Produced by:
The Evolution of
Cybersecurity
Netwrix CTO Jeff Warren on Growth, Technology, and Leadership
A TechPros.io Interview with Jeff Warren
CTO
🎙️ Listen to the full interview
in the Enterprise Thought Leadership podcast, powered by TechPros.io
Jeff Warren brings over 15 years of technology leadership experience as the CTO of Netwrix, a leader in data security solutions. We discuss his career journey, the evolution of cybersecurity, and how Netwrix is enabling organizations to securely embrace digital transformation.
You have an impressive background, pivoting from engineering into product management and leadership roles. Can you walk us through your career journey and what led you to become CTO of Netwrix?
My journey in tech started in college where I studied computer science and knew in my heart I wanted to be a software engineer. I landed my first job as a programmer on Wall Street, thinking I had “made it” on my career path. But after about 3 years, I found myself drifting away from coding and more drawn to working with other engineers to solve bigger problems. That evolution led me into product management. I joined a company called Stealthbits in 2010 as a product manager when we were only about 30 employees. It was incredibly rewarding to figure out what products we needed to build and how to find that product-market fit.
As we grew from 30 to over 200 employees, the challenges shifted from product ideation to how do we scale this organization? That led me to move back into an engineering leadership role as CTO to oversee the department and help scale. Then in 2021, Stealthbits was acquired by Netwrix and the rest is history.
Can you give us an overview of Stealthbits and the cybersecurity problems you aimed to solve for large enterprises?
Stealthbits was focused on data security products for large enterprise customers, primarily in the Fortune 500. Many organizations were having trouble scaling security solutions across their environment. Securing Active Directory is hard, but doing it across 300 domain controllers and a million objects is near impossible without the right tools. That was our niche - building enterprise-grade security around data, access governance, and Active Directory.
For those less familiar, can you explain what exactly Active Directory is and why it has become such a prime target for attackers?
Active Directory has been around since 2003 and serves as the core directory for Windows networks. It joins all the computers, users, and access together across an IT system. It’s really the lifeblood of any enterprise infrastructure. But that also makes it a major target, as compromising Active Directory can provide the “keys to the kingdom” in many ways. It’s usually the first goal for any attacker trying to infiltrate an organization. Once you gain domain admin privileges, it often means game over.
It’s really the lifeblood of any enterprise infrastructure.
As attacks have become more frequent and sophisticated, often abusing tools like AI, how has Netwrix evolved its security solutions to stay one step ahead?
We designed our portfolio around the NIST cybersecurity framework, looking at the key pillars of identify, protect, detect, respond and recover. On the identification front, we provide assessments that uncover risk across Active Directory and show where an organization is exposed to dangerous lateral movement. Many are surprised at how much technical debt has built up over years of uncontrolled access and permissions.
Detection is table stakes these days, but protection and recovery are areas where we truly excel and separate ourselves from the pack. We offer patented technology that provides real-time blocking of attacks against Active Directory. Rather than just sounding the alarms, we shut down tactics like Golden Ticket in their tracks. An ounce of prevention is worth a pound of cure. We stop breaches before they can start.
On the recovery side, our technology allows reverting Active Directory and Office 365 objects that have been maliciously modified. This ability to roll back the impacts of an attack is invaluable yet often overlooked. Between upfront protection and back-end recovery, we provide a complete shield around Active Directory.
Can you share a success story where Netwrix played a pivotal role in preventing a breach?
We’ve been involved in several red team exercises where the customer hired hackers to compromise their environment, and Netwrix stopped them cold. In one exercise, the red team couldn’t elevate privileges past the initial workstation they were provided after three full days. Since they hadn’t made any progress, the customer had to provide administrative access just to move the engagement along. It was very rewarding to see our preventative controls create such a roadblock.
In another exercise, the red team got stuck because they couldn’t execute a dangerous Golden Ticket attack due to our protections. We literally had to provide a Github pull request that pointed them to a fix in their attack software to get Golden Tickets working so they could move ahead. Sharing our expertise to help the red team was kind of fun, but it clearly showed the power of our prevention abilities when even seasoned hackers couldn't get through.
As Netwrix continues acquiring new security technologies, how are you strategically integrating these solutions into a unified platform?
We have a three-layer integration strategy. First is consolidating core technologies across products. For example, we now have a unified, sensitive data discovery capability that can be leveraged across our portfolio. Second is direct product integration, like we've recently done with our privilege access management solutions. And third is delivering it all through a single pane of glass, which we're providing through our new cloud platform, Netwrix One.
It’s a multi-year journey, but we're dedicated to enabling customers to standardize on Netwrix through a seamless experience. We want them to be able to adopt our full range of data security capabilities without needing to manage dozens of disparate tools.
We want them to be able to adopt our full range of data security capabilities without needing to manage dozens of disparate tools.
What is your vision for how Netwrix and the broader cybersecurity industry will need to evolve in the coming years?
It’s clear that the blistering pace of change will continue, whether we're talking cloud, AI or the next major disruption. Security leaders are struggling to keep up. They need to constantly build knowledge and evaluate vendors to protect against what’s coming next. It’s a daunting but extremely rewarding career path.
We foresee several key trends ahead. Hybrid environments are here to stay, with most organizations taking a selective approach to cloud adoption. AI is not just hype but requires updated skills and security controls. The talent gap also persists, underscoring the need for improved automation and ML to make security professionals more efficient.
Netwrix aims to be the customer’s trusted partner through all of this change. We provide unified data security for on-prem, cloud, and hybrid environments. And we enable overburdened security teams to do more with less while stopping sophisticated attacks like ransomware.
As an experienced cybersecurity leader, what advice would you give to someone aspiring to break into the field and grow into an executive role someday?
My advice is to focus equally on developing your hard skills and soft skills. The hard skills - your technical knowledge and ability to understand how technology works - are critically important. You need to know what you're talking about and be current on the latest threats and solutions. But just as vital are the soft skills - your people management ability, influencing, and collaborating across the business.
Security leaders need to balance enabling the business with appropriately securing it. You can't take a sledgehammer approach, even if you are technically right. You need to read the room, build consensus, and tailor your message. That ability to connect with the C-suite and other departments is what will truly drive your career growth. Technical genius alone won't get you a seat at the leadership table. So invest time building those soft skills just as you do staying sharp on the hard skills. That combination is what makes great security executives.
Netwrix empowers information security and governance professionals to identify and protect sensitive data to reduce the risk of a breach. Our solutions also limit the impact of attacks by helping IT teams detect, respond and recover from them faster and with less effort. Over 13,500 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.
Share this page