Melinda Marks
Senior Analyst Melinda Marks covers application and cloud security at ESG, helping organizations scale safely while adopting faster cloud-native development cycles. Her coverage area includes cloud-native application protection platforms, cloud workload protection, cloud security posture management, DevSecOps, and application security, including web application security testing (SAST, DAST, IAST, SCA) and API security.
With more than 20 years of experience in tech marketing and strategy, Melinda is passionate about conveying product value and differentiation and driving revenue. Most recently, she was chief marketing and strategy officer for Soluble, a startup focused on automating application security testing for developers. She was also VP of Marketing at Armorblox, VP of Marketing at Styra, and head of marketing for StackRox (acquired by Red Hat). Her experience includes running competitive/market intelligence and product marketing teams at Tenable and running global communications for four years at Qualys. She also spent many years at VMware, where she built its original customer reference program, led product PR, and was on the core VMworld planning team since the first VMworld.
Melinda is a Synopsys Outreach Foundation board member. She has a bachelor’s degree in English from U.C. Berkeley.
My colleague Rob Stretchay completed research on the challenges organizations face as their applications become more distributed across clouds. In this video, we discuss some of his findings, including how developers are spending their time – including their time remediating security issues. This is interesting to me because we've been talking about developer workflows and whether developers can take on some security processes. Developers want to focus on building software, but they care about quality, reliability, and they don’t want to waste time doing rework. Check out the video to hear us discuss the opportunity for security solutions to help.
This week I'm pleased to share my interview with Sharon Goldberg, the cofounder and CEO of BastionZero. She is also a computer science professor at Boston University. Check out our video below, and listen to the full audio interview.
In our very first interview, we’re proud to spotlight Vandana Verma Sehgal. Vandana is the Chair of the Board of Directors for the OWASP (Open Web Application Security Project) Foundation. The non-profit foundation works to improve application security, organizing projects, tools, documents, forums, and chapters all over the world. Vandana is also passionate about initiatives to bring more diversity to cybersecurity.
This month as we observe Women’s History Month to celebrate the vital role of women in history, I’m excited to kick off our new series on Women in Cybersecurity. I’m excited about this program to connect women in the industry, and to spotlight their stories, with the hope to increase representation and encourage women in the field.
With the move to modern software development, we’ve been talking about shifting security responsibilities left to developers so that security is not a bottleneck. But do developers care about security? Watch this video with me and my colleague Rob Strechay to learn about how developers think about security, what kinds of tools are available from cloud security providers, and how security vendors are working with the cloud providers to secure cloud-native applications.
Developers are increasingly using infrastructure as code (IaC), such as Terraform and CloudFormation, to provision their own cloud infrastructure for faster development cycles. As IaC brings unprecedented ease and speed for self-service infrastructure provisioning, there is a high chance for mistakes and misconfigurations as development teams grow.
Nearly two-thirds of respondents to the 2022 Technology Spending Intentions Survey from Enterprise Strategy Group (ESG), a division of TechTarget, plan to increase spending on cloud application security in the next year. Startups are scoring record-setting funding rounds and valuations, while established vendors are announcing acquisitions and integrations to secure cloud applications throughout the software development lifecycle.
I’ve always made it a priority to choose roles where I can make the biggest impact, and where I can learn and grow. It hasn’t been a clear path (as Sheryl Sandberg would say, it’s not a ladder, it’s a jungle gym), but I can confidently say it’s led me to fulfilling roles.
In this blog post, I’ll share a bit about my background, and then describe why I’m thrilled to join ESG to cover cloud-native and application security – a rapidly evolving and dynamic space.