Welcome to Coruscant Technologies, home of the digital executive podcast. Do you work in emerging tech, working on something innovative, maybe an entrepreneur? Apply to be a guest at www.coruscant.com forward slash brand. Welcome to the digital executive. Today's guest is Josh Griskott. Josh Griskott has spent nearly three decades in the trenches of security and technology, helping companies turn complex risks into clear business advantages. Today, as vice president of security at Hydraulics, he's responsible for protecting a platform that ingests data at mind-bending scale, terabytes to petabytes, and delivers answers in seconds. His mission is simple, make security a value driver, not a roadblock. At Hydraulics, the results speak for themselves. The company has redefined what's possible with log data, making it affordable to retain for years, lightning fast to search, and powerful enough to give consumers instant visibility into incidents. Trusted by forward-thinking enterprises, Hydraulics combines performance and security in a way that's reshaping the data landscape. Well, good afternoon, Josh. Welcome to the show. Hey, thanks for having me on. Absolutely, my friend. I appreciate it. And you're hailing out of that Los Angeles area. I'm in Kansas City. Two-hour time difference, but I appreciate you navigating time zones to get on the podcast. So Josh, jumping into your first question, you're known for translating technical risks into actionable business decisions. What advice do you have for CSOs and security leaders who struggle to communicate effectively with executives or boards? I think the biggest piece of advice I could give to anyone is make sure that you're speaking the business language. So we've got to turn those technical risks and some of the details that we ultimately provide and remove all the jargon and remove all the technical items and translate it to a business item. So the downtime of an asset, loss of money, et cetera. That's really the best way to get across the security risks to the business because they'll understand it that way. And you got to find those pain points that they understand as well. Find out what keeps them up at night. Find out their concerns and make sure you're addressing things in that language. Thank you. And being in technology for a lot of years, it was important, especially as you moved further up into, for example, the C-suite, got to make sure you are speaking the business language, get rid of the acronyms, the jargon. You're not there to impress them. They want to better understand. And a lot of times it's about relating the risks to the financial bottom line. And I think that's really important. And then you also mentioned finding out their pain points. What can you do to help them? So I appreciate that. And Josh, hydraulics processes data at enormous scale, terabytes to petabytes with near instant search. From a security perspective, what are the biggest challenges when protecting data at that velocity and volume? I think it's still the same type of concerns and challenges you have with any type of dataset, right? Knowing and understanding what the data is there for, understanding how to actually leverage that data. If it's sim-related data or log-related data, you want to be able to actually use it because there's also, there's still a cost to all of that data. So getting the most value out of it. And also making sure that it is still actually going into the platform and going there reliably. And you're putting enough protections around that data. So are you using it well? Are you protecting it when it's actually in the data store? And then are you getting the most value from it? Because there's so much data within security. We've really got to be mindful of, hey, let's make sure that we're actually generating data that actually is going to be useful for us too. Even though we generate lots and lots of data, let's make sure that the data is also useful and helpful for the business. Absolutely. I appreciate that. And there is, especially hydrological processes, a ton of data. I was reading up on what it can do and the timeframe it can do it, which is pretty cool. But understanding what the data is there for is important. Understanding the data itself, protecting that data, and making sure that you're truly getting the value out of that data, as you mentioned. I appreciate your insights. And Josh, security teams today are navigating multi-cloud, AI-driven workloads, and increasingly complex infrastructures. What capabilities or mindsets will separate the next generation of successful security leaders from the rest? Automation. I think with the amount of work that we have within security, within technology, the only way to effectively manage multi-cloud, AI-driven workflows, and just the complexity that we have with SaaS platforms and all of that, is finding ways to automate the security controls that we have in place, the monitoring, the detection, and response, basically as many aspects as you can. We've really got to think through all of that. I mean, the analogy I often use is there's 100 things to do in security, and we're generally staffed to do about 10. That's just kind of the reality of it. So that means you have to prioritize effectively. But if you can remove, take that number of 100 down to like 90 because you put in some automation, that's a win. We will only see more complexity and more clouds and more systems just as technology continues to evolve. And we've got to find ways to stay ahead of the problem instead of continually falling behind. Absolutely. And it's so timely. We talked about that. I just mentioned before we hit record on the podcast that I attended a CSO, CIO event this week. And he just learned so much from so many different people and different protocols about this. But automation was a key component of the discussion to manage all these multi-cloud environments, the various complex infrastructures, et cetera. And with technology automation and AI, we're certainly going to help our people out, but also be a little bit more focused on those higher level tasks when we can again automate some of those routine and mundane tasks. Exactly. And even from an AI standpoint, we should be leveraging those types of tools to help us do some of that work, right? AI is a great enabler, but it doesn't mean that we need to be using actually AI in the workflow. We just need to be using AI to help us create some of those automations, use AI to help us with some of the simple deterministic type items, identifying an email address, those kind of things. It can create scripts for you really easily. So we have the tools, we have the capabilities now, it's just a matter of how do we actually use them to make a difference? Absolutely. 100% agree. And Josh, the last question of the day, as you're looking ahead, what emerging threats or technology shifts, maybe AI generated attacks, identity misuse, supply chain breaches, data sovereignty pressure, are most likely to reshape how security programs operate over the next three to five years? I definitely think the AI generated attacks are part of it, but at the end of the day, they're still just a regular attack like anything else. It's just the cyber attackers are using it to automate, to simplify their workflows. No different than my previous answer on how do you actually make a difference within your security program. So I think it's still going to be the same type of threats. It's just they're going to be moving significantly faster. They're going to have a lot more capability. And when you look at things like phishing, for example, with AI, they have the ability to write really good phishing messages. Whereas back in the day, it was easy to spot a phishing message. It's like, oh, yeah, there's grammar issues, there's punctuation, whatever it happens to be. But these days with tools like AI, they can actually make things look as legitimate as anybody else creating it. So just AI is an enabler for not only the defenders, but also for the attackers. So I definitely see that increasing quite a bit over the next three to five years. And that also factors into identity misuse, supply chain breaches, because we're going to see more of that just because of the ability for AI to actually breach a supply chain, right, to an open source project that starts getting used in a lot of places. And then somebody gets compromised and they're able to quickly rewrite that and change things within the kind of your within your supply chain. Or even you're using a legitimate vendor who has an AI component and then there's some type of jailbreak or something along those lines where now something in your supply chain is actually compromised. So I definitely think there's going to be a lot of things that have AI. It attacks in it, but it's not necessarily like AI itself. It's going to be the use of AI and the enablement from AI. Absolutely. Thank you. And you're absolutely right on that. AI is going to be an enabler. It's going to help automate tasks for the attackers, right? The bad actors. But as you mentioned, these AI generated attacks may be more prevalent in the future, but they're not going to, they're still going to be similar as the human level attacks, stuff that we need to be aware of. It's just to be a lot, probably a lot faster and more volumous due to the way that they can leverage the technology and AI. So I really appreciate that. And Josh, it was such a pleasure having you on today. And I look forward to speaking with you real soon. Yeah. Definitely like, I enjoyed it. So look forward to talking again. Bye for now.
