Stefano Butti - One Cybersecurity Rising Star’s Journey

Up-and-Coming
Written By Michael F. D. Anaya | Founder
Stefano Butti
Up and to the right graphic

Critical Stats

LinkedIn: https://www.linkedin.com/in/stefano-butti-436982138/

Started their cybersecurity journey in: 2019

Most passionate about: Identity-related security measures

Favorite zero-day: Adobe ColdFusion CVE-2023-26360

Favorite song: Feeling Good by Nina Simone

Introduction

Stefano's career trajectory has been impressive. Starting as a sales rep at Expanse (now part of Palo Alto Networks), he quickly demonstrated his potential. He eventually transitioned to a data analyst role, where he provided valuable insights into the product and engineering teams, solidifying his reputation as a driven individual. He later joined Randori (now part of IBM). There, Stefano gained experience in customer success and account management, further broadening his cybersecurity expertise.

While on his cybersecurity journey, he gained a strong understanding of critical concepts like attack surface management, cloud security, vulnerability management, risk and identity management, incident response, and identity and access management (IAM).

Stefano is up-and-coming

We selected Stefano because he is up-and-coming! He is a rising star in cybersecurity. I've had the pleasure of working with him at Expanse (and later Palo Alto Networks). His passion, drive, and dedication to the field are genuinely exceptional. Unlike many who simply fulfill their duties, Stefano consistently goes above and beyond, delivering outstanding results.

Without further ado, we asked Stefano our standard set of 5 questions to rule them all, and here are his responses:

Five questions to rule them all!

1. What is the biggest problem we are dealing with in cybersecurity?

I would say credential theft (stealing usernames and accompanying passwords). Recent industry trends and research studies show that the top two attack vectors are stolen credentials and phishing–in other words, bad actors are stealing login credentials and logging into protected networks instead of hacking into said networks via vulnerabilities. Even attacks such as the Change Healthcare breach, reported as a ransomware attack, started because a malicious actor gained access to stolen credentials. This is why the journey to passwordless and adaptive authentication is so important. If we can eliminate passwords, we will significantly reduce our attack surface. After we solve that issue, phishing is the next frontier to focus on, and I have many ideas for addressing it. Interview me again in a few years. 🙂

2. How can we address credential theft?

Modern authentication is the solution. This will likely come in phases. The first will be moving to adaptive multi-factor authentication (MFA). In other words, you can identify historical and behavioral patterns to determine who is logging in and whether they differ from that person’s usual activity practices. The goal is only to require higher levels of authentication for unknown identities or someone trying to log in who is displaying strange and suspicious behavior. Keep in mind this will help, but the goal should be to shift to phase two: passwordless and adaptive authentication.

Content by decodingCyber

Like our content? Let us do the same thing but for you. Interested? Let’s chat!

3. What are three actions a CEO can take to protect their company from cyberattacks?

Three actions a CEO can take to protect their company are:

  1. Use zero trust - Enforce zero trust through a modern authentication and identity program that covers ALL of an organization's systems, including on-prem and legacy solutions. 

  2. Prioritize data discovery and classification - Make sure you have adequate data discovery and classification capabilities for your data, especially if your data security team is small. If they are a small team, they don’t have the resources to comb through hundreds/thousands of database entries to identify which data might be classified as customer-sensitive information, such as personally identifiable information (PII) or protected health information (PHI).

  3. Monitor sensitive data - Monitor the most sensitive databases with a data monitoring solution to help identify risky activity and stay compliant. Most organizations feed all database logs into their security information and event management (SIEM). This creates noise for the security operations center (SOC), leading to missed alerts while at the same time raising ingestion (data utilization) costs for an SIEM solution. A data monitoring tool can do the heavy lifting for you and only notify the SOC of the most critical alerts.

4. What are the best resources for learning more about cybersecurity?

I like three:

They all provide a comprehensive overview of the cybersecurity landscape and can help you stay informed about the latest threats and trends.

5. What is one piece of advice for those wanting to pursue a cybersecurity career?

I have a few pieces of guidance, not just one. I would say:

  1. Focus less on programming and more on architecture.

  2. Have command of TCP/IP and understand all the protocols and their uses.

  3. Understand the purpose of encryption key and certificate management.

  4. Understand a security program's main aspects, such as the SOC, vulnerability management, IAM, data security, cloud security, governance & compliance, and pen testing.

  5. NETWORK!!!

I'm the king of the world! As such, I am making everyone share this epic interview.

Are you looking to go to a persona page?

Cyber 101 | The Solopreneur | SMB | BoD

Michael F. D. Anaya | Founder

I’m a techie who’s been in cybersecurity for over two decades. My passions are being a top-tier dad, helping others, speaking in public, and making cyber simple. I am also partial to cheesecake and bourbon, but not together… well, come to think of it, it might be a killer combo! TBD.

https://www.mfdanaya.com
Previous

Jude Fils-Aimé - Proactive Insights from a Cyber Expert
Next

Jameeka Green Aaron - The Value of Authentication and Leadership