“You can teach someone the tech. You can’t teach coachability.”
Signal to Noise: An Interview with Ben Mullen, Information Security Manager at WHOOP
In this edition of Signal to Noise, I sat down with Ben Mullen, Information Security Manager at WHOOP. A former software architect turned security leader, Ben brings a measured, systems-thinking approach to building modern security programs. Our conversation dug into the philosophy of hiring generalists, tuning security posture from reactive to proactive, and how to evaluate vendors without falling for smoke and mirrors.
From Software Architect to Security Builder
Before WHOOP, Ben spent over a decade building systems and security programs at Bain Capital, Pluralsight, and Boston-based startups, before eventually transitioning from engineering into security leadership. His mindset? The same principles that make great architecture apply to great security.
“I was solving the same problems the same way, just with different tools. I realized I needed to break that pattern.”
What followed was a transition into cloud security, product security, and IAM, leading eventually to building the first dedicated security team and formal program at WHOOP. In under a year, Ben scaled his team from one to five and is laying the foundation for a modern, resilient org.
Hiring for Curiosity and Coachability
Ben doesn’t optimize for years in a role or acronyms on a résumé. He looks for something more elusive.
“I want bright people who enjoy learning and aren’t daunted by what they don’t know. You can teach someone the tech. You can’t teach coachability.”
He’s skeptical of candidates who check every box but lack interpersonal self-awareness. In his view, experience without team fit leads to chaos. Instead, he hires generalists first, then balances the team like a basketball lineup, each member bringing something unique, but all aligned on culture.
Signal to Noise: Relevance, Actionability, and Tuning
When asked how he defines signal to noise, Ben’s response was pragmatic and nuanced.
“Signal is what’s relevant and actionable. Noise is what distracts us from that. But the real danger is when we cut something thinking it’s noise… and miss something important.”
He sees tuning as a continuous process, an effort to reduce noise without silencing signal. It’s not just about detection fidelity, but also ensuring visibility across the full attack surface. Without full coverage, even great metrics are meaningless.
“It’s really hard to secure what you can’t see.”
Building Toward Proactive Security
For Ben, all teams start reactive. It’s a necessity when you’re understaffed and overcommitted. But maturity is measured by how much space you carve out for automation, process design, and preventive work.
“I have a rule: If I see the same manual task happen more than twice, I try to automate it. I want to get my team out of the undifferentiated heavy lifting.”
That principle, eliminating repeat work and elevating the team, is how Ben avoids burning out expensive, high-skill hires on rote tasks. Automation isn’t just about efficiency; it’s about creating space for strategic work.
Security as a Business Enabler
Ben ties security initiatives to business goals, not just because it’s smart, but because it’s how things get funded.
“You have to align your priorities with what matters to leadership. Security can’t be a sidecar; it has to be a differentiator.”
Whether it’s rolling out new features involving sensitive data or aligning with board-level risk appetite, Ben builds a roadmap that meets both maturity targets and business milestones.
It’s not just about buying the newest widget. It’s about making sure any investment; whether headcount, tool, or process, has staying power.
“I’ve seen teams buy products and let them die from lack of operationalization. I don’t want that. I think about what people, process, and tech I need to support every investment.”
Cutting Through Vendor FUD
On the topic of vendor marketing, Ben doesn’t mince words.
“If I’m 15 minutes into your pitch and you haven’t asked me about my environment, we’ve already gone off track.”
He values relationships over transactions, transparency over buzzwords. His advice to vendors?
Ask questions early.
Build the relationship, not just the deal.
Understand that 'no' often means 'not now' and sometimes, 'not for this environment.'
He believes in the long game. Some of the best vendor relationships he’s had came from initial rejections that eventually led to successful partnerships…once the timing and problem space aligned.
“The magic happens when I get value, and you get feedback. That helps me, and all your customers.”
Wrapping Up
My conversation with Ben was a reminder that good security leadership is part engineering, part empathy, and all about systems thinking. From building resilient teams to tuning alert fatigue, Ben sees security as a long arc toward clarity, relevance, and impact.
Whether he’s automating grunt work, assessing vendors, or aligning roadmaps to risk appetite, Ben’s approach is rooted in intentionality.
His priorities are clear: hire good humans, reduce unnecessary toil, tune for signal, and keep security aligned with business value.
Stay secure, and stay curious, my friends.
Damien