As we look back on what was arguably one of the most dynamic and risky years in cybersecurity history, one thing is certain: the new threats, continued innovation and ongoing growth within the cyber ecosystem isn’t slowing down any time soon.
In the spirit of reflecting on the year that was and what we can expect to see in 2023, NightDragon hosted its second annual NightVision State of Cyber event on January 3 to provide a 360 degree view of the state of the industry. During the six-part event, we evaluated what products are being adopted by cybersecurity buyers, new challenges facing CISOs, if budgets are increasing, growing public-private partnership efforts, what areas investors are looking at on the cutting edge of technology, new threats in the coming year, and more.
Speakers for the event, which was moderated by NightDragon Founder Dave DeWalt, included:
- Leading Go-to-Market Perspectives
- Richard Watson, Global & Asia-Pacific Cybersecurity Consulting Leader, EY
- Kris Lovejoy, Global Security and Resilience Practice Leader, Kyndryl
- Leading CISO Perspectives
- Vijay Bolina, CISO, Google DeepMind
- Vijaya Kaza, CSO and Head of Engineering for Trust and Safety, Airbnb
- Jen Vasquez, CISO, Cigna
- Leading Wall Street Perspectives
- Sterling Auty, Senior Managing Director, Moffett Nathanson
- Fatima Boolani, Co-Head US Software Equity Research, Citi
- Rob Owens, Co-Head Technology Research, Piper Sandler
- Leading Venture Capital Investor Perspectives
- Bob Ackerman, Managing Director, AllegisCyber Capital
- Nadav Zafrir, Managing Partner, Team8
- Alberto Yépez, Managing Director, Forgepoint Capital
- State of the Cyber Talent Gap
- Kelly Bissell, CVP, Microsoft Security, Microsoft
- BJ Jenkins, President, Palo Alto Networks
- Government Perspective on Advancing Public-Private Partnership
- Kemba Eneas Walden, Principal Deputy National Cyber Director
The complete recording of each panel can be found below. Here are some key takeaways from the industry leaders on where the cybersecurity industry is headed in 2023 and beyond:
Cyber Resilient from Market Effects, But Not Immune – After a year that saw economic declines hit many sectors, cyber proved to be a market that was resilient to broad macroeconomic trends, though not entirely immune, top Wall Street analysts said. As growth expectations continued to rise for the sector, the second half of the year saw sales cycle extensions, weaknesses in SMB and other effects that ate into some of those growth stories in the public markets, Piper Sandler’s Rob Owens said. That said, the industry is expected to hold strong as the year unfolds. “Even though the fundamentals may not be quite as good in terms of growth because you’re not immune, on a relative basis software as an industry is going to be one of the best growing segments of the entire economy. Cybersecurity within that is going to be one the best growing segments within software,” said MoffetNathanson’s Sterling Auty.
Dealing With Complexity – Incredible amounts of recent innovation, combined with an expanding attack surface from remote work and growing technical debt, created new levels of complexity for CISOs to contend with. For that reason, Kyndryl’s Kris Lovejoy said if she had to sum up 2022 in one word, it would be complexity. The effects of that complexity can be seen in increased attacks, among other risks. “I think for CISOs and those of us who are in the trenches, we just feel a lot of anxiety about this complexity and how do we get our arms around it,” she said. Reducing complexity also helps CISOs address existing talent gaps within their organization, as well as drives increased demand for managed services.
Airbnb CSO Vijaya Kaza agreed, saying that the past few years had been all about teams investing and acquiring a lot of tools and technologies. Now she said many CISOs are taking a step back to see if they are getting the most benefit from those investments and increasing efficiencies and scalability through automation. Cigna’s Jen Vasquez agreed, saying “Keeping it simple is the easiest way to be able to maintain all the levers and be more proactive.”
Pendulum Swinging Towards Best of Suite – The rise in complexity and budgetary concerns is driving a push across the industry towards a “best of suite” approach vs. a “best of breed” approach, said EY’s Richard Watson and other speakers. “In the face of complexity, simplification becomes a key theme in the market, and I think that’s what’s leading to a ‘best of suite’ [approach] and the heyday of the platform players.” This creates a real opportunity for those who have end-to-end integrated cloud-based technology, he said.
That said, there may still be some place for best of breed in the coming marketplace, said MoffetNathanson’s Sterling Auty, especially in markets that are still evolving, such as cloud security.
Supply Chain Risk Takes Center Stage – Supply chain challenges were one of the most frequently cited items when panelists across all events were asked what trend they were watching in 2023 and what risks they were most concerned about. It’s no surprise, as software supply chain challenges grabbed headlines throughout 2022, including the log4j vulnerabilities and breaches of Okta and Github. As these events showed, organizations need real-time visibility to multiple degrees of separation to determine a true picture of their risk, including both physical and software supply chains.
Nature of Managed Services Changing – As the risk landscape changes, so too is the managed services market. Where previously a managed service provider might simply come in with a stack of technology and services and manage those offerings, now more and more customers are looking to bring their own technology and are looking for help integrating and creating a platform, then outsource or co-source particular functions on top. “It’s changing the dynamic of managed services in the marketplace,” said Kyndryl’s Kris Lovejoy. EY and Kyndryl announced a partnership in 2022 to address this growing need and to help build resilience around infrastructure with a cyber component and offer that as a platform and a managed service.
Next Stage of Cloud Transformations – The train has left the station when it comes to cloud transformation, said EY’s Richard Watson. Now, in 2023 organizations will look to take that transformation to the next step and become more thoughtful and intentional about how security and resiliency is built into their cloud transformation processes, rather than implementing it as an afterthought. What’s more, organizations are looking to take existing projects already done and, due in large part to unexpected costs or complexities, reset in a more strategic way, Kyndryl’s Kris Lovejoy said. “Just sticking your legacy infrastructure on a cloud isn’t gonna get you to where you want to go.”
OT Hitting Prime Time – We are very much in the early innings of the OT cybersecurity market, but companies are increasingly recognizing the risk and investing in mitigating risk from critical infrastructure, panelists from all segments of the market agreed. The challenge for many CISOs, Cigna’s Jen Vasquez said, is that much of the legacy infrastructure can’t be refreshed without spending significant amounts of money, which can slow down projects. This is especially important for industries, like healthcare, to consider as innovation in areas like telemedicine brings significant promise but also must be secured, she said.
Weaponization of Data – As data usage expands exponentially and organizations increasingly leverage machine learning and artificial intelligence technologies, protecting against the weaponization of data becomes increasingly important. “We know that machine learning systems require a vast amount of data… so how do you protect that?” said Google Deepmind’s Vijay Bolina. “These are the types of things that we’re all across the industry going to have to start to think about quickly – if not already.” NightDragon’s DeWalt highlighted examples we have seen already in data warfare, including disinformation, data wiping and data poisoning. “In a data-driven economy, which is where we are today, we depend upon the data for basically everything that we do – our systems, our decision making, the foundations upon which our businesses operate,” said AllegisCyber’s Bob Ackerman. It’s essential that organizations are able to trust and have confidence in that data, he said.
Shift Everywhere – The past year, there’s been talk about the shift left of security to the developer, under which the DevOps team is enabled to implement better application security at the earliest stages of the development lifecycle. Forgepoint Capital’s Alberto Yépez said he is seeing the emergence of a new trend that he called “shift up,” under which organizations accelerating their cloud adoption strategies recognize the importance of applying the appropriate controls to secure their environments in the cloud. “We’re still in the early innings of managing, automating and getting the right visibility in the cloud,” he said.
Cyber Isn’t a Pickup Game – When it comes to being successful in this current market in cyber investing, expertise is key as attackers continue to evolve their tactics and cutting through the noise of nearly 7,000 startups in the market requires a savvy knowledge of the market and technology. “Cyber is not a pickup game,” said AllegisCyber’s Bob Ackerman. “You either do this 100 percent, or you don’t do it at all.” What companies stand out? Those with the technology, team and total addressable market to succeed.
Rationalizing Valuations – While valuations have dropped from the extremely high multiples of 2021 and 2022, this presents a new opportunity for those founding companies and those investors achieving lower multiples to create greater returns. “For us, the sanity that’s coming back to the market is actually a sigh of relief because now we can have serious discussions with our founders and leaders about what we want to build,” said Team8’s Nadav Zafrir. Forgepoint Capital’s Alberto Yepez agreed, saying “This is where great companies get built. There’s a lot of resilience.”
Cyber Talent Gap Getting Bigger, But Industry Needs to Think Differently – As the industry works to continue making progress on closing the cyber talent gap, it will need to think differently. Microsoft’s Kelly Bissell encouraged cyber leaders to change the way they think about hiring, looking outside of traditional computer science degrees to other areas with similar skill sets and to diverse groups that are often overlooked. “The more diverse workforce we get, the better solutions we’re going to come up with for our customers,” he said.
It also means expanding awareness for the opportunity and excitement of a career in cyber, Palo Alto Networks’ BJ Jenkins said, citing programs his company does to partner with community colleges, the Girl Scouts, and other efforts to inspire to join a career in cyber. Principal Deputy National Cyber Director Kemba Eneas Walden agreed, calling diversity “America’s superpower” that can be brought to bear to address today’s cybersecurity challenges. “Imagine harnessing the superpower that we have. We have a challenge here that we are equipped to face.”
Collaboration and Public-Private Partnership Drive Big Benefits – Principal Deputy National Cyber Director Kemba Eneas Walden said collaboration and partnership amongst government agencies and with the private sector has been a pivotal change for the Administration and one that has seen immense rewards. She cited classified information sharing during the crisis in Ukraine to counter Russian aggressions and briefing 90% of healthcare sector leaders on classified information to combat threats as two examples in the past year that drove immense success.
Wall Street Panel:
Venture Capital Investment Panel:
Closing the Cyber Talent Gap Panel:
Advancing Public-Private Partnership Panel:
To learn about more upcoming NightDragon events, visit our Events page.