While developers need to be the ones most ingrained in the transition to DevSecOps, top executives need to be comfortable with the change, or the program will never take off. Fortunately, there is a light at the end of this tunnel. The survey highlights a group that has mastered the key principles of DevSecOps.
Those hoping to drive a new DevSecOps program can use the success of Security Masters to make the business case for an emphasis on security. Also, Security Masters are more than twice as likely to strongly agree that they have the ability to keep up with increasingly demanding security testing. These companies also experience a superior competitive advantage in the field, with improved time-to-market for deployments.
This is also intricately tied to how effectively and rapidly the business can exploit new opportunities when they are spotted.
THESIS Bikes: Factory Direct Saves Thousands
Effective security alone is not a guarantee of speed, but outdated testing capabilities will slow things down. Special attention should also be paid to continuous testing capabilities at every step. Although security might take a larger up-front investment, the return can be significant in terms of customer trust, additional sales, and referrals. Organizations that have achieved software security mastery have cracked the code when it comes to figuring a way to influence cultural changes across the whole organization.
Skip to main content. Our Contributors About Subscribe. Plant the seed for org change. You need to think about the principles of how you want to treat your customers, which is a product, and leadership, and business question, and you need to understand the regulatory environment, right? So that's a pretty high bar for somebody making a decision about how should we treat data in this customer application, but I think it's something that organizations are going to be investing in. Ben: That's interesting you say it that way because I was talking to a leader at a cosmetic company, and one of the things she was saying, she was looking for polymaths, is the way she put it, people with a broad set of skills where she can teach them the particular skillsets that are maybe needed for that particular business, but she's looking for people that actually enjoy broadening themselves over a range of subjects.
- More Writing – Building Nixola’s Life from the Ground Up.
- Project gallery?
- good historical figures to write essays about.
- essay about family dinner.
Does that make sense to you? Sarah: Definitely. And I think it's going to be a set of product decisions that require trade-offs or investments for the future, right?
Because it's going to require companies to say, "We won't acquire users that way. Ben: What do you What's your sense of that? Sarah: I definitely think a piece of it is that millennials, Gen Z, there's a generation of people that are younger than you and I that grew up digitally native, right? So they are so fluent with internet services, and communication tools, and smart phones, in that they just have a better sense of what it means to be surrounded by this technology all the time, so they're more cognizant of what is happening with their data.
Ben: Yeah, that makes sense. Well you know, one thing too, when I was talking to you, you were actually on stage with him, John Visneski over at Pokemon, so when we were talking, we were talking a little bit about There's a couple other ones where they clearly did not do that. When you're talking with these companies that are starting to build a brand, how do they build that brand of trust?
Because that seems like that's going to be really hard to do, and once you lose it, it's very hard to build back up. Sarah: When we invest in early stage companies, at ten people, you're not going to have somebody that runs security.
Building a thesis from the ground up
The point at which people invest in security varies based on the sensitivity and the type of product that they're building, but I do think at a board level with our companies, we talk about the decisions around consumer privacy, customer trust, from the very beginning. So I think the role of the board or Greylock's view as investors is to make sure that we're aligned on the principles of how you treat your customers very early on, and also to give people context as to, you don't have to be a very big company to have valuable data and to be a target.
So I think making sure people aren't surprised by that, making sure that they invest ahead, and that they're prepared for growing scale and growing attractiveness to hackers and are ahead of it is one thing that we think about. Ben: No, that makes a lot of sense, and I think sometimes with people, I think I even saw an article where somebody interviewed you, it's like, why somebody needs a venture capital partner, and it seems like that's part of it, is that you guys have that longer term viewpoint. When you're starting and you're building a product, you're like, "I've got to build this product.
I've got to make sure it can actually stand up. Sarah: Yeah, absolutely.
We are A company has to get the initial momentum of getting into customer, consumer hands, and that's a speed of feature delivery and speed of distribution challenge, so that is definitely the first order of focus, but like you said, we want to make sure that's balanced in decision making with what are the risks that come along with it. Ben: Yeah. Yeah, that makes sense. Well kind of switching topics here, another thing you and I talked a little bit about, obviously being at Sumo Logic, I wouldn't be here if I didn't love analytics, analytics comes up a lot, but I think, at least from my limited vantage point, it seems like there's a change going on because when I first came on to the company, this was over six years ago really, big data was the big word.
Everybody was gathering data for the sake of gathering data it seemed like, and trying to do things with it, and it seems like something has changed there too, because you actually have to prove that you can make use of the data, you can actually act on the data, make it actionable and actually provide value to customers and things like that, so there's a couple different people including Ramin, CEO of Sumo Logic, is talking about the analytics economy, but it seems to be trying to get around this idea of can you actually drive value for your customers out of your data.
What's your viewpoint on that?
How To Build A Successful Company From The Ground Up
What are you seeing? What's going on from your vantage point? Sarah: It's a good question, Ben, and it's a topic that we think about internally in terms of thesis areas. We talk to Fortune , Global leaders about their technology strategies all the time, and one thing that we do talk about is the idea of the self-driving business, the model driven business or the analytics driven business, right?
Many different terms. And I think one of the reasons everyone is paying attention, and one thing I hear from our partners is So we'll both invest in businesses that have some sort of thesis around consumer or customer data collection that's going to drive a better, smarter experience or better margins. And on the other hand, think about the different ways to enable all of the huge organizations out there today with those customer bases and with those relationships to accelerate their journey toward that self-driving business.
Sarah: The challenge, like you said, is people have had If you're a hundred thousand person organization that is grown by acquisition and has really old infrastructure and important systems on mainframes, how do you get there? There's a lot of work involved, and I think we will invest in data infrastructure companies that are really innovative in helping people fight the good fight to get to that data platform, but I also think that it's important to look for different ways where customers can get to that value faster because the pace of change and competition in business is Ben: And, I mean, things are moving so fast, and actually have the time.
That's part of the thing. We're only talking about five, six years since big data was the big term on the street, now you barely hear it anymore, so that's really hard to plan for, I would expect, with these larger companies. It's very hard to move that fast, even for a smaller company. One thing we think about when we invest in companies is something I also think large company practitioners should think about, which is, how do we compete in terms of agility?
One of the core things I look for when investing in an early stage team is pace of iteration. Because your initial product thesis is more than likely not going to be exactly right. And part of it is not even people have the wrong idea, it's the environment changes so fast, like you were talking about.
If you think about what has happened just in application and infrastructure monitoring for the last decade, a lot has happened, right?
The observability movement has happened, and any area, any fertile market that you look at is going to go through that pace of change, so we look for founders that are going to keep up with it. They're going to have smart, fundamentally interesting ideas from the beginning that are secular, like cloud is a thing, but also to react to an environment with their product. Well to wrap up here, I would expect a big part of your job is to stay on top of the current wave and know where the next wave is going to be, so where are you looking that you think that people aren't really looking at?
Where's that next wave that's just starting to build up that we're all going to be talking about in the next three to five years? Sarah: One area in venture capital that I think has been a little big neglected because people are afraid of the pace of adoption is real world vertical businesses, right? So that could be anything from construction, to manufacturing, to real estate, to finance and banking, and insurance. And all of these areas, often these businesses are And it's going to be a challenge for them, but I guess one point of view would be, in any of these industries, and I'm particularly interested in pharma and biotech, you are going to see people make dramatic business model changes and make dramatic technology investment changes because that is now going to drive their business and the leaders understand that.
Sarah: I would also say that in any of these areas, there are vertical companies that are trying to attack the entire problem with an interesting technology angle, which allows you Ben: No, that makes a lot of sense. Well Sarah, thank you so much for taking the time to come on the podcast, and I look forward to keeping up with what you do next. Thank you for your time. Announcer: Masters of Data is brought to you by Sumo Logic.
Sumo Logic is a cloud native, machine data analytics platform, delivering real time continuous intelligence as a service to build, run, and secure modern applications.
Related building a thesis from the ground up
Copyright 2019 - All Right Reserved