How Guild Education Delivers Data-Driven Security

As VP and Head of Security at Guild Education, Julie Chickillo is constantly on the lookout for the next trends in cybersecurity and data privacy to help ensure that the information and privacy rights of Guild learners are protected and respected. In a recent episode of The Data Cloud Podcast, she talks about finding and correlating vulnerabilities in data, the importance of working closely with data operations teams, and what excites her most about cloud security technologies.

Founded in 2015, Guild is a career opportunity platform that enables forward-thinking employers to invest in their employees, unlocking life-changing opportunities for personal and professional growth through education and learning programs, career development, and one-on-one coaching. “We are on a mission to unlock opportunity for America’s workforce through education, skilling, and career mobility,” says Chickillo. “We offer coaching, we help learners find the right program, and we help employers find programs for their employees.”

The impetus for Guild moving to Snowflake was the organization’s need to change the way it uses security incident and event management (SIEM). Previously, every time Chickillo and her team wanted to change a correlation or do some kind of fine-tuning, they had to make a customer service request to their prior SIEM vendor. “It could mean one to five days between writing, getting scripts done or changed, or being able to alert on an incident or event,” she says. “It was really frustrating for my team.” Additionally, that SIEM was built for legacy networks, not for cloud computing, so it wasn’t generating a lot of value for Guild.

Moving to a data security lake architecture built on Snowflake and running Panther, a cloud SIEM, on top of Snowflake means that Chickillo and her team can look at a wider set of information than traditional logs. They can also write their own custom scripts, taking less than two hours from having the idea for the script to writing, testing, and deploying it.

“What Snowflake does in the connected app model is it allows you to move all of the logs and have all of your information in one place where you can do dashboards or correlations on top of it,” Chickillo says. The huge benefit is that security analysts and engineers no longer have to log in to multiple applications throughout the day to try first to figure out what’s going on, and then to connect the dots between the different systems, she adds. They can integrate and correlate data much more effectively to gain insight across the entire environment.

The ability for security teams to move fast is particularly important now as attackers are targeting the software code itself, meaning that vulnerability scans must be fast and thorough. Over the last 20 years, Chickillo has seen scanning time come down to under 5 minutes today versus 8 to 48 hours. Her team is writing queries on top of their scans to be automatically alerted on developer behavior and process anomalies as well as vulnerabilities. “This has been a real game changer for us,” she says, enabling the team to proactively engage with the developers.

Chickillo worked closely with Guild’s data operations team early on in the move to Snowflake, tapping their knowledge on how best to structure data. “My team was getting so much value out of the projects that we were doing with the data ops team that we made a decision to give up a position on our team and give it to data ops, so they could support us,” she says. This approach made much more sense than trying to find and hire a security professional who had both security knowledge and data operations understanding. “We didn’t think we’d find that unicorn,” Chickillo adds.

Together, the teams can move a lot faster, with data ops taking four to eight hours to deliver on a task involving data structure knowledge which might have taken the security team, working solo, as long as two weeks.

Chickillo is excited by the promise of emerging technologies that help to find, monitor, track, and protect cloud data when it’s in motion. These new technologies will enable companies to expand their privacy practices as new data privacy legislation comes into effect, she says.

Looking ahead five years, Chickillo predicts that the data operations function will take on a similar centralized, strategic support role to today’s well-established DevOps practices. With all of an organization’s data stored in a single location, data ops will help security, HR and finance, and other teams manage and analyze their data.

“This shift will really revolutionize how data is used across an organization, and you’ll see the entire company benefit from this practice,” she says. “Other teams will understand that giving up a full-time employee to data ops or supporting their data ops team actually empowers them to be better in the business.”

The Data Cloud is a podcast hosted by award-winning author and journalist Steve Hamm. For each episode, Hamm speaks with a data leader to learn how they leverage the cloud to manage, share, and analyze data to drive business growth, fuel innovation, and disrupt their industries. You can listen to more episodes here.

Source