Welcome to Speed Data: Quick Conversations With Cybersecurity Leaders. Like speed dating, our goal is to capture the hearts of CISOs with intriguing, unique insight in a rapid format for security professionals pressed for time.
In this episode, we sat down with Varonis partner Doug Merrett to talk about how his career at Salesforce inspired him to start the consultancy firm Platinum7. Doug shared his thoughts on the importance of education, philanthropy, and realistic expectations in the tech world and discussed why he would never want to be a CISO.
Educational SaaSpirations
What began as a love for computing and a part-time gig at Tandy Electronics turned into an extensive career in cybersecurity and IT for Doug Merrett, founder of Platinum7, a Salesforce security consultancy firm.
“Electronics Australia bought out a magazine that had a computer in it, and I was like, ‘Well, that’s interesting!’ so I built that computer, and that was the thing that got me into computing,” Doug said.
“My first real computer — which I still have — is my Tandy TRS-80 Model 1,” he said, referencing the Tandy brand, which in the U.S. was known as the one and only RadioShack.
From there, Doug moved from programming to the SaaS world, landing at the CRM giant Salesforce.
“I was working at Salesforce for 13 years, helping customers understand how Salesforce does what it does when it comes to security,” he said. “And in the later years, when Salesforce brought out a whole bunch of new security capabilities, customers said, ‘That’s excellent! Who can I get to help me do this?’”
“It was one of the first enterprise software systems as a service on the web, and so customers needed education,” Doug said.
There weren’t any partners out there focused on Salesforce security, so I saw a bit of a gap in the market and decided to start my own business focusing just on Salesforce security.
Philanthropy in tech
Since founding Platinum7, Doug has forged his own path while capitalizing on a mutual passion with Salesforce — giving back.
“I really enjoy helping out not-for-profits,” he said. “I’m part of the Pledge 1% and one of the reasons I joined Salesforce was because of the one-one-one model as well: Salesforce gives one percent of their time, product, and revenue to help charities, so I did the same with Platinum7.”
“I give discounts to my not-for-profit customers, helping them get across the line,” Doug said. “Helping out these smaller customers gets me out of bed in the morning, which is great.”
Doug points out that while charities and non-profits might be smaller in size, their risk of a data breach isn’t any less significant.
“People always think about financial institutions, health companies, or these types of regulated industries having a lot of sensitive data, but if you think about it, charities have a lot of data which is extremely sensitive,” he said.
If you’re a mental health charity, then you’ve got some very sensitive data, and it should be protected at least as well as financial information.
Being a CISO is no easy feat.
After decades in the IT industry, Doug has empathy for the heavy heads that hold the cybersecurity crown.
“The biggest challenge today with security leaders is you’ve got so much to worry about,” he said. “You’ve got so many risks out there which you have no direct control over, like supply chain attacks, and to control and manage all of this, you need to be a technician, a marketer, a great communicator… and all of these things make the security leader’s life quite challenging.”
“Being a CISO is a pretty challenging job, and hats off to people who do it really well. I’m quite happy doing what I do — I don’t want to be a CISO!” Doug said, laughing.
And while security leaders may strive for perfection, knowing there is no such thing as being breach-proof is what sets a good CISO apart from a great one.
The best thing to remember is you can’t always win. You have to take the attitude that no matter what you do, there will probably be a chink in the armor somewhere.
“You need to prepare for an incident. You can’t just try and protect, protect, protect. You’ve got to also plan for when something does go wrong.”
“You’ve seen people in the press who’ve had incidents and done a fantastic job of managing that whole process, and you’ve seen people who haven’t done so well,” Doug said. “I’d rather be on the doing-well side than the not-doing-well side.”
Varonis can help you get to the doing-well side with ease. Contact your Varonis representative or see Varonis in action by scheduling your 30-minute demo.
What should I do now?
Below are three ways you can continue your journey to reduce data risk at your company:
Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.
See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.
Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.
