Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session


[Podcast] I’m Sean Campbell, Systems Engineer at Varonis, and This is How I Work

Data Security


Leave a review for our podcast & we'll send you a pack of infosec cards.

Get the Free Pen Testing Active Directory Environments EBook

“This really opened my eyes to AD security in a way defensive work never did.”

In April of 2013, after a short stint as a professional baseball player, Sean Campbell started working at Varonis as a Corporate Systems Engineer.

Currently a Systems Engineer for New York and New Jersey, he is responsible for uncovering and understanding the business requirements of both prospective and existing customers across a wide range of verticals. This involves many introductory presentations, proof of concept installations, integration expansion discussions, and even the technical development of Varonis channel partners. Sean also leads a team of subject matter experts(SME) for our innovative DatAlert platform.

According to his manager Ben Lui:

Sean Campbell is one of the most talented engineers on my team. He is the regional DatAlert SME and bridged valuable feedback from both customers and the field back to product management. Sean is also an excellent team player and excels at identifying critical data exposure during customer engagements. Overall, Sean is a key contributor to the Varonis organization.”

The fast paced environment, challenge of data security, and the fact that the sales cycle is far from “cookie cutter” is what Sean enjoys most about his role here. He also values the relationships he has been given the ability to build up over the years on both the Varonis and customer side.

Read on to learn more about Sean  – this time, in his own words.

What would people never guess you do in your role?

I’ve done a lot of interesting behind the scenes work – from creating new hire training materials to assisting with customer data breach investigations.

How has Varonis helped you in your career development?

I didn’t begin my career in sales, so my perspective on security was pretty narrow. Varonis has broadened that tremendously. I’ve developed the skills needed to tailor a conversation to different audiences whether it be a CISO, Cloud Admin, or a room full of other Sales Professionals. My technical skills have evolved as well, from basic Windows knowledge to more complex troubleshooting skills of the different platforms we support here. Pays a little better than minor league baseball!

What advice do you have for prospective candidates?

Humanize people, no matter the job title or status. Empathetic conversations begin and sustain smoothly that way. Be clear, be concise, be quick to listen and slow to speak! Something I’m always practicing.

What do you like most about the company? 

There is a maniacal yet focused approach with everyone here. We have crazy high standards for ourselves, but a culture of togetherness. You get things done and grow! I’m always excited to see what we are innovating next!

What’s the biggest data security problem your customers/prospects are faced with?

The elusive “starting point” or where to begin is a huge up front challenge. Everyone has data to protect, everyone typically has gaps, but similar to the NFL it’s all the same league just different playbooks. A successful playbook might resemble this one.

What certificates do you have?

Does birth count? Kidding, I have a security certification exam coming up next year. Wish me luck!

What’s your all-time favorite movie or tv show?

Movie is The Sandlot and there are too many TV Shows I like to just pick one.

If you could choose any place in the world to live, where would it be and why?

Just give me warm weather year round with easy access for family and friends to visit.

My wife and I are good with that. I also wouldn’t mind a golf course within walking distance.

What is the first thing you would buy if you won the lottery?

If it’s the big one, get me Richard Branson’s island broker.

What is your fave time hack?

My Bulldog, Banks. He hacks a lot of my time.

What’s your favorite quote?

Inky Johnson said something at this year’s SKO that resonated well – “It’s very easy to be busy and accomplish nothing” A good reminder to do things with purpose.

Interested in becoming Sean’s colleague? Check out our open positions, here!


Sean Campbell: Hi. My name is Sean Campbell and I’m currently a Systems Engineer for Strategic Accounts at Varonis, and this is how I work.

Cindy Ng: Thanks, Sean, for joining us today. How long have you been with Varonis?

Sean Campbell: I’ve been with Varonis, going on five years.

Cindy Ng: And what was your background prior to working at Varonis?

Sean Campbell: Before Varonis, I was actually playing professional baseball, and I was a baseball player in college while majoring in Information Technology. And after college, I’d gotten hurt my senior year so I didn’t pursue professional career right away. But I did rehab while actually working in Jersey City as a Security Analyst, and then I left that job to pursue my career in professional baseball, signed the contract. And then after I was released from the team, I had a little gap where I was deciding whether or not to continue playing or sharpen my resume and start looking for opportunities in security. And in the midst of all that, I was actually a counselor at the Boys and Girls Club. So I had gotten in touch with Varonis while debating continuing to play, and I decided to move forward with Varonis and I haven’t looked back.

Cindy Ng: Sounds great. What did you learn about yourself after working at Varonis?

Sean Campbell: Well, being personable comes pretty natural. I’m also grateful for the technical development that I’ve experienced here and the growth I’ve had in that area. But one thing I’ve noticed and I’ve learned about myself working at Varonis, was that I didn’t think I’d enjoy the challenge of a sales cycle as much as I do. My first job as a security analyst, had no selling at all, I was exposed to security tools and working with the team as far as cyber security strategy was concerned. And coming to Varonis as a vendor, it was a little bit of a learning process of what the sales cycle entails. It’s full of highs, lows, and in-betweens, but the challenge brings me back. It brings me back to my days competing on the baseball diamond and I think I’ve grown as a professional because of it.

Cindy Ng: What do you think the biggest data security problems our prospects are faced with?

Sean Campbell: I think collectively speaking, understanding what data is sensitive, who’s responsible for it and what’s a non-disruptive way to protect it.

Cindy Ng: So, take us through a customer’s operational journey from start to finish that you think might be helpful for our listeners to understand the important work you do.

Sean Campbell: So, I’ve done hundreds of demos and installations and worked alongside of our clients from a consultative perspective, but one that stands out in my mind, it was a media services agency. And some of the problems that we noticed, they had shared with us that they’d recently secured a large client from a competitor. It was sort of a big deal, really highlighting their growth as an organization. And while working through the terms of that contract, they decided in parallel to heighten their data security controls which actually included a Varonis data risk assessment. And within 30 days of that installation, we found over 200,000 social security numbers tied to client accounts, current and former employees of the firm. And this was amongst over 900,000 folders open to global access groups like everyone in domain users sitting on file servers.

Cindy Ng: Why were these problems a problem?

Sean Campbell: I mean, this is one of the things that as an engineer I really take pride in understanding. I mean, working with them to answer that question eases back to me.

So for this particular company, they manage advertising budgets and strategy for a who’s who’s list of some very high-profile clients. And this includes current and unreleased product marketing materials, other product strategy, very sensitive contract and financial information, among other forms of confidential data. And they are actually regularly audited by their clients to ensure that this information is handled properly. A blow to the trust of their clients because of a data breach or failed audits would mean loss business revenue.

Cindy Ng: And did they know they had problems?

Sean Campbell: They admitted to always knowing they had poor visibility into unstructured data. It was a gap they were aware of. And they knew that was our strength. So walking them through the process of identifying real areas of risk were eye openers. It helped us build credibility as a trusted advisor. They were receptive to our operational plan which actually stood out against other vendors they considered up to that point. And this project got visibility up to the CTO, so the overall response, it was something they needed to rectify moving forward.

Cindy Ng: And what were their use cases?

Sean Campbell: So a lot of the use cases really aligned to what we do, and it almost took the words out of my mouth in some instances. So some of the early things that I had jotted down and confirmed with my champion, they needed to better understand who had access to client project and HR data. And they had no efficient way to map all permissions across their file shares. They also wanted to monitor administrative changes, they wanted to be able to track both authorized and potentially malicious changes. So that meant auditing all file touches and having a way to detect or alert on something worth noting. They also mentioned that they were aware that they had sensitive data on their file servers. They knew that this data likely contained PII or other sensitive project information so they needed to understand where it live. So identifying where this data was, was another use case.

And then lastly, they were also prepared to begin the process of implementing a retention policy. So archiving data that they no longer needed to actually store on their file servers, and eliminating risk by just chopping off low hanging fruit in the form of unused or stale data archiving.

Cindy Ng: There’s a lot of competition out there. How did you convince them and how did they know that our methodology is the right one?

Sean Campbell: As I got to know my champion who had been a manager in IT at the time, he knew that their department was experiencing some growing pains. So as they kept hitting new revenue marks year over year, they weren’t really able to control from a data perspective how the data was growing, the rapid pace that…as it was being created, as the business was demanding new technologies to be rolled out, keeping up with the ability to secure those very technologies once they’re live and in production. So they had really no repeatable process, and especially as it pertains to data governance, it was a huge challenge. So they’d been relying on third-parties to do things like pen testing, network upgrades, just to keep the lights on, to keep productivity as efficient as they could.

Unstructured data, so information that’s living on file server, email, SharePoint, for example, this was an afterthought and they didn’t really have the manpower to attack it. So our methodology really handled a lot of the heavy lifting for them in a single pane of glass. So the solutions they invested in initially provided them a non-intrusive or destructive way of securing their most out-of-control asset which was the data living on file servers.

Cindy Ng: Ah, so you essentially told them where their data was in order to have proper data governance, you need to know where it’s at.

Sean Campbell: You got that right.

Cindy Ng: So which products did they buy?

Sean Campbell: I think this was truly a platform sale. They purchased DatAdvantage for Windows, Directory Services, our Data Classification Engine, our Data Transport Engine, DatAlert Suite and Automation Engine. And this was a sweet spot for our customer base as well, a thousand plus users.

Cindy Ng: And are you able to describe what fixing their problems looked like?

Sean Campbell: So I can tell you that each one of those solutions worked in tandem to correct the very complex problem. With that visibility into where the sensitive data is stored and where it’s at risk, they actually were able to now leverage our professional services to put a plan in place to fix it. So I really teed up for our services team to work with them to do things like locking down open shares, setting up reports, identify stale data for archival, and alerting on inadvertent or suspicious anomalies with products like DatAlert Suite.

Cindy Ng: And so are you able to say that you helped them achieve their data security goals? How did they know that they were progressing in a way that is helpful for them?

Sean Campbell: That’s a great question, and if promotion to Senior Vice President is any indication of my champion’s ability to present the business with a solution for securing their data, I think we gave them a lot of confidence with the solutions that they invested in. Because I didn’t have as much visibility into the account within the recent, I’d say past month or so because of the territory shift, I can’t give you actual metrics, but I’m confident that they cleaned up the open shares that we helped identify and they were able to determine where they have sensitive data, who has access to it, and who shouldn’t have access to it. I can also say that it was a very straightforward process to building out that game plan and making it a repeatable process and getting them to a more manageable state. And this began with simple reporting, showing off the ease of automation through solutions like Data Transport and Automation Engine, that Data Classification Engine, the out-the-box rules gave them less work to do, quickly identifying at-risk sensitive information. We were even able to highlight things like what’s your ransomware response readiness.

So, we even simulated ransomware to show the ability of our DatAlert Suite and how it can detect alert and arrest that form of malware. That really drove the overall aspect of the sale in my opinion. Single pane of glass, the automation, giving them less work in the midst of everything else that they have going on.

Cindy Ng: Ah, so they weren’t even really looking for ransomware prevention, but as sort of a byproduct of getting all the different products, you were able to help them with prevention and you’ve been able to help them find other ways to help their infrastructure be even more secure.

Sean Campbell: You got that right. I would say as that trusted advisor that I strive to be for a lot of my clients, preaching detect, prevent and sustain has been something that some of my customers have even adopted for their own teams, and that methodology that we helped walk them through as they’re, I would say, rounding up that uncontrolled, unstructured data environment, it really puts that process in place. So when we do things like detection, it makes it easier now to set up things like prevention. And in long-term, you’re just sustaining that. And helping them along the way makes that process, again, very manageable and it gets the state of their environment to a manageable place as well.

Cindy Ng: So after you help our customers go through the operational journey, how do you feel from a professional and personal perspective?

Sean Campbell: That actually brings me back to the first or second question you asked me in terms of what did I learn about myself. That’s one of the things that continue to drive me. I use those experiences in the next engagement that I encounter, and it’s able to really help me find my own repeatable process that I know works. Now that’s not to say it’s easy every single time, but when we get to that state where the outcome is evident that our operational plan, that our methodology works, really gratifying in that sense and it builds that confidence as an engineer that Varonis is truly the only solution out there that can help organizations really manage and protect their own structured data.

And as we start to get into areas of enrichment, I’m very confident that we can add even more value gathering things like perimeter insights and things like geolocation for example, which really it’s really gonna arm our clients to take a more secure approach to how they protect their data at the end of the day and keep that bottom line in the black.

Cindy Ng: You mentioned you played baseball prior to working at Varonis. Do you still get a chance to play for fun?

Sean Campbell: Oh, in my head. I haven’t had the time in a while, I should say that should get back out there, but I’m always looking for opportunities. There’re a few leagues that I’ve had my eyes on, I’ve been in touch, but I do keep tabs on some friends of mine that are still playing professionally and I always keep in touch with some of my teammates and just talking baseball kinda keeps me close to it.

Cindy Ng: Yeah, you even…you even used tee up earlier when you were describing your work, that baseball is still in your root. Do you have a favorite book?

Sean Campbell: There’s another interesting segue back to baseball. So my favorite was written by a guy by the name of Harvey Dorfman, it’s called “The Mental ABCs of Pitching.” It was a performance guide I’d read in college and I actually read it again in professional baseball. It was supposed to help propel me into a long career in the Major League, but ironically, a lot of the principles Harvey described, I still use in my career today. Slightly different paths but the same rules apply.

Cindy Ng: What were some of the principles that really helped guide you in your work?

Sean Campbell: So Harvey breaks the book down into different chapters, and the chapters simply have a keyword and he’ll describe that aspect of that keyword as it relates to pitching, so I was a pitcher. So for example, he’s got a chapter called Discipline, he’s got a chapter called Approach, Confidence, Self-esteem, Control. These are all things where he’ll break down the mental aspect of pitching and how it relates to that keyword for that particular chapter, as a matter of fact.

So I’ll give you example from the chapter on discipline, and he starts by just defining what discipline is and its training that’s expected to produce a specified character or pattern of behavior, especially that which is expected to produce moral or mental improvement. The interesting thing about pitching, it’s a very mental aspect of baseball. You’ve gotta have mental toughness, you gotta be precise, you have to trust what you’re doing, and how that relates back into being an engineer at Varonis, a lotta times, you know, your prospects or your customers, they can see right through simply being sold, you know, especially if you’re not confident with what you’re saying, if there is a low trust into what you’re trying to sell them on, especially if it’s just buy, buy, buy the product, figure everything else out later.

As an engineer, as I prepare, a lot of times I take the same approach that I used to have with baseball in my career as a sales engineer. That means learning up on the latest technologies, learning up on the latest threats and understanding how those threats augment the value we bring to the table and knowing when I walk into a room, I can identify a lot of the problem that they may be challenged by, listening to what they’re saying, taking back that information and formulating a plan. And that same process used to be how I would develop as a pitcher. I’d understand the team that we’re about to face, the strengths and weaknesses of those hitters, and how I would attack those hitters during that game that I was scheduled to pitch. So I knew if this particular person couldn’t hit a curveball, guess what, he was gonna see a lot of curveballs.

If an organization has poor visibility into who’s touching their file share data, well, guess what, we’re gonna augment where that file share data is, we’re gonna turn on auditing and we’re gonna break down for them how can we easily report on and alert on any anomalies with this information.

Or if we’re struggling to meet a regulation, you know, I’m gonna understand what that regulation is and I’m gonna put a preparation, I’m gonna put a plan of preparation in place to say, here’s how we can help you better meet that regulation, for example. So the reminders in this book a lot of times just keep me on that path of how to properly approach being a sales engineer. So it’s been very interesting. I didn’t think it could relate in that way, but again, that goes back to I never expected to enjoy the sales cycle the way I do. Because it’s not simply just straight B2B sales, “Hey, here’s a product, here’s the SKU number, here’s how much it costs. That’ll do it.”

There’s a process to it of understanding what the use cases are, like you asked me. Understanding, you know, why are these problems problem, right? And then really augmenting or walking them through our operational plan, our methodology to show how we’re best positioned as a solution.


Cindy Ng

Cindy Ng

Cindy is the host of the Inside Out Security podcast.


Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.