Post Syndicated from Rapid7 original https://blog.rapid7.com/2022/02/02/security-nation-john-rouffas-on-building-a-security-function/
![[Security Nation] John Rouffas on Building a Security Function](https://blog.rapid7.com/content/images/2022/02/security_nation_logo--1-.jpg){kind=logo}
In this episode of Security Nation, Jen chats with John Rouffas, CISO at intelliflo, about his experience building out a security function and team at a young and growing SaaS company. He shares his secrets of relationship-building (being a Brit, pubs are involved) and some of the key questions he asks when starting at a company that’s never had a CISO before. He also covers some of the challenges, including gaining visibility, and why being the dumbest person in the room is sometimes a good thing.
Stick around for our Rapid Rundown, where Tod and Jen talk about the 8 new vulnerabilities that CISA recently added to their Known Exploited Vulnerability (KEV) list.
John Rouffas
![[Security Nation] John Rouffas on Building a Security Function](https://blog.rapid7.com/content/images/2022/02/John-Rouffas-bio-_1_.jpg)
John Rouffas is recognized and respected as a leader in security operations on both sides of the Atlantic, having designed and implemented security operational and threat response capabilities since before the advent of SIEM technologies, for some of the largest government and multinational organizations in the world. He’s been involved with the development of operational technology security techniques for alerting within IT security operations environments, some of which have been adopted by critical infrastructure organizations in the United States. More recently, he’s been leading security maturity capabilities for SaaS organizations in the UK and US. Currently, he sits in the role of CISO at intelliflo.
John has been fortunate to combine two of his main passions in life: intelligence and technology. Some of his most notable experiences came while working with various US government agencies and developing large-scale security transformations, critical infrastructure defense techniques, innovative security operations, forensics, and threat intelligence strategies.
He’s also a qualified cricket coach, who still possesses a solid forward defensive stroke, and a very loud drummer (not necessarily a good one).
Show notes
Interview Links
- Take up John on the offer to spam him on LinkedIn.
- Learn more about what intelliflo is up to.
Rapid Rundown Links
- Check out CISA’s KEV list.
- Read up on the 8 vulnerabilities recently added to KEV.
Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.
Want More Inspiring Stories From the Security Community?