- Cloud Control
- Posts
- Q&A with Joshua Marpet, BSides Global Council Member & Faculty Member at IANS
Q&A with Joshua Marpet, BSides Global Council Member & Faculty Member at IANS
Pulling Back the Curtain with the BSides Boss
Joshua Marpet, BSides Global Council Member & Faculty Member at IANS
Welcome back to Cloud Control 👋 This week, we sit down with the Bsides Boss himself - Joshua Marpet. From police officer to policing cyber threats, to guiding startups like Nudge Solutions and InfoSecQuote, Joshua details his experience and lessons learned along the way. Learn how rising startups are tackling challenges in cloud security, what it really means to be a founder, and the evolution of industry standards 👇
P.S. Was this email forwarded to you? If so, sign up to receive Cloud Control interviews delivered to your email each week here.
Question 1 💭
Give us an introduction of who we’re talking to. Tell us about your career, from being a police officer to then founding multiple companies in the cybersecurity industry. Are you currently focused on any one specific project?
Answer 1 🎯
My path is one I wouldn’t wish on anyone. :) I’ve been in IT for over 30 years. I started in help desk, traveling around the country to fix Thomson-Reuters machines at trading houses and investment banks. I went from there to project management, then sales engineering, then when the economy went south after 9/11, I switched careers to what I could find. I moved down south the Louisiana, was bouncing on Bourbon Street, became a cop at the jail in Covington, LA, and then after Hurricane Katrina, moved back up north. (No more hurricanes for me!!) I went back to computers, working in system administration, and security. After a while, I was solely security, and worked pretty hard on explaining how security worked to get a budget to protect enterprises. You’d be surprised how often better security correlates nicely with the ability to communicate with executives to get a budget! From there, I moved into compliance, because I could really drive a budget for security, with mandates from a regulatory framework. I started trying to fix frameworks, so I helped write CMMC for the DoD, SPDX for the Linux Foundation, and I’ve been working sporadically on continuous risk quantification.
Currently, I’m one of the founders of BSideSDE, on the board of Skytalks and BSidesDC, and I am pretty focused on the two startups I work with. Nudge Solutions is a goal-oriented fintech, where we put the consumer first. Tell us what your goals are, and we work to get you there with near real time nudges. Infosecquote is a new way to procure infosec and compliance services. One questionnaire, multiple quotes, shortlist generated, apples to apples comparisons. Simple.
To sum me up? I solve problems, and think around corners. It’s fun!!!
Question 2 💭
These days, it seems you’ve turned a focus to helping startups identify product-market fit. From your conversations with security leaders alike, what are some bleeding-neck pains they are facing in cloud security?
Answer 2 🎯
Cloud security? That’s a pretty big field. From understanding the differences between the clouds, to understanding secure configurations, and controlling what SaaS/PaaS/IaaS services are being used by their enterprise, departments, and individuals within their enterprise (without change control, security oversight, or compliance guidance). We used to have Shadow IT, we now have Shadow Cloud, and Shadow AI as well.
Control, configuration, and management are the big ones. Weird, how the fundamental issues are the ones that cause the most headaches, eh?
Question 3 💭
Your most recent venture is MJM Growth, where you work with startups to help identify product-market fit amongst other services. What strategies do you implement to help young cloud and cybersecurity organizations get to product-market fit, and profitability, as quickly as possible?
Answer 3 🎯
Product-market fit and profitability are hand in hand problems. If you don’t have one, you won’t have the other! And frankly, it’s not hard to do. You may have a great idea, which solves a huge problem for a lot of people. If so, you should be able to find 10 people to pay you actual money because they’re so excited about solving the problem!! Get 10 people to pay you money before you’ve written a line of code. I don’t care if it’s 50 bucks. Something!! Then you know people are interested, willing to allocate budget, and more importantly, you’re already revenue positive.
If you’re the CEO, and you’re not willing to sell to your friends and colleagues, you are going to fail. Go sell, and prove product-market fit, and prove profitability. What are you waiting for? GO!!!
Question 4 💭
As an advisor for multiple startups, what new and innovative approaches to cybersecurity are you seeing enter the market? How do these differ from more established players?
Answer 4 🎯
As always, I see so many copycats of any established player. But innovation is far rarer. Right now, what I’m seeing is of course, AI based startups, some of which are amazingly simple, like using AI to explain vulnerabilities and alerts so SOC analysts are incredibly more efficient, to I just had two friends of mine build out a Knowledge Access Management system (KAM) for AI answers, to make sure that only people who should see an answer (and all the inferences and deductions present in the answer) see that answer.
I’m also seeing a lot more fundamentals. Real asset management, API management, and change management. Solid attempts to build out information discovery tools, so you can ask why that restricted data is on 30 laptops??? So tools are being built to automate and actualize some of the fundamental tasks we curmudgeons have been screaming about for a long time! 🙂
Question 5 💭
MJM currently teaches many engineering based founders how to explain what it is their product actually does. What are some of the challenges of communicating those narratives?
Answer 5 🎯
If you can’t tell me what your product does in 30 seconds or less, you don’t understand what your product does. It has to explain why, and why I care, in those 30 seconds. If you can inject How in there as well? Awesome!!!
The biggest challenge for many founders is that they’re dazzled by the shiny of their product. I could care less about shiny. I want to know why I give a crap about another product. Tell me why I care. If you can’t, we’re done.
Read the Full Q&A on Gomboc.ai
What’s New at Gomboc
In the magical land of Silicon Valley, where dreams and code converge, a tale is about to unfold…Imagine a sunny day in the Valley, with Kubernetes on the horizon, ready to set sail into production waters. But, as fate would have it, chaos ensues, and our beloved character, Streamline Willie, finds himself in the midst of a cloud conundrum 🚢💻
Watch Mickey as he goes on a rollercoaster of tech shenanigans, only to be saved by Gomboc 💪
Latest AWS and Azure Updates You Don’t Want to Miss
Top Articles and Resources of the Week
Articles
Resources
Major Cloud Security Events and Conferences
Opt-in to this resource to receive updates on events and conferences in cloud security. Meet like-minded cloud-security professionals from around the globe to learn, exchange ideas, network, and more.
Top 50 InfoSec Networking Groups to Join
Join these top 50 associations, LinkedIn groups, and meetups to stay ahead of the curve on all things InfoSec.
The Center for Internet Security (CIS) is a fantastic resource for initiating, implementing, and upholding a robust cloud security strategy. Access their detailed benchmarks tailored for AWS, GCP, Azure, and more. For a deeper understanding, explore the CIS Controls Cloud Companion Guide.
SANS Practical Guide to Security in the AWS Cloud
In collaboration with AWS Marketplace, SANS introduces an in-depth guide tailored for AWS enthusiasts. Whether you're a novice or an expert, this extensive resource delves into the intricacies of AWS security.
Security Best Practices for Azure Solutions
Learn key security practices tailored for Azure solutions and understand their significance. This comprehensive guide offers insights into developing and deploying a secure Azure environment.