Posted
The Advanced Persistent Talent series profiles ThreatConnect employees and explores how their work impacts products and offerings, how they got here, and their views on the industry at large. Want to know more about a particular team? Let us know!
When you’re operating in a small organization, flexibility is key. It’s not enough to wear many different hats. You have to be able to switch from one to the next with grace and precision.
Kevin Johnson, ThreatConnect’s Director of Information Security & Compliance, has mastered just that while managing three teams at once: Security, Compliance, and IT. His most recent accomplishment? Helping ThreatConnect achieve FedRAMP certification before any of its competitors.
Kevin attributes his team’s success to a combination of patience and diligence—both virtues he’s perfected through his favorite hobby, fishing. Learn more about how this avid angler catches the big phish in the conversation below.
The following conversation has been edited for clarity and length.
How did you get into the threat intelligence space?
Kevin Johnson: Originally, I was in the Army. I was an electronic repair expert, but then I deployed with the signal unit. We set up satellite communications and did secure telecoms. When I got out, I started working for an oil field tech company, where we installed telephones, satellites, and networking on oil field sites around Texas and Louisiana.
After that, I started working at the VA as a contractor, where I did a lot of cybersecurity patching, and then I came back home to Florida and got a job at a Managed Security Service Provider, where I interacted with almost every firewall technology, every SIEM technology, almost all the technologies.
Then, after that, I went into actual threat intelligence. I was the lead threat intel analyst at a company called Wellcare, which was looking to build a threat intel program. I was actually a customer of ThreatConnect and one of the early customers on ThreatConnect’s customer advisory board. I ended up running a 10-person threat and vulnerability team, and after doing that for a few years, I became an employee of ThreatConnect.
What does your role look like at ThreatConnect?
Day to day, I hope nothing blows up. [Laughs] No, I run all of IT, Security, and Compliance.
It’s hard to describe the day-to-day, because with three different teams, I bounce fire to fire. But the majority of my day is just coordinating: making sure we are compliant and communicating with other people. In compliance, customers will send in contracts and security questionnaires that we have to review. In security, I help manage the alerts that come in. And for IT, it’s computer purchasing, getting approvals, and keeping operations running.
My role isn’t about having all the right answers—it’s having all the right questions.
Is it challenging to lead three different teams each day?
I enjoy the variability. If two departments are having issues, it can get exhausting, but I’m blessed to have amazing team members.
What are some of the most interesting challenges you’re working on right now?
It really depends on the lens you look at this through.
On the Compliance side, our biggest challenge is keeping everyone up to speed. We are SOC 2 Type 2 compliant, ISO 27001 certified, and FedRAMP authorized, so when we bring in new acquisitions, like Polarity, we need to make sure they meet those standards as well. For Security, our biggest challenge is reducing alert fatigue. And in IT, our biggest challenge is variability.
What makes FedRAMP authorization difficult to achieve, and why is it so important?
I would say the most challenging part of the FedRAMP authorization is how the federal government requires its documents. We have to provide a master document—a list of all of our controls, all in one place. It’s 689 pages, and I had to read through it twice. It takes a lot of time to do that. You also have to pass a three-month audit. Then, after you pass the audit, it goes to the agency sponsor, which takes two to three months. Then, it goes to the FedRAMP PMO.
From start to finish, it took us 10 months. We’re about to go through our next audit, and we’ve only been authorized since May. We were the first threat intelligence platform to achieve it. We worked extra hours to get authorized in record time.
FedRAMP authorization gives ThreatConnect’s clients the ability to access more federal customers. We’re talking about FEMA, the Department of Agriculture, the USDA, the FDA, or whatever three-letter acronym you want to use. It gives us access to the full federal marketplace. If you’re a federal agency and want to use a SaaS-based solution like ours, then you have to ensure that they are FedRAMP authorized.
What do you spend time on outside of ThreatConnect?
I like to fish. I mainly go out to the local lakes. I’m in Tampa. However, I also like to go deep-sea fishing now and then to catch grouper.
What is your proudest catch?
One was a two-and-a-half-foot-long grouper. It was a monster, and I enjoyed eating every bit of it, too.
But I have two daughters, now 15 and 10, and one of my proudest moments was not actually my catch—it was watching my oldest daughter catch her first fish, a tiny bluegill. It was maybe six inches, but she complained like it was a three-foot alligator that we were fighting.
Do you find that there’s any overlap between fishing and your job duties?
Patience.
In fishing, you have to be patient. And in the job I do, we are all wearing many, many hats—all of us. There are probably three people in this whole company who I have not spoken to directly—who I’ve not asked favors for, or asked to do things. You’ve just got to be patient and follow up whenever you have to.