CISO Interview with Anton Gurov: “Resilience is like Kintsugi — rebuilding stronger and more beautiful each time.”
A Signal to Noise Segment of ABCbyD
Welcome back to Signal to Noise, the ABCbyD segment where we cut through the cybersecurity clutter to uncover what truly matters to industry practitioners. This month, I had the pleasure of sitting down with Anton Gurov, a veteran in the application security space, and currently the CISO at HYPR.
With a background spanning technical operations, DevOps, and security engineering, Anton’s perspective on finding signal amidst the noise offers fresh insights for security leaders navigating today's evolving landscape.
Each interview in this series aims to distill the core concerns and actionable insights from those on the front lines of cybersecurity. Let’s dive into what Anton had to say.
1. How do you define the term “signal to noise”?
For Anton, “signal to noise” is about finding a needle in a haystack. Across his career in roles like SRE and DevOps, he’s dealt with the challenge of isolating critical insights from an overwhelming amount of data. He emphasized that this isn’t just a security problem; it applies across operations roles.
His approach to filtering out noise is gating unnecessary data at the source. Bringing in tools that add noise without contributing value leads to alert fatigue and teams ignoring potential threats.
“The less noise you have, the more likely you are to spot something critical.” was a favorite direct quote of mine, demonstrating how Anton prioritizes the careful selection of tools and services that do the heavy lifting when it comes to filtering out non-actionable data.
2. What’s your take on the FUD/AI marketing we see in the industry?
Anton acknowledges the fear, uncertainty, and doubt (FUD) marketing tactics that flood the security industry. He likened walking the expo floors of security conferences to walking through a haunted house (a humorous and all-too-relatable mental image), where every vendor tries to scare you into buying their product.
When it comes to AI, Anton sees a lot of hype mixed with promise, comparing it to the dot-com boom, where some products stuck while others fizzled. He believes the dust will eventually settle, revealing which AI innovations are worth adopting. Anton embraces all three roles—pioneer, settler, and town planner—by pioneering new tools, settling by expanding existing tools with new AI features, and strategically planning to lay the groundwork for thoughtful adoption.
3. How do you prioritize and value your time when it comes to security?
For Anton, everything revolves around business objectives. His time and his team’s efforts are always aligned with eliminating the most pressing and imminent risks to the organization.
For Anton, the North Star is risk management. His team’s punch list is shaped by a combination of:
Compliance mandates
Customer demands
Ongoing threat intelligence
4. How do you prioritize and value your investments in security?
Anton’s investment philosophy is simple: align investments with business risk. The larger the financial risk posed by a potential threat, the greater the investment in that area. He uses external reporting—like the Verizon DBIR and OWASP Top 10—as guides to common risks. However, he emphasized that every industry and company is different, so investments must be industry-specific and context-driven.
5. Any advice you’d give to security vendors looking to add value to your organization?
Anton appreciates vendors who truly understand their customers' needs. He stressed the importance of unpacking a customer’s request to understand the real “why” behind it. Vendors that simply deliver what’s asked without digging deeper often miss the mark.
He also values joy in simplicity—the less time he spends babysitting a product, the better. For Anton, the real joy in a product is when it provides value without constant attention. Lastly, integration matters. Anton explained that the deeper a product integrates into an organization’s existing tools and workflows, the harder it becomes to rip and replace it, making integration a key factor in long-term success.
6. How do you define resilience?
Anton introduced the concept of “failing upwards”—a perspective that resilience is about how quickly your organization can recover from adversity and emerge stronger. He likened a resilient organization to the human immune system, where the ability to recover and defend against future threats is a sign of strength.
Anton also shared a unique analogy from the art of Kintsugi—the Japanese technique of repairing broken pottery with gold. He explained that every time something breaks, you rebuild it, making it stronger and more valuable than before. In Anton’s view, resilience isn’t just about bouncing back; it’s about improving through failure and becoming more beautiful in the process.
Takeaways:
Signal to noise is a common challenge: Across industries, it’s crucial to prioritize tools that help surface actionable insights without overwhelming teams.
AI is cyclical: While there’s a lot of hype, some AI innovations will stick around—particularly those that align with real-world use cases.
Resilience is about growth: True resilience isn’t just recovering from failure; it’s coming back stronger and more valuable each time, like Kintsugi.
Wrap Up:
As we wrap up this edition of Signal to Noise, Anton’s insights remind us that cutting through the cybersecurity noise is about more than tools and data; it’s about strategic selection, resilience, and finding joy in simplicity.
As always, your feedback is appreciated, if you or someone you know would like to feature on Signal to Noise, feel free to drop a comment.
Stay secure and stay curious, my friends!
Damien