Cyber security threat hunting and incident response investigations require analysts to sift through a tsunami of data (millions to billions of data points) searching for attack patterns, TTPs and anomalies. It's costly and technically difficult to normalize and analyze these large and varied data sets. Even organizations with the resources often build one-off solutions, must heavily adapt existing tech stacks, or hire expensive consultants. It's too painful to explore big security data sets. I believe it should be easier to analyze this data, and that it shouldn't take hours, days or weeks of setup and configuration. We are building software that can help.
Beyond lowering friction for security investigators, and (hopefully) making their jobs better, there's a bigger mission behind Gigasheet. The sentiment is partially captured in this great article by Fredrick Lee:
"What we have in this industry isn’t a skills shortage. It’s a creativity problem in hiring. To close the existing talent gap and attract more candidates to the field, we need to do more to uncover potential applicants from varied backgrounds and skill sets, instead of searching for nonexistent 'unicorn' candidates" Fredrick Lee, CISO of Gusto
Lee goes on to discuss the security industry's less-than-helpful reputation as an exclusive club full of hackers in dark hoodies, complete with its own jargon that serves as a sort of secret handshake. This leads to hiring from a small, homogeneous pool of talent. The point that really resonated with me is:
We need break down barriers and prioritize potential over pedigree.
I saw this firsthand in my previous 10+ years at Recorded Future building a global team from the ground up. Surprisingly, many of the individuals with the most industry tenure were least creative, and ultimately less successful. While n00bs took a little more training and ramp-up time, more often than not they outperformed the old guard.
I'm convinced there are a lot of very smart analytical minds able but unwelcome to join the cyber security industry. The fact is that comfort with command line interfaces, working with databases, or banging out some python has little correlation with security analyst rigor. Talented individuals should not face today’s daunting hurdles to quickly analyze large data sets (i.e., million or billion row log files). I hope we at Gigasheet can break down some of those barriers.
Likewise, for those industry-seasoned vets, it's still too painful to work with really big data sets. Those super-valuable security ninjas still waste too much time in data preparation and enrichment, especially in the all-too-common scenario where fields and formats do not align exactly. These experts should spend less time on data prep and more time on analysis. We aim to change that.