The Backstory

In 2016, while working at Google, I received a mysterious email about joining a secret enterprise cybersecurity moonshot in Google X. At the time I imagined that Google X was this fairy-tale place where people build space elevators and teleportation bots, and as an enterprise focused person like myself, I never thought I would share a micro-kitchen with the robots, but as fate would have it…

I said yes to the opportunity and to this day, look back with gratitude because that fateful email embarked me on the most rewarding innovation journey of my life. 

I joined what was at the time, the secret project Lantern. In the aftermath of the 2008 Aurora attack, Google built incredibly innovative technologies to keep itself secure, and Lantern was the moonshot to share this technology with the world. We started building a product initially codenamed Malachite, later launched as Chronicle Backstory, and known today as Chronicle SIEM. I worked with some of the smartest people in the world, and little by little, idea by idea, patent by patent and sitting on the shoulders of giants we built something spectacular. 

As employee #2 in the business team, I took on many roles and managed many teams, solutions consulting, customer engineering, partner engineering, adoption engineering overseeing about a dozen different products. But my passion was the original two technologies we incubated - VirusTotal and Chronicle.

As we were building Chronicle, there was a focus, or should we say an obsession of semantic understanding, we unpacked every single bit of a DHCP and DNS packet, understood how to stitch together asset and user timelines, how to build graphs of the entities building out an enterprise and how to use that not only to detect attacks, but to truly understand the defense surface and truly 10x security operations.   

I began helping customers use their data to tell stories, or should we say Chronicles. We designed a semantic data layer based on a Unified Data Model that understood security - not just telemetry but also context. We challenged every customer we talked to and every person we hired to bring in treasure troves of information previously forgotten in security like the DHCP data that, when woven correctly, can bridge the world of endpoint and network . When Covid hit we found creative ways to do the same but with VPN and subsequently Zero Trust Technology. I did everything it took to make customers successful, built hundreds of parsers and truly understood the value of setting the system right to begin with. And customer by customer, migration by migration, we saw the transformation that this brought.

Then Chronicle grew, it started adding feature after feature almost every week, it matured into a wonderful, scalable, robust system that started meeting common and exotic needs, the Siemplify team joined and added much needed SOAR capability, and then the Mandiant team brought a next level of expertise, intelligence and capability. I saw the transformation happening in SecOps and a shift to smarter, not just cheaper systems and wanted to help customers get there faster. Thus Citreno was born.

After all, the pain and tribulations of any system change - be it a SIEM, or SOAR, or anything else, has to be worth it. If you stay true to quality and avoid shortcuts, something beautiful happens. Teams become empowered and data hungry. They start ideating and building creative use cases, improving their defenses, building feedback loops. The platform is just there, the real transformation is in those teams suddenly being able to deliver use case after use case and build defenses they never thought was possible to build.

This is why I started Citreno. My goal is to empower these teams, guide them, train them, and set them up for success with a platform that will withstand the test of time.

Svetla Yankova

Founder and CEO of Citreno

Proud founding member of Chronicle and Google Cloud Security.