A Day in the Life at Armor: Marilyne Mendolla

Cloud security has never been more important. Yet as threats increase and change in nature, organizations need help staying current on the risks they face. Often, internal staff doesn’t have the time or expertise to evaluate every warning or indication of trouble. As a result, it takes an average of 197 days for some companies to detect a breach, and an additional 69 days to fix it according to a new survey from Ponemon Institute—that’s long enough for criminals to leave lasting damage.

Marilyne Mendolla and her team work continually to identify and resolve security problems, allowing customers to focus on what’s important: maintaining and growing their core businesses.

In this second installment of A Day in the Life at Armor, we’ll look behind the scenes at how Marilyne and her team protect customers from cyberthreats. This new series examines how Armor’s top-performing security professionals do their work on a day to day basis, giving you an in-depth view of the impact that our dedicated, disciplined, exceptionally capable employees have on our customers’ experiences with Armor. Even in this highly automated industry, it’s the human element that truly differentiates cybersecurity services.

Here we talk to Marilyne about the challenges she faces in protecting Armor customers from cyberthreats, and the ways she and her team deliver security through constant vigilance.

What’s your specific role at Armor?

I’m the Head of the Indications and Warnings team in Armor’s Security Operation Center (SOC). My team is responsible for the 24x7x365 security alert detection, management, and response; in other words, we respond to security alerts, triggered by our Security Information and Event Management (SIEM) platform, and action them appropriately. Additionally, in order to provide the best possible security outcomes to our customers, I work with our SOC teams and other business units to continuously review our processes, enhance our monitoring to detect new and changing threats, share security insights and trends, and help fine-tune our security offering to meet customer needs.

How would you describe your job in one word?

If I had to describe our team in one word, I’d choose “focused.”

It takes a dedicated army of professionals to make a company successful. Everyone has a unique role to play, and my focus is on security. My number one goal is to make sure our security offering measures up to our customers’ standards and meets their needs.

What problem do you help Armor customers solve?

We, at Armor, solve many problems for our customers, but I’d say the biggest problem we solve is keeping our customers’ data safe in an ever-changing cyberthreat landscape.

My team and I help keep customer data safe with early alerting for suspicious or malicious activity targeting or occurring in their environment. In order to do this, we are continuously updating our threat detection mechanisms, working with our Incident Response and Forensics (IRF) and Threat Resistance Unit (TRU) teams to pull in new indicators of compromise and threat intelligence data into our security offering in order to provide our customers with the best possible coverage.

What are some challenges your customers face regarding cybersecurity?

I think one of the biggest challenges for our customers is maintaining a strong web application security posture. Web applications are the most common attack vector for our customers. In addition to the protections offered by Armor, there are several simple steps that customers can take to keep their applications better protected, such as

1) Frequently scan web applications for vulnerabilities and fix or mitigate all vulnerabilities detected.

2) Keep applications patched with vendor security patches, and do not use applications (apps, plugins, extensions, etc.) that are no longer supported.

3) Implement and maintain application hardening best practices.

Armor’s SOC teams help our customers with many of the aforementioned steps. Hardening best practices are shared with customers as part of our remediation guidance. We also work diligently to stay abreast of newly released vulnerabilities that may affect our customer base, and when discovered, we get notifications out to customers as soon as possible so they can take swift action and patch. We know that notifying customers of a threat first—before they read about it in the news and before they are alerted of an event—is the best way to preserve trust and customer relationships.

How does your work contribute to the overall security effort at Armor?

My team and I work diligently to provide the best security outcomes—security alerts and event notifications—for our customers. We continuously review our detection and reporting mechanisms and processes, looking for opportunities to improve. We work with other business units, both within and outside of the SOC, to continuously feed threat intelligence, vulnerability and attack data back into our security processes, detection/prevention mechanisms, and offering.

Where do you see the industry in 5 years?

I see the industry continuing to grow over the next 5 years as more businesses and organizations move their data to the cloud. There will always be challenges with these types of transitions, and I think data security is now, and will remain at the very top of the list of challenges. Organizations can partner with industry leaders to get the help they need to transition successfully, and then partner with Armor to help keep their data safe.


Under Marilyne’s leadership, the Indications and Warnings team applies cutting edge expertise on cyberthreats across industries to detect and prevent threats targeting customers’ environments. They provide early alerting for security events along with guidance on how to remediate these events and improve systems’ security postures to prevent these events from reoccurring. Their role becomes ever more crucial as threats multiply and evolve. Their relentless focus on identifying and resolving vulnerabilities means that the organizations they serve don’t have to devote their time and resources to cyberprotection. Instead they can concentrate on their core operational goals.

A Day in the Life showcases the exceptional people who make Armor’s cybersecurity business so effective. Look for more installments coming soon.

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals