Why I Joined ZeroNorth

Software is eating the world” resonates even more today that it did in 2011. Having been summoned by some of the world’s most recognizable brands from soft drink, to silicon chip, to auto manufacturer, I have heard them state unequivocally, “We are a software company.” This reality transcends digital transformation: software accelerates organizations’ innovation and differentiates them from their competition.

Organizations see software release frequency as the critical limitation to how quickly they can bring new value to customers in the market. For over a decade, businesses have been unsatisfied with quarterly, even monthly, release cycles. As industry increases frequency towards continuous delivery, practices like software-defined build, integration and test; software-defined deployment and orchestration; and software-defined network and infrastructure have evolved into business-as-usual. Leading organizations automate almost every aspect of software delivery and operation to deliver the cadence their customers expect.

Security, still limited by human effort and expertise, is one of the few remaining holdouts to accelerating software delivery. If security can’t participate at the speed of business, it will be relegated the minimum involvement that compliance mandates. None of us are satisfied with that eventuality. We must do better.

And we can do better. We know where existing tools and techniques struggle. By leveraging tools developers use to accelerate their lifecycle, security has the potential to accelerate its processes. And accelerating software delivery is why I joined ZeroNorth.

ZeroNorth provides security where software lives, natively
ZeroNorth’s vision: provide software-defined security and accelerate delivery, whether within SecDevOps culture or as part of organizations imposing security governance. ZeroNorth has a proven solution, battle tested in customer environments, that orchestrates security testing. The platform unifies application, network, infrastructure and cloud-native security contexts, providing a view of risk by business asset. Joining was about more than the strong technical foundation and vision though. The team behind ZeroNorth was a big component.

ZeroNorth’s founder and CEO, Ernesto DiGiambattista, spent most of his career managing security and risk at companies like Bank of America and Sentinel Benefits & Financial Group. As a practitioner-turned-entrepreneur, he understands first-hand the challenges security executives face. Behind Ernesto, there’s an impressive team from which I’m thrilled to be learning. ZeroNorth engineers have deep first-hand knowledge of modern cloud-native development and tool chains. They understand challenges developers face because they’re solving them as they build our platform. ZeroNorth not only employs a DevOps culture, the platform is comprised of those tools. In other words, ZeroNorth is built for DevOps teams, using DevOps tools, by a DevOps team.

I’ve spent the last twenty-plus years bringing software security innovation to market as products and services in roles including co-CTO at Cigital (now Synopsys) and co-founder and CTO of Codiscope. Honestly, I worry about that legacy. Industry will not patronize the high-quality security solutions we pioneered if they don’t fit comfortably on modern cloud-native tool chains and within the cadence of the modern lifecycle. Security must “go native” into development and become sustainable (to staff and to pay for) in order to survive.

ZeroNorth provides security where software lives, natively. Our solutions keep cost and effort sustainable at portfolio scale. The platform’s trusted software and infrastructure risk intelligence helps meet compliance requirements and improves risk management operations.

Organizations that see software as a competitive advantage can rely on these key functions. As a focused organization with expanded funding, the entire ZeroNorth team will build on our innovative foundation to ensure organizations have the tools they need to truly manage software and infrastructure risks in alignment with their business priorities.

This needs to happen, and we have the team, technology and vision in place to do it. Let me know if you’d like to connect to discuss this in more detail.

*** This is a Security Bloggers Network syndicated blog from Blog | ZeroNorth authored by John Steven. Read the original post at: