Inside Demandbase

New to the DB Starting Line: Sean Malone, CISO

Demandbase image

July 20, 2022

3 mins read

New to the DB Starting Line: Sean Malone, CISO image

New to the DB Starting Line: Sean Malone, CISO

Offense makes the best defense — or, in this case, people who’ve Ocean’s Eleven’d their way into casino databases make damn good data defenders. At least, that’s the case with Demandbase Chief Information Security Officer (CISO), Sean Malone.

The yellow brick road

His career kickstarted when he was paid to hack into Fortune 500 companies to identify vulnerabilities. But instead of using these powers for evil (this isn’t a supervillain origin story), Sean went on to join the starting lineup of many a company’s defensive teams. From breaker to builder; FusionX to Accenture to Amazon Prime Video to… startups?

Yeah. Startups.

With a pedigree like that, Sean found himself in an enviable position: he got to actually choose what he wanted to do next. Wild, right?

Obviously, the big names on his resume are hard acts to follow. And by now, you’re probably thinking: “We get it. He chose Demandbase.” And yeah, he did. But not because we’re the leaders in ABM or one of the Top 100 fastest growing companies or even that we repeatedly win awards for our culture — though we are and do (and we’re humble to boot!)

“What I was looking for was to lead security for a quickly growing SaaS company that was primarily cloud-native and had grown up in the cloud world, but that had high security needs, high expectations from its customers of being secure, and some security capabilities in place, but also needed to improve it pretty quickly. That intersection of different things eventually led me to Demandbase.” — Sean Malone

B2B’s biggest cybersecurity challenge is innovating safely

Customers have come to expect fast turnarounds with everything — hell, I won’t wait more than 5 seconds for a browser to load — and that doesn’t stop at the expected pace of innovation.

But you can’t go all-gas-no-brakes with sensitive or proprietary information. Even race cars need brakes to go faster.

“It’s a little counterintuitive at first. If you think about a race car going around a track: if the car has great breaks, then you can go as fast as possible in the straight section, and be able to slow down when necessary in order to navigate the turn safely; otherwise, you’d just fly off the track. It’s the same concept. We need to have the right security controls and processes in place to enable us to move more quickly than we otherwise would’ve been able to.” — Sean Malone

Penny for your thoughts (on the future of cybersecurity)

The search for a reliable crystal ball continues, but until we find one — and we are trying — Sean has some ideas of where he thinks cybersecurity is headed.

He broke it down into two concepts

  1. Automation in the form of security teams working hand-in-hand with engineers to embed security controls as part of the automated engineering process.
  2. Empowerment.

Historically, security reviews improve things in different stages, but that can add a lot of friction to engineering processes and product launches. Nobody sets out to do The Wrong Thing™* or purposefully build an insecure application or cloud environment, so it’s important that we educate, enable, and empower people to do The Right Thing™*.

Unfortunately, only the future knows how the cybersecurity industry as a whole will figure out how to get the right tools into the hands of engineers and help them along with the process — but at Demandbase, we’ll be doing our part to make it happen.

*Demandbase doesn’t hold trademarks on the right or the wrong thing.

Demandbase image

Jessica Tenedorio (Diedrich)

Senior Video Lead, Demandbase

This article was published in:

Related articles