Follow Mark on LinkedIn Follow @marknca on Twitter Follow marknca on YouTube
marknca

Mornings With Mark
no. // 0 0 0 7

The Cybersecurity Industry

Subscribe to the podcast.

Watch the episode here

Join the discussion on LinkedIn

Tweet about this episode

Full machine generated transcript follows

Everybody how you doing today in this episode of the show. I want to talk about the state of the cyber security industry. Now, I just got back a little bit early from RSA a 2019 in San Francisco. And as always this is sort of the events in North America around cybersecurity.

It was no exception this year 40,000 people on site on mosconi on North South and West was just bustling have tons of stuff going on fantastic talks break Keynotes interesting exhibition floor and lots of great people for a hallway con. I'm so to meet friends to meet people in the community and it was really really exciting as a lot of energy and fuzz around it.

But I wanted to talk about specifically the perspective. Somebody would have knew coming into this. I'm so kavya. I work for Trend Micro in the vice president of cloud research and Trend Micro was a sponsor of the show and an exhibitor on the floor and I'm so obviously, you know, I have that View in my head as well.

But I sort of always try to put somebody else's perspective on when I'm doing this research and I'm going around the exhibition for to see through the state of marketing and the state of positioning and messaging around the industry. So not call anybody in particular out and there were fantastic examples of great honest pragmatic marketing of here's a really good solution for X, but if it's for wide don't bother and all the way through to the snake oily if you hit this button, you will have Rainicorn rainicorn's rainicorn's the combination of unicorns and rainbows all-in-one and solve all of your problems, which I'm going to TM that that's a fantastic thing at do rainicorn's on but that's the point is he goes all the way through to realistic affirm realistic all the way to Crazy outlandish, you know, people trying to Garner your attention and that's understandable because there is a disconnect between marketing and the actual product and you hope that marketing good marketing is just positioning that product of the problem in the light that best suits it vs.

Out right now, you know bombastic claims are things that Can't back up. Now. There was 740 exhibitors on the floor. I say which is crazy. So that alone would be utterly overwhelming for somebody coming at it and actually visiting the show, so I didn't want to try to put that perspective in my head.

What I wanted to do was use this is an easy way to see the entire field or a vast majority the field to get a representative sample and what I found if I put sort of like a c i o r a c t o r a c e o s a cap on trying to understand cybersecurity from the end of Industry point of view.

It's crazy hard. Like wow, it was really difficult to wrap your head around because a lot of the claims were this one thing is the most important deception is the number one technology you need to do to be deploying to the cloud is full of threats and fear and you really shouldn't be going there.

But if you are our product will help you get there and all this messaging I understand, you know, the business aspect of it. You're trying to get people in interested to have a conversation. Hopefully have a product fit for that customer. Makes it really really difficult for people to prioritize what they actually should be doing and for me, that's the basics.

That's the fundamentals. I had a fantastic conversation on a podcast episode actually prevents in the bay on which will be coming out soon and I'll link to that on all my social channels when it comes out cuz this is a great guy really knows his stuff and we had a really really fun chat and one of the things that came up in that discussion was around.

Okay, like what's a cool new tech? What do you need to be doing and I went back again to it's What I truly and firmly believe is that you need to cover the basics. You absolutely need to cover the basics, but you're not going to see that at all who live in this representation of the industry because it's all on The Cutting Edge and I get it that's where I Innovation going to happen.

That's where I'm in the business of running a cybersecurity business can be extremely exciting as we can get a lot of VC investment. You can make a lot of money from that way, but does it actually help? Organizations defend themselves and that's a real question. That's a legitimate question.

So if you had money to buy one product, what would that product be as a CIO or as a c so what was the one thing that could do the most bang for your buck? And that's a really hard thing to answer but if you walk around the floor and you see all these marketing claims several people are going to be offering you that answer and of course, it's probably not the right one.

So there's no real. I'm not driving in any particular Point here, which is hope he's bad for a video, but I just I was honestly surprised at you know, if I kind of blank my mind and got rid of security Mark and just said, okay if I'm coming at this fresh eyes trying to get a handle and you know represented this expo hall would be a bunch of Googling to check out all these different companies.

What's going on, you know what truly will add value to the defense of an organization for me. It's really all about nailing the fundamentals and nailing the basics and then working your way up the ladder. So if your dewpoint really Advanced crazy cutting-edge stuff, you better have the basics covered off and that's not the case.

I know that from real me going out and talking to organizations around the world. A lot of the time these companies these teams are investing where they're not going to get the biggest return on their in on their dollar. Now the products are going to do what they bought them to do.

But my point and I guess the thing I wanted to race here was is that the most effective thing you can be doing for your organization and time again that time again over my 25-plus your career. It snow you got to start with the fundamentals. They're boring their dull they're difficult to sell people on because you go through in that, you know you up to the board for funding and then like, what do you want finding for any like I want funding for two extra operational people to make sure that we've got monitoring adequately or I want funding a for developers to go in a few code quality training that stuff doesn't sound nearly as cool as I'm going to buy a cyber deception box.

I'm or I'm going to deploy this security platform that is built with a I from the ground up and it's not that those Technologies aren't valid in aren't useful in art a smart investment, but they're smart investment further down the maturity chain and I think if anything that's the number one thing I see is people overestimate their cybersecurity maturity level within the organization and invest based on their perception of their maturity level not the actual reality of it.

So folks like myself Educators was in the space. I think we have a lot more work to do to get out there. I'm and particularly for me along the cloud line the amount of claims. I fundamentally and strongly disagree with that. I saw this week around cloud and the security of the cloud.

Or astonishing a man for me that I took that as a bit of a personal foul that. That people still feel that they can do that kind of a claim that the cloud is less secure than your on-premise environment that you need all the security layering tools on top of instead of a smart automated approach.

I took that as a failure on my part to not educate wide enough and Broad enough and to get the message out there of how to do strong fundamentals in the cloud. So that is something I will be doubling down on in the next few weeks and months and hitting those Basics again and again and showing people and getting them on that point of view that cloud security is a I can be a much more secure environment for you because you're working with your cloud provider and who should be top-notch world-class security service on one of the big three you're already ahead of the game, but it's in his new environment.

It is baby steps as far as teaching people again and again again, but I think it's an industry as a whole. We need to understand that we're over complicating things. We need to help people understand the basics and help them grass where they were We are also that is the thought for today.

What are your experiences? What do you think about this? Let me know. Hit me up Mark and see a comment down below and is always by email me at Markin. CA. I look forward to the discussion and we'll see you on the next show. Everybody how you doing today in this episode of the show.

I want to talk about the state of the cyber security industry. Now, I just got back a little bit early from RSA a 2019 in San Francisco. And as always this is sort of the events in North America around cybersecurity. It was no exception this year 40,000 people on site on mosconi on North South and West was just bustling have tons of stuff going on fantastic talks break Keynotes interesting exhibition floor and lots of great people for a hallway con.

I'm so to meet friends to meet people in the community and it was really really exciting as a lot of energy and fuzz around it. But I wanted to talk about specifically the perspective. Somebody would have knew coming into this. I'm so kavya. I work for Trend Micro in the vice president of cloud research and Trend Micro was a sponsor of the show and an exhibitor on the floor and I'm so obviously, you know, I have that View in my head as well.

But I sort of always try to put somebody else's perspective on when I'm doing this research and I'm going around the exhibition for to see through the state of marketing and the state of positioning and messaging around the industry. So not call anybody in particular out and there were fantastic examples of great honest pragmatic marketing of here's a really good solution for X, but if it's for wide don't bother and all the way through to the snake oily if you hit this button, you will have Rainicorn rainicorn's rainicorn's the combination of unicorns and rainbows all-in-one and solve all of your problems, which I'm going to TM that that's a fantastic thing at do rainicorn's on but that's the point is he goes all the way through to realistic affirm realistic all the way to Crazy outlandish, you know, people trying to Garner your attention and that's understandable because there is a disconnect between marketing and the actual product and you hope that marketing good marketing is just positioning that product of the problem in the light that best suits it vs.

Out right now, you know bombastic claims are things that Can't back up. Now. There was 740 exhibitors on the floor. I say which is crazy. So that alone would be utterly overwhelming for somebody coming at it and actually visiting the show, so I didn't want to try to put that perspective in my head.

What I wanted to do was use this is an easy way to see the entire field or a vast majority the field to get a representative sample and what I found if I put sort of like a c i o r a c t o r a c e o s a cap on trying to understand cybersecurity from the end of Industry point of view.

It's crazy hard. Like wow, it was really difficult to wrap your head around because a lot of the claims were this one thing is the most important deception is the number one technology you need to do to be deploying to the cloud is full of threats and fear and you really shouldn't be going there.

But if you are our product will help you get there and all this messaging I understand, you know, the business aspect of it. You're trying to get people in interested to have a conversation. Hopefully have a product fit for that customer. Makes it really really difficult for people to prioritize what they actually should be doing and for me, that's the basics.

That's the fundamentals. I had a fantastic conversation on a podcast episode actually prevents in the bay on which will be coming out soon and I'll link to that on all my social channels when it comes out cuz this is a great guy really knows his stuff and we had a really really fun chat and one of the things that came up in that discussion was around.

Okay, like what's a cool new tech? What do you need to be doing and I went back again to it's What I truly and firmly believe is that you need to cover the basics. You absolutely need to cover the basics, but you're not going to see that at all who live in this representation of the industry because it's all on The Cutting Edge and I get it that's where I Innovation going to happen.

That's where I'm in the business of running a cybersecurity business can be extremely exciting as we can get a lot of VC investment. You can make a lot of money from that way, but does it actually help? Organizations defend themselves and that's a real question. That's a legitimate question.

So if you had money to buy one product, what would that product be as a CIO or as a c so what was the one thing that could do the most bang for your buck? And that's a really hard thing to answer but if you walk around the floor and you see all these marketing claims several people are going to be offering you that answer and of course, it's probably not the right one.

So there's no real. I'm not driving in any particular Point here, which is hope he's bad for a video, but I just I was honestly surprised at you know, if I kind of blank my mind and got rid of security Mark and just said, okay if I'm coming at this fresh eyes trying to get a handle and you know represented this expo hall would be a bunch of Googling to check out all these different companies.

What's going on, you know what truly will add value to the defense of an organization for me. It's really all about nailing the fundamentals and nailing the basics and then working your way up the ladder. So if your dewpoint really Advanced crazy cutting-edge stuff, you better have the basics covered off and that's not the case.

I know that from real me going out and talking to organizations around the world. A lot of the time these companies these teams are investing where they're not going to get the biggest return on their in on their dollar. Now the products are going to do what they bought them to do.

But my point and I guess the thing I wanted to race here was is that the most effective thing you can be doing for your organization and time again that time again over my 25-plus your career. It snow you got to start with the fundamentals. They're boring their dull they're difficult to sell people on because you go through in that, you know you up to the board for funding and then like, what do you want finding for any like I want funding for two extra operational people to make sure that we've got monitoring adequately or I want funding a for developers to go in a few code quality training that stuff doesn't sound nearly as cool as I'm going to buy a cyber deception box.

I'm or I'm going to deploy this security platform that is built with a I from the ground up and it's not that those Technologies aren't valid in aren't useful in art a smart investment, but they're smart investment further down the maturity chain and I think if anything that's the number one thing I see is people overestimate their cybersecurity maturity level within the organization and invest based on their perception of their maturity level not the actual reality of it.

So folks like myself Educators was in the space. I think we have a lot more work to do to get out there. I'm and particularly for me along the cloud line the amount of claims. I fundamentally and strongly disagree with that. I saw this week around cloud and the security of the cloud.

Or astonishing a man for me that I took that as a bit of a personal foul that. That people still feel that they can do that kind of a claim that the cloud is less secure than your on-premise environment that you need all the security layering tools on top of instead of a smart automated approach.

I took that as a failure on my part to not educate wide enough and Broad enough and to get the message out there of how to do strong fundamentals in the cloud. So that is something I will be doubling down on in the next few weeks and months and hitting those Basics again and again and showing people and getting them on that point of view that cloud security is a I can be a much more secure environment for you because you're working with your cloud provider and who should be top-notch world-class security service on one of the big three you're already ahead of the game, but it's in his new environment.

It is baby steps as far as teaching people again and again again, but I think it's an industry as a whole. We need to understand that we're over complicating things. We need to help people understand the basics and help them grass where they were We are also that is the thought for today.

What are your experiences? What do you think about this? Let me know. Hit me up Mark and see a comment down below and is always by email me at Markin. CA. I look forward to the discussion and we'll see you on the next show.