EP 19 — Cribl's Myke Lyons on Data Hierarchies That Cut Security Costs

Myke Lyons brings an unconventional background to cybersecurity leadership, having trained as a chef before discovering his passion for breaking and rebuilding IT systems. As CISO at Cribl, he applies culinary principles like mise en place to security operations while solving the fundamental economics problem facing every security team.

The math is unforgiving, he tells Jean: data volumes grow at 28% annually while security budgets remain flat. Myke's solution involves intelligent data hierarchies that route critical authentication logs to expensive SIEM systems while automatically sending regulatory compliance data to cheaper cold storage, reducing costs by 70-80% through format optimization.

Topics discussed:

• The fundamental economics challenge of increasing annual data growth versus flat security budgets and how intelligent data hierarchies solve this by routing critical logs to expensive systems while storing compliance data in cheaper cold storage.
• Smart data pipeline architecture that eliminates vendor lock-in by enabling simultaneous testing of multiple security technologies on identical datasets while maintaining complete data ownership across any storage platform.
• Building security culture through partnership rather than punishment, including automated nudges for personal account security and micro-bonus rewards for completing security training.
• AI agent implementation for automated phishing response that performs tier-two-level analysis, hunts across email environments, and provides cohesive incident summaries with risk ratings for security analysts.
• The evolution from manual security operations to AI-powered automation, with predictions that full tier one analyst capabilities will be available within months for organizations with comprehensive security telemetry.
• Data format optimization strategies that reduce log storage costs by 70-80% through UNIX timestamp conversion and elimination of redundant vendor-specific wrapper formats that create unnecessary data bloat.
• Mise en place principles from professional kitchens applied to security incident response, treating procedures like recipes with clear preparation steps and proper tooling to reduce response time and improve consistency.
• The importance of establishing data architecture early in security programs to avoid complicated remediation of poor data decisions that become exponentially more expensive to fix over time.
• LLM integration for security operations including query writing assistance, pipeline creation, sensitive data redaction, and context-aware threat intelligence that reduces analyst toil and improves detection capabilities.