In this insightful video, Myke Lyons, Chief Information Security Officer of Cribl, sits down with theCUBE hosts, Dave Vellante and John Furrier, during the RSA Conference 2025. Highlighted by industry experts at theCUBE Research, the discussion delves into the rapidly changing dynamics of cybersecurity, emphasizing significant themes and partnerships prominent at the event.
Lyons brings expertise to the table, addressing key shifts in the cybersecurity landscape. The conversation underscores the relevance of security data lakes and the resurgence of extended security information and event management systems (XSIAMs). Lyons discusses Cribl's recent partnership with Palo Alto Networks, emphasizing its significance in enhancing data management and security strategies. Hosts Vellante and Furrier guide the conversation with deep insights into industry trends.
The discussion reveals actionable takeaways and insights from Lyons, such as the importance of clean and context-rich data for security and the emerging role of agentic artificial intelligence. They explore how organizations such as Cribl are navigating new partnerships to facilitate better data governance and operational efficiency. The analysts and Lyons examine how these developments are shaping the industry's future, offering invaluable insights for professionals navigating similar challenges.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For RSAC Conference 2025
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for RSAC Conference 2025.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
RSAC Conference 2025. If you don’t think you received an email check your
spam folder.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to RSAC Conference 2025
Please sign in with LinkedIn to continue to RSAC Conference 2025. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Myke Lyons, Cribl
Exploring the Evolving Landscape of Cybersecurity at RSAC 2025
In this insightful video, Myke Lyons, Chief Information Security Officer of Cribl, sits down with theCUBE hosts, Dave Vellante and John Furrier, during the RSA Conference 2025. Highlighted by industry experts at theCUBE Research, the discussion delves into the rapidly changing dynamics of cybersecurity, emphasizing significant themes and partnerships prominent at the event.
Lyons brings expertise to the table, addressing key shifts in the cybersecurity landscape. The conversation underscores the relevance of security data lakes and the resurgence of extended security information and event management systems (XSIAMs). Lyons discusses Cribl's recent partnership with Palo Alto Networks, emphasizing its significance in enhancing data management and security strategies. Hosts Vellante and Furrier guide the conversation with deep insights into industry trends.
The discussion reveals actionable takeaways and insights from Lyons, such as the importance of clean and context-rich data for security and the emerging role of agentic artificial intelligence. They explore how organizations such as Cribl are navigating new partnerships to facilitate better data governance and operational efficiency. The analysts and Lyons examine how these developments are shaping the industry's future, offering invaluable insights for professionals navigating similar challenges.
Myke Lyons, chief information security officer of Cribl, joins theCUBE’s John Furrier and Dave Vellante at the RSAC 2025 Conference. The conversation explores key cybersecurity shifts, including the rise of security data lakes and renewed momentum around extended SIEM strategies.
Lyons shares insights on Cribl’s partnership with Palo Alto Networks and what it means for modernizing data security. He emphasizes the importance of context-rich data and the growing influence of agentic AI in real-time threat response.
The discussion also highlights h...Read more
exploreKeep Exploring
What are some of the themes that have been discussed at the conference, specifically related to security data lakes and XSAIMs?add
What discussion was had during the last interview with Ryan Abert from the ICE?add
What are some key factors in providing customers with access to their own data and schemas, as discussed in the text?add
What considerations do you typically have when deciding between using an on-prem AI solution versus a cloud-based AI solution?add
What is the difference between automation and agents in the context of practical AI approaches being taken in security?add
>> Hi, welcome back to theCUBE's live coverage of RSAC 2025. My name is Dave Vellante here with John Furrier. Jackie McGuire's in the house. John Oltsik, the entire CUBE team. This is Wednesday Hump day, but it's flying by. Myke Lyons is here. Myke with a Y. CISO of Cribl. Good to see you again, Myke.
Myke Lyons
>> Great to see you again.
Dave Vellante
>> I said, how's the show going? CISO at RSA. How do you think it's going?
Myke Lyons
>> We talk a lot about Waymo's.
Dave Vellante
>> Yeah, Waymo's very cool. Okay. So how's the show been for you so far? What is some of the big themes that you're hearing that we should be paying attention to?
Myke Lyons
>> It's been great. Weather, thank God has been fantastic, which makes any conference like this a lot easier for us to digest. Themes that are really interesting to me. XSAIMs back in the way ... I would say that there was a lot of conversations around security data lakes and how we were working on them, making them great, and then that was five years ago and then we sort of didn't do the best job I think as security folks, and I think we were coming back to XSIAMs being back-relevant, but what is it? Is it still the same thing that we were doing previously? It's been pretty neat to hear a lot of that. Obviously, agentic AI is a big conversation most interestingly that I'm gaining or that there's real applications for it. It's been very interesting to hear that.
Dave Vellante
>> Yes, of next-gen XSAIM people talk about. So you guys just a couple days ago, right? What's today? Two days ago, you announced with Palo Alto, new partnership help customers accelerate adoption of Cortex XSIAM. Okay. So what did customers tell you? What was the pain they were facing to convince Cribl to say, okay, we're going to have a formal partnership with Palo for Cortex rather than maintaining your purely integration-agnostic approach. What were customers telling you that led you there?
Myke Lyons
>> I guess first and foremost is customer-first, right? Customers-first always is our mantra and one of our core values of the company. So customers are Palo Alto customers. There's so many of our customers that are in that space and it's really along the theme of still being able to own and have your own agency around where those data go. And in this case, going to Palo Alto made perfect sense because there's so many of customers of ours that are wanting and adopting those technologies like XSIAM, very much in line with where we're going. There's also the other component of it, which is you want to send this XSIAM data to the XSIAM. You may have maybe less critical information that's not your top tier and the hierarchy of your data needs. Maybe that goes somewhere else and it gives them that opportunity. The next part of it is being able to POC something like an XSIAM really easily because you can keep all of your infrastructure in place. Changing XSIAM is challenging for security people. You're changing the tools. If I have a bag full of tools that I'm super comfortable with and now you switch me from Craftsman to Irving or whatever, it's an adjustment. You're going to have to learn that being able to continue to run your business in a safe way, but also giving you the opportunity to look at others is critical.
Dave Vellante
>> So, Palo, big footprint, obviously. Now, of course, to make this happen, you got to have clean data. It's got to be context-rich. So how is this integration kind of de-risking customers take a POC, getting the time to value? Can you sort dig into a little?
Myke Lyons
>> Absolutely. So first off, cleaning the data in many ways is important. Logs are written by developers who have very different points of view as they write these logs or as they build these logs within their applications. Most developers want verbosity, right? They want debug level. Security people don't want that stuff. We want to be able to turn it on if we really have to, but generally, we don't want it. So a lot of that other data is just erroneous or not necessarily helpful to our mission to solve things.>> You guys have been one of the fastest-growing startups as well documented. We've been following Cribl since the founding Clint and the team. It's been fun to watch. But this year the theme of speed pays a play and security. I mean, agentics just arrived on the scene. People see practical use cases. You bring up efficiency tools, managing operations. How has the speed game changed and what's different this year? Obviously, XSIAM back or never left the building so to speak, but what's changing with respect to some of these tools and platforms? When you look at some of the speed and efficiency challenges, efficacy's always up there, but the speed game is really kind interesting that do what's new and what kind of falls by the wayside. Is there any kind of visibility into an obvious best practice or an obvious well, we don't want to do much of that anymore?
Myke Lyons
>> Well, the data growth is a big challenge, right? 28% CAGR on data volume.
Dave Vellante
>> That's an IDC number, I think.>> It is. It's also something that we see.
Dave Vellante
>> We give credit for that.
Myke Lyons
>> Further validated. Fair point. So that requires us to operate even faster than we were. If it wasn't growing at those speeds or wasn't growing at those volumes, we could increase our speed and do better. The challenge is we have to get into use cases and how we're going to leverage these things. And every non-tech person who's an investor or a finance person or CFO is asking you to adopt more AI. Well, you can't just adopt more AI. That doesn't mean anything. I could have the Perplexity app on my phone doesn't mean I'm adopting it. So I have to be able to understand what I have. So how am I going to use this? And the only way I'm going to be able to do that is to really narrow in on where my priorities are from a security perspective and then be able to use those data, govern them in some way.
Dave Vellante
>> Stay on this .
Myke Lyons
>> And then jump on AI and then get the AI to tie into it.>> Okay, go ahead.
Dave Vellante
>> So we talk about data pipelines all the time and the sort of mainstream. With that kind of data growth, what happens to the data pipelines in the security world? What are the similarities? What are the differences between the sort of the conventional analytic data science data pipelines?
Myke Lyons
>> I mean, multi-destination is critical for us in security. We have so many different use cases that are going to be solved in different ways. There's going to be different technologies we have there. So XSIAM is obviously high value, high response rate, has to be superfast, great correlation. That's like our top-tier data, that's our high-value data that also has high costs associated with it. We have other tiers of those things and it's really important that each one of those pipelines can support those tiers and we might not need all of the components of a particular log entry. We might need a subset of it. We could just need some of the metadata that goes over there because we might be looking at, hey, what's normal on Monday morning when the Monday morning is a non-holiday, right? And we want to be able to figure those things out. So where are we trending? The only way you can do that is with appropriate pipelines that support those needs and then being able to manage them at scale, not just data volume scale, but endpoint scale. How many edge nodes do you have out there? Those numbers are all over the place, especially with cloud adoption, multicloud, multi-destination. It comes very complicated. So having a management tier to be able to push quickly to all of those places efficiently is critical.>> On the scale piece, this is another huge thing. You're seeing new opportunities emerge or problems since opportunities. What are some of the scale challenges that keeps you up at night because you're operating at scale, the data growth clearly, and AI's creating more data too. I mean those agents out there are going to have more data needs, more data they're throwing off, data exhaust. So you got a lot of data flying around, got to slice and dice it, do pipelining. What is the scale challenge? You guys are living it. You're in the scale rarefied air world of ... So what's keeping you up at night and what are you excited about that you think you can get your arms around in terms of the scale advantage?
Myke Lyons
>> Absolutely. So aside from the data scale challenge, so I slip over a little bit to an operational challenge. So as a CISO, I'm fortunate to have been an operator. Fortunate is a strong word for being an operator. It does kind wear on us after a while midnight and blinky lights, right? Get us all the time. But on that side, think about our tier-one analysts today, right? They're not going to be the same tier-one analysts that we have tomorrow. We might not even have tier-one analysts in the same way. We might call them that because we want to give them a career path and a career growth, but what's going to be really important for us is to be able to adopt agents and things that can do the work that we want to do. We get an incident, thing goes off, we start writing down not only the timeline, we start to deal with the issue itself. We also put to the side the work we're going to get to when we're done, when we've stopped it, we got the bad people out, now we have this other follow-up. What's happening with agents is completely changing the game That's happening now in parallel where we can find other places where that bad actor was over here or this behavior was over there, unlocking complete potential. I think MSSPs are looking at this thing. MDR technologies. Me, myself as a security person, I want my great people to be able to operate with themselves in such a broad way.>> One of the things that's come up was on our last interview, Ryan Abert from the ICE, which is the parent company of New York Stock Exchange. We're talking, and I've heard this from other practitioners, that are in your role too is that in security, everyone has three to four jobs, right? The pay's still the same. It's good pay, it's not bad. But now there's also organizations that have leaders that step up in this, okay, we're going to rein in this AI thing and get it into use with agents and whatnot. Then it goes away because everyone kind of diffuses. So the question is for you is do you see that helping this multi-job role, because that's kind of the reality. I mean, I'm sure you'd agree that you probably have three or four extra jobs that pop on your plate. That's a norm in the industry. Where does the AI piece and now you have data luxury of having a lot of data at scale, it's a benefit? Does that change or it's still going to be, we all have two to three, four jobs in security?
Myke Lyons
>> I mean, AI is a summarization of a series of applications that can help you or things that can help you. By the way, Ryan's awesome, great person, known him for a number of years.>> He is awesome.
Myke Lyons
>> He's absolutely spot on with the multi-role. What I'm starting to find is I'm leveraging AI for my own usage, not just within deploying it in my environment, but actually just sort of making myself challenged in my way. So first off, I can report better to senior leadership with AI. I can also know that my coverage is considerably better than it ever has been. Now there's a million new potentials there that I'm super looking forward to getting into where I can execute additional things there. I don't imagine it displacing my folks. Definitely not imagine it displacing my folks, but I do imagine it me taking those things that I've learned as a person who's practicing in AI and taking those skills, sharing those with my other folks. What I'm really intrigued is what is the next group of people that are coming into our organizations and what's their perspective on how they're going to leverage AI and how can I learn from them?
Dave Vellante
>> So CISOs love Cribl. They love the fact that you're like Switzerland, right? Okay, so you do this deal with Palo Alto. That's cool. You shared what that was, but are there other opportunities that you guys are looking at maybe to do tight partnerships? I mean, there's identity graphs. We're hearing a lot about that. There's SASE. There's cloud data lakes, things like that. Should we expect other partnerships like this?
Myke Lyons
>> Absolutely. So the core thing is we have those data. Customers have it. It's their data, it's their format, it's their schemas, but we have it available. We've made those things available to them. They have it in locations, they can access it. Identity graph's a great one there. We have a lot of the information around identity. We're not an identity company, but it's still there and it's the information that they wanted that they may have struggled previously to be able to manipulate and control, and leverage further. So critical for us. The next part of that is additional partnerships. The big benefit that I have as a security person, so I'm the first Cribl customer. We call ourselves goats and we're all part of the herd. So I'm the first herd, right? A couple of meanings there, but the reality is that I'm the first customer and I'm super excited about that. What I get to do there is the technologies that I consume as a CISO, I get to plug those into Cribl and then I get to look at ways that I'm going to consume them and measure the value on those tools. So is that thing operating for me for what my use cases are and for what my needs are? So that's just going to expand those partnerships across the board.>> That's great. What's next for you guys? Obviously, we're hearing a lot. Even Sovereign cloud came up, data's sliced and diced. Data's the goal as you've been pointing out, and there's a lot of benefits that may not be in your core business, but you're enabling opportunities. So global is a huge thing too. We're seeing global threats, global infrastructure, global data. What's the view on global and what's next for Cribl?
Myke Lyons
>> So speaking around what we're seeing and what I'm seeing day to day, we have threats coming in ways that we maybe hadn't perceived. Things like fraud, employment fraud, the North Korean IT workers risk that's going on, moving now way more, just not US-centric, moving more into Europe as almost they've declared that they're going to start to attack Europe in these rogue ways. This is a big reality, but how do you know and how do you deal with situations like that? We're looking at things like plugging them into our applicant tracking systems like we've never done before. I'm spending more time with my talent acquisition partners, not just because I want them to get the best people to work for us, but also to be on the lookout of these things. I'm working with hiring managers and the only way that I can do that is to gather all of the data, look through, do my threat hunts, is this reference, is John Lewis really John Lewis or is this the John Lewis reference that we've heard from our friends and peers are bad actors. So I think that's a big step and a big change for us. And that's all data aggregation. The other thing is, again, going back to it's my data, I want to be able to run with it. I want to be able to format it and use it for my cases. And that's I think the big defense that we're->> We've been saying on theCUBE, the ground truth is the data. I mean, at the end of the day, network and data are two great environments. What other things that are on your mind as a CISO? So you had, again, a busy event. This is like you're in high demand. What's on your mind these days? What are you excited about? What are you fearful of? What are you thinking more about? Can you share some of the psychology around what's going on in your world?
Myke Lyons
>> Yeah, I think the big one for me is multicloud. That is a big theme. So we just are accepting the fact that everyone's going to be in a number of them. Our customers themselves, cloud adoptions still at a crazy ramp, years and years on, it's still at a ramp. There's still a bunch of technologies that exist on-premise and people don't want them there anymore. That is really an interesting thing. The other part of it is the governance component of the data. And just broadly speaking, people want to adopt AI and there is definitely some impact there with people being nervous about what that looks like. So understanding whether it's lineage around the data, the components of those things, that's been a big theme overall. We're all dealing with identity issues, but there's about a million ways to solve whatever each one of our identity problems are. I think that that's a big theme across the conference that I've seen and I've heard the word node. I've probably written it down about a hundred times. I'm not really sure what anybody means by it. I mean, I have my own perspective on it, but I've heard the word "node" a lot. So that's the one I'm going to figure out what the hell they mean when they say node.>> The node, the network, like a node, like an app?
Myke Lyons
>> I'm hoping because I'm still trying to figure it out.
Dave Vellante
>> I want to follow up on something you said. So it's true. I mean, the cloud ... I look at our numbers just for AWS, Azure and GCP. It could be $240, 250 billion this year in revenue. It's insane. And we're talking about mid-20 to 30% growth. So you're right, still really incredible movement to the cloud. At the same time, people are saying, Hey, I want to bring the AI to the data. My data is on-prem. Cloud actually can get expensive. I'm not going to move all these options. So I want to ask you your thoughts on that. I mean, what are customers telling you about that sort of on-prem AI? And we heard from Ryan, ICE building, it's AI center of excellence for on-prem. So what are you seeing there in that tussle?
Myke Lyons
>> So the application of the AI is really where I'm finding both. I have an on-prem AI solution that we're operating with in one way, and then I have a lot of non-on-prem, cloud-based AI solutions. When it's an on-prem solution, it's typically because I don't know what it's looking at, and so I feel better when it's in my house and I can corral it and I can put it in the corner and put it in the safe, put the AI in there and then shake the box and hope I get some genius on the other side versus other things where we have a better understanding of how the AI can be helpful and leveraged. So the big application that we have of AI and Cribl is very thoughtful about how we want to do it. We don't want to AI-wash anything that we do is getting over the problem of query generation. I want to look at the data. How do I want to look at the data? I just want to interact with it. I want to ask it questions that I wanted to give me back what I need. So in those veins where it's something that's very highly adoptable because you're low risk, you're not training on those particular data themselves, those are the great applications to make them in the cloud. Easy adoption, but other ones, mysterious security incident including threat intel, I may or may not entirely own or I might've been shared through friends groups. That's where I want to be very thoughtful.>> Yeah, Myke, the key trend we're seeing, and to your point about AI, you're excited about it. There's some confidence in some areas with agents. The security, there's a practical AI and that word's been kind of generic, but there's a practical AI approach people are taking in security because they're red teaming the models. That's another app I've heard talk to company security pros like, oh, it's just another app to us, but we have to interrogate it. So there's a lot of practical use cases of AI. And that's what's unexpected. I would expect that AI, it's hype now. There's a hype cycle, but there's also a reality. There's some real practical ... Security folks love automation. So what's the difference in your mind between automation and agents? Because agents is non-deterministic. It's automation with a twist. Thoughts on that? Any perspective on kind of automation versus agent automation versus too much automation?
Myke Lyons
>> I mean, typically, the automation operates off of a playbook. So something you've already done, you've probably done it 10 times and then it reaches the level at which we're going to automate the process. IT has been doing this for years with change management, you have the different hierarchies of change management. I was at ServiceNow for a while, so change management is now in my bloodstream. It will be for the remainder of my life.>> That's good.
Myke Lyons
>> Yes, absolutely, I'm a fan, right? Governance, security people, that's what we do. But I think the thing that we've been working towards where the AI plays a bigger part in those stories is how can it pivot based on the information. So what I'm hopeful for with AI is actually a larger adoption of it, being able to interact with my people, my users, my customers, and have a continuous conversation with them, the conversation I want to have, but I got other stuff going on. I have other fires I want to deal with. And so in that vein, I think the AI is really going to unlocks and reduce a lot of the mundane tasks. Playbooks and SOAR, a lot of those things were not necessarily mundane, they were a bit more repetitive. So the results of those things were better. But now I can say, Hey David, you're going to need to change your password. We just found out it was compromised through something or other and you're on vacation, you're on a flight, you don't get there. You haven't responded to me in four hours. Typically, I'm setting a timer, I'm not doing it anymore. I'm having the bot have that conversation. I'm using an AI for those things. So I think this is just more the continuous scalability that we get as security operators that SOAR gave us the context quickly. Now AI is sort of allowing us to operate at a higher percentage.>> And that's more of the practical angle of it. It makes sense to do that. Okay. All right, guys. You have to trust it. I guess the next question is that a lot of CISOs are here. What are some of the conversations you've had with your peers, dinners, hallway? Can you share any kind of the candid conversations? Feel free to share any observations and freelance any comment about the vendors.
Myke Lyons
>> I'll be thoughtful there as a vendor myself, but I think some of the big takeaways that we've been seeing, incident response and how we're doing that better and how we're operating together as teams, that's a big one. Everyone's complaint: third-party risk. That's a huge complaint. I myself as a vendor, I got to work with my customers. They want to use my stuff. They can't use my stuff unless they come in and do periodic examinations. You can imagine what those examinations feel like. Automation, right? For automation. Those are big things for us. We're struggling with it. I was speaking to an exceptionally large financial institution, one that's over a hundred years old and I was like, well, if you had a magic wand you could solve any problem. What would it be? And he goes, third-party risks, security questionnaires, they don't work, they're contactless, they're terrible. So big problem there. We've got some great automation that we do. Trust portals, super-critical. We wouldn't be able to survive without our trust portals, but we can't measure each other like us and a vendor and customer, we're just not good at it. We have to feel like we have to interview a lot of these folks, ask them a million questions, but we don't know what the hell they do. We don't know how they it. And so we're asking theoretically not great questions, right?
Dave Vellante
>> Fear of the black box. So how does that change then? So going forward you say, okay, I need access to your network. I'm going to go in and-
Myke Lyons
>> That's going to be a hard no.
Dave Vellante
>> Exactly. That's my point is okay, how do you solve that problem?
Myke Lyons
>> So I think an interesting way to solve it is you Mrs. customer, you're a life sciences company and you've got like five or six things that you need to make sure are actually operating continuously with me. It's not what the results of that thing that I'm operating, but it is very much are you doing that test on that weekly, on that monthly, on that quarterly basis. Being able to give you sort of a traffic light level response is critical. I think that's the first step for us, to be able to integrate, make it API-driven so you can access, Hey Myke, Cribl, you're doing vulnerability scans in your cloud environment at least daily. I can see, I think a Chiclet going across, right? What's my Status.io sort of scenario? Status.io for security. Am I doing my vulnerability scans? Are they hitting the mark? Are they continuously operating there and have I not just turned them off or I've disabled them or I've adjusted them? Those sorts of pieces of validity I think we can get there. The days of us sharing spreadsheets that someone's never going to really read, and when they do, it's not going to be a solid understanding of the read, I think those days are over.
Dave Vellante
>> Myke, great to see you again. Thanks so much for coming on.
Myke Lyons
>> Great to see you both. Absolutely.
Dave Vellante
>> All right. This is Dave Vellante with John Furrier. We've got the Cyber Lunch coming up now. Just stay tuned and we got some replays and we'll be back right after this short break. You're watching theCUBE's coverage of RSAC 2025. Be right back.
Dave Vellante