ESG Blogs

My colleague Rob Stretchay completed research on the challenges organizations face as their applications become more distributed across clouds. In this video, we discuss some of his findings, including how developers are spending their time – including their time remediating security issues. This is interesting to me because we've been talking about developer workflows and whether developers can take on some security processes. Developers want to focus on building software, but they care about quality, reliability, and they don’t want to waste time doing rework. Check out the video to hear us discuss the opportunity for security solutions to help.

This week I'm pleased to share my interview with Sharon Goldberg, the cofounder and CEO of BastionZero. She is also a computer science professor at Boston University. Check out our video below, and listen to the full audio interview.

This week’s featured guest in our Women in Cybersecurity video series is Caroline Wong. Caroline is a book author who is active in the security community, sharing her experiences and learnings from her cybersecurity leadership roles at companies such as eBay and Zynga. She is the Chief Strategy Officer at Cobalt, a company that gives clients access to pen testers through their Pen Testing as a Service (PtaaS) platform. In her interview with ESG Sr. Analyst Melinda Marks, Caroline shares her experiences in her career in cybersecurity, as well as her advice around team culture and diversity in the workplace.

We’re excited to highlight Elizabeth Gossell for our second Women in Cybersecurity interview. Liz is the Principal Security Analyst for Danaher Corporation, a global science and technology conglomerate with subsidiaries operating across different market segments, including life sciences, diagnostics, and water. The company is no stranger to mergers and acquisitions, as it acquires roughly 10 companies each year. In this video interview, Liz speaks with ESG Sr. Analyst Melinda Marks about the evolving security challenges that come with M&A efforts, scaling, and sprawl, such as maintaining security consistency across all the organizations, and working quickly to secure new acquisitions.

In our very first interview, we’re proud to spotlight Vandana Verma Sehgal. Vandana is the Chair of the Board of Directors for the OWASP (Open Web Application Security Project) Foundation. The non-profit foundation works to improve application security, organizing projects, tools, documents, forums, and chapters all over the world. Vandana is also passionate about initiatives to bring more diversity to cybersecurity.

With the move to modern software development, we’ve been talking about shifting security responsibilities left to developers so that security is not a bottleneck. But do developers care about security? Watch this video with me and my colleague Rob Strechay to learn about how developers think about security, what kinds of tools are available from cloud security providers, and how security vendors are working with the cloud providers to secure cloud-native applications.

Developers are increasingly using infrastructure as code (IaC), such as Terraform and CloudFormation, to provision their own cloud infrastructure for faster development cycles. As IaC brings unprecedented ease and speed for self-service infrastructure provisioning, there is a high chance for mistakes and misconfigurations as development teams grow. 

When April Fool’s Day comes around each year, it’s human nature to be a little more on-edge than usual. Your guard is up, and you can’t completely trust anyone (even your closest friends and family). So, for the whole day, you take extra precautions, carefully opening the present your friend just “wanted to drop by,” and not believing there’s “cake in the break room” until it’s fact checked. While it’s fun to dedicate one day per year to April Fool’s Day, organizations of all industries must take these precautions… every day of the year. Cyber criminals are looking for a way to break through security defenses 24/7/365, so organizations must also remain on the clock, working to protect their most critical assets. But when it comes to cyberattacks and protecting your data, the stakes are much higher than whether the cake in the break room is real or not.

Nearly two-thirds of respondents to the 2022 Technology Spending Intentions Survey from Enterprise Strategy Group (ESG), a division of TechTarget, plan to increase spending on cloud application security in the next year. Startups are scoring record-setting funding rounds and valuations, while established vendors are announcing acquisitions and integrations to secure cloud applications throughout the software development lifecycle.

Check out the latest episode of The Bigger Truth. 

This week, I share my thoughts on the following enterprise technology news stories:

Cybersecurity investments surge in 2021 as VCs go all in: