Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.
Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.
Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.
Our seasoned analysts couple their industry-leading B2B research with in-depth buyer intent data for unparalleled insights about critical technology markets.
Clients trust us across their GTMs—from strategy and product development to competitive insights and content creation—because we deliver high-quality, actionable support.
Browse our extensive library of research reports, research-based content, and blogs for actionable data and expert analysis of the latest B2B technology trends, market dynamics, and business opportunities.
As organizations adopt modern software development processes, developers are empowered to quickly develop and release their applications by deploying them to the cloud. Security teams are challenged keeping up with the growth and speed of continuous integration/continuous deployment (CI/CD) cycles and their dynamic components.
While the industry has been talking about shifting security left to help security scale with rapid development, organizations have faced challenges putting that into practice. Most cloud-native security incidents are caused by misconfigurations, putting pressure on security teams to find ways to incorporate security into development so coding issues are caught and fixed before deployment. Organizations also need to focus on better ways to work with developers for rapid remediation of any detected security issues.
In order to gain insights into these trends, ESG surveyed 350 IT (30%) and cybersecurity (40%) decision makers, as well as application developers (30%), responsible for evaluating, purchasing, and utilizing developer-focused security products at midmarket (100 to 999 employees) and enterprise (1,000 or more employees) organizations in North America (US and Canada).
Determine the extent to which organizations incorporate security into developer workflows. Understand the challenges organizations face with faster cloud-native development lifecycles. Gain insights into what types of solutions are most effective at securing software without slowing development processes. Gauge buyer preferences for vendor solutions, how solutions are deployed, and how to reduce work across teams.
Explore new research into how security operations centers are coping with the massive scale needed to meet modern demands with this infographic, SOC Modernization and the Role of XDR.
This episode of Women in Cybersecurity features Barbie Bigelow, a veteran CIO, cybersecurity executive, board member, advisor, and investor. She is currently CEO of Emerald Growth Partners, LLC, (formerly Better Technology Partners, LLC), which she founded to help clients develop and execute strategic moves while leveraging technology to accelerate growth and increase margins. Clients have included Fortune 500 companies, startup ventures, and non-profits, and she is passionate about sharing her knowledge and increasing the number of women in leadership and board member roles.
Barbie said she got into cybersecurity out of operational necessity; after all, if there is a cybersecurity incident, it affects operations. In her first CIO role at an electronics company, she created a cyber incident response team (CIRT). Since then, she’s held roles and advised companies on how to approach cybersecurity in ways to support technological innovation and business needs.
Don’t miss her video below to learn about her story and her commitments to helping increase the number of women in leadership roles in cybersecurity.
Early in her career, Barbie held technical roles in engineering and program management. She spent 16 years as CIO for Lockheed Martin, and served in other CIO roles, gaining experience in the C-suite and leadership of professional services for companies across industries, including aerospace and defense, government agencies, manufacturing, and financial services.
I think key to my success has been those P&L (profit and loss) and operational roles. There’s really no substitute for knowing business and working with customers in the roles I’ve had. The problems aren’t that different as you move from industry to industry, but the way that maybe people approach them is a little different. And being able to leverage a best practice in a different industry into your industry is a really powerful way to get better and bring innovation into your organization.
About 10 years ago, when her company had a successful exit, she was planning on taking a break. But when some friends in the legal field needed help with a global company facing a cyber breach, she came in to help communicate with their Board of Directors and determine what needed to be done, taking on a year-and-a-half consultancy project with them. Then she launched her cyber consultancy company, working with boards advising on cyber risk and governance.
Barbie is also active in the cybersecurity community and in increasing the number of women in the field and in leadership roles. In June, leveraging other groups that she works with – Women’s Business Collaborative (WBC), and Digital Directors Network (DDN) – with sponsorship from The Gula Tech Foundation, she launched The Women Cyber Governance Collaborative with the mission to equip women board directors and executive leadership with the capability to effectively govern the real and growing risks to organizations from cyber threats. Their goal is to both increase the pipeline of highly qualified cyber savvy women and increase the number of women in executive leadership and board director positions.
It’s focused on training and advancing women in cybersecurity, technology executives, and women who are ready to go on the boards… So we teach technology executives about cyber governance and systemic risk.
Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can view past episodes and connect with us to hear more inspiring stories in future shows.
Based upon years of previous research, for most organizations, security operations are in a period of both disarray and transition. While organizations expand the development of digital transformation initiatives, cloud-native application development, and remote worker support, SOC teams continue to conduct day-to-day operations using assorted point tools, manual processes, and a shortage of staff and skills. CISOs realize this mismatch leads to an unacceptable reality of ever-increasing cyber-risk.
To address this growing security operations gap, organizations are taking numerous actions to modernize security operations, including automating processes, utilizing advanced analytics, integrating security technologies, and embracing the MITRE ATT&CK framework. In order to gain insights into these trends, ESG surveyed 376 IT and cybersecurity professionals at organizations in North America (US and Canada) personally responsible for evaluating, purchasing, and utilizing threat detection and response security products and services.
In this episode of Women in Cybersecurity, I was delighted to interview Helen Patton, an experienced CISO who literally wrote the book on Navigating the Cybersecurity Career Path and is currently CISO for the Cisco Security Business Group. I’m also a longtime follower of hers on twitter where she shares information and resources for security leaders.
Like many of us, her path to cybersecurity wasn’t exactly direct or planned; she says, it was “a series of accidents and unexpected opportunities,” where she moved from IT support, to disaster recovery, to cybersecurity. As someone who is passionate about her role and helping others, she is generous in sharing information and advice for other CISOs, as well as bringing more people into our field and helping them thrive.
Don’t miss her video below.
Helen described her background in the early ’90s with the rise of PCs, working for a consulting company installing accounting software for small businesses. She also held roles supporting infrastructure, ran a help desk and ran desktop support, network support, and basic data center support. The late ’90s came with computing worms and viruses, such as the ILOVEYOU virus, and Y2K issues. While running an infrastructure team for a software development company, she moved into creating disaster recovery (DR) and business continuity plans. Then, she moved back into consulting with JP Morgan doing DR and business continuity, and when there was an opportunity to take a job running the security team, she made the move into cybersecurity.
She said she was always a working adult, doing school part time and taking 15 years to get her undergrad degree in business administration. When she became CISO at Ohio State University (OSU), she had the opportunity to get her master’s degree in public policy, with a focus on technology policy as part of her employee benefits, and this has influenced her approach as a CISO.
As a CISO, I tend to lean more on governance risk and compliance functions more than, say, software development, although (I have a) background in tech. I geek out on security policy a lot, so I spend my hobby time keeping track of regulations, policy changes that are happening around the globe, so my education has been very influential in my career.
Helen spent 8 years at OSU, where she helped them build out their security team to support their cloud transformation. Her role included evaluating what they had and what they needed, building out the team and adding security functionality. She noted that a few years into the job, they had to get rid of some technologies she introduced years before because they had to evolve as things changed.
In higher ed, you play in many spaces, technologies, and you’re subject to regulations because we have hospitals, we’re regulated like a bank, we have PCI, so I got to play in a lot of areas.
In 2021, she joined Cisco as an advisory CISO. Moving to a security vendor gave her a new respect for how much technical expertise is needed to determine what goes into a security product. Her role at Cisco gives her the opportunity to have a global footprint, understanding industry trends across the globe and applying her experience, while helping customers.
Her advice
When you feel like you’re on top of a mountain of information, it’s easy to get overwhelmed. It’s important to 1) take time intentionally to learn something new, with self-based learning; 2) find mentors and a network as part of a security community to help you with learning or training, to have resources who can set your mind at ease that you don’t have to learn everything, or to have someone who can validate how you’re thinking; and 3) know when to say “no” to things so you can focus.
For CISOs: Be intentional about why security, why this industry, why this job, why this company, and why now, and be prepared to share it broadly—not only with your team, but with the community as a whole.
For customers: Take advantage of vendors, and partner with them to make sure you get the most out of their tools and see how you can network with their other customers.
Resources:
Helen says podcasts are a great way to learn and help you gain historical context and learn from past events. And you can listen while exercising or walking your dog—excellent for me since walking my dog is my favorite exercise! Her favorite podcasts include:
Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can view past episodes and connect with us to hear more inspiring stories in future shows.
Two recent high-profile breaches—Intercontinental Hotels Group and Uber—demonstrate the criticality of securing your identities. Both of these attacks started with a social engineering attack. One started with traditional business email compromise (BEC), and the other started with MFA push bombing. The next stage of both attacks compromised the password/secrets vault.
Examine the people, processes, and technology supporting the modernization of security operations. Identify key value points, the metrics to back up those value points, and what’s expected from both products and managed services for XDR and SOC modernization. Determine current perception and role of XDR as a component of security operations modernization efforts. Explore strategies used to automate triage, speed investigations, and help organizations find unknown threats.
Organizations are increasingly moving applications to the cloud to better serve their customers, partners, and employees. The ability to quickly deploy applications to the cloud so employees, partners, and customers can connect to companies for business transactions and services gives organizations a competitive advantage. This makes maintainingsecurity posturemore important than ever, as increasing the availability of products and services connected to company and customer data increases exposure to attacks. Cloud security posture management (CSPM) is key to mitigating security risk while enabling the use of innovative cloud technologies that drive better business results.
The need to collect and analyze data generated at edge locations is playing an increasingly important role in enabling organizations to improve quality, deliver enhanced experiences (both customer and employee), and gather deeper insights into the business. To understand how IT organizations are leveraging and optimizing their use of important edge sites, Enterprise Strategy Group surveyed IT professionals responsible for their organization’s edge computing applications, tools, policies, and procedures.
There are many different cybersecurity categories, and it seems that a new category is created every minute. If you’re paying attention to cloud security, you may have seen or heard about DSPM—data security posture management.
This episode of Women in Cybersecurity features Wendy Thomas, President and CEO of Secureworks, a leading cybersecurity company that helps its global customers build effective cybersecurity programs with innovative technology and professional services. With a mathematical background in economics and finance, she found that the field of cybersecurity provides a rewarding trifecta: the opportunity to work globally across cultures and geographies, intellectually stimulating work using innovative technology; and the ability to make a positive impact.
Her leadership includes diversity and inclusion initiatives to reflect the global markets Secureworks serves, and she is an advocate for childhood cyber literacy, starting as early as elementary schools.
Don’t miss her video below.
Wendy’s background and education was in economics and finance, with an early career in the commodities exchange business at the Chicago Board of Trade. She pointed out that she spent time in the trading pits, which are gone now thanks to disruptive technology moving into online trading. This swiftness with which technologies are replaced in the interest of speed and productivity has driven Wendy’s career to move to areas of innovation.
After she went to business school, Wendy saw a similar pattern at Bell South, where the business moved from land lines and telephone services into cellular and DSL technologies. She said the rapid pace of innovation, with the need to cannibalize and innovate, set her up well for cybersecurity.
“Cybersecurity requires the same, or even faster, pace of constant innovation to stay ahead of both the threat and the adversary,” she said.
Wendy originally joined SecureWorks to build out their finance and investor relations program to prep them for their IPO. She later became Chief Product Officer to align their product line with customer needs to invest in security to stay ahead of their adversaries.
“Cybersecurity is all about risk and return. If you think about a business trying protect assets, or individuals trying to protect their identities or their bank accounts, it’s all about how much are you willing to invest to reduce that risk and that exposure. We help customers make the right investments in security.”
Secureworks offers its Taegis XDR platform, along with managed services and vendor partnerships, to help customers build effective security strategies to keep their adversaries out.
“We take an open approach that’s vendor-inclusive. That starts with the customer…working together with existing security point products inside their infrastructure, bringing Teagis XDR to bring it all together in a world of security working together to keep customers safe and safely evolve over time,” she said.
As part of her dynamic leadership, Wendy promotes diversity and inclusivity at Secureworks with a number of initiatives and programs. In order to increase representation of women in their global workforce, she has set a goal to have women make up 50% of their global workforce and 40% of people leaders by 2030. In just the past year, they have gone from 26% to 34% women in their global workforce and have increased their amount of female people leaders from 20% to 24%. Be sure to listen to the podcast to learn about the efforts they are making to promote diversity and inclusivity among employees and suppliers, and check out their page on corporate responsibility.
Be sure to visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can view past episodes and connect with us to hear more inspiring stories in future shows.
Two recent high-profile breaches—Intercontinental Hotels Group and Uber—demonstrate the criticality of securing your identities. Both of these attacks started with a social engineering attack. One started with traditional business email compromise (BEC), and the other started with MFA push bombing. The next stage of both attacks compromised the password/secrets vault.
Organizations are increasingly moving applications to the cloud to better serve their customers, partners, and employees. The ability to quickly deploy applications to the cloud so employees, partners, and customers can connect to companies for business transactions and services gives organizations a competitive advantage. 
There are many different cybersecurity categories, and it seems that a new category is created every minute. If you’re paying attention to cloud security, you may have seen or heard about DSPM—data security posture management.