CB Customer Spotlight: Q&A with ALLETE’s Jeff Rotenberger

2019-03-25T17:00:50
ID CARBONBLACK:1B73AC4D844C0786BB5B55FD855996C1
Type carbonblack
Reporter Sean Blanton
Modified 2019-03-25T17:00:50

Description

For five years now, Jeff Rotenberger has served as a cybersecurity analyst for ALLETE, an energy and utilities company providing for the Upper Midwest. Rotenberger and his team have been working with Carbon Black (CB) APIs and CB Response to greatly reduce time spent on security remediation.

Read on to learn how Rotenberger has helped re-energize cybersecurity at ALLETE with Carbon Black.

  • Tell us about ALLETE’s process for choosing Carbon Black.
    When I first started at ALLETE, the initial project I did was implement a SIEM. From there, we noticed that we were spending an inordinate amount of time dealing with endpoint-related issues. We didn’t have enough tools in the space, and as a result our PC support team was doing a lot of the endpoint remediation and mitigation. Our PC team did not have the proper training or toolset, and in many cases, if an endpoint was compromised, it often meant that the endpoint was boxed up and shipped back to corporate headquarters to be reimaged. As you can imagine, that’s a lot of wasted hours – for staff and for the affected employees. After about two years, we saw a demo of Carbon Black, and CB Response was the most viable solution for us.
  • What is the value you’ve seen since using Carbon Black?
    After deploying CB Response, we essentially took PC support out of doing any kind of security functions. As a result, we've saved hundreds of hours a month that our team was previously dedicating to security-related endpoint issues. Because of Carbon Black’s unique capabilities in Live Response and the use of the API, we could do it all ourselves, and in most cases, without the user being impacted, which was a tremendous win for us.

Before, if a PC support person was not physically located in an office and there was a problem with a laptop, we would have to send it back to headquarters. Now, we can fix that on the fly through Live Response, often, without the user even knowing we were there or being impacted by our presence, and get them back up and running in minutes. * How did the Carbon Black APIs influence your security practice?
When I attended my first CB Connect conference, our team was really invested in Live Response, but we kept hearing about this API. It sounded great, but I had no idea what people did with it. At CB Connect, I watched a presentation by Red Canary on their Surveyor tool, where they ran a Python script against the API and surveyed every single endpoint that had Carbon Black on it for all their different file sharing programs. I realized that this was a problem in our company at the time, and I understood how powerful this API could be and some of the amazing stuff we could do with it. I returned from the conference with all these different ideas, telling my team, “we’re just scratching the surface here with what we can do with this tool.” Since implementing the APIs, we’ve gone from using them as standalone scripts with security automation orchestration (SAO) to using them in conjunction with Resilient. * How did you know you wanted to work in this industry?
I’ve been interested in computers ever since I was a little kid. I graduated from the U.S. Naval Academy at Annapolis with a computer science degree, but then went into the service and moved away from computer-related things. After a few years I realized that my passion was more in the computer IT space. When an opportunity arose to go back to school, I went back and earned a master’s degree in cybersecurity and I’ve been in the industry ever since. * How has the industry changed since you first started?
I remember back when there was only one computer in an entire classroom, and then going to college and being the first class to have computers with hard drives. Now, everyone carries a computer in their hand. I think the availability of computers in everything we do today is so profound.

From a security standpoint, it’s been interesting to watch the evolution here at ALLETE. When I joined, the cybersecurity team was relatively new, and although recognized as a need, we were relegated to our little corner. Then, we started to do more things, like with Carbon Black, where we became more involved in both the user and endpoint space. I think there’s been a lot more recognition about the importance of both our role and the impact of cyber awareness training. Our training has evolved to the point where we are now conducting presentations and talking to large groups about cybersecurity, which has been really rewarding. * What’s one piece of advice you would want to share with someone trying to start a career in cybersecurity?
Never stop learning. Cybersecurity is a very wide space and there’s room for all kinds of people in it. Just keep reading, keep learning, figure out where you fit in that space and go for it. We’ve got a lot of things to tackle in cybersecurity and we need plenty of awesome people to do it.

The post CB Customer Spotlight: Q&A with ALLETE’s Jeff Rotenberger appeared first on Carbon Black.