The changing face of the cybersecurity market [Q&A]
The cybersecurity world is a fast changing one with a constant arms race between attackers and defenders.
New entrants are always coming to the market with innovative technologies to solve particular problems. We spoke to Justin Somaini, a partner at cybersecurity venture capital firm YL Ventures, to find out more about up and coming security trends and shaping the future of cybersecurity.
BN: As a former CISO, what cybersecurity threats are the most concerning to you?
JS: As we look at the present and future key threats in the industry, it's a mixture of two core components. The first are new technologies that we need to apply well-practiced security controls over. A great example of this is GenAI and the need to ensure we have confidentiality, integrity, and availability of those services.
In the second tier are existing technologies that we know how to secure, but are being used differently in this changing world and security control must now adapt as well. A great example of this is our ability to implement logging and monitoring over internally developed applications. This is something that we've been striving to do for over 20 years. Another example is our ability to implement security process monitoring, such as vulnerability management or onboarding/offboarding of employees, for metrics and health, thus providing mature governance over security vs. ad hoc and tactical management.
BN: Which technologies will help address the most pressing cybersecurity needs?
JS: As with any new technologies we need to secure there is an ongoing evolution of the solutions we bring to them. For GenAI security we see the introduction of solutions, such as Aim, that is providing visibility and control over GenAI-based copilots and services. These solutions will naturally evolve to protect internally developed GenAI services.
For security process governance and management, for example, we see solutions like Gutsy tackling this longstanding need by leveraging our API-driven world to enable this.
BN: What factors do enterprises need to consider when assessing new cybersecurity tools?
JS: Ultimately, a company needs to first determine its current posture in the context of an overall security program framework, such as NIST CSF. With that, it can then enable mature prioritization of the issues it needs to address according to the resources, budget and staffing it has. The company then needs to determine if they are an early adopter of technologies or are limited to legacy solutions. If it's the former, they have a much greater chance of resolving those security issues with more modern solutions that have better employee usability and security team productivity. The latter means they would live with the residual risk until those early adopter technologies have matured into legacy systems.
BN: Why should non-security business leaders be involved in the decision-making process?
JS: Security decision-making should never be limited to just the security team. There are many things to consider, such as employee usability, corporate risk appetite, engineering/devops teams and tooling integration and the overall fiscal efficacy of the security function. Security is truly a horizontal function across the company that impacts every process and individual. As a result, those teams should be considered and included when strategizing to resolve a security risk.
BN: Why is it so important that new entrants to the market receive proper support?
JS: Early-stage founders must focus not only on building strong technological solutions but also on solutions that have a significant business impact. Helping them translate their value to business users and executives is a fundamental part of getting the buy-in they need from enterprises. At these nascent stages, founders must focus on a wide range of necessary but challenging company-building activities, with the goal of increasing their market traction, getting in front of potential customers, driving product-market fit and solidifying their foundations for growth. A hands-on investor with a wide global network, who specializes in the investment field and can provide an entire suite of HR, marketing, business development, operations and other services -- can significantly impact the startup's ability to succeed at scale. I hope that by joining YL Ventures, and inline with the firm's strategy of value add investing, I can be instrumental in providing the customer’s perspective which will help our founders align their offering with the most pressing market needs. I hope to use my extensive domain expertise to guide founders through ideation and GTM, working with CISOs and customers and expanding their market reach.
BN: How did you get into this role?
JS: I had a unique journey in the cybersecurity realm, across many different industries, sectors and positions. My most recent role was as chief security officer at Unity Technologies, a US-based video game software development company. Before Unity, I was the chief security officer at SAP, chief trust officer at Box, chief information security officer at Yahoo and Symantec, director of information security at VeriSign, and held leadership positions at Charles Schwab and PwC.
This varied background allowed me to view the impact of cybersecurity problems at various scales and I enjoy serving as an advisor to numerous security companies such as Orca Security, Cycode, Valence, Qualys, Palo Alto Networks, Sentinel Labs, SourceClear, Solve Media, and others.
YL Ventures invests in seed stage cybersecurity startups with a dedicated value add strategy, aimed at bolstering founders to market dominance. The firm has a track record of seeding cybersecurity unicorns such as Axonius and Orca Security, and its portfolio companies have been successfully acquired by high-profile, global industry leaders including Palo Alto Networks, Microsoft, Okta and Proofpoint.
Image credit: sdecoret/depositphotos.com