A Professional’s Perspective series probes Toronto’s top executives for insights into life in the city.
Kellman Meghu is a senior executive at Check Point Software Technology; he’s the guy in charge of virtual data centre security across North America. He has a tech blog, killhup.blogspot.ca which is filled with tech stuff.
This author caught up with Kellman Meghu at a Check Point sponsored Security Breakfast meeting in an upscale conference room at the Ritz-Carlton hotel where he spoke to an audience of data centre managers about about virtual security for over an hour. Afterwards I asked him some questions about his job, his life.
1. What’s your favourite joke about your own profession?
Did you hear the one where I leveraged agile security with adaptive threat management using a service oriented architecture to enable mobile applications scaled out with cloud services, with a plan for platform consolidation and a strategy for big data?
Why do people laugh when I say that? I actually do all those things.
You want to know the really hilarious part of the joke? When I do my job well, and build a layered approach with policy and enforcement dynamically linked and monitored, if I do the best bang up job I can, and the system exceeds expectations. You won’t even know I exist. In order to be successful, I have to automate myself out of having to be there.
2. Where in Toronto can we find your profession?
Historically, I deliver and support activities, policies and enforcement after you have already suffered some horrible breach. I work on the thing you didn’t really believe you needed, or never bother to look at it, even when you did have it. Security. And when it comes to security in an online world, we are everywhere.
3. What’s the best question a prospective customer could ask a member of your profession when comparing services?
Ask them how effective, fast, and simple their security services are. The faster they answer without asking a lot of questions should make you nervous. Security is hard, and they need to know many things about the network, the applications, the users and yes, even the business. If your security managers don’t understand your business, they don’t understand risk. If they don’t ask how your applications are leveraged by your business to deliver services or manage key resources, you might want to take a close look before committing to anything.
4. What’s the best job you do? What’s the worst job you do?
Not sure I understand the question, In life, or particularly with my job now? Here’s the thing, I have a hard time thinking about my industry as work. I was doing similar things many years ago out of pure curiosity. I find the machines, communications, networks fascinating. This industry popped up around me while I was already doing many of those things for fun. I take holidays to lock myself in my basement and teach myself programming languages. I’m a horrible programmer, sloppy, but I can get by. How lucky did I get? An industry grew out of something I happened to like tinkering with.
5. What’s your Toronto pet peeve?
Pet peeve? I love Toronto, but I travel so much I probably spend the least time at home. Every place has it perks and weirdness, but this place just feels like home.
Except for the traffic. I really hate the transportation around Toronto, but we just need to hang in there until the robots drive all the cars. I, for one, will welcome our new robot chauffeurs.
6. How do you get paid? What’s the price for your service?
Not sure how to answer, we need to understand some things first. Cost is relative to what your trying to protect. Would you spend $100 to protect $20? No? Would you spend $20 to protect $100? Better, but probably still a little too much. But $20 to protect $2000? let’s talk about what we can do for $20 bucks. Some of the services I provide are not about buying something, its sometimes just a change in approach or policy, but the effort is always relative to the value at risk.
7. What’s the best way the public can get discount service from your profession?
Discount security? That doesn’t sound good. Hey want to get an alarm system cheap? Security is a tax on value to reduce risk. If you are paying the tax, but not reducing risk, you are wasting your money. If you are paying the tax, and only think you are reducing your risk, when in fact you are not protected, well you have actually increased your risk, and payed the security tax to do it. Start with the value, apply a potential of risk based on validation of policy, and apply a small percentage of the overall value in the areas that reduce the most risk.
Okay, although that’s sounds pretty theoretical, that is essentially how we build security policy to apply controls to enforce protection to known and unknown risk.
Ahh never mind, no one ever gets the value right. Next time you walk through airport security, that is the exact opposite example of what I just wrote in the previous paragraph. Security theatre sells. We are happy to supplement airport security to the tune of billions for only the perception of safety, your discount is rational thought and data analysis.
8. What’s the worst thing a prospective buyer could ever do or say to a member of your profession when shopping for service?
Ask how fast or how much it costs before providing the details we need to make any calculations based on the factors I’ve already droned on about. I realize it sounds boring, but it has to be done to get to the real answer. And don’t go throwing out wild requests for high performances a system can never actually achieve end to end across the application stack.
Kellman Meghu is real clever on Twitter and deserves more followers; you can tweet security questions @Kellman but be prepared for caustic replies.