Want weekly newsletters featuring interviews with security and cloud leaders delivered right to your inbox? Sign up for Cloud Control here.
Hitch Partners' Michael Piacente on Navigating the Cybersecurity Talent Maze
In this week's edition of Cloud Control, we sit down with Michael Piacente, a leader in the cybersecurity world. As the Managing Partner and Co-Founder of Hitch Partners, Piacente shares his journey from IT services to leading a pioneering executive search firm. Delve into his insights on the transformation of security leadership and the future of cybersecurity in an increasingly cloud-based world 👇
Question 1 💭
You’ve had a long and impactful career, and are now Managing Partner and the Co-Founder of Hitch Partners - an executive search firm. Start by giving us a bit of your background. What’s currently on your plate at Hitch Partners? What’re your focus areas?
Answer 1 🎯
In summary I have nearly 20 years of experience in executive search; 10 years focus in CIO/IT leadership and the past 10 years focused on CISO/Security leadership roles. Prior to my executive search career, I spent 10 years in IT services primarily in the enterprise storage and managed data center infrastructure operations space.
We founded Hitch in an underserved niche where we had established relationships with a specialized security leader community. We discovered how little data there was around the space and began introducing security leadership specific compensation and trend data to the community. After some time we started seeing a healthy flow of cloud-focused CISO and security leadership searches. Initially we were able to grow unencumbered as there was little to no competition concentrating on the space. It has been an 8 year journey with ups and downs but we are so fortunate to have a truly amazing, senior, and patient team.
We have remained primarily focused on the most challenging and comprehensive CISO and security leader roles while expanding to Deputy CISO, BISO, CISO in Residence, Product leaders, CISO-flavored Board Advisors, and more recently helping to match vCISOs with fractional opportunities. We continue to focus on advocating and innovating the approach to CISO searches which we believe are among the most complex and nuanced executive technical leaders in business today.
We have several exciting initiatives in process including the launch of our Ignite service which allows a company to utilize our deeper security community connections and search experience as a value-add kick starter service for an insanely low one-time consulting fee. This has become a great way for companies to start their search using our guidance and data while still being able to complete the search on their own. We are also close to introducing a new service focused on enabling companies to manage their own CISO search using our technology platform; more to come on that shortly.
From a development perspective it is an exciting time for us but it is also tough to ignore that the CISO talent market has been under severe stress. The CISO community has experienced a significant downshift in the past few years with more CISOs actively seeking new roles than ever before in the history of the space.
Question 2 💭
You’ve helped land hundreds of security c-suite positions. How have you seen the demand for security leadership change over the years? Are there trends or shifts that stand out to you?
Answer 2 🎯
While CISOs have grown to become a critical component to many businesses with a shared passion for solving big problems, market realities and economic pressure have dealt a severe blow to the demand and need for CISOs today.
Over the past 10 years we have seen a remarkable shift in the scope, scale, and complexity of the security leader role. I would argue that there is no other executive level position that has seen as rapid of a transformation in such a short period of time as the CISO. Just about every component of the CISO scope, reporting structure trends, team structure, value proposition, and compensation structure has transformed since we began our business. As a result it has become one of the most nuanced and complex searches to recruit for. The majority of companies who attempt a CISO search, fail and/or spend a considerable amount of time, money and energy on the search. Yet, security leaders and in particular the CISO role is still a rather new function for many organizations.
While CISOs have grown to become a critical component to many businesses with a shared passion for solving big problems, market realities and economic pressure have dealt a severe blow to the demand and need for CISOs today.
So why is this and what is happening? First, this economic atmosphere has rendered the CISO vulnerable to global contraction of budgets and resources; whereas in past economic contractions the CISO organization and security leaders have been all but spared and even flourished at times enabling security organizations to grow unencumbered. However that period of ‘plenty’ is no longer and many CISOs have been forced to make impactful cuts and many CISOs themselves have been personally affected. In fact we calculate that near 35% of our CISO network (~5,200) has either reactively or proactively considered a job change in the past year. Second, there is a not so subtle growing numbness in the market as it relates to how companies view the investment in security programs. The increase of breaches and the public awareness of these breaches has had almost an adverse effect on how many companies approach the investment in their security program. Not that all companies are lacking effort but it is difficult to ignore that many companies today seem less likely to spend their limited funds investing in the right talent to build proper programs that will protect their critical applications and sensitive customer data.
We expect that the SEC Final Rule will (over time but not immediately) change the approach many public and private companies take to building their security programs. We are seeing stronger efforts to quantify how the decision to not build an appropriately scaled security program can affect the bottom line; it is becoming more and more difficult for the Board and investors to ignore a poor security posture and hygiene. In addition, as software continues to eat the world (thank you Mr. Andreesen) many companies have graduated from having a primarily Corp IT and Compliance based approach to one with a heavy emphasis on Application and Product level security. This not only changes the complexity of the attack surface but it also affects the ability to develop, attract and retain talent to manage the growing complexity. Companies are seeking a leader that is both a truly gifted technical talent combined with a truly effective senior leader, business advisor, and sales enabler. As a result we are seeing new flavors of the CISO; new versions of the BISO; some focused on strategic product collaboration such as the Chief Product Security Officer; or the new version of a security sales enabler such as the Field CISO to CISO in Residence.
One important shift that we would like to see improve throughout 24’ is a stronger emphasis on creating more opportunities for the diversity community. We are still at an appalling state of diversity representation; total of about 16%. Female leaders make up only 7% of the CISO population. We and others are trying to do our part to increase exposure to this problem however a global effort needs to happen from the community as a whole.
For a full view of the trends within the security leadership and CISO space please check out our Hitch Partners CISO Compensation and Trends report here. Our 2024 version of the report will be released in late February.
Question 3 💭
Given the uptick in demand for security executives, organizations are facing intense competition for top talent. Can you share some strategies and best practices for both companies and candidates to navigate this competitive landscape successfully? What sets apart a candidate as the ideal fit for a CISO role in today's environment?
Answer 3 🎯
A majority of companies (nearly 80% of those we interact with) are not calibrated and do not have an agreed upon definition of success for their incoming leader or security program as a whole. Once they can agree internally on the blend of priorities they would then need to follow a plan in order to establish a continued level of sponsorship for the leader and the overall function. Unfortunately this occurs less than 30% of the time. This lack of calibration and sponsorship is the undisputed reason behind why security leaders leave their roles resulting in a continued trend of short tenures.
We recognized this problem early on and to help curb the trend we developed a process called Interviewing the Interviewers (or ITI) where we actively interview all of the interviewers and the executive team to understand their level of knowledge around building/maintaining a security program. We also learn more about their goals and metrics of success for the role/function. Finally, we capture the company’s narrative as it relates to security relevancy in order to guide the company on what we anticipate the reaction to be from the candidate pool. This process happens quickly and occurs prior to the company meeting the humans. We find that investing considerable time upfront does help with calibration quality and leads to greater success and efficiency in the search. It is by no means a perfect process but it has helped curb a massive challenge and disparity between what companies want, need, and expect to attract.
As we enter 2024, this lack of calibration and ability to narrate priorities will become even a bigger concern for two reasons. First, more companies will consider the hire of CISO-like positions within their company than ever before. The more companies that begin to explore without an effective roadmap will cause a strain on the already diluted market supply of security leaders as well as to their internal interview teams. Second, is that many companies have significantly slowed their recruiting engines (many are completely dormant) resulting in a lack of preparedness and rampant complacency when it comes to recruiting in general. Enter the most nuanced techno-business leader in history to your search list (i.e. the CISO) and the rate of success will continue to plummet). Companies who haven’t been through this and even those that have, should consider bringing in a security leader consultant/advisor or perhaps a vCISO to help them navigate what success will look like. They can even try our Ignite service as a valid kick starter program to help get them in the right direction…ok that will be my one and only shameless plug but, hey the process works 😊
As we enter 2024, this lack of calibration and ability to narrate priorities will become even a bigger concern for two reasons. First, more companies will consider the hire of CISO-like positions within their company than ever before. The more companies that begin to explore without an effective roadmap will cause a strain on the already diluted market supply of security leaders as well as to their internal interview teams. Second, is that many companies have significantly slowed their recruiting engines (many are completely dormant) resulting in a lack of preparedness and rampant complacency when it comes to recruiting in general. Enter the most nuanced techno-business leader in history to your search list (i.e. the CISO) and the rate of success will continue to plummet.
On the candidate's side, anyone looking for a security leader role in 24’ (and likely beyond) should understand that they will be operating in a highly competitive market. I find that this is a surprise for far too many security leaders who have not tested the market for a new role in the past; I do not expect the leaders to understand the market nuances but they should be aware that this is going to be a tough road ahead. In addition, active job seekers often confuse ‘activity’ (i.e. the number of inquiries and calls they receive about new opportunities) with ‘quality opportunity’ and the reality of those positions coming to fruition. There are dozens of variables to consider. It is not unusual for candidates to explain that they have 6-8 live opportunities in process one week and then none a few weeks later. It can be frustrating and time consuming to these leaders. Also this is not necessarily a function of who they are and how they may have interviewed. Keep in mind that most companies are not internally calibrated; a company’s priorities shift as they meet more humans in the process.. This is also not unusual in search; however with the CISO or security leadership space, the gap between the start and the finish of a search is often wider than most other functions.
Another factor in the market today is how to get noticed. One of the better ways we’ve seen for security leaders to differentiate themselves is to focus on defining and promoting their personal brand; i.e what type of security leader are you and what are you doing to show focus in that area? The keys to success we see are to be extremely specific and hone in on your superpower(s). All too often security leaders try to be the generalist where they expertise in all of the areas within security in hopes that companies will recognize their breadth and depth; however this rarely works. This is a nuanced process and I will certainly offer to help your readers with what works best for their specific situation.
It is also important to recognize that the security leadership community is possibly THE MOST collaborative community in business today. Security leaders do nothing but help one another solve problems including helping one another promote their colleagues for new job opportunities. I am fortunate to be invited on a handful of security leadership practitioner Slack channels and I can see the conversations back and forth about positions and the general lending a hand approach. Within the security leadership community the support system ecosystem is alive and well. This also serves as a bit of a warning to employers who haphazardly post their positions for a security leader/CISO. Security leaders are discussing the quality of your roles; they are discussing their candidate interview experience from your company; and they are evaluating whether your organization has a strong story and is running a strong process.
Question 4 💭
Hitch Partners focuses on leaders for companies delivering services using public cloud infrastructure. How has the widespread adoption of cloud technologies influenced the skill set and expectations for security leaders? Are there unique challenges and opportunities in securing cloud-based operations?
Answer 4 🎯
The adoption of cloud technologies has heavily influenced the skill set and expectations for the modern security leader. Per my earlier story, when we first started focusing on this space there were originally less than 100 established cloud native security leaders in the US. These were leaders who had earned immediate trust and validation from engineering and prod dev teams for their ability to think, act, and even speak like engineers. They didn’t need to be writing code but they just understood the nuances of the job. This skill set has expanded ten-fold over the past 10+ years and we calculate that there are now ~1000 of these unicorns in the security leadership market. Still, the demand for these rare resources has outpaced the supply; even now when the market is at a low point.
As difficult as it is for companies to grasp the nuance in hiring a true security leader, it is significantly more difficult and there are considerably less candidates to consider when a company focuses their attention around AppSec, ProdSec, and cloud-native/first scope. In fact, when these skills are deemed a priority, the company will need to realize that they will likely have to sacrifice in another part of the search requirements – most notably sales enablement, customer-facing interactions, or compliance expertise. The few leaders who are superb at solving highly scaled cloud-native product-level security challenges are not likely to be superb with these other skills. While they may be familiar with the concepts they likely had a senior resource on their teams managing these components of the scope and thus they haven’t had the constant exposure and/or may simply not be passionate about these pieces. Unfortunately many companies naturally evaluate equally across all areas of a security leader’s vast scope. This strategy may be effective for other senior leadership hires however security leaders; especially with CISOs, these are typically not finished products. Expecting each candidate to be a sharpened Swiss Army knife leads to fewer candidates evaluated, longer recruiting cycles and likely a frustrated interview team.
Question 5 💭
Security challenges are inherently global, and organizations operate in diverse international landscapes. Could you share insights into how Hitch Partners considers international factors when placing security leaders? What unique challenges or opportunities arise in finding leaders who can navigate the complexities of global cybersecurity?
Answer 5 🎯
Nearly all of our security leader search engagements have a substantial international component. When placing these leaders we are running into unique challenges including but not limited to managing geo-diverse technical and programmatic teams, significant cultural and language barriers that often affect business decisions, and navigating through a sea of regulatory compliance requirements across multiple countries and continents. To offer some idea of the scale of the challenge; within EMEA, LATAM, and APAC there are over 200 security regulatory standards. It’s overwhelming.
The growth and acceptance of remote workforces also presents challenges as many of our customers have significant global remote team presences (all functions, not just security) but they are often limited in global office footprints and executive level presence for their remote force. Often security leaders find themselves as the most senior resources in a region and are given the added pressure to lead non-security focused resources or initiatives.
The growth and acceptance of remote workforces also presents challenges as many of our customers have significant global remote team presences (all functions, not just security) but they are often limited in global office footprints and executive level presence for their remote force. Often security leaders find themselves as the most senior resources in a region and are given the added pressure to lead non-security focused resources or initiatives. Ensuring that everyone is operating securely and within the compliance frameworks has been a constant challenge and is becoming more intense as the attack surface broadens.
On that note, the attack surface will continue to expand especially in areas where we are seeing faster rates of adoption for cloud-native environments. In particular for AWS and GCP in the APAC region with China, India and SG while Azure is seeing strong growth within EMEA and LATAM. In many cases these regions are already not too far behind the US when it comes to security leadership talent in AppSec, ProdSec, and Cloud Security. We foresee in 24’ that these regions will continue to apply pressure on US companies as alternatives to the US talent shortage in this unique space.
Question 6 💭
Security leaders often need a blend of technical expertise and leadership skills. How do you assess and balance these dual requirements when identifying potential candidates for security executive roles? Are there specific qualities you find particularly valuable in successful security leaders? Perhaps ones that are often overlooked?
Answer 6 🎯
Companies are a key part of this equation. Since our inception there has been a consistent inability by companies to narrate their priorities and to ensure that their interview teams (and compensation targets) align with their goals. No sugar coating on this topic, this is a massive problem with all searches but in particular with security leadership searches. From my earlier comments, our ITI process was born as a result of this challenge but of course it is not a perfect solution. It is also worth noting that exec search teams only account for perhaps 15% of the security leadership searches at any given time; therefore there are a considerable amount of uncalibrated security leadership searches occurring at any given time.
The balancing act between evaluating technical, operational, strategic, and leadership qualities is highly nuanced. We find that companies engaged in a search often struggle to communicate precisely what level and type of technical or strategic leader they are seeking until such time that they have interviewed at least 7-8 live candidates. While that may seem like a normal process for many leadership searches, for a security leadership search that leads to poor results considering that a company may only have the ability to attract and interview 8-10 quality candidates. Needless to say there is significant room for improvement from companies to get this right – sadly while the CISO role has become more commonplace since we started we have yet to see significant improvement in this area.
We tend to evaluate candidate characteristics by first diving deeper into the cultural and technical landscape (i.e. stacks/scale) in which the candidate has operated in. We ask about why, how, and under ‘what’ circumstances the candidate entered their current environment. Furthermore; how was/is that company building and offering their products; are they buying or building their security tools; where did leader’s journey of building a security program begin and end up; what does the engineering landscape and culture look like; where they the ultimate builder of the program or did they acquire a team/program from a predecessor; how can we effectively evaluate their success. Along with performing comprehensive back channel references we tend to dive deep to get the full picture and share with clients who exactly we believe to be and how they have performed under different circumstances.
The ability for the candidate to ‘yo-yo’ across multiple business conversations and disciplines is a key differentiator for security leadership candidates. Other areas that stick out include the candidate’s ability to provide ample storytelling about their roles and/or even narrate the specific success or failures of programs/projects will have a strong influence on the candidate’s success in an interview process. Additionally the brand of the company that the security leader is managing can also be a key differentiator. Company executives aspire to build teams and cultures that are similar to those companies that they respect; this is particularly evident with Engineering and Security cultures.
One key overlooked value of security leaders is their ability to act as strategic influencers for product development. Many companies miss the opportunity to have their security leadership involved early and often in the product inception process and ongoing is the product strategy. Unfortunately many companies do not recognize or disregard the security leader’s value when it comes to understanding product development efficiencies and opportunities. The company counter to this argument is that the legacy security leaders were labeled (fairly or unfairly) as business blockers or the ‘ambassadors of ‘NO’. The modern security leader has been actively attempting to reverse this reputation and one area where they can show value is within product collaboration. Still many company executive teams remain reluctant in allowing security leaders to be involved in product and primarily wish for them to focus on Enterprise Risk and Compliance.
Question 7 💭
Effective collaboration between security teams and other business functions is crucial. What can new security leaders do in their first 90 days to ensure successful collaboration in the future with other business units?
Answer 7 🎯
Successful security leaders that we placed are extraordinary at building relationships across the organization; left to right and up and down. The successful security leader views every stakeholder relationship as an opportunity to further impact the business. Naturally, these same security leaders are also some of the best active listeners in the organization.
Successful security leaders that we placed are extraordinary at building relationships across the organization; left to right and up and down. The successful security leader views every stakeholder relationship as an opportunity to further impact the business. Naturally, these same security leaders are also some of the best active listeners in the organization.
When we interview a senior security leader we often hone in on specific examples where they proactively sought out business allies and/or helped the business solve a problem by introducing a new solution or process (not just another tool) that added immediate value to the business. We listen closely to understand whether the leader is trying to promote their personal ambitions or trying to add value to the business. It is important for security leaders to make more of these deposits into the business versus withdrawals; asking the business to adopt policy. Security leaders who understand that they are heavy influencers in the business are typically more successful at seeking opportunities to solve business problems. Security leaders who are truly listening to their internal customers tend to have no shortage of success in building a resume of success and continuing to gain support for their programs. Embedding themselves in product meetings or building cross-functional security champion teams are just a few ways that we see success with this approach.
In general I can understand that we live in a world where quick wins are often a necessity. That said, I am not a fan of security leaders investing much time into the 90 Day success plan. I don’t recall exactly who said it first so I apologize for quoting without offering direct credit but a great CISO once said ‘Security is a team sport.’ So true. While security leaders are the quarterbacks of the security program/posture it requires an organizational sponsorship effort and that is considerably longer than 90 days; most successful programs we have seen have elements laid down in the first 90 days but the program success typically is not realized until the 9-12 month mark. . The foundation needs to be laid in order to build a security-minded culture that is both sustainable and impactful to the business. My advice to security leaders would be to ensure that their messaging in their first 90 days is inclusive, impactful and focused on setting the appropriate expectation for achieving clear metrics of success.
Question 8 💭
Success in security leadership placements goes beyond filling a role—it involves long-term effectiveness. What would have to happen over the long-term for you to consider a security leader “effective” in their role? Are there any standout models you can point to?
Answer 8 🎯
This is one of the stronger questions I have received. I’d say this is two-fold. Building on the previous question, security leaders should have an opportunity to define (including metrics) of success for their security program. The majority of security leaders are capable of long-term effectiveness. For the most part, they’ve earned their stripes and built an arsenal of qualities and skills enabling them to be highly effective as technical, operational and strategic leaders. Statistically, most security leaders do not voluntarily leave their roles early because they themselves are incapable of achieving long-term effectiveness. They more often leave because their company did not define success or agree on the metrics of success for their program and hence the program was not properly sponsored for the long-term leading to their early departures.
We hear a lot of the same things about how to drive effective behavior such as: communicating on a business level; being the best translator you can be for the business; building great teams, etc. All are important and worth repeating but I feel like we need a refresh on the “10 Things a Security Leaders can do to be more effective” narrative.
First, security leaders must continue to be maniacally curious and discerning starting at the first interview. As a security leader if you are not positioning yourself to interview the executives as part of your evaluation process then you are setting yourself up for a potential misalignment and ultimately, failure. In particular, be discerning about who is on the interview committee and what are their goals. Is this a grilling or are you gaining true value about their business and culture?
Today, with so many security leaders out of work for the first time in history I have concerns that strong security leaders may attempt to rush themselves through this interview process; i.e. the desperation mindset of ‘take whatever I can get’. Eighty percent of the companies we interact with are not calibrated on their scope or aligned on what success looks like. Missing queues and pushing forward without constantly asking ‘why’ in fear that you may be viewed as high maintenance (I’ve heard this a lot as of late) is creating an unnecessary risk. It may also lead to a quick exit which translates to jumpiness causing concern for future hiring managers who question a candidate’s career choices. In 2023, I met/spoke with more security leaders than in the 3 years preceding combined; it was a terrible year for the security leader job market and there was a lot of pain and confusion out there. That said, when I dug into their stories of departure I learned that many of the situations presented were avoidable simply by using better judgment and driving stronger diligence in the situations they were presented with.
Second, ensure that you have the tools, resources and that your compensation is aligned with market norms. There are many security leaders out there now who are in the unfortunate situation of having to take whatever opportunity they can for this period; I certainly understand. That said, in these scenarios companies should be aware that once the market returns these security leaders may be the first in line to explore and allow themselves to be extracted by another opportunity.
Third, the successful leaders have time and time again built exceptional, effective, and diverse teams that also possess multiple (already identified) successors. It is hard to argue with the branding results when a security leader builds a tremendous security culture that becomes a CISO-breeding factory. That said, it is also difficult to ignore when there is a negative culture.
Question 9 💭
With technology evolving quickly, security practices must keep pace. Can you share your insights into the changing landscape of security leadership practices, especially in light of emerging technologies, and how organizations should adapt?
Answer 9 🎯
Too often security leaders are fighting for budget and resources for the most simple hygiene investments and as a result they are primarily managing in a purely reactive mode.
This is an interesting question and discussion. For sure, technology is quickly evolving and security leaders must keep pace, however I perhaps hold a contrarian view on this point as I do not feel that there are many new or fresh leadership practices in play for the modern security leader. Most practices such as the risk-based approach, investing in awareness programs, partnering intensely with the business, or building cultures of security are all recycled management philosophies that were introduced with the first class of CISO and security leaders. Of course there are nuances to each of the practices as a result of the increased, greater, and varied complexity in the attack surface however the focus is still on doing the right things to ensure strong security hygiene.
The sad state is that many companies are still not performing and/or sponsoring the simple blocking and tackling for their programs and leaders. Too often security leaders are fighting for budget and resources for the most simple hygiene investments and as a result they are primarily managing in a purely reactive mode. We see this as well with companies who approach us seeking a new security leader or renewed interest in building a program. They share a narrative of “unfortunately our current leader is not working out”; however once we begin to dig in we find that too often the organization was not supporting the incumbent leader in the first place with ample resources, budgets, training, or mentoring.
All said, security leaders must still find ways that allow them to be more effective “Chief Look Around the Corner Officers” by building their organizations to keep them up to date in the face of the latest threats, vulnerabilities, global adversaries, regulatory concerns, and business trends. This is a lot for one leader to maintain and several of the more scaled companies are beginning to recognize this. As a result we have seen a sharp increase in the volume and value that different flavored BISOs play within an organization. In other cases we have seen security leaders stepping out of character to break glass, lean in, and drive their organizations through a transformational security-minded change. Typically this happens in a post-breach situation where they are given the ‘golden shovel’ but in other cases companies who hold sensitive customer data would not recover well (or at all) from an event that threatened their brand.
Another nuance specifically focused around building partnerships with the business is that the landscape has changed and expanded. For years security leaders were focused on building alliances with just IT and Compliance whereas today security leaders need to plan for collaboration with all of the primary functions in an organization including but not limited to Engineering, Product Development/Management, SRE/Infrastructure Ops, Sales and Sales Enablement, HR, Legal, and of course IT. In addition, the level of education and collaboration with the E-Suite and the Board has become a significant part of the role.
Question 10 💭
From your perspective, what emerging technologies or trends do you believe will have a profound impact on the future of cybersecurity, and how should security leaders prepare for these advancements? What have we (or should have we) learned from the trends that have matured over the past decade?
Answer 10 🎯
Well, there’s this AI thing we keep hearing about…😊 The level of security concerns and the effects of building GenAI technology into Security Operations, AppSec, Sec Eng, Corp Sec, GRC, and on the talent pool will be game-changing. Most security leaders and companies we have interacted with over the past years are looking closely at either introducing or expanding their use of AI and ML within their security programs. We have heard of dozens of potential applications and use cases with a concentration around attack surface predictability, vulnerability management and advancing detection and response solutions. Companies that are truly leveraging AI in their security program will also need to maintain a strong posture in cloud native knowledge in order to stay ahead. The demand for implementing AI solutions is likely to send the already pressured talent pool into a frenzy; in particular for cloud-native security operations and engineering resources at all levels.
Quantum Computing is the other significant technology trend we are seeing emerge, albeit significantly less discussed. The use of Quantum Computing and threat of quantum-based attacks will disrupt most security management models, encryption, and create major security concerns. Even without knowing the full effects of quantum computing there is likely to be a massive transformation to the modern security landscape that will surely affect the way companies approach their programs and leadership hires. Hold on for the ride!
Latest AWS and Azure Updates You Don’t Want to Miss
- Sellers can now resell third-party professional services in AWS Marketplace
- Stream data into Snowflake using Kinesis Data Firehose and Snowflake Snowpipe Streaming (Preview)
- Amazon ECS and AWS Fargate now integrate with Amazon EBS
- Azure API management developer portal unveils enhanced features for increased developer productivity
- Azure application gateway introduces support for TLS and TCP protocols
Top Articles and Resources of the Week
Articles
- NIST releases version 2.0 of landmark cybersecurity framework
- Huge cybersecurity leak lifts lid on world of China’s hackers for hire
- AI can ‘disproportionately’ help defend against cybersecurity threats, Google CEO Sundar Pichai says
- Tips on meeting complex cloud security challenges
- 10 Cloud Security CEOs On Their Biggest Opportunity In 2024
Resources
- Major Cloud Security Events and Conferences: Opt-in to this resource to receive updates on events and conferences in cloud security. Meet like-minded cloud-security professionals from around the globe to learn, exchange ideas, network, and more.
- Top 50 InfoSec Networking Groups to Join: Join these top 50 associations, LinkedIn groups, and meetups to stay ahead of the curve on all things InfoSec.
- CIS Benchmarks: The Center for Internet Security (CIS) is a fantastic resource for initiating, implementing, and upholding a robust cloud security strategy. Access their detailed benchmarks tailored for AWS, GCP, Azure, and more. For a deeper understanding, explore the CIS Controls Cloud Companion Guide.
- SANS Practical Guide to Security in the AWS Cloud: In collaboration with AWS Marketplace, SANS introduces an in-depth guide tailored for AWS enthusiasts. Whether you're a novice or an expert, this extensive resource delves into the intricacies of AWS security.
- Security Best Practices for Azure Solutions: Learn key security practices tailored for Azure solutions and understand their significance. This comprehensive guide offers insights into developing and deploying a secure Azure environment.