Interview: Rafal Los, Chief Security Strategist, Lightstream

Starting a new job in the time of COVID-19 lockdowns is always going to be a challenge for anyone, but when the job is too good to turn down, it should still appear to be the right decision.

That was the decision faced by Rafal Los, who recently took on the new position of chief security strategist at Lightstream, a company with a strong pedigree in cloud and network services, where he has been brought in to increase the company's offerings to include security services for the cloud.

Previously, Los has held positions at a number of security companies over his 20+ years in cybersecurity.

Talking to Infosecurity, he said there needs to be a way to view the world without strictly looking through the security lens. “It is not taking the same crappy Java apps and sticking them in the cloud, and asking why are they not better?” Architecture is fundamentally better cloud security; but ‘security providers’ aren’t going to get the job done because they simply don’t have the skills, or vision, he argued.

Los said there is a general misunderstanding of how to do security in the cloud, as every company who tries to do ‘cloud security’ only hand you tools, and they miss the main part of which form you put the services in. “Half of the companies out there are using the same old legacy stuff to try to secure an entirely new technology landscape, and the other half buy a cloud tool and ask where to install it.”

“Rather than trying to keep working at a solution that wasn’t bearing fruit, we decided we could do better, together”

This is where Los was attracted to Lightstream, as he called them a “bunch of old-school networking and cloud people who incorporated security principles” and hired security experts, including himself.

He claimed the company already had strong offerings in EDR/MDR and network security management, cloud (security) architecture – but it was time to formalize and expand the business.

“I’ve known this company for about a year and a half and we were on opposite ends of trying to make a partnership work, and me and my current boss (head of strategy Jeff Collins) were the ones trying to make it work,” he said. “Rather than trying to keep working at a solution that wasn’t bearing fruit, we decided we could do better, together.”

He said the company is not fundamentally changing, but “refocusing on how we are telling the story of what we do” as Lightstream is not just selling cloud and security services, but selling the “decrease of business risk on a much broader scale” than any other company he had worked for.

Los said that, ultimately, the problem space is pretty simple: there is your core stuff like legacy technology; your mobile, IoT and remote devices; and cloud, from VMs, containers and serverless.

“What companies want to do, and have been talking about for years, is manage risk; decrease overall cost, decrease complexity and increase operational effectiveness. It’s simple, but in principle every new tool and technology detracts from those. Lightstream wants to bring us back to those three stated goals.” he said. “You definitely want to manage complexity down, as the more complex a system is the more expensive it is and the harder it is to maintain, and the more risk it poses.”

“The more complex a system is the more expensive it is and the harder it is to maintain, and the more risk it poses”

He also talked about managing effectiveness. “So the way we’re looking at this isn’t about being managed in detection and response, we’re looking at risk to do networking and cloud and now security, it is different aspects and the message of the company becomes simple: connect, protect and optimize,” he said. He claimed that all too often, security teams rush to buy a new feature.

“My job here is to run the strategy behind the security business, develop collateral, help to understand market need and pitch the company, and look at a problem and ask how we would solve that from our perspective,” he said.

Was it the opportunity to build a new part of the company which interested him? He said it was, as he felt that security companies weren’t getting the job done with their narrow view – so it was time to go to the “bigger picture.”

He claimed that Lightstream presents a unique opportunity with strong, ethical and savvy leadership and understands where the future is. “I wanted to find a security company that doesn’t see itself as a security company that I could go and influence and do better for our industry, and here it is.”

What’s Hot on Infosecurity Magazine?