Doug Cahill

Doug Cahill

Doug is a senior analyst covering cybersecurity at ESG, drawing upon more than 25 years of industry experience across a broad range of cloud, host, and network-based products and markets.
Prior to joining ESG, Doug held executive leadership positions at security firms Threat Stack and Bit9, where he launched market leading products and forged strategic partnerships. Over the years, Doug has also served in product management, marketing, and business development roles for storage management, networking, and database vendors, and started his career in IT as a business analyst.
Doug has a B.A. from the University of Massachusetts, Amherst, and enjoys spending time in the northern New England mountains and lakes.

Recent Posts by Doug Cahill:

Five Ways to Get Started with DevSecOps

Integrating, and thus automating, security via the continuous integration and delivery (CI/CD) processes of DevOps, an approach referred to as “DevSecOps,” is a topic that had, until somewhat recently, been discussed largely only at DevOps and cloud-specific forums and events. But DevSecOps is coming of age. The ongoing adoption of DevOps by enterprise organizations, and the growing interest in bringing security along for the ride, is getting the topic a bigger stage, with DevSecOps being presented in sessions at more mainstream events such as RSA Conference, the CISO Summit at Black Hat, and VMworld. The adoption of application containers and the Kubernetes environment that orchestrates their lifecycle across the build-ship-run continuum has also been a catalyst for CI/CD integrated security. Because DevSecOps starts with a cultural shift, leverages CI/CD methods, and requires purposeful controls, it is an amorphous concept not only hard to define, but challenging to make actionable.

Topics: Cybersecurity DevSecOps

Defining a Cybersecurity Platform

Amidst the backdrop of a stated intent to relieve cybersecurity point tool fatigue by consolidating vendors, there is a lot of discussion, and confusion, around cybersecurity platforms. We’ve seen this before in both cybersecurity and other IT domains as products become features and products get aggregated into suites delivered on a platform comprised of a set of shared services.

Topics: Cybersecurity

Takeaways from the CISO Summit at Black Hat 2018

In this video, my colleague Jon Oltsik and I share some of our thoughts from the recent CISO Summit at Black Hat 2018. While respecting the event’s Chatam House Rules that require us to keep CISO comments anonymous, we have a conversation about some of the takeaways from the panels and presentations at the event on central cybersecurity topics including:

Topics: Cybersecurity

Industry Roundup: Addressing the Hybrid Cloud Security Readiness Gap

Over the last few months, some established cybersecurity brands have made strategic moves while emerging market leaders have announced compelling capabilities and initiatives. This notable level of industry activity is indicative of an acceleration of market maturity driven by a cloud security readiness gap. That is, most IT and cybersecurity teams are catching up to secure the cloud services, applications, and infrastructure, their organization is already using, and to do so, they are retooling their processes, policies, skills, and technologies.

Topics: Cybersecurity hybrid cloud

The State of Constant Change in Endpoint Security

Endpoint security is one of the most dynamic areas of cybersecurity and one that is in a state of constant change. To combat both the relatively pedestrian and more sophisticated range of attacks, most organizations, according to research conducted by the Enterprise Strategy Group, are implementing multiple compensating measures. The actions taken to improve endpoint security are across the dimensions of processes, skills, and technologies. In fact, ESG’s research reveals that 69% of organizations regularly reevaluate the effectiveness of their endpoint security strategies. Why all the attention on endpoint security? The epidemic levels of ransomware experienced in 2016 through 2017 and that are sure to extend into this year served as a catalyst for many IT and cybersecurity professionals to rethink how they secure their endpoints.

Topics: Cybersecurity

Ransomware Research Highlights (Video)

Ransomware incidents reached epidemic levels in 2016 with high profile attacks on health care organizations highlighting the operational impacts of cyber extortion by impeding the ability of some targeted organizations to deliver patient care. Cybercriminals continued to employ tried and true attack vectors and methods, principally phishing, to execute a transactional ransomware business model across multiple industries. 

Topics: Cybersecurity

Key Cybersecurity Findings from ESG’s 2018 IT Spending Intentions Research (Video)

ESG recently completed our annual IT spending intentions research in which the study gauged not only spending plans, but top of mind IT and cybersecurity considerations for economic buyers. With strengthening cybersecurity tools and process being the most important IT meta-trend, and cybersecurity the largest area of projected incremental spend, this video blog explores the dynamics that are driving cybersecurity priorities, including: 

Topics: Cybersecurity SOAPA GDPR

 2018 Cybersecurity Radar Screen (Video)

In this video blog, ESG’s cybersecurity analysts, Jon Oltsik and myself, share some of the cybersecurity developments on our radar screen that we expect to be especially relevant in 2018 including: 

  • Cloud computing chaos and how cloud services will become more prominent in addressing – and spawning – threats and vulnerabilities, including the need to better protect data resident in poorly configured AWS S3 buckets.
Topics: Cybersecurity SOAPA 2018 Predictions

S3 Security Front and Center at AWS re:Invent

Man, talk about the proverbial firehose. AWS re:Invent 2017 proved to be a wide open torrent of announcements from AWS and the partner ecosystem alike, making recap blogs such as this a bit of a mission impossible. For starters, AWS’s security announcements included:

Topics: AWS re:Invent

The Drivers of Change in Endpoint Security

I guess I still think like a product manager. In my last blog, the first of a few analyzing key findings from ESG’s recent endpoint security, I shared my take on the net-net design center for contemporary endpoint security solutions, one that serves two masters – efficacy and efficiency. The state of endpoint security can be characterized as one of constant change in which organizations are implementing compensating measures to improve both the efficacy and efficiency. But what factors are driving the “efficient efficacy” market requirement?

With respect to efficacy, ESG’s endpoint security research highlights that customers have experienced, and are concerned about, a diverse range of threats:

Topics: Cybersecurity