. Excited to be here. Can you give just like a two or three minute intro of yourself your work what you’ve been up to. Just so the audience can get to know you.
Yeah fantastic Sure. So my name is Chris Goodman and I’m director of integrations at Centennial one. And so before that I was also a sales engineer and so since I know what an API is and I know what a little bit of Python coding is I got promoted I knocked it out of the park for something I want for two years as an SC doubled my quotas and knocked it out. And so now I’m really interested in trying to build out our integration platform as well.
So that’s where I’m at you know so many engineers do not understand ourselves. Folks I’ve been and I’ve been in the sales seat you know and there’s just like there’s a big difference in the culture. So I’d be interested to hear you know having sat in both seats and done the integration engineering and even some code you know yeah you know what things are. And you actually have to sell it to customers. What’s the recommendation for. Like how do you make success out of dealing with the on the ground product engineers. Yeah you know.
So I’m fortunate enough to work for a startup that has a listening ear so I’m out in the field often talking to other folks other large organizations saying hey guys I used to sit in your seat. What would make things better for you. So for instance sensible ones got five of the top Fortune 10 right. So I fly out I sit down with those guys and we figure out basically and forgive me everybody for saying this one pane of glass right. We always hear it within the community of how easy it is. Well I’m really trying to make a difference and trying to help our customers with trying to put together some type of framework where they just go to one place typically in the sense of one council and then just do whatever they need to do. That’s either a threat hunting or taking file and putting it up into some type of sandbox or something a little level is taking it that all that threat detail and then pivoting it into like Recorded Future or other vendors. So that is the key Crux thing that I do and try to make it happen.
So we should step in and say okay you know cybersecurity obviously is centered on one’s area of work and that’s a hot topic right now. So you know OK are you helping people not become the next Equifax. And how do you do it.
Yeah fantastic question. So certainly ones based off of three pillars. Right. So our first pillar is called Our deep file inspection engine. Right. And so a shout out to silence. They really pioneered this specific thing like I really wish I could sit down with some of the engineers and Matt Wolf like he’s a genius. I That guy is awesome like he’ll come in with flip flops and a hoodie and you know you like when that’s comes in like that’s legit dude knows his stuff. But next off is then our patented behavior engine right. So as things happen in the process and castings get exploded and as things tile processes spawn out we watch every single process and determine within our own special sauce if it’s a legitimate or malicious. So for instance let’s take Adobe Reader right Adobe readers piece of crap software as it is but it’s what we all use. So what happens is that Adobe Reader spawns different processes as it goes through. Now our system on real time machines the looks at it and says hey is this malicious. Why is it going out to a known C2 server. That’s kind of weird. Why is it pulling down a weird javascript app. Mm hmm. So then at that moment we make a decision saying you know what time out. That’s malicious behavior and we’re going to stop it dead in its tracks. But we don’t stop there because then what we do is we then spin that and look at it of all the artifacts that came down. We start doing true ADR where we can can hunt and see if any other of our end points were affected by this type of malicious e-mail or a Web site or even stick that this stuck in to take a look at. So that’s what Sentinel 1 is known for is really our behavior engine and then our static engine. And lastly our ADR capabilities.
So talk about endpoints. You know I’ve heard the term attack vectors or attack surface. How does that fit together with endpoints. You know for the the business listeners in the crowd we talk a lot about technology and deep dive stuff. But you know like let’s let’s zoom out a little bit. Talk to us about the vocabulary there.
Yeah sure no problem. So an attack surface is really just a machine that has you know vulnerable apps or something of that nature right where the bad guys then tried to exploit those vulnerable apps. And so that’s where we come in. As Sentinel one is that we really look over the whole machine holistically and make sure that nothing malicious gets entrenched on it. So how we do that is what we described before us with our three pillars of technology but also from a business sense everything that we have is automated. And so this is the key aspect that I truly am passionate about is that not only is our product automated and an aspect of that really it’s a hands off. Once you install it thing. But we also have over two hundred and fifty read in right API is where we can then hook in and then pivot. So let’s say you like Palo Alto Networks firewall best firewall on the planet according to me. Right. I mean I love that stuff. So then we can pivot and take all that threat detail IP hashes et cetera and dump it into the firewall to make both products better.
So let’s say you don’t have a sensible one agent and a kiosk or a phone or something crazy right a web cam. We can still protect those endpoints by leveraging the technologies that surrounds us so we can hook into a firewall saying hey you know what. We’re not going to allow anything to happen or traffic to go out to this known bad vector.
So that’s how it works. So talk about the industry at large right. People are trying to attack this. I mean endless numbers of cyber security you know sort of products and tools and you could integrate it into your dev cycle and you can take it from you know inside the firewall outside the firewall you know like how does anyone make sense of this. You know the sensible one cool great product. Right. And then there’s this like Empire of you know a thousand different things. There’s so many products and services. How does anyone make sense of this ecosystem from a a buying standpoint.
Yeah that’s you know that is truly the hard part right. So sometimes people leverage you know firms like Gartner or NSF labs or forest or to help them narrow down their selection criteria. So that’s typically kind of the first kind of thing. Now frankly speaking all those places Gartner and S.S. labs Forester they’re all kind of biased anyway. They say they’re not but they are. And that’s the reality. So what you have to do as a business person or an engineer is put on your goggles.
Look at those reports as some type of guidance. OK. Well you know they’re in a visionary quadrant or they’re in this bubble for and Foster of being visionary.
That’s something to be noted on. But not to be decided. Right. So you can’t make a decision just based off of that specific report. What you really need to do is define your problem say what my problem really is you know maybe I have a problem with too many logs everywhere. So what do you do. Right. So you have to aggregate all those and stuff it into something. Right. So Splunk or X beam or something like that then what you do is you try to define out a process of when you bring those vendors in saying hey I want you to do X. Show me how you guys do X and then after that you bring it to the table of tossing it into a proof of concept making sure what they say is real. Right. Because we’re all Hall of marketing right.
Oh my God. Everybody is listens to marketing as it is but what really happens is the true test is bringing it into a proof of concept phase and that’s usually 30 to 60 days where you kick the tires really hard and then make sure what the vendor says they can really do.
So obviously you know you’re talking about the solution that huge enterprises are using and in a lot of our clients are on that side and then a lot of the clients are also on the other side is like one two three people you know literally writing the first lines of code.
Yeah. And you know I wonder how do you guys think about security planning and you know so people who can’t possibly afford a product at scale but you don’t need to address these issues. You know from from literally from the engineering from print upwards.
Well I am a huge proponent of two factor authentication. So right off the bat like if all your business people really want is something to kind of lock down without buying really expensive products. First off is to get something to factor authenticated. Right. So just by I don’t know the Google Triton key right there’s fantastic studies on this kind of stuff. Just that alone will help circumvent all types of phishing attacks. So. So that’s number one. Right. From a business case but from a coding aspect. Maybe you want to dive into like looking at some of the new frameworks that are coming out. Right. So. So for instance like get helps our friend. Right. So there is guys out there that just constantly churn out stuff that is just really stellar. And frankly Google is a front runner in this type of stuff. They’re giving away a lot of tools that we can leverage and frankly monetize on as well.
Yeah talk about some of the open source stuff that you’re familiar with maybe some top hits there. You could search GitHub all day long for small things. But what’s the what’s top of the heap.
Well yeah so frankly right now what I’m looking at is a lot of powerful stuff.
So like a lot of frameworks developed by just a power split and things like that. But I mean Google’s got their own kind of cool thing of stethoscope. It’s called which is really hot. It really brings into the kind of nature of looking at the event itself. It’s more ADR driven than anything. So that’s from a Google standpoint but from personal from my standpoint is that a lot of people are still Windows right. Like windows rules the world is just what it is today. You can be a Mac zealot or a Linux zealot. I know that all over server farms are that server up web pages and what not our Linux based but at the end of the day it’s all windows based. For the consumers and enterprises. So with that said that’s why I’m focusing on really about the power cell environment and leveraging of the ability to take you know there’s that power exploit framework and really bring that home and do memory dumbs and search registry keys and stuff like that.
It’s going to be huge for me and developing my products further.
How are the vectors you know you’re your mobile devices and you gotta you know most of the stuff that we’re CNS tools you know they’re going to run in a environment like sandbox in the browser you know are those things safe. On those other machines are you relying just upon that upstream vendor just to make sure that everything is taken care of.
Yeah fantastic question. My my two cents is that sandboxes are dead. They’re 90 seconds to one hundred twenty seconds too late. Right. So you need something that’s designed on the endpoint itself to really drive home and look at it itself and then move forward with that. So mobile is huge right. I mean Android and I Os is the future. So whenever I develop anything I develop a mobile first. That’s that’s my mantra to me and my team is guys you know when you’re out at a Starbucks and you need to look at some threat detail do you open your laptop or do you look at your phone. It’s always looking at your phone. Right. So when I think about developing and helping my community it’s really a mobile first a way of developing things.
All right. Last last question. So lots of our engineering friends you know would love to love engineering friends would love to understand the mind of of Phil’s self promotion developing more business you know at least just know hey how do I properly put myself out there and display my skills my abilities get hired by some of these hot clients. You know what. What’s the advice there. I do a little bit of coaching along those lines but I’m just curious. You’re out in the field with the big shots. What would you advise.
Hundred percent GitHub. Right. Show me don’t tell me. Don’t tell me how wonderful you are.
Show me throw some stuff up and get home and update your LinkedIn profile to showcase what you’ve done. Hundred percent of the time. That’s what I do when I look for new hires is that I go out and I say OK well this guy is you know very knowledgeable with respect or some other frameworks.
Right. So then. OK. So he says that what has he done. And so you really need to build out a portfolio in LinkedIn or some other methods like even having your own Web site showcasing what you’ve done.
That’s to get your foot in the door. Next step is to when you start to be interviewed be likeable. Don’t be a dick don’t be a jerk. Right. I mean we’re all here in the same boat trying to help others. And if you’re hot and you’re amazing. Great. But if I can’t work with you and give you suggestions I’m going to pass on you. So really show me what you got and be likable and be professional is really the key things that allow these organizations do. And there’s a zero percent unemployment rate right now for these engineers. So if you’re thinking today to yourself well I got some good skills. Well then yeah you do. You’re you’re probably a hot commodity and you can really go for a really decent salary but what you need to do is show me. And then also tell me in a very articulate way and kind way that you can work with others. That’s my advice.
Thanks so much for those insights. Chris it’s great to have you here. Man I love the attitude. Thank you
Thanks for listening to the frontier podcast produced by. Io. Were the only freelancing platform where engineers actually go to hire other engineers. If you enjoy the show and want to learn more about how to hire a freelance with us. Head over to Gund Io slash podcast to get in touch and we’ll pay for your first 10 hours with a kick ass engineer.