Happy 2023 and welcome to the fourth installment of the “Meet the Logician” blog series, where we highlight the people and users who form Anvilogic.
This week we’re featuring Senior Sales Engineer Tim Frazier. Based in Chattanooga (choo-choo!), Tennessee and with a background in electrical engineering, Tim started his career in the US Army as a signal officer, where he learned about satellite communications and computer networking. During this time, Tim read Cyber War by Richard A. Clarke, where he learned how cybersecurity could be used as a form of national defense, and since then, cybersecurity has been the focus of his career. After a stint in consulting, Tim ran the gamut of hands-on-keyboard experience at the Tennessee Valley Authority: blue teaming, cyber tool chain engineering, risk management framework development, and more. Tim later realized there was an opportunity to help more people across many organizations and industries, so he pivoted to the vendor side of cybersecurity, where he’s been helping to solve customer challenges ever since.
We’re lucky to have Tim on our side as he listens to customers’ pain points while leveraging his years of experience to figure out where Anvilogic can provide value and solve their challenges. Our conversation with Tim uncovered what makes Anvilogic special, why the industry is taking the MITRE ATT&CK framework for granted, and why reaching a plateau is not in his life’s philosophy.
What led you to pivot from your practitioner, blue team experience into being on the vendor side of cybersecurity?
During my time in the Army, I realized that I enjoyed being a part of building things and making something out of nothing. I’m a very project-focused individual, and once I started doing those projects, I realized that at some point, you kind of plateau — either as an organization or at a certain maturity level. I’m more about getting to that plateau but not staying on that plateau. So for me, I was looking for new career challenges and new exposure to innovative technology that would help change the game to enable effective cybersecurity for all organizations.
What made joining Anvilogic exciting to you?
Looking back on my journey, I experienced some of these challenges firsthand when helping build out security operations for the Tennessee Valley Authority. I was trying to bring in new tech, configure it, get it set up, and get value out of it. A lot of things go into that, and the industry says I need to buy a SIEM and start pulling logs into it, but it’s not until you go down that path that you realize it’s much easier said than done. Many customers struggle with extracting value from that data once they have it in place, so what I saw in Anvilogic is a way to guide people on what to do.
What is the value that Anvilogic brings to customers?
You compared Anvilogic to a GPS for your SOC. By having recommendations at one’s fingertips, do you think that promotes or inhibits skill growth amongst the SOC team?
When you’re driving using a GPS, you’re still driving. I would argue that it makes you a better driver because you’re not trying to look at a map while trying to pay attention to the road. And I feel like the same holds true with Anvilogic. We're showing you a framework and a way to do things as well as giving you many of the rules you need so that when you have to build your own rule, you can do it in a very mature way. It's modular, repeatable, and extensible — not a black box. Many adversaries use common, repeatable attack patterns in different combinations. In Anvilogic, you would write that detection for those specific techniques once, and then you can reuse it in many scenarios. It frees up analysts to do additional tasks like threat hunting, where you come up with a hypothesis that says, “If somebody were to compromise this, this would be where they were going, or they may come in this way, and they would do these activities.” You can build your own scenario and use Anvilogic to evaluate whether that's happening in your environment.
From your previous experience and conversations with customers, is there anything security professionals are overlooking?
We almost take for granted that everybody uses the MITRE ATT&CK framework. MITRE only shows you the tactics and techniques used, but there's also the “P” in TTP — the procedures. MITRE doesn't break it down into the most granular level because, in reality, there are many procedures. So you can't just say, “I have one rule that covers this technique, and now I’m good.” The reality is that it takes depth. It's always a gradient of coverage that you have. That's why in the Anvilogic platform, we don't show only red or green based on whether you have a rule or not. We show you a shade of green based on how many rules you have covering this and how deep your coverage goes. You can think of it as “detection in depth.” We're thinking about multiple ways to detect the same MITRE ATT&CK-identified techniques and the many procedures that could be used. One of my friends makes an analogy: Don't treat MITRE like a bingo card. You can't just get a line all the way across, or a vertical column all the way down, and be like, “Yeah, I'm done. I checked the box.” It's much more of a mindset and an evolution, like, “How do I continue to go deeper on these important things? How do I continue to make sure that I'm prioritizing what's most important?” Because you're never going to get to them all. In fact, you shouldn't — you should focus on what's most important.
What’s a typical day like for you as a Sales Engineer?
One of the things I enjoy about sales engineering is that there’s variety, so I’m not always doing the same thing all the time. One of the key functions of my role is demonstrating the software to prospects and customers. I ask them questions about their environment and translate my knowledge of the product into what challenges they’re dealing with and how it could work for them. An essential part of a sales engineer is helping someone envision how this product could help. We communicate the value and the technical “how it works” part. And there’s another side, like raising awareness through speaking at conferences, writing content, and building integrations. I still write Python code and put together certain things to improve the customer experience.
What advice would you give someone starting in cybersecurity?
Aside from cybersecurity, do you have any special hobbies that you like to do to unwind?
I like to play board games and have a pretty extensive collection. My son is nine years old and is starting to get more into it, and I have a group of friends that I play with as well. As my kids get older, I’m getting more involved with their activities, like soccer and camping. At the height of the pandemic, I took up hang gliding — basically jumping off a mountain with a kite strapped around my back. I took it up for about three months, and now I’ve moved on to wake surfing, which I took up this past summer. I take up random hobbies all the time. Once I reach a plateau, I’m like, “Okay, let me find something new that I want to try.”
Want to hear more from Tim? Listen to him chat about building behavioral attack-pattern threat scenarios in this on-demand webinar.