The Data Cloud Podcast

How to Defend Vulnerabilities with Julie Chickillo, VP of Information Security, Guild Education

Episode Summary

In this episode, Julie Chickillo, Vice President of Information Security at Guild Education, discusses the pros of launching a company from the cloud, finding vulnerabilities in your data, the future of cloud security, and much more.

Episode Notes

In this episode, Julie Chickillo, Vice President of Information Security at Guild Education, discusses the pros of launching a company from the cloud, finding vulnerabilities in your data, the future of cloud security, and much more.

--------

How you approach data will define what’s possible for your organization. Data engineers, data scientists, application developers, and a host of other data professionals who depend on the Snowflake Data Cloud continue to thrive thanks to a decade of technology breakthroughs. But that journey is only the beginning.

Attend Snowflake Summit 2023 in Las Vegas June 26-29 to learn how to access, build, and monetize data, tools, models, and applications in ways that were previously unimaginable. Enable seamless alignment and collaboration across these crucial functions in the Data Cloud to transform nearly every aspect of your organization.
Learn more and register at www.snowflake.com/summit

Episode Transcription

Steve Hamm: [00:00:00] Welcome to the podcast.

Julie Chickillo: Hi, thank you for having me.

Steve Hamm: Now continued continuing education is emerging as an important workplace benefit for employees. Why is that happening and what is Guild education's role as a learning marketplace in providing educational services for employers?

Julie Chickillo: Oh, that's a great question. Uh, we're seeing employees are expecting more, uh, from companies than ever before. Uh, so in addition, in addition to good pay and a sense of purpose, um, employees really want a career path. Uh, and especially one that, uh, gets them probably to a higher pay, maybe to a better future, not only for themselves, but their families.

Uh, so we're starting to see, um, a lot of companies are, are offering learning benefits, uh, that enhance career mobility, um, to attract and retain employees today, um, while also preparing them for, for roles, uh, that might be coming in the future for their, uh, For their own company. Uh, a [00:01:00] recent survey, uh, showed that 76% of workers actually feel unequipped with the skills needed to, to work in the future, um, of with technology, all the emerging technologies coming out.

Uh, and so we're just seeing a huge need for this. So, uh, Guild's really on a mission to unlock opportunity for America's workforce, uh, through education, skilling and career mobility. Um, and so, so that's Guild's role. Uh, we offer. Coaching, uh, we help learners find the right program. We help employers, uh, find programs for their, for their employees.

Uh, so it's, it's a, win-win all around for every.

Steve Hamm: Yeah. Yeah. And I assume it's all online.

Julie Chickillo: Um, Guild's platform is online. Uh, some of the schools are actually in person. Uh, so for example, if, if you're in a nursing program, uh, there's reason that you need to go into a lab to draw blood, uh, or things like that, um, or for culinary skills. So it does depend, uh, and for the most part, uh, for working [00:02:00] adults, it's a lot easier for them to do online.

Steve Hamm: Yeah. Yeah. So Guild education is a B Corp, meaning it aims to do well, make a profit by doing good. How does that philosophy shape the way the company does business and, and, and how it thinks about data security?

Julie Chickillo: Yeah, the B Corp really is, is core to, to Guild's, um, business processes. We really, uh, talk about the double bottom line and, and all the all hands, uh, and it's in, it's in a lot of meetings. And so a lot of time, uh, is spent discussing what is best for learners, what is best for getting learners to where they need to be, not just how to make a profit.

And so it's just integral into the way that, that people actually. Talk to each other, uh, as a part of everyday work. So part of this actually means that. Uh, employees at Guild really focus on not only how what's best for a learner from their education standpoint, but [00:03:00] also how do we do right by them. And this includes protecting their information.

So I, uh, I often find teams or individuals proactively come to myself or my team and ask what they could be doing to better, um, enhance security or make sure that privacy is respect. For the learners. Uh, it's just really different from a lot of other companies I've worked at in the past where, uh, we, we proactively get asked or, or brought in on projects where there could be, um, a privacy or security issue.

Steve Hamm: Yeah. So you're saying employees of Guild education proactively come to you.

Julie Chickillo: Yes.

Steve Hamm: So there are it's, it's just part of the, the whole culture of the place then.

Julie Chickillo: Yeah, it's really a part of the culture. Uh, it's not uncommon for us to get asked, um, as a project is starting or as they're considering a new line of business, uh, what, what we would need to do to ensure that the data is protected and, and that privacy rights are [00:04:00] respected as well.

Steve Hamm: Yeah. Yeah. You know, I'm, I'm just wonder guilt education. That's such an unusual name. What's the origin of that,

Julie Chickillo: Oh, well, I'll try and give the origin story as best as I can. Uh but, um, Guild a Guild is actually a group of, uh, it comes from like medieval times where it's a group of, uh, professionals like in a similar jobs. So like blacksmith. And so, uh, the two founders, uh, thought. What they really were going for was a group.

Um, that's proactively learning together and, and building. Uh, better paths for themselves, right? So if you're in a, a blacksmith Guild, you might, um, learn from each other. And so that's where the Guild part came from. I think they added education, uh, just to kind of enhance the purpose, uh, Guild Guild.

Doesn't actually offer education classes. Uh, we just help pair people up with the right programs.[00:05:00]

Steve Hamm: right, right. I get that. That's that's really cool. Now you've been a security professional for more than 20 years, both in private industry like now, and, and previously in government, what are the biggest changes that you've seen in the way organizations protect their data?

Julie Chickillo: Yeah, it's, it's really evolved in the last 20 years. Early, early on in my career, um, really was looking at a legacy environment, which would be, uh, like a traditional network, lots of servers databases. Um, and as, as I've seen the move into the cloud, um, the biggest thing that's happened even even early on in the cloud movement was that it was a lot easier to start moving data from where it was originally.

Two multi-cloud locations. Uh, so that makes it a lot harder, uh, to track where data is being processed and stored. And if you don't know where your data is stored, it's hard to ensure that it's protected. Um, so for legacy networks, uh, you can scan, there's a lot of scanning tools out there that look for data on, um, [00:06:00] on the network that might be looking in drives.

Um, and they can even get it classified, but it's not PO it's. Easy to do or even possible in many cases to know, um, which clouds to you, can't just randomly scan every cloud out there. Uh, and so you're, you're really having to track where's the data moving in a, in a way that you never had to. Um, and we're also starting to see emerging technologies that are creating opportunities to scan various SaaS products.

Um, but again, it's really, um, dependent on which. Companies they've partnered with. And so, uh, I, I think the biggest change, uh, besides the fact that, um, being in the cloud allows you to develop product much faster. It allows the engineering teams to develop very quickly, um, data. The movement of data is it's, it's a lot faster and it's a lot easier than it used to be.

Steve Hamm: Yeah. You know, it's interesting. In, in the early days of the [00:07:00] public cloud, there was a lot of concern, especially by financial services and some other firms about security, but it seems like it's turned out that security could even be better in the cloud. Is your impression of things.

Julie Chickillo: Yeah, I, I, there is, I think there's a slight stigma to that. It would definitely, there was when I, when I, where I was working early on in the cloud movement, um, uh, the, the security in the cloud generally can be better, uh, because there is a group, uh, for instance, I'll, I'll say AWS is the, a common one. Um, they are securing, uh, the underlying infrastructure and they're, they're probably putting a lot more money towards.

Um, the biggest difference is that what you're building on top of it, there is a lot of room for error and you can cause security problems. They're just different than the ones that you were seeing on a legacy network. But in, in patching, like if you had to patch servers to ensure that there weren't vulnerabilities things like that, you're no longer having to do that.

In a way that you had to before, uh, and [00:08:00] the technology in the cloud tends to be a lot, uh, it's a lot newer it's, they're keeping it up to date. And so you're really not having to worry about vulnerabilities that are sometimes 10 years old. Right. So if you're, if you have an old network and you just can't keep it up to date, you could, you could be creating problems, um, month over month.

Whereas with the cloud, you're not, you're not gonna see that on the underlying infrastructure.

Steve Hamm: Yeah. Yeah. It's interesting. When you look at these big broad multi-year trends, a lot of companies out there and you know, the corporate customers of yours I'm sure are true. Uh, too, you know, they've, they've had to migrate. You know, large numbers of, of application in the cloud. Now they're migrating a lot of data to the cloud, but your company Guild education basically started in the cloud.

So, you know, tell us about how the, the company got launched in the cloud and how it protects its [00:09:00] own data in the cloud.

Julie Chickillo: Yeah. So early on, uh, guilt's about, um, a little over six years old and it was just, it's easier to start. Technology in the cloud these days, it'd be a lot more expensive to get, um, placed in a, a data center or even like host servers on your own, on your own environment. And so it's just easier to, to, um, start producing in a cloud.

It gives the engineers a lot more. Um, it's, it's easy, it's easy access. And then you also don't need a team that is supporting the underlying infrastructure. So you really can put your money towards the, the product development. And this is really, uh, where Guild's initial focus was as a startup. You're, you're really looking for how can you do the most with your money?

And so you really want to pay the people who are gonna be building product, not people who are managing servers. And so, uh, that was the, that's why the decision was made to, um, start in the cloud. Um, I think the other thing is that it just makes it [00:10:00] easier, uh, to, to get. To move as well. Right. So if you start in one cloud and you say, okay, actually technology is better in another cloud.

It's not that difficult to move over, um, early on. And so it gives you a lot more flexibility with the technology that's out there.

Steve Hamm: Yeah. Yeah. A lot of the bigger companies have multi-cloud strategies, uh, Guild education's relatively small. Do you use multiple clouds or just, just one?

Julie Chickillo: Um, we actually were multi-cloud, uh, for quite a few years, we've recently consolidated onto one. Um, I, I wouldn't rule out that we add another cloud at some point, if the technology on a different cloud was. Was something we wanted, uh, just, they make it so easy to, to connect the two and then to move data between all the different clouds, um, that it's really up to the engineers and, and what they're building and the technology.

They need to decide whether or not they're gonna have one or multiple clouds.

Steve Hamm: Yeah. Yeah, that's really interesting. [00:11:00] In a recent data economy, survey of enterprises sponsored by snowflake, the results show that only 45% of organizations said they easily access all available. Through a single system or application. Now I understand there's a, there's a big shift going on in information security organizations are pulling data from all the security point products and integrating and correlating it in a cloud data platform.

I believe this is called the connected app model. How does that work and how does it improve the environment?

Julie Chickillo: Yeah, it's a, it's a really great trend that I think we're seeing emerge in the information security, uh, uh, Area the, how it works is that you well, well, currently what's happening is that many of the security tools out there specialize in, in one type of security or another, they may, they may do a couple things, but one might specialize in scanning.

Um, software development code one might specialize in scanning, uh, [00:12:00] like a server environment. Another one could specialize in scanning laptops. I'll just use those three. All three of those really are very separate. Uh, tools and they live separately. You can't integrate them together to get one look at the environment and maybe how an attacker was moving through all three of those things very easily What, what the snowflake does in the connected app model allows us to do is move all of these logs, where some of them might traditionally have gone to a security incident and event management system. Uh, not all of those logs could. And so what you can do is connect all of the applications into one central area.

Um, And for us that snowflake, and then you have all of your information in, in one place, and then you can, um, do dashboards or correlations on top of that. And how that improves security is that before with the, with the environment where everything was separate, you really had to have your analysts. Or your security engineers logging [00:13:00] into multiple systems throughout the day to try and see what was going on.

And then you're having to hope that they can connect the dots between all the different systems, uh, and especially in an incident, it might be very, you might spend a lot of time trying to connect all the dots. You might have to move it out into a spreadsheet. Um, if it's really, if they're all really very different.

Uh, and so this, this improves the ability to monitor kind of. The mythical one pane of one pane of glass, uh, where you can truly see everything happening in the environment in one area. Um, and while, uh, the security incident invent management systems can do that for pieces of, of a security program. For, for those of us who are in the cloud.

For those of us who do have, who are cloud first and maybe have data in many, many different places. It's very hard. You, you can't send those to that, to that traditional.

Steve Hamm: Interesting. So in the past, a lot of that correlating was actually being done in the, in the data [00:14:00] analyst brains. I mean, they were the ones who were connecting the dots and now snowflake is where the, the dots are connected.

Julie Chickillo: Yeah, the, the shift. Is that what we're, um, what we're seeing, what my team is doing in particular is that, um, it shifted from having to you're correct. Put like it's in your head and you're looking at it and hopefully you saw the, the things that connected, um, to being able to just put it in there and say, and, and write a script and say, okay, if.

If X happens and Y happens, let us know. Uh, and so you don't have to rely on somebody looking for it. It's no longer a needle in a haystack search.

Steve Hamm: Right. Right, right. Gotcha. Gotcha. Now, one of the key vulnerabilities for organizations is the process of developing new software applications. Why is this? So, and how does the technology you use today help you deal with that?

Julie Chickillo: So we're, there's, uh, been an emerging trend in the past couple of years for attackers to really [00:15:00] focus on the software code. Um, Where it lives. And so putting, um, attacks into the code itself, uh, and at which were, could be very difficult to find. And in many cases, um, Code code could be if you're using, um, if you have a very large code base, it can take a really long time to scan and it can be very hard to scan thoroughly and with the newer technology, um, and the newer practices in software engineering, where you're deploying instead of deploying a, a product every six months or once a year, you're pushing code, uh, new dub Beaumont code into production.

And many times, multiple times a day. And so that became really hard for the security code scanners to keep up with that pace. So a legacy scanner, uh, would take, I think when I was like early on in the career is probably taking anywhere from eight hours to up to 48 hours [00:16:00] to scan. Um, my current scanners have to come in at under five minutes.

And so this, this was a pretty, uh, significant shift. And how code was scanned. And, and how you reacted to it. And the software engineers were just able to build at such a fast pace because of all the cloud technology that security really had to, uh, change to keep up with it. And so in the application security program, uh, we use.

We use modern security tools that are able to scan in under five minutes. Uh, they are help. The engineers are able to get feedback pretty quickly. Um, and then it prevents them from moving the code into production. If they're seeing higher critical vulnerabilities with that technology, that means the security team is no longer monitoring.

Every single scan that happens. Uh, we just don't scale the same way engineers do, uh, engineering teams. And so what we had to do [00:17:00] was. We moved. And this was the part I was saying before. That was very difficult before I had access to snowflake, uh, was we've moved all of the logs from our application security scanning into our, um, connected app model.

And then we're able to write queries on top of that against. Some of the tools that the engineers use, we can use the tools the engineers use. We can use our own scanning and the two together can tell us, um, let us know, did a scan get turned off? Did an engineer do something they weren't supposed to? Um, or, or are we seeing anomalies in the process and, and we'll get pinged about that.

Um, every time it happens, so we're not having to look at thousands of pushes to production.

Steve Hamm: Yeah. Yeah. So you, you, you're looking for vulnerabilities. You're looking in the code itself. You're looking for malicious code in the code, but you're also looking for practices in the, in the, by the programmers, in the process. [00:18:00] That might be a vulnerability. So that's really interesting. So you can, you can look at all those things in the same place.

Julie Chickillo: Yes. Uh, and that, that has been a real game changer for us. Uh, it's been, uh, early on in my practice with the application security programs. Uh, you could run this scanner, but you, you, you didn't have a hundred percent assurance that. They, the scan ran every time, unless you, you looked at it. Uh, so we could have a team, um, spending upwards of 200 hours a month, just looking at all of the different, um, code pushes into production.

Uh, we've reduced that down to, um, well, no time looking at it, unless you get an alert. Hey here, like something's happened, go check it out. And so in that case, you're able to actually proactively go do something, um, the same day, whereas before we might be checking a month after and going back to a group and saying, why did you do this?

And, and so that's a huge change in the security, uh, program for us.[00:19:00]

Steve Hamm: Yeah. It's interesting to think about the scanning because a lot of it, when you, and I imagine there's AI use in these programs, but they has to be train. what to look for, but I'm just wondering, are they using deep, uh, deep learning now? I mean, that's, that's the AI technique that actually, you don't have to tell the, the program what to look for.

It just kind of sizes up the system that it's looking at and finds anomalies and tell tells you, Hey, you might want to hear about this, that, that kind of thing. Is that something that's happening in, in, in security at this point? Or is that the future? Yeah.

Julie Chickillo: No, definitely. We are seeing, uh, we are seeing several, um, companies, um, say that they can do that. We are actually using one ourselves, uh, that that's claiming. The deep learning and AI model. Uh, and I would say that it is very good at pattern recognition and looking for anomalies. Um, it, that that in and of itself helps with the cloud as well.

So the interesting piece is that as you bring up this, the [00:20:00] AI and the deep learning. The pattern recognition is in one security tool. And the, the software code scanning is in a separate tool. So again, they live separately and unless I have a way to bring them together, I can't com I can't like watch some, I can't compare, like, compare the two and, and use a correlation between the two to find a problem.

Steve Hamm: But now you can.

Julie Chickillo: Now we can. Yes.

Steve Hamm: Okay. Very good. Very good. Um, that should be the theme of our talk today. Now we can, right.

Julie Chickillo: No, we can't actually, yes, that has been my theme for the last year and a half. Before I tell everybody, now I can do this. It's it's amazing.

Steve Hamm: Yeah. No, that's great. Hey, I, I saw a recent interview where you described your, your collaboration with the company's software application development team, and also with the data ops team. And that's the group that manages how data is used by the company. You, you, you got so tight with these people.

You even gave up a staff position to the [00:21:00] data ops team. How did that work?

Julie Chickillo: Yeah, that's that's I know that was a interesting move. Um, so early on, and as I was learning about snowflake, uh, from a security professional, like viewpoint, I didn't know much about snowflake. I didn't really understand. The data ops or data operations. And so early on when I was making a decision to move on the snowflake, uh, based on conversations with a couple CISOs, I knew, uh, the data ops team, uh, really leaned in and helped me.

And they helped me understand what we would be doing. They helped our team make them move and they helped us. Um, Structure the data in a way that was usable for us. And, and so the whole time they were, they were helping us, but it was kind of a side project for them. Um, and this was about a year and a half ago.

And after a year and a half, my team really. Um, just was getting so much value out of these projects that we were doing with the data team, that we, we made a decision to give a position on our team and give it to the [00:22:00] data ops team so they could support us. Um, one of the reasons that we did that is the it's a particular skill.

The data ops team really has good scripting skills. They understand the databases, they understand snowflake. They're able to do things a lot faster than we are. And so it made sense instead of going out and looking for a security professional who had security, uh, knowledge plus understanding all of, um, the, the data operations, uh, we just, we just didn't think that would be.

We, we didn't think we'd find that unicorn. And so we thought, well, why don't we give the data ops team, somebody, they can then fully support us. They're they're much faster at the work. And then we can explain to them what they, what we want. Uh, and so we're really excited. We, we do think this will actually speed up the program quite, uh, quite significantly.

And so we're, we're excited to get going with that. Um, we've been given an SLA with the team, so it's just, um, I think it's, it's a really exciting for both teams to see how [00:23:00] the data operations team can support a part of the business that, that they've never, probably would've considered supporting. If I hadn't come to.

Steve Hamm: Right. Right. And for you, it's worthwhile you, you get more value by giving up that FTE than by hoarding it, which is kind of interesting, right?

Julie Chickillo: Yes. Yeah. A hundred percent. We, um, I like if something that would take my team, maybe two weeks to do probably would take somebody on the data op scene eight hours. Four to eight hours. Um, just because they have the knowledge, they understand the structure. And, and so with my team, we would have to spend time researching and trying and failing.

Um, and so we we're able to see that when we do get time with the data ops team, they were, they were just much faster. And so we, um, we, I feel like not only are we gaining. Uh, efficiency in our program that it, the data ops team probably won't need that person full-time to support my team. So they're gonna gain probably a half of an FTE for, for whatever other work that they.[00:24:00]

Steve Hamm: now, uh, since you started with snowflake and you've talked about a lot of the, how it's really been transformative, how have you changed the way you use your data security incident and event management tool, which seems like that's a crucial thing.

We talked a little bit about it, but could you go into that with some more depth?

Julie Chickillo: Sure. Yeah, this was actually the impetus to us moving to snowflake. So I'll give you, I'll give you like a picture of where we were before we moved. Cause it'll help explain how we're using it today before we moved. Um, We really had to rely on a customer service from our previous, um, vendor on if every time we wanted to change a correlation or we wanted to fine tune something.

Uh, and so this meant it could mean, um, one to five days between writing, getting scripts done or changing, or being able to alert on something. This was really frustrating for the team. My other. My other biggest concern, um, with the, the security incident and event management tool was that I felt like we, it was really geared towards a legacy network and it was really looking [00:25:00] at all the things that traditionally exist on a network, uh, servers routers firewalls.

Um, many of which I don't, I don't have those things. And so I didn't feel like I was getting a lot of value out of it, but I knew the point behind the event management tool is that it's alerting every time there's an incident or an event happen. And so, um, uh, what what's changed today is that we do, we do still have a traditional, uh, security to invent management tool and it sits on top of snowflake and we're, we're able to put traditional logs in there, but we're also able to put things in there that you wouldn't necessarily send to the, to the event management tool. And we're also able to write our own custom scripts. And so if I want to know. Uh, that's I wanna write a script that's particular to our, um, environment in the cloud. We're able to quickly write it. We're able to test it and we're able to deploy it. Usually we can do that in under, um, two hours from the [00:26:00] time that we're like, Hey, we we'd like to create this.

And then we, we sign it to an analyst or an engineer, and then they create it and they can deploy it. It's it's very fast. So that, that's how that's one of the things that changed for us is that it sped up our ability. Write the correlations. Um, the other thing that it did was it, it enabled us to sort of expand the security incident and event management tool beyond the actual tool itself where we're, we're writing scripts that you would normally see, or these correlations that you see in the event management tool, um, outside of it.

Uh, and so it's sort of an expanded. Like we've expanded where we're writing events too. And, and again, I'll go back to the application security program. Those types of logs never went to a security incident and event management tool.

Steve Hamm: Right.

Julie Chickillo: And so we would want to correlate between the two, uh, and, and now we're able to do that with snowflake.

Steve Hamm: Yeah. Yeah. So it's almost like you are built customizing [00:27:00] on top of the tool, but you're not, you're doing it in snowflake night in the tool itself.

Julie Chickillo: Yes, that's correct. We are customizing. Yeah. Outside of the tool.

Steve Hamm: Yeah. Interesting. Very interesting. So we've been, we've talked a lot about what all the great things you've been doing over the last couple of years.

I wanna shift and talk about the future. Now, what improvements and new capabilities in cloud security technologies do you se do you see coming in the next year or so?

Julie Chickillo: Uh, we're seeing a lot of emerging technologies around privacy and protecting or monitoring data where it lives. Uh, the privacy practice has really been. Uh, it's, it's where security probably was about 10 years ago. When I go to the conferences or you look at the technology, um, it's it. You're hearing the same things you would've heard at a security conference about 10 years ago.

And so as the privacy practice emerges, we see a lot of, um, new laws happening in the United States plus a possible federal law. Uh, we're really [00:28:00] seeing companies start to look and say, okay, with all this cloud technology, where with data moving very quickly. How are we able to monitor or protect it if you don't know where it lives?

And, and so we're starting to see a lot of emerging technology around finding data in the clouds, uh, or, or being able to monitor it leaving where, where it started. And then track where it's going, uh, in a way that you, you couldn't do before. And so I'm very excited to see, uh, this emerging technology. I think this has been been one of my biggest frustrations with being in the cloud is that you just, you, if it's in the cloud and you know which cloud it's in, you can probably see it.

If you don't know where it went, you just don't know where it went.

Steve Hamm: Right, right.

Julie Chickillo: and so that, that could be very frustrating. Um, so I'm really excited to see this, uh, at the snowflake conference. That I attended in June. Uh, you even saw, you even saw some of the, the vendors there, starting to talk about this, uh, and how they're gonna start monitoring data [00:29:00] moving, even if it's moving outside.

Steve Hamm: you can use these tools to, you know, find and map all your data. monitor your data and then also track it while it's in motion.

Julie Chickillo: Yeah. Uh, and that, that piece, that piece has been, um, I'm keeping my eye on that. I don't know if it's too early to try it. Um, I'm not, I'm not shy of trying technology in beta, so I might, I might try one this year, uh, or next year, but it's, it's very, um, fascinating to watch the, the technology merging in this part of the industry.

Steve Hamm: Yeah. Yeah. Cool. Cool. Hey, I'm gonna ask you now to put on your visionary cap, you know, looking out five years or longer, how do you expect cloud computing to change the way organizations manage and analyze data?

Julie Chickillo: Yeah, I think five years from now, um, the data ops or data operations team that we we spoke about, um, will really become as commonly known as, uh, like a development operations team or the DevOps [00:30:00] practice, uh, which is pretty, uh, widely known these days. I think the data ops is really, um, gonna emerge as a part of the industry that supports an organization across.

The entire organization. So today you might have teams like mine or your human resources team, or even finance, and they all have data separately. Uh, and they're all, they're all trying to do the best they can to analyze it and manage it. And the cloud is making it, um, so that you can move all of these things.

All of these different data types. These are, you know, secure, secure types of data, HR, finance, security, and put them into a, uh, one area. And have a team that helps actually support the business to manage, do reports, um, analytics. And I think that is what we'll be seeing in the next five years that I think will really revolutionize the way that that data's used, uh, across an organization so that it's no longer just the data that's supporting an application that is, that gets [00:31:00] special treatment.

You're gonna see the entire organization benefit from this practice.

Steve Hamm: Yeah. Yeah. So data ops is kind of a, a centralized strategic organization that provides services for everybody else who kind of relieves them of some of the burdens.

Julie Chickillo: Yes. Yeah.

Steve Hamm: of administrative burdens, but also it sets policy, which has a lot to do with, with privacy and, and security. So it seems like that's a fast developing, uh, practice within a company.

So that's really interesting to watch.

Julie Chickillo: Why we, we spoke about me giving up a position to the data op team. I think you'll see other teams start seeing this value and they too will, uh, understand, uh, that giving up an FTE or supporting this data ops team, uh, actually empowers them to, to be better in the business.

Steve Hamm: Yeah. Oh, that's really cool. You know, we're about to wrap up now and we, we typically like to end on a more personal note, a lighter. So I wanted to ask you, you talked before [00:32:00] about how Guild education is at B Corp and clearly this is something that resonates with you. So what's the attraction. Why is it so satisfying and, and meaningful to you to work for a B corporation?

Julie Chickillo: Oh, I love this question. Uh, so for me working for a B Corp and specifically Guild gave me the opportunity to support a cause. Uh, that's very important to me in ways. I don't usually get to do in my career. Uh, a lot of my family actually worked in the education or currently works in the education industry, uh, elementary school teachers or supporting, um, like K through 12.

And it's not, that was never going to be, I was never going to be a teacher in that way. Um, just didn't I was not built to be a teacher. And so being able to work at a company that really supports education and. Really believes that every adult should have the ability to grow and, and get skills and maybe have an opportunity to, to, to gain access to education that they didn't [00:33:00] have early on.

And that will change their life fundamentally. Uh, it, it just means so much to me as an information security professional, that I can support a company that's doing that. And that I, I know that my job is giving back directly, um, to, to all the learners, even, even if I don't support them. Day to day. I don't speak to them, but I know that I can help the company succeed and I can, can help keep their data and information safe.

Steve Hamm: yeah. Yeah. Well, you are, you're focused on a mission. And it's, you know, terribly vital for, you know, young people, but also for people throughout their lives, because the world is changing so fast. You have to adapt you. Can't just kind of get one skillset and sticks with stick with it. So I, I think the, the thing that your company doing is it's a great thing.

It's very important for people in fair society.

Julie Chickillo: Thank you. Yes.

Steve Hamm: yeah, you get to contribute to the mission without having to deal with screaming kids.

Julie Chickillo: That [00:34:00] is true. I don't, I do not. Yeah. I would not have the temperament to be his elementary school teacher. Um, they work very, very hard.

Steve Hamm: Oh, I know, I know some of them, so, uh, you know, this has been a, it's been a really interesting combination. I mean, just, uh, sorry. This has been a, a really interesting conversation. Uh, lots of very practical information. I think. People in the security business, in the cloud security would be really useful for them.

And then I think this, you know, your conversation about data ops that really looks to the future. That's really something that's a lot of companies tough to think about strategically. So I think you, you kind of got it at the nice basic level. And then at the high level two, I thought. At the core of what you talked about, this idea of integrating and correlating data, you know, that connected app model is really fascinating because, you know, in the past, in the computer industry, you had to kind of decide between two things.

Did you want best of [00:35:00] breed or did you want kind of an integrated. Platform where you were kind of sometimes a little captive to, to the comp the software company. And, and I'm, I'm not gonna name any names here, but in a sense, this new model allows best of breed to flourish. And I think that's, it's a very powerful idea.

So

Julie Chickillo: It is I think, yeah, I think it will help, um, transform the security industry for sure. I, I am allowed to select the best of read in my tools and not have to worry that they don't integrate or that I can't get. I can't see the information in a way that I need to.

Steve Hamm: Yeah, well, that's great, Julie, thank you so much for all of your insights today. It's been a great podcast.

Julie Chickillo: Thank you. And thank you for having me on today.