Satisfying the Need for Speed & Security: Why I Joined ArmorCode
I recently had the opportunity to watch the inaugural Formula 1 Las Vegas race. It was fascinating to walk the paddock and observe teamwork and technology working together in such a competitive environment. In many ways, the environment was foreign and thrilling. In others, it was shockingly familiar.
Throughout the race weekend, I could not help but note the parallels between Formula 1 and cybersecurity. Both are driven by the need for speed with rapid risk assessment and prioritization. There is little margin for error. Races are won and lost by seconds, and businesses rise or fall in brief windows of opportunity. Whether racing to the checkered flag or developing software to outpace competitors, there is a need to maximize velocity with control and guardrails. Success requires a fine balance among the sometimes competing needs for performance, reliability, and security.
Finally, both racing and cybersecurity require a systematic approach that leverages data to optimize performance. Whether the team comprises a race driver, technical director, mechanics, aerodynamicists and mechanical engineers, or software developers, DevOps engineers, and security experts, people need to work in harmony and through a well-orchestrated process supported by technology and data to be successful. Each Formula 1 car generates over a million data points per second which teams use to optimize the setup of the car for each track. Similarly, businesses have extensive and integrated toolkits at their disposal to optimize and continuously mature their secure software development lifecycles and processes.
If I connect my experience as a Chief Information Security Officer and security practitioner for Fortune 10 and 50 companies, the consistent determinant of success is a holistic risk-based approach. CISOs today must deal with competing priorities, evolving threats, dynamic market conditions, complex technology ecosystems, and data coming in from many sources. To manage this and make the best decisions for the organization, we need to think about Business Risk holistically.
For quite a long time, businesses took a linear, activity-based approach to cybersecurity. The first ticket in was the first ticket out. Today, agile development, continuous integration and delivery, cloud-native architectures, and the pace of innovation require cybersecurity to evolve or get left behind. CISOs are challenged to make security more like a pit crew - moving at the speed of DevOps and securing what matters most with minimal time and disruption. The race is constantly on. So, fix what matters - quickly, seamlessly, on the fly. You don't have time for a break.
Of course, this is easier said than done - especially in an intensifying cyber risk landscape. CISOs must leverage data across often siloed sources, manage teams with varied functions, and navigate continuously changing regulatory environments to minimize Business Risk across complex organizational, technological, and regulatory variables. These complexities make it challenging to answer the most fundamental and critical questions, “What do I need to fix? And when?”
This is the challenge I aspire to solve. Before joining ArmorCode, I assumed the mission to address what I see as the biggest need CISOs face today: understand and manage Business Risk holistically across the enterprise portfolio – application, infrastructure, and software supply chain. When I conceived a solution to this challenge, it had three key requirements: a holistic platform providing a single governance layer across application and asset portfolios; risk-based assessment and prioritization; and intelligence leveraging data to assist, accelerate, and automate security at enterprise scale.
My pursuit acquainted me with ArmorCode. Those who know me know I will not reinvent where I can instead leverage and enhance. This led me to join ArmorCode for three reasons:
- The ArmorCode platform perfectly aligns with the needs I diagnosed as a CISO for large and complex enterprises. This is not surprising as the solution was conceived and built after extensive consultation with hundreds of security leaders
- The ArmorCode team is customer-obsessed. That culture flows from the top with a leadership team that demonstrates extraordinary vision and hunger matched with hard work, humility, honesty, and humanity to understand what the market needs, incorporate feedback, and go out and deliver something superior to anything else on the market.
- The need for ArmorCode is greater than ever and increasing. The lines between Software Supply Chain Security, Application Security, and Vulnerability Management are blurring. Legacy vendors that contributed to the current complexity are ill-suited to solve it. ArmorCode delivers a specialized tool-agnostic platform well-positioned as the security hub of connected and increasingly intelligent risk-based cybersecurity programs. As AI capabilities mature, I look forward to how we manage and orchestrate collaboration among intelligent systems and security experts. ArmorCode is set up to enable and lead this next evolution of a unified security platform.
I could not be more excited for this next step in my professional journey. I am thrilled to have found an organization and team that harmonizes with my professional experiences and aspirations to help democratize security so all organizations can successfully manage Business Risk. I look forward to partnering with the ArmorCode team, community, and customers to tackle Business Risk management challenges and enable customers to compete and win with that balance of performance, reliability, and security.