The Entrepreneurial Spirit in Cybersecurity

Team Wabbi

March 18, 2024

Brittany Greenfield, Founder & CEO of Wabbi, joins The CTO Show with Mehmet host Mehmet to discuss the evolving challenges of cybersecurity in software development. Brittany shares her journey into the cybersecurity domain, revealing how Wabbi is pioneering the integration of security within the development lifecycle for companies ranging from startups to Fortune 500s.

This interview originally appeared on The CTO Show with Mehmet Gonullu March 13, 2024

About the session

This podcast episode features Brittany Greenfield, CEO of Wabbi, in a conversation with Mehmet about her journey as a founder and the importance of application security in the software development lifecycle. Brittany shares her insights on the role of AI in cybersecurity, the importance of grit and agility in entrepreneurship, and the need for companies to prioritize application security.

Key speakers

– Brittany Greenfield, CEO of Wabbi

– Mehmet, host of the CTO show

Agenda

– Introduction of Brittany Greenfield and Wabbi

– The journey of founding Wabbi and its purpose

– The importance of application security in the software development lifecycle

– The role of AI in cybersecurity and its implications

– The characteristics of an entrepreneur and the importance of grit and agility

– The need for prioritizing one’s own time as a founder

– The importance of having a purpose or mission in entrepreneurship

Takeaways

Takeaway 1: The importance of integrating security in the development process

Brittany emphasized the necessity of integrating security into the software development life cycle. She noted that while development needs the autonomy to make educated decisions, security needs the accountability to ensure that their policies are adhered to. This balance can be achieved by automating and orchestrating the application security life cycle as part of the software development life cycle.

Brittany explained, “What Wabbi does is we manage the application security posture by orchestrating and automating the application security life cycle as part of the software development life cycle. So that could be everything from queuing up testing when the developer checks in their code for PR to prioritizing vulnerabilities to gating code if it wouldn’t pass the security review.”

She added that this process allows for large mid-market to fortune 500 companies to ensure that they are abiding by security protocols while also giving the development team the autonomy they need. “I’ve always been somebody that has looked at market opportunities and said, how do we go fix this pain and led the teams to it? And I just got so frustrated when I heard companies talking about building taller walls and deeper moats and getting better laser beams for their sharks. And nobody was focused on the foundation where nine out of 10 breaches come from. And that’s the code.”

Takeaway 2: The dual nature of the application security market

According to Brittany, the field of application security has both matured and is still in its early days. This seeming contradiction arises from the fact that while the understanding of DevSecOps as a norm in software development has matured, the actual implementation of application security within this framework is still in its early stages.

Brittany explained, “We’ve both hit maturity and we’re still early days. Um, you know, that first generation of DevSecOps created what I lovingly term as the DevSecOps hairball, where as organizations were adopting DevOps, security did what it tends to do. And went, Oh, you’ve got a DevOps tool. That’s really cool. I’ve got a tool to secure it. And what it did was it created too much data and not enough actionable information.”

She further noted that while DevSecOps has become the norm, there is still a need for good application security posture management that can manage the application security process for specific applications while also deploying, automating and orchestrating that process.

Takeaway 3: The role of cybersecurity in the software development life cycle

Brittany noted the importance of integrating cybersecurity measures into the software development life cycle. She highlighted that security is not just about proactive measures, but also about the process of security – ensuring that the right person does the right security activity at the right time.

Brittany explained, “Application security is the realm of how you implement all of those security requirements and then proactively identify and mitigate the risks that your code poses, which could be a vulnerability that’s found, or it could be a control that was or was not implemented.”

She emphasized that understanding the context of applications is crucial for effective cybersecurity measures. As applications advance in terms of their risk profile, there is a need for good application security and orchestration to ensure that the right controls are put in place.

Insights surfaced

– Application security is a critical aspect of the software development lifecycle that bridges the gap between security and development.

– AI has a significant role in cybersecurity, but it’s important to have automation and orchestration in place first.

– Being an entrepreneur requires grit and agility, and it involves challenging the status quo and pushing people out of their comfort zones.

– Prioritizing one’s own time as a founder has an exponential return for the company. It’s important to invest in oneself to ensure optimal performance.

– Every company, regardless of its core business, is becoming a software company, increasing the need for application security solutions.

Key quotes

– “Application security is the realm of how you implement all of those security requirements and then proactively identify and mitigate the risks that your code poses.”

– “Entrepreneurship is the only place that overachievers go to fail 99 percent of the time, and you’ve got to be prepared for that ride and okay with it.”

– “The defining quality of being an entrepreneur and why you need this grit and agility is that entrepreneurship is the only place that overachievers go to fail 99 percent of the time.”

– “If you don’t take that time to do the things that are still important to you, you are not performing for the organization because you are a whole person that has founded this company and you need to still do the things that make you a whole person because otherwise you just won’t be at optimal performance.”

– “Entrepreneurship, and it could also be intrapreneurship in your organization. Being an entrepreneur does not necessarily mean founding a company. It could be that you are that person inside of an organization that’s brought in to create change.”

Find out how you can bridge the gap between security and development once and for all. 

 

Related Articles

Wabbi Founder & CEO, Brittany Greenfield, Named 40 under 40

Wabbi Founder & CEO, Brittany Greenfield, Named 40 under 40

BOSTON, MA, USA / August 16, 2023  Brittany Greenfield, CEO & Founder of Wabbi, the leading ASPM platform, has been named to Boston Business Journal's prestigious 40 Under 40 list for 2024. This annual award honors 40 outstanding professionals under the age of 40...

0 Comments

0 Comments