Team Wabbi
March 18, 2024
Brittany Greenfield, Founder & CEO of Wabbi, joins The CTO Show with Mehmet host Mehmet to discuss the evolving challenges of cybersecurity in software development. Brittany shares her journey into the cybersecurity domain, revealing how Wabbi is pioneering the integration of security within the development lifecycle for companies ranging from startups to Fortune 500s.
This interview originally appeared on The CTO Show with Mehmet Gonullu March 13, 2024
About the session
This podcast episode features Brittany Greenfield, CEO of Wabbi, in a conversation with Mehmet about her journey as a founder and the importance of application security in the software development lifecycle. Brittany shares her insights on the role of AI in cybersecurity, the importance of grit and agility in entrepreneurship, and the need for companies to prioritize application security.
Key speakers
– Brittany Greenfield, CEO of Wabbi
– Mehmet, host of the CTO show
Agenda
– Introduction of Brittany Greenfield and Wabbi
– The journey of founding Wabbi and its purpose
– The importance of application security in the software development lifecycle
– The role of AI in cybersecurity and its implications
– The characteristics of an entrepreneur and the importance of grit and agility
– The need for prioritizing one’s own time as a founder
– The importance of having a purpose or mission in entrepreneurship
Takeaways
Takeaway 1: The importance of integrating security in the development process
Brittany emphasized the necessity of integrating security into the software development life cycle. She noted that while development needs the autonomy to make educated decisions, security needs the accountability to ensure that their policies are adhered to. This balance can be achieved by automating and orchestrating the application security life cycle as part of the software development life cycle.
Brittany explained, “What Wabbi does is we manage the application security posture by orchestrating and automating the application security life cycle as part of the software development life cycle. So that could be everything from queuing up testing when the developer checks in their code for PR to prioritizing vulnerabilities to gating code if it wouldn’t pass the security review.”
She added that this process allows for large mid-market to fortune 500 companies to ensure that they are abiding by security protocols while also giving the development team the autonomy they need. “I’ve always been somebody that has looked at market opportunities and said, how do we go fix this pain and led the teams to it? And I just got so frustrated when I heard companies talking about building taller walls and deeper moats and getting better laser beams for their sharks. And nobody was focused on the foundation where nine out of 10 breaches come from. And that’s the code.”
Takeaway 2: The dual nature of the application security market
According to Brittany, the field of application security has both matured and is still in its early days. This seeming contradiction arises from the fact that while the understanding of DevSecOps as a norm in software development has matured, the actual implementation of application security within this framework is still in its early stages.
Brittany explained, “We’ve both hit maturity and we’re still early days. Um, you know, that first generation of DevSecOps created what I lovingly term as the DevSecOps hairball, where as organizations were adopting DevOps, security did what it tends to do. And went, Oh, you’ve got a DevOps tool. That’s really cool. I’ve got a tool to secure it. And what it did was it created too much data and not enough actionable information.”
She further noted that while DevSecOps has become the norm, there is still a need for good application security posture management that can manage the application security process for specific applications while also deploying, automating and orchestrating that process.
Takeaway 3: The role of cybersecurity in the software development life cycle
Brittany noted the importance of integrating cybersecurity measures into the software development life cycle. She highlighted that security is not just about proactive measures, but also about the process of security – ensuring that the right person does the right security activity at the right time.
Brittany explained, “Application security is the realm of how you implement all of those security requirements and then proactively identify and mitigate the risks that your code poses, which could be a vulnerability that’s found, or it could be a control that was or was not implemented.”
She emphasized that understanding the context of applications is crucial for effective cybersecurity measures. As applications advance in terms of their risk profile, there is a need for good application security and orchestration to ensure that the right controls are put in place.
Insights surfaced
– Application security is a critical aspect of the software development lifecycle that bridges the gap between security and development.
– AI has a significant role in cybersecurity, but it’s important to have automation and orchestration in place first.
– Being an entrepreneur requires grit and agility, and it involves challenging the status quo and pushing people out of their comfort zones.
– Prioritizing one’s own time as a founder has an exponential return for the company. It’s important to invest in oneself to ensure optimal performance.
– Every company, regardless of its core business, is becoming a software company, increasing the need for application security solutions.
Key quotes
– “Application security is the realm of how you implement all of those security requirements and then proactively identify and mitigate the risks that your code poses.”
– “Entrepreneurship is the only place that overachievers go to fail 99 percent of the time, and you’ve got to be prepared for that ride and okay with it.”
– “The defining quality of being an entrepreneur and why you need this grit and agility is that entrepreneurship is the only place that overachievers go to fail 99 percent of the time.”
– “If you don’t take that time to do the things that are still important to you, you are not performing for the organization because you are a whole person that has founded this company and you need to still do the things that make you a whole person because otherwise you just won’t be at optimal performance.”
– “Entrepreneurship, and it could also be intrapreneurship in your organization. Being an entrepreneur does not necessarily mean founding a company. It could be that you are that person inside of an organization that’s brought in to create change.”
Find out how you can bridge the gap between security and development once and for all.
Related Articles
Fortifying Your Defenses: How ASPM Can Combat MITM Attacks
Wabbi’s CEO, Brittany Greenfield, recently discussed with Forbes strategies organizations should adopt to strengthen their defenses and safeguard stakeholders from MITM attacks. So, we’re diving into why these types of cyberattacks are a wake-up call for improving...
Wabbi Announces Phil Lawrence as New CTO to Spearhead Next Generation Application Security Posture Management Platform
BOSTON, MA, USA / November 20, 2023 /Originally Published at EINPresswire.com Industry leading ASPM provider, Wabbi, has appointed Phil Lawrence as CTO to lead product vision and growth in this high-demand cybersecurity space. Today, Wabbi (www.wabbisoft.com), the...
Shifting with Confidence: How Wabbi Makes Security an Integral Part of DevOps
In today's digital landscape, secure applications are no longer a luxury, they're a necessity. Breaches are on the rise, and development teams are struggling to keep pace with the ever-evolving threat landscape. But what if there was a way to seamlessly integrate...
0 Comments