Click below to listen to this episode of Kabir’s Tech Dives, where host Kabir sits down with Brittany Greenfield, founder and CEO of Wabbi, to discuss how Wabbi is revolutionizing application security, the role of cybersecurity in development, and why modern businesses must rethink their approach to risk.

This interview originally appeared on Kabir’s Tech Dives’ YouTube on March 4, 2025

The Vision Behind Wabbi

About the session

This session is an episode of Kabir’s Tech Dives podcast, where Kabir interviews Brittany Greenfield, the founder and CEO of Wabbi. The focus of the conversation is on Brittany’s background, her transition into cybersecurity, and the mission and value proposition of her company, Wabbi

Key speakers

• Brittany Greenfield: Founder and CEO of Wabbi
• Kabir: Host of the podcast

Agenda

The agenda of the session includes:

• An introduction to Brittany Greenfield and her educational background.
• A discussion on her career path and why she chose cybersecurity.
• An exploration of the concept of cybersecurity as risk management, particularly in the context of application security.
• An overview of Wabbi’s business model and how it addresses the DevSecOps gap.
• A discussion on the impact of generative AI on cybersecurity.
• A reflection on the current state of cybersecurity and the challenges faced by enterprises.
• A lightning round with quick, Jeopardy-style questions.

Takeaways

Takeaway 1: Cybersecurity is fundamentally about risk management and balancing security with usability and performance.

Cybersecurity, according to Brittany Greenfield, is not just about building impenetrable walls but about managing risks effectively. “Just because you lock up your kid doesn’t mean that the kid’s going to be safe from everything,” she explained, drawing a parallel to the idea that overly restrictive security measures can be impractical. Instead, the focus should be on a balanced approach: “it’s about saying where am I willing to take a risk and okay go ahead and put a door on this room maybe I’m even willing to put a window on this room but what mitigating controls do I have.”

Greenfield further elaborated on this concept, emphasizing that security should be integrated into the development process without creating bottlenecks. “Security got left behind in this transformation and they’re also outnumbered with a hundred developers for every one application security manager,” she noted. Wabbi’s platform addresses this gap by managing the application security development life cycle, ensuring that both developers and security teams can work efficiently without sacrificing security.

Takeaway 2: The rise of generative AI has introduced new challenges in cybersecurity, necessitating a strong focus on good hygiene and risk management processes.

The advent of generative AI has significantly impacted cybersecurity, with malicious actors quickly adopting the technology. “Just as generative AI became common use for everybody else, you know the bad guys picked it up too,” Greenfield observed. She highlighted the importance of implementing strict policies and practices to prevent security vulnerabilities. “We have a policy that says you are absolutely not to paste our code into any kind of generative AI and then take any kind of generative AI and put it back into our code,” she stated. This approach ensures that even as technology evolves, the fundamentals of security hygiene remain intact.

Takeaway 3: Wabbi’s solution is designed to integrate security seamlessly into the development process, making it accessible to a wide range of companies, from startups to large enterprises.

Wabbi’s platform is designed to help companies, regardless of size, integrate security into their development processes without disrupting their workflows. “We deal with large Market to Fortune 500 Enterprises and DOD, but our particular approach deals with the nuance very well,” Greenfield said. The platform is particularly effective in highly regulated industries like fintech and healthcare, where the complexity of security requirements can be overwhelming. “For example, in fintech, your dashboard and the menu are secured differently from your bill pay and your wire transfers,” she explained. By automating the application security development life cycle, Wabbi ensures that companies can maintain strong security practices while continuing to innovate and grow.

Takeaway 4: The lack of basic cybersecurity hygiene remains a critical issue, even in an industry that spends billions on security solutions.

Despite the significant investments in cybersecurity, many companies still struggle with basic hygiene practices, leading to vulnerabilities that can be easily exploited. “Nine out of 10 breaches begin due to defects in code,” Greenfield pointed out. She emphasized the importance of fundamental security practices and the need for continuous improvement. “Until we get the fundamentals right, it doesn’t matter how many tools we buy,” she said. This highlights the ongoing challenge of ensuring that all organizations, from startups to large enterprises, prioritize and maintain robust security practices.

Takeaway 5: The future of cybersecurity lies in dynamic, process-oriented approaches that can adapt to the constantly evolving threat landscape.

Greenfield stressed the importance of a dynamic and process-driven approach to cybersecurity, rather than relying solely on static tools and barriers. “It’s about the process of implementing security and what the right thing is to do,” she said. This approach is crucial in a world where threats are constantly evolving. “What happens when that encryption gets broken? Your 45-minute server idea right, you know what happens when that encryption is there, a second line of defense, or maybe it’s just easier that you kill that and spin something new up,” she explained. This adaptable strategy ensures that companies can respond effectively to new threats without being overly reliant on any single security measure.

Insights surfaced

• Cybersecurity is fundamentally about risk management, balancing security with usability and performance.
• The 45-minute server strategy is a proactive approach to mitigate risks by frequently destroying and recreating servers.
• The shift towards DevSecOps is necessary to integrate security into the software development lifecycle without creating bottlenecks.
• Generative AI has increased the complexity of cybersecurity, and companies need to focus on good hygiene and process management.
• The fundamentals of cybersecurity, such as code hygiene, are often overlooked, leading to vulnerabilities.
• Cybersecurity is a trillion-dollar industry, and cyber crime is a significant threat that continues to grow.
• Cyber insurance can play a role in risk management, especially for small businesses, but it should not replace good security practices.
• The encryption-breaking capabilities of quantum computers highlight the need for dynamic and layered security strategies.

Key quotes

• “Cybersecurity is about saying where am I willing to take a risk and okay go ahead and put a door on this room maybe I’m even willing to put a window on this room but what mitigating controls do I have.”
• “We are the only platform on the market that’s broken this relationship to say here’s what matters in this situation and right so that’s like 5% of vulnerabilities or potentially ignored policies whatnot 15% of it can be fixed later and then we’re just going to monitor the 80%.”
• “The decision to pay the ransomware is saying the cost to the business and the cost to our ecosystem is greater than the cost of the ransomware.”
• “First, you know, the just as generative AI became common use for everybody else you know the bad guys picked it up too you saw an immediate uptick in attacks.”
• “What keeps me up at night is actually the fact that our cyber security hygiene despite it being such a large industry and the spending constantly growing on it we are still missing a lot of fundamentals in how we’re developing in software.”
• “There are a lot of free resources, OWASP is great, etc., come up with your base processes that’s as simple as that then you can program them into Wabbi.”
• “The 45-minute server idea right you know what happens when that encryption gets broken, you kill that and spin something new up.”
• “Every company is a software company nowadays, and everybody needs to be doing good application security.”
• “Insurance can provide good structures especially when you’re looking at small businesses that may not have their first foray into cyber security.”
• “This is not a new problem and we’re still figuring out how to answer it and nobody really knows there’s not a perfect answer to it.”

Want to understand the future of application security?