The following is a Q&A with Chris Tannery, senior manager of the FaaS (FireEye as a Service) team. Among his responsibilities, Chris helps customers with the onboarding process.


What first got you interested in cyber security? How did you get into this kind of role?

I previously worked for a big cloud-hosting organization for about ten years. I was in charge of building out their very first incident response and security operations group for the business, protecting the internal assets for the company. I found that I really loved the cyber part of it from an incident response perspective. Being a part of building out a security operations center, as well as the development of the processes and procedures of responding to incidents and running those incidents, was high energy, intense, and it was fun. I found that this is a niche that I really wanted to be a part of. I previously served in the U.S. Marine Corps. I loved serving in the Marine Corps in a SIGINT role. There was this aspect of protecting, and that same level of protecting the company from cyber events was something that fit me just perfectly.

So now you’re in a role where you get to do that on a much broader scale for dozens or hundreds of companies, having lived it kind of in the enterprise yourself.

Absolutely. I do get to see and work with a wide range of customers. It’s great to be a part of that piece of this.

How did you make your way to the FaaS team?

At my previous company, the culture was really good, and it made it difficult for me to leave. Coming here to FireEye, though, I found a company that was an expert in cyber security, and also had the same type of culture, based on strong professionalism and expertise, and focusing heavily on employee engagement. I think that is a critical piece of making this place a great place to work. Looking back, if somebody were to ask me, "Hey, are you glad you made the jump?" I can actually look back and honestly say, yeah, I'm glad I did make that jump.

You’re in an interesting role because you're bringing new customers into FaaS. I'm sure they have all different kinds of backgrounds – from breached environments to not breached, and from mature programs to less mature ones. What surprises you most? Is there a common thread or things that you often see that surprises you with new clients?

Because of the type of service that the clients are purchasing from us, the urgency is always really, really high. Like you said, there could be customers coming out of a compromise assessment, and so it's important that they keep that same level of monitoring based on findings during that engagement. Or if a client’s coming out of an incident response where they have been breached, being able to transition over to FireEye as a Service is critically urgent. It’s important to assist the clients based on their findings and making sure the information relays over to FaaS. The monitoring needs to be continuous with a high level of experts making sure that all that information transitions seamlessly.

You know, we often talk in security about how it's important to understand the assets you're protecting and to really know your environment. You need to be able to identify the data that is the most critical. Does FaaS essentially assume that burden for our clients? Do they say up front what is most important? And then do we then make sure that we watch those assets disproportionately?

The client is absolutely a critical part of the conversation. We need to understand what's important to them so we can make sure that we've got the appropriate coverage in those areas, wherever the data lives. Yes, the client is definitely a very important part of leveraging the information. Doing that knowledge transfer – not only from the internal folks here at FireEye, but also from the client – is a critical piece to make sure that we are looking at the right locations where the data is living.

These transitions sometimes need to be fast because the customer is coming out of a compromise assessment or out of an incident response engagement. How does the FaaS onboarding process to make it seamless?

First and foremost, we have an internal meeting with the engagement manager, the threat assessment manager who’s assigned to all of the FaaS clients, a service transition manager, and all the internal key players, including the salesperson. They’ll do a quick internal meeting with a knowledge transfer to make sure everybody is on the same page in terms of expectations and understanding all the information that we need to leverage.

Then we do a kickoff call with the client, introduce the team, and set expectations around service delivery and how FireEye as a Service works. And we run through things such as escalation procedures and establishing the service with the client.

Some clients have small environments. Some have very large ones that require project plans and working with program managers or project managers. So we provide internal project plans for our clients during these kickoffs and send weekly updates and things throughout the engagement until all the gear has been racked and stacked, and we know that we've got eyes on all the alerts that are going to be coming in from those products that the client has purchased.

The weekly updates are really nice because they're informative with the current status, exactly where we're at in the onboarding process, who is responsible for what, and what's been completed. If necessary, we'll do a weekly verbal check-in with the client.

So you get to work with a lot of CISOs and even CIOs and directors of incident response in that process. If you could give them one piece of advice based on what you see as you onboard customers, what would that be? Have you seen common deficiencies that you would give them advice on?

The piece of advice I would give to that CISO would be to take a strong look at FireEye as a Service, for the sole purpose of just knowing what we can provide. And from an onboarding perspective, it’s important that they maintain a high level of urgency around getting FireEye as a Service onboarded as quickly as possible. The bottom line is FireEye as a Service will provide full value when all gear is racked and stacked and we're firing on all cylinders with the team that we'll be working with, so time is crucial.

What do you enjoy most about your job at FireEye?

First, I love the whole protection aspect of working for an organization and providing a service that's protecting assets and data. Also, the leadership in this company is really great. The focus on the employees is high, and I think that that relates to the amount of expertise and services we provide. That’s critically important with the type of service that we're offering.

Learn more about Chris and others from the FaaS team here.