Why I Quit Being a JupiterOne Customer...

by

Over the past 19 months, I was empowered to create a security and compliance function at a Seattle startup. I was a pretty successful Security Director by most measures - I helped my employer win a Series B funding round then a Series C, and cultivated many amazing customer relationships. I got to experiment at the bleeding edge of cloud-native startup security and being a JupiterOne customer was a huge part of this successful journey.

JupiterOne was the first piece of security software I bought. It helped the company’s security and DevOps teams win customers, pass audits, manage our cloud assets, and improve overall security posture as the organization doubled, tripled, and quadrupled in headcount. It was effortless for me to justify the cost of JupiterOne renewal after 12 months since I could very easily point to times that the Slack JupiterOne alerts lowered the AWS bill or averted a crisis.

Also, JupiterOne Insights dashboards made me seem smart in front of executives and customers - I bragged about my GDPR dashboard daily, to anyone who’d listen.

While I could have continued my work at the startup, I was eager for a new challenge. Plus, if I learned anything in the last few years, it’s that being a Security Director is hard, exhausting work.

Sanity Check: Security is Hard without the Right Context

Security is the only thing I ever really wanted to do when I grew up. I've worked with organizations large and small and found regardless of the size, the challenges all businesses face fundamentally start with their cyber asset landscape. They don't know what they have, much less the true extent of the relationships between cyber assets and their company's infrastructure. Also, regardless of what the media says about skyrocketing security salaries, most of us aren’t doing this work for the money. There are much less stressful ways to make a comfortable living. Virtually all security practitioners do this work because they share the core belief that security is a basic right.

Also, I’ve observed first-hand that most of us face a nasty learning curve in our first security leadership role and many of us spiral into PowerPoint hell after realizing success is based on communicating effectively. Truthfully, it’s a struggle for many security practitioners to communicate the right info in the right context to executives, customers, and colleagues. It’s even more onerous when your CEO expects a complete update summarizing “security” in exactly one slide. And, no you can’t use font size 8! JupiterOne Insights saved me with visual collateral for these types of updates but it still wasn’t easy.

Lastly and most importantly, I learned once you know your security goals, you must put your security and compliance program on autopilot. Automation is key to survival and scaling up maturity. Integrate, automate, orchestrate, or you’ll crash and burn. Studies show the average CISO burns out after like 11 months and way too many of us regularly put in 14-hour workdays. So, something's got to give.

So, I spent a few weeks casually job-searching. I took some of the great advice I regularly give to my mentees and said yes to most conversations with potential employers. As it turns out, the security job market is definitely red hot. But, I learned something else, too - that I couldn’t possibly bear to go do my job at a company using spreadsheets for asset inventory, vulnerability management, and risk.

Life is way too short to do cloud-native security with spreadsheets, especially after using a cyber asset attack surface management (CAASM) tool like JupiterOne

So, I Quit Being a JupiterOne Customer and Became an Employee.

Monday, I joined the JupiterOne team as an employee in a Field Security Director role. It’s an ideal arrangement, since I still get to use JupiterOne every day to seem smart. Armed with some fresh real-world experience as a Security Director, I’ll be helping JupiterOne customers realize the value of a CAASM tool. In addition, I’ll be writing, researching, and helping grow a community of security practitioners at the cutting-edge of cloud security. I’ll get to learn at the feet of top brains like Tyler Shields, Sounil Yu, and Kenneth Kaye and help the industry create common knowledge of solving the most significant challenges we face.

That’s the story of how I stopped being a JupiterOne customer and became a JupiterOne Field Security Director.

Jasmine Henry
Jasmine Henry

Jasmine Henry is a security practitioner who's used JupiterOne to create a compliant security function at a cloud-native startup. She has 10 years of experience leading security programs, an MS in Informatics and Analytics, and a commitment to mentoring rising security practitioners from underrepresented backgrounds. Jasmine is a Career Village co-organizer for The Diana Initiative security conference. She lives in the Capitol Hill neighborhood of Seattle, WA.

Keep Reading

Introducing Continuous Controls Monitoring (CCM) | JupiterOne
November 7, 2024
Blog
Introducing Continuous Controls Monitoring (CCM)

CCM delivers real-time visibility, proactive risk management, and streamlined compliance for security.

Now Available: JupiterOne’s Public Postman Workspace | JupiterOne
October 31, 2024
Blog
Now Available: JupiterOne’s Public Postman Workspace

Explore JupiterOne’s Public Postman Workspace to streamline your workflows and enhance your security operations.

Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets | JupiterOne
October 16, 2024
Blog
Prioritizing Exploitable Vulnerabilities to Protect Your Business Critical Assets

Vulnerability scanners flood teams with alerts, but CTEM helps prioritize based on exploitability and business impact, ensuring focus on the most critical threats.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.