Are you getting ready for the upcoming RSA Conference, the
world's leading information security conference and
exposition? The
event is quickly approaching, taking place June 6-9, 2022, both digitally and yes, physically, at the Moscone Center in San
Francisco. For four days, you'll gain insights, join conversations and experience solutions that could make a huge impact on your organization and your career.
Ahead of the show, VMblog received an exclusive interview with Mark Lambert, VP of Products at ArmorCode, a leader in AppSecOps, to find out what they have planned for the event. Customers use the ArmorCode platform for AppSec Posture, Vulnerability, and Compliance Management and DevSecOps workflow automation.
++
VMblog: To kick
things off, give VMblog readers a quick overview of the company.
Mark Lambert: ArmorCode
helps organizations scale the impact of their Application Security teams - so
that they can ship secure software and ship it fast.
As
organizations embed application security tools into their DevSecOps pipeline,
along with Infrastructure and Cloud Security tools, the volume of
vulnerabilities, alerts and findings overwhelms the AppSec, Development and
DevOps professionals. The resulting AppSec Chaos leads to unmanaged risk in
production environments - as the team struggle to keep up with the pace of
development. The ArmorCode AppSecOps platform brings order to this chaos - by
combining Application Security Posture Management, Unified Vulnerability
Management, DevSecOps Orchestration and Continuous Compliance into a single
platform. ArmorCode customers are able to scale the impact of their AppSec team
and achieve AppSec success across the organization.
VMblog: What is
your message to RSA attendees and those individuals who won't be able to
make the conference this year?
Mark Lambert: Cloud, containers and
Infrastructure as Code (IaC) are blurring the boundaries between application
security (or code security) and infrastructure security. To get a complete view
of your security posture, you have to look at both together and unify
vulnerability management to ensure you are sufficiently managing the risk to
the business.
VMblog: What
market needs or problems are you addressing in the security space?
Mark Lambert: Organizations
are trying to build secure software by embedding siloed and disconnect point
tools into their DevSecOps pipeline. These tools are highly automated and
generate a lot of data - but require significant manual effort to extract
'information' and insights from across the tools. ArmorCode normalizes,
de-duplicates and correlates findings from across application and
infrastructure security tools to provide actionable insights, workflow
automation and unified SLAs to reduce remediation times and scale security best
practices.
VMblog: Where/how
can attendees find you at the show?
Mark Lambert: Booth #6 in
the Early Stage Expo
VMblog: What
are some of the key takeaways of your solution that RSA conference goers
should be aware of? And what sets you apart from the competition?
Mark Lambert: ArmorCode combines AppSec
Posture Management, DevSecOps Workflow Automation, Vulnerability Management,
and Continuous Compliance into a single solution.
Key benefits
of the ArmorCode AppSecOps platform are:
- Customers get a 360° view of their security posture with over 90+
integrations for security, development, and operational products and
systems
- The platform eliminates manual and repetitive tasks to reduce
remediation time and meet SLAs to protect the business
- It creates a common understanding and transparency between Dev and
AppSec teams
- Customers are able to scale AppSec to the speed of DevSecOps and
achieve AppSec Success across the organization
VMblog: Is
your company launching anything new at the show? Can you give us a
sneak peek?
Mark Lambert: ArmorCode is launching major
new capabilities of its AppSecOps platform, including: asset discovery, no-code
workflow automation, unified SLAs and persona dashboards for CISO, AppSec and
Development professionals - along with over 100 DevSecOps integrations covering
application and infrastructure security tools, as well as development and
DevOps systems.
VMblog: What else will you be showing off at the show this year?
Mark Lambert: We
will be showing how the ArmorCode AppSecOps platform helps organizations scale
their application security program, and the impact of their AppSec team, to
meet the needs of modern software development.
VMblog: What
are some top priorities for security leaders at RSA to consider this year?
Mark Lambert: Every
year software releases are going out the door faster and faster but security
teams are struggling to keep up with the pace of development - and the friction
between security and development has become the #1 concern of today's security
leads. Security leaders need to focus on ways to make the security process
efficient and enable cross team collaboration between security and development
teams.
VMblog: What
are some of the security best practices you would deem critical?
Mark Lambert: When
looking at application security, it is not about the tools or individual
practices, such as source composition analysis. The main focus needs to be on
building a process and practice that is scalable. This is accomplished by
leveraging a coaching model such as Security Champions, to establish overall
security culture within the organization.
VMblog: I'm
sure the keynotes will discuss big pictures, but what trends are you
seeing that we should be aware of in 2022?
Mark Lambert: The obvious thing is that
software is getting released faster and faster - and the "bad guys'' are
more motivated and more coordinated than ever. The recent Log4Shell and
Spring4Shell vulnerabilities have reinforced the fact that we need to identify
vulnerabilities within the applications themselves, not just at the perimeter
or within infrastructure. This will allow security teams to react quickly when
a new vulnerability is discovered "in the wild."
VMblog: Does your company have
any speaking slots at RSA? If so, can you tell us more about those
sessions so people can get them on their schedules?
Mark Lambert: I will be hosting the session "Scaling
Application Security to the speed of DevSecOps" for DevOps Connect: DevSecOps at the RSAC Virtual Event on July 12th.
VMblog: Is your company giving
away any interesting tchotchke?
Mark Lambert: ArmorCode
will have a super raffle where attendees can win various prizes.
VMblog: As a
show sponsor, do you have any tips for attendees to better prepare or
handle the conference?
Mark Lambert: As
everyone is eager to get back to "face to face" conferences, we
anticipate the conference being very busy. So plan ahead, schedule 1on1s with
key people before you go - you can schedule a 30-minute conversation about how
to scale your AppSec program with ArmorCode's VP of Products, Mark Lambert,
using https://bit.ly/3kWX5rI
##