Patrick Miller joins GRIMM as Director of Software Security

Patrick Miller joins GRIMM as Director of Software Security

Patrick Miller was brought into GRIMM because he has the experience to help organizations understand what they need to do to stay safe, and help them do it. As Satya Nadella, Chief Executive Officer (CEO) at Microsoft said, “every company is now a software company.” It’s not a matter of companies necessarily producing software, but becoming reliant on it for an organization to operate. The ones who leverage software well will be more efficient and effective. They will thrive. Successfully embracing this trend requires an understanding of the security risks that come with those efficiencies.

Patrick has built up technical teams who have accomplished amazing research and built incredible tools. Equally important, he’s not doing this by having a cursory understanding of what these teams do, he’s actually done this type of work himself. This combination of having the business and organizational skills along with deep technical knowledge is what makes him an outstanding fit for helping GRIMM’s clients navigate the new world where technology surrounds all aspects of our lives.

At GRIMM, the Software Security team, also known as Application Security, works very closely with both the consulting division as well as the critical infrastructure division. Organizations come to us not because they want someone to do a web application penetration test, although that is one thing we offer. They come to us because they want to understand their risk, find out where their security gaps are, and measure how well they are doing overtime. This requires a team that has the technical breadth and depth, but also understands the business context. Patrick gets this, and that’s why he’s already leading engagements, asking the right questions to make sure customers move toward the level of security they’re looking for.

2020 is here, and the next decade will bring a big shift in the way companies are organized. Security is going to be integrated into Information Technology (IT) and IT is going to be largely absorbed by each of the business units they serve. This is what will help bridge the disconnect between IT and the rest of the business. The days of IT not understanding the business, or the business not understanding technology are already fading in some sectors, and the others will follow.

Even now, we’re seeing the connectivity of Operational Technology (OT) networks to traditional IT networks, accompanied by an expected lag in security. As Critical Infrastructure and Connected Devices become increasingly accessible to the outside world, now is the time to close the gap and get ahead of the curve. The industry and government have already started making moves to do so going into the next decade.

Different industries have different challenges, and even two companies in the same industry can take significantly different approaches to the same problem. At the same time, the cybersecurity maturity is going to be different from one organization to the next. The formula for tackling these problems is fairly straight forward:

  1. Get an accurate understanding of where you are today
  2. Know what needs to be done to improve
  3. Hire and/or train people to do it
  4. Measure to verify it’s actually making a difference

As simple as this sounds, it doesn’t mean it’s easy. Understanding what to measure, and how to do so in an objective, repeatable way, is a field of study in its own right. The metrics need to be carefully chosen to incentive the right things. People will optimize to get the numbers that they’re measured on. That’s not necessarily “working the system,” it’s what should be expected, and if people can accomplish your metrics without actually achieving the ends, then you are measuring the wrong things. Similarly finding smart, experienced people is a difficult task, and even after you have them, retaining them is another challenge.

Actually executing on these takes a doer, and that’s where Patrick fits in. He is a doer. While others just talk about what is needed, he gets stuff done, which is another thing that makes him a good match for GRIMM. We’re very glad to have Patrick on board. His passion and experience will help GRIMM push the industry to the next level, which is what this company was founded to do!