Last week’s RSA Conference was an orgy of security innovation and industry hyperbole. While this will only make things more confusing for security professionals, they seem to be moving ahead with strategies for security technology consolidation, integration, and a migration to multi-product security platforms.
Cybersecurity & Networking
-
-
This week I flew to Nashville, TN to participate in ExtremeConnect 22 customer event. Despite Covid flare ups here and there, this event was very well attended – in fact it was sold out.This was my second in-person event of 2022 and it is great to be back, as everyone gets so much more out of these events when together, and not just the ability to attend keynotes to feel the energy in the room, but the ability to attend training sessions, the opportunity for impromptu hallway meetings, getting access to executives and engineering talent, and the ability to interact socially with your peers.
-
ESG conducted a comprehensive online survey of IT professionals from private- and public-sector organizations in North America (United States and Canada), Western Europe, Central/South America, Africa, Asia, and Australia between December 20, 2021 and December 31, 2021. To qualify for this survey, respondents were required to be information security managers, chief information officers, IT senior executives, IT managers/directors, or general IT staff responsible for information security and other comparable titles.
This Complete Survey Results presentation focuses on cybersecurity technology purchase trends, including the current threat landscape’s impact on strategies and subsequent buying decisions, efforts to consolidate vendors and products, the appetite for cybersecurity platforms, and cybersecurity process integration with DevOps practices.
-
Forgive me for the blatant cheesiness of the title, but in this case, using the term hacking is sort of relevant…bear with me…
No doubt that working in cybersecurity is really THE thing to do right now. The opportunities seem endless. But exactly what paths can you pursue when entering a field that is constantly evolving?
I had the opportunity to discuss one path with Gisela Hinojosa, a pentester at Cobalt. For those not in the know – like me – I thought…huh? Pentesting? Perhaps a simple, albeit naïve, way of understanding what is pentesting (or penetration testing) could be hacking. As a pentester, you attempt to expose potential security vulnerabilities. Basically, you are hacking for legitimate reasons.
As you will hear during our conversation, Gisela worked in software testing before she uncovered this specific path. As she was exploring different options, her husband asked what she always wanted to do. She replied that she wanted to hack, but who would pay her to do that? Turns out that companies do to bolster their security posture before any bad actors have the chance.
What exactly does it take to find a pentesting position? Watch this video and find out what worked for Gisela.
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Gisela, view past episodes, and join us to hear more inspiring stories in future shows.
-
This episode of Women in Cybersecurity showcases Brittany Greenfield, the founder and CEO of Wabbi. While Brittany started her career with a degree in biotechnology, working in business process and marketing roles, she turned her focus to cybersecurity, knowing how critical it is in the fabric of technology. Today she leads a company integrating security into software development. Check out our video below.
Growing up in Washington D.C., Brittany had an impression of cybersecurity as how agencies protected the country against foreign enemies. She went to Duke University earning a self-designed interdisciplinary degree in biotechnology, spanning economics, entrepreneurship, public policy, and medical sciences. From there, she spent the first part of her career in the ERP space, and later earned an MBA from MIT Sloane School of Management.
She turned to cybersecurity when she took a role at Cisco helping them build their Internet of Things (IoT) platform.
You can’t talk IoT and not talk cyber. I realized cyber is such a fundamental piece of the digital fabric that powers our lives today, I need to get into it.
She got into the endpoint space, and became frustrated that too many solutions focused on perimeter security, when she felt that the problems need to be solved within. From there, she decided to found Wabbi to help developers efficiently incorporate security into their processes, getting the right security information to developers at the right time.
Tune in to the video, and don’t miss the full podcast, as we discuss key issues, including why women make good leaders. Also, since Wabbi is in my coverage area of cloud and application security, we discuss some of the challenges for organizations trying to scale their security programs with the speed of modern software development.
Learn more about her company Wabbi, and if you’re heading to RSA next week, visit their booth and get a demo! You can also follow her on twitter.
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Brittany, view past episodes, and join us to hear more inspiring stories in future shows.
-
ESG conducted a comprehensive online survey of IT and cybersecurity professionals from private- and public-sector organizations in North America (United States and Canada) between December 14, 2021 and December 28, 2021. To qualify for this survey, respondents were required to be IT and cybersecurity professionals focusing on identity and access management programs, projects, processes, solutions/platforms, and services.
This Complete Survey Results presentation focuses how organizations are currently monitoring and protecting identities in terms of the breadth of identity products, platforms, and technologies supporting current business operations, as well as how that is expected to evolve over time.
-
Enterprise Strategy Group’s annual technology spending intentions report for 2022 surveyed 706 senior IT decision-makers at midmarket (i.e., 100 to 999 employees) and enterprise (i.e., 1,000 or more employees) organizations across North America, Western Europe and Asia Pacific. From an overall perspective, the good news is that 62% of organizations plan to increase overall IT spending. As part of that research, respondents with purchasing influence or authority for networking products and services were asked about their organization’s spending plans in this area over the next 12 months. The data indicates that 52% are expected to maintain the prior year’s budget levels and 43% will increase spending. Only 5% will shrink their networking budget.
Given that modern IT environments are highly distributed and complex, ESG also asked respondents to identify the areas where their organization would make the most significant investments in its network infrastructure over the next 12 to 18 months.More than one-third (38%) of organizations will provide additional training to their networking staff on modern IT operations best practices; 36% will deploy cloud-based network management solutions; and 35% will deploy AI/ML for network self-healing and optimization capabilities. The responses largely confirm the demand for technologies highlighted in a 2021 ESG research report on network modernization.
As organizations modernize their IT and application environments, they recognize that doing so requires training network staff to ensure the network can support these new IT operations and best practices. The faster growth of closely related IT priorities — many driven by post-COVID-19 hybrid work environments — including cybersecurity and distributing applications to the cloud or edge, suggests that network infrastructure will continue to play a vital role in enabling these environments.
-
The core tenet of a zero trust strategy is least-privilege access. Yet, organizations continue to rely on user and machine identities that are susceptible to compromise, abuse/misuse, and theft. Risk is compounded by over-permissive, static access rights that provide little to no visibility into who and what is using access and how. Vaguer is how identities are being/should be monitored and protected. Availability of modern, cloud-managed identity services is widespread. Yet organizations have been slow to pivot their security programs from traditional endpoint, network, and SecOps to an approach that focuses on identity orchestration and experiences, which is dynamic and distributed. Where there are no perimeters, a multitude of identity verification services and managed identity services exist.
In order to gain insights into these trends, ESG surveyed 488 IT and cybersecurity professionals personally responsible for identity and access management programs, projects, processes, solutions/platforms, and services at large midmarket (500 to 999 employees) and enterprise (1,000 or more employees) organizations in North America (US and Canada).
-
My colleague Rob Stretchay completed research on the challenges organizations face as their applications become more distributed across clouds. In this video, we discuss some of his findings, including how developers are spending their time – including their time remediating security issues. This is interesting to me because we’ve been talking about developer workflows and whether developers can take on some security processes. Developers want to focus on building software, but they care about quality, reliability, and they don’t want to waste time doing rework. Check out the video to hear us discuss the opportunity for security solutions to help.
Watch the video below, and be sure to check out the new research: Distributed Cloud Series: Observability Trends.
-
This week I’m pleased to share my interview with Sharon Goldberg, the cofounder and CEO of BastionZero. She is also a computer science professor at Boston University. Check out our video below.
After graduating with a degree in electrical engineering from the University of Toronto, Sharon started her career as a telecom engineer at a power company building communications systems for its different power stations. After a few months, she was bored so she applied and got accepted to grad school at Princeton University, where she joined a team using lasers to encrypt communications. She took a course in cryptography and got hooked, moving more into computer science and internet security, earning her PhD in applied cryptography and network security.
At the end of her PhD, she says she took the typical route of becoming a professor. Once she had tenure, she had more freedom to work on what she wanted, and realized she wanted to build something that people could use, instead of just doing the research and publishing a paper, and moving on to other research.
So she started BastionZero to help organizations better manage remote access. It’s built around the concept of cryptography, and it was something she worked on along with her cofounder, Ethan Heilman, for the past decade.
“There’s an opportunity to change the way the market actually does remote access…to not have a single route of trust that controls the access but to have multiple routes of trust that control the access…So if there is a compromise, the security of your system doesn’t fall apart.”
While leading her company, Sharon continues to teach cybersecurity. “When you teach, you can’t just stand there and teach stale stuff. When you teach, you teach on a broad set of topics…When you talk to students and see how they are absorbing the material, it’s an incredible privilege.”
She says she’s seen progress with women in tech and cybersecurity. She recalls how when she started out, in the early 2000s, women in tech had to prove themselves and were often underestimated. “You always sort of assumed that no one was going to take you seriously and you were just going to show them…a lot of women who got through that era had that kind of attitude. I’ll just show you, you’re underestimating me. Then you go off and do something really hard…I think women who are starting out now are more surprised when they aren’t taken seriously, which is progress.”
Her advice: if someone underestimates you, don’t take it seriously, it’s their problem. Build a strong network and support system; find people who you click with and who understand your problem area to help you deal with any issues with fear or inadequacy when you start something new.
She also says things happen fast in this industry. She uses social media as a tool to connect with people and learn from how much information is shared in the cybersecurity community.
Check out Sharon’s company BastionZero to learn more. If you’re heading to RSA in a few weeks, you can root for her in the Innovation Sandbox competition where BastionZero is a finalist! You can also follow her on twitter.
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Sharon, view past episodes, and join us to hear more inspiring stories in future shows.
-
This week’s featured guest in our Women in Cybersecurity video series is Caroline Wong. Caroline is a book author who is active in the security community, sharing her experiences and learnings from her cybersecurity leadership roles at companies such as eBay and Zynga. She is the Chief Strategy Officer at Cobalt, a company that gives clients access to pen testers through their Pen Testing as a Service (PtaaS) platform. In her interview with ESG Sr. Analyst Melinda Marks, Caroline shares her experiences in her career in cybersecurity, as well as her advice around team culture and diversity in the workplace.
Throughout her career journey, which started with an internship in IT project management for the security engineering team at eBay, Caroline explored roles across different business functions, such as engineering, product management, and management consulting, giving her a broad perspective. In her current role as Chief Strategy Officer at Cobalt, she oversees the security, IT, HR, and talent acquisition teams and plans for the future of the company.
Caroline approaches work with a “get things done” mentality and an eagerness to work with people who she likes and respects and who like and respect her. “The thing about security is that it is a team effort…the only way to get actually good security is to involve a lot of people,” says Caroline. She believes that building diverse teams will bring us closer to solving the challenges we face today in security.
In this interview, Caroline also talks about overcoming toxic work environments, work-life and family balance, resilience, and trusting our future selves to overcome these challenges. She believes, “When folks are valued and accepted, they’re going to do better work. I think that’s a natural outcome.” She enjoys working in a team in which she can bring her whole self to the table and be valued for it.
Caroline shares her expertise with others through LinkedIn Learning courses, a feature on CBS, as well as her books: one on security metrics that she dedicated to her original mentor at eBay and one on PtaaS. She notes, “It’s a passion area for me to take concepts that historically have been explained in complicated ways and just try to make them accessible.”
You can find her resources here:
Please visit Enterprise Strategy Group’s Women in Cybersecurity page, where you can also find a link to the full audio interview with Caroline, view past episodes, and join us to hear more inspiring stories in future shows!
-
Cloud adoption is ubiquitous, and many organizations have adopted a cloud-first deployment policy. However, organizations continue to use on-premises infrastructure. Thus, the new normal IT infrastructure is hybrid multi-cloud. In such an environment, the perimeter becomes amorphous and dynamic, changing rapidly as organizations spin up new applications.Unfortunately, one-third of respondents to “The State of Data Privacy and Compliance” research survey said they have lost cloud-resident data. More concerning is that an additional 28% of organizations suspect they have lost cloud-resident data but don’t know for sure because they lack data observability. Read my blog, Data security requires DLP platform convergence, to learn more.
This week I flew to Nashville, TN to participate in ExtremeConnect 22 customer event. Despite Covid flare ups here and there, this event was very well attended – in fact it was sold out.
Given that modern IT environments are highly distributed and complex, ESG also asked respondents to identify the areas where their organization would make the most significant investments in its network infrastructure over the next 12 to 18 months.
Cloud adoption is ubiquitous, and many organizations have adopted a cloud-first deployment policy. However, organizations continue to use on-premises infrastructure. Thus, the new normal IT infrastructure is hybrid multi-cloud. In such an environment, the perimeter becomes amorphous and dynamic, changing rapidly as organizations spin up new applications.