Join our panel during Black Hat 2024 – Blurred Lines: Investigating the Convergence of Internal and External Threats



Insider Risk Insights - DTEX Blog

Meet Marshall Heilman: New CEO for DTEX

Meet Marshall Heilman: New CEO for DTEX

DTEX Systems has a new CEO.  

Meet Marshall Heilman: Former Red Teamer and Incident Responder, long-time Mandiant executive and man on a mission to deliver the best insider risk protection in the world.

Marshall, welcome to DTEX. You kicked off your career by joining the U.S. Marines, where you specialized first in networking and communications, and then in cybersecurity. How would you say your early experience with the Marine Corps has influenced your career and leadership style to date?

There are so many places where the Marines influenced me, but I will focus on two areas. First, the Marine Corps taught me what leadership means: how to lead people from the front; how to show your team or squad that you’re willing to do what you ask of them and more; how to hold yourself accountable to your team and vice versa; and finally, how to require excellence from your team and accept nothing less.

These aspects of leadership lead to strong team comradery and bidirectional respect, which encourages the team to push themselves to accomplish the mission you’re driving towards.

On the other end of the spectrum was my technical skills. The Marines gave me the chance to be as technical as I wanted to be and to learn as much as I could. I learned the underpinning of how computers operate and interact with each other across the internet, which is foundational for a career in security. Once you understand how something works, you can figure out how to break into it and how to secure it. It’s the technical understanding of how computers work, how to exploit them, and how to protect them that I developed an absolute passion for. This technical depth and passion are what launched my career in red teaming and incident response.

I always tell people that I wouldn’t trade my time in the Marine Corps for anything. It was an invaluable experience for me. The same is true for my 17 years at Mandiant. The experience I gained and the talented people I worked with set me up for future success in this role.

What drew you to DTEX?

There are many factors that drew me to DTEX, but I’ll abide by the “rule of three”. The first was the passion and experience the DTEX team members I met had for the insider risk problem. They were operators first who clearly understood the problem they were solving for customers, and how to take care of their customers. Since insider risk is a top concern for CISOs worldwide, DTEX is the right company to solve a problem that plagues organizations of all shapes and sizes.

The second factor was the InTERCEPT platform itself. I have a lot of experience evaluating companies and technologies, and I immediately recognized the value, and the mature approach InTERCEPT took to managing insider risk. The product effectively sold itself to me.

The third factor that drew me to DTEX was the positive customer feedback I received on the product and the company. It was immediately evident that DTEX’s customers love InTERCEPT (because it meets their needs at all levels of an organization) and enjoy their interactions with the experts at DTEX. This is a powerful combination.

Mission-oriented companies, like DTEX, understand that we’re not selling our customers a product only to move on to the next sale. We exist to help them solve a problem. We are invested in our customers’ success, and we take our work personally.

When you reflect on your time at Mandiant, are there any parallels you draw with DTEX? 

I definitely see some parallels from Mandiant’s early days and where DTEX is now. First off, Mandiant today is an amazing and large organization. The parallels I see are from when Mandiant was a similar size to DTEX. Some of those parallels are the relentless focus on mission, and the business being managed by operators. The focus on customer satisfaction and always providing value to customers. The engagement from all employees to ensure successful outcomes. Working long hours and enjoying the experience. And finally, the excitement around the opportunity in front of us.

In your view, what’s the biggest issue with insider risk?

I think the biggest issue with insider risk right now is that the industry has not clearly defined it as a category, and so different companies approach the problem differently. There isn’t agreement on what should be considered an insider risk or an insider threat, and how you manage each. We have seen good progress on this front, starting with the Gartner Market Guide for Insider Risk Management (IRM) Solutions.

What do you think it’s going to take to develop a universal consensus around what defines insider risk and how we solve for it?

I think it’s like any other codified sector that security industry operators and analysts agree on. It takes time, it takes patience, and it takes lots of awareness. As a company we need to do a better job of getting out there and educating our customers and the market on how we view the insider risk space, which can lead to the proverbial snowball effect. We’re already seeing analysts start to talk about insider risk the way that we do. But it takes time. It’s an evolution.

I don’t expect that, at six months from now, we’ll see the entire market agreeing with our definition of insider risk, but if the industry is talking about insider risk the way we’ve defined it today in two or three years, that’s a win for DTEX and the insider risk industry.

Would you argue that achieving this consensus requires collaboration and information sharing?

Oh, absolutely. If we’re not getting that information out and we’re not sharing information with our customers, partners and analysts, we’ll never reach consensus in the market.

It’s not good enough to say, “Hey, we’re a vendor. We think X, Y, and Z is true.” No one’s going to listen. What they want to see, and what they are seeing, is that DTEX is more than a product vendor. DTEX is an organization that cares deeply about helping our customers manage their insider risk, which ultimately improves their overall risk management posture. Going forward, we are going to focus even more on thought leadership and making crucial information available to the community.

Is there one vertical that practices insider risk management extremely well that other verticals could learn from?

Great question. Based on my experience, I see that the big technology, financial, and pharmaceutical industries are the most advanced in how they manage insider risk. I couldn’t pick just one.

What is it specifically that these verticals are doing right that other verticals should be homing in on?

Well, one of the core reasons that these industry verticals are managing insider risk well is because of the nature of their businesses and the potential ramifications of a data breach, whether intentional or not. Additionally, these organizations, as with many others, put such trust in their employees that they have to ensure they effectively manage risk from malicious or negligent insiders.

But as far as what other verticals are doing right, I want to cover three aspects. The first is focus. They have a focus on insider risk and therefore they put appropriate controls in place, they spend the appropriate amount of money, and they have the appropriate amount of time invested into having a good insider risk program.

The second aspect is understanding user behavior. Just because a behavior is unusual doesn’t make it inherently bad. Understanding psycho-social indicators, and having a mechanism for capturing, correlating and aggregating various indicators is critical to understanding and mitigating insider risks. The context behind an action matters when dealing with humans.

The other thing is education. What you don’t want is for your workforce to feel like they’re restricted from doing their jobs. If you’re telling someone they can’t do something, it always helps them to understand why. Most insider risk incidents are non-malicious, meaning most incidents occur from either negligence or from being outsmarted. This is why education matters. You want to educate your workforce on insider risk, what’s acceptable and what’s not – and most importantly, why they should care.

What does the future hold for DTEX?

Exciting times. I, along with everyone I am conversing with outside the company, am incredibly bullish on the insider risk management space in general and, specifically, DTEX. As we look to the future, we will continue to bolster our platform. We always want to build solutions that solve customer pain points today and into the future. I plan on spending a significant amount of time with our customers to understand what solutions to pain points make sense for DTEX to integrate into our platform.

Our focus always has been, and will continue to be, to provide the best insider risk management protection in the world to our customers, and to be thought leaders in the space.

I am excited to see what the future holds for DTEX and our customers as we continue to evolve to prevent insider risk.

DTEX InTERCEPT is a purpose-built insider risk management platform that consolidates the essential capabilities of data loss prevention, user behavior analytics, and user activity monitoring in a single, lightweight platform to provide early detection and proactive mitigation of insider risks. Uniquely, InTERCEPT leverages AI/ML with behavioral indicators to surface and remediate insider risks at unprecedented scale without jeopardizing privacy or performance.

To find out how InTERCEPT can elevate your insider risk capability maturity, request a demo.