CTO 2.0: Maiffret Rejoins BeyondTrust

  /     /     /  
Publicated : 23/11/2024   Category : security


CTO 2.0: Maiffret Rejoins BeyondTrust


Hacker-turned-entrepreneur Marc Maiffret reflects on his past few years embedded with enterprise security teams and how it has shaped his security view.



One of the security industrys pioneers recently celebrated a homecoming of sorts: Marc Maiffret last month returned to his post as chief technology officer (CTO) at privileged access management vendor BeyondTrust after a six-year hiatus from the limelight of the security industry.
Maiffret, whose vulnerability management startup
eEye Digital Security was acquired by BeyondTrust
in 2012, left BeyondTrust three years later to take a break, do some backpacking, and figure out his next move. He was soon also caring for both of his parents, who had been diagnosed with dementia. 
After a brief stint as CISO at SpaceX, he has mostly kept a low profile in the industry, working as a security consultant embedded in the security operations teams at some large organizations in healthcare, finance, and space.
Maiffret had a rather abrupt start to his security career. In 1998 at the age of 17, he
infamously got a literal wakeup call
for his hacking activities when he awoke to find an FBI agent holding a gun to his head. He was never charged or arrested for anything, but agents confiscated his computer equipment. The then-teen hacker known as Chameleon in the Rhino9 hacker group says he and his hacking cohorts mostly just built tools and wrote papers about their work — activities that were fairly typical at the time for a generation of burgeoning white-hat hackers.
Just a few weeks after his encounter with the FBI, Maiffret teamed up with Firas Bushnaq to found eEye Digital Security, whose flagship product Retina Network Scanner was based on tools Maiffret had written in his teen hacker days. In 2001, Maiffret and fellow researchers at  eEye discovered the first major Microsoft Windows worm, Code Red, which they named after the cherry-flavored Mountain Dew soft drink they pounded all night as they picked apart the game-changing worm.

Clear-Eyed
His shift from security vendor to the enterprise perspective was — no pun intended — eye-opening. The last few years have been both rewarding and a lot of learning, he says. Its easy when youve been on the product side building security and technology ... to become a little detached from what customers are really facing and what their challenges really are.
Many of his enterprise clients were experiencing a common problem with their security postures: What was impressed upon me was the lack of security [technology] tailored to a business and an organization, he says. That impressed a lot upon me how like a vendor we can definitely do what we can with our solutions to be smarter in how we tailor them to the companies. ... Its more than one-size-fits-all.
Maiffret expects to be the glue between engineering and product management at BeyondTrust, he explains. One of his priorities will be ensuring the vendors platform works well with other security technologies. Many security products just dont work well together today, he says.
I think its important for security companies to have empathy more than anything else, and to me that is earned through action. The last few years embedding with various security teams was that and more for me, and Im excited to put that into what I do next at BeyondTrust, he says. Maybe a bit less brash than I was when I started down this path 23 years ago, but still happy to fight for the things that matter and call bullshit when needed.
In the meantime, Maiffrets already diving back into his roots: security research. You cant take the nerd out of me, he says. Its core to my being. 

Last News

▸ Some DLP Products Vulnerable to Security Holes ◂
Discovered: 23/12/2024
Category: security

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CTO 2.0: Maiffret Rejoins BeyondTrust