Acquisition & Diversification Time for Cyber is Here

 Times are a changing, Bob Dylan said...

Look for acquisitions in this economic malaise, as well as entering new markets, to be the march of the Cyber/software orgs in the Fortune 1000....

More to come shortly...

GitOps, DevSecOps, & AppSec

 As GitHub & GitLeaks rollout additional functionality more orgs will rely upon those offerings for traditional one-off DevSecOps/AppSec solutions (SAST, SCA, IAST).

Furthermore, CSP (PaaS) offerings will certainly eat into on-prem/subscription models as well. 

So, expect consolidation/divestitures for AppSec tool vendors in the near future.    

Cyber Needs to Walk the Walk

 Cyber orgs need to embrace the same governance they advocate/demand for IT/Ops/Dev tms.  You have to do things right & hold yourself accountable...

Personal Loss & Professional Perservance in Cyber

My dad succumbed to COVID-19 a year ago today on 4/1/2020.  He had other health challenges; however, Coronavirus was his last great fight.  I lost my mom 10 months before him to cancer on 6/1/2019.  They were together for 50+ years....

My folks instilled in me both a work ethic & a sense of pride to persevere in hard times, as well as how to make the most out of this life.  I miss them, very much...

As a Cyber professional, I feel that sometimes our work may be both unforgiving and thankless; but it is our chosen profession, and speaking for myself, our calling.  While people may not always understand our actions/reasoning; ultimately, if your heart & head are in the right place, they will give you the benefit of the doubt.

So keep fighting the good fight, for we are doing good....

 

Third-party Governance for DevSecOps

For orgs that rely heavily upon outsourced development/technical resources (IT Outsourcing: ITO), it's important to ensure that contracts include covenants for the vendor to provide cyber (security) education, training & awareness (SETA).

Furthermore, a right to audit clause should be included as well that allows for the client to review SETA content, as well as attendance & scoring.    

Why are big data tools so darn expensive...?

 As we build out our web endpoint security scorecard (WESSy) I am in awe of the price points I see for data tools.

I get that these are enterprise-level tools; however, for smaller shops (like mine) that need this functionality it comes off as cost prohibitive.