From startups to large companies, cyber-awareness is fundamental to a modern business’ success. To gain an insight into these issues, Digital Journal spoke with Brittany Greenfield, a Boston-based founder of Wabbi, a continuous security platform. As a woman leading the cybersecurity industry Greenfield is committed to paving the way for future generations through her forward-thinking leadership.
DE&I is still lip service
According to Greenfield: “The pandemic unfortunately proved how much investment in DE&I was lip service. It would be hard for anybody to say they’re satisfied with the status quo regarding women in STEM — and as an extrapolation of that, the tech industry. Ensuring we close the gap on all underrepresented demographics in tech, not just women, is critical to not just improving corporate performance through diversity, but also driving social change.”
She adds: “There’s a particular “outsiderness” to cybersecurity in particular, where some believe they don’t have the skills to be involved. There is a lot of opportunity out there that we’re not capitalizing on as an industry and, while I think we’ll see more concerted efforts to increase diversity in the year ahead, there will still be a long road ahead.”
Security will get leadership buy-in
Greenfield sees the cybersecurity leadership making progress within the business structure: “Security is inching its way up from the kid’s table and will have a larger seat within organizations’ top levels. In 2022, security will extend beyond the cyber risk box and be considered as part of overall business risk. Different organizations have different risks to be accounted for, which means security must be aligned to business strategies and priorities in order to dynamically respond. While some have embraced the continuous security mindset, business leaders in the next year will actually execute on processes that continuously balance security, technical and business priorities to ensure they are maintaining their focus on what matters most: delivering value to customers and shareholders.”
We’ll take a holistic approach to DevSecOps
Building security into DevOps will be the next step forwards, says Greenfield. As she explains: “2022 is the year we’ll take a holistic, process-based approach to implementing security into DevOps. We’ve been doing the same DevSecOps dance for the last five years, and while there has been some cultural transformation, organizations keep adding to the DevSecOps hairball that results from too many tools and no real process. The adoption of cloud and hybrid environments at the onset of the pandemic introduced efficiency and the ability to answer questions quickly, but security is still a lacking part of the conversation and is a necessity to reduce overall business risk. In the coming year, we’ll see organizations focus more on finding a process based way to continue increasing this efficiency and pull real-time insights from the DevSecOps hairball in a way that truly benefits the business.”
Supply chain security is the new frontier
2021 has been beset with supply chain shortages. This makes the supply chain an important focal point for the year ahead. According to Greenfield: “Supply chain security will be in the spotlight in 2022. There’s a misconceived notion with 90% of today’s software leveraging shared components, that just making those more secure will improve everybody’s security posture. Different organizations might have different concerns about what constitutes cybersecurity risk and will need to identify the context for what risk means to their organization. Companies will spend more time re-evaluating their application security programs as being about more than just vulnerability management, but rather everything that touches the application, from the code to configurations to the humans that use the applications.”
Government will drive security in private and public sectors
The moves by the Biden Administration show that the government is moving from a passive to a more active role. As Greenfield explains: “Following a wave of high-profile cyberattacks in the U.S., the current Administration has emphasized the importance of cybersecurity and has invested in combating future cyber threats across industries. While recent executive orders and regulations have been in the works for quite some time, we’ll start to see companies really take to heart these recommendations and requirements in 2022 as they’ve had a chance to digest and strategize. Software and security are living and breathing things, so it’s not just one-time that you need to check that your application is up to security standards. It needs to be continuously monitored and authorized. This does not change whether you are a commercial or a government enterprise.”
We’ll start to see impacts of recently adopted technologies
All too often new technologies are promised but they do not deliver. Greenfield sees this as something that is about to change: “Cybersecurity operates in shorter cycles than other technologies because of its inherent responsive and predictive nature. With all of the tools that have come to market in the last 3-4 years, we’re about to see a wave in which organizations are finally able to transform data from their tools into meaningful action for stakeholders. This will put technologies like low-code/no-code in the spotlight as organizations get a better grip on their tech adoption in a way that enables their employees to more efficiently do their jobs.”