Frankly Speaking

Frankly Speaking is a Substack by an early-stage security/cloud investor, focusing on enterprise technology insights, particularly in cybersecurity. It explores challenges and predictions within the cybersecurity industry, evaluates companies like Wiz, Snyk, and Cloudflare, discusses the importance of security in software development, and critiques current security practices and education.

Cybersecurity Industry Insights Company Evaluations and Case Studies Security in Software Development Security Practices and Education Tech Policy and Legislation Security Leadership and Career Development

The hottest Substack posts of Frankly Speaking

And their main takeaways
203 implied HN points β€’ 27 Dec 24
  1. In 2024, cybersecurity companies will focus more on creating platforms instead of using many separate tools. This means they can work faster and solve problems better.
  2. Cybersecurity is moving towards building its own solutions rather than just buying products. This change is necessary to keep up with the evolving threats.
  3. The use of AI in cybersecurity will become more effective. Companies will learn how to use AI to make their security processes better and faster.
152 implied HN points β€’ 19 Dec 24
  1. Cylance was acquired by Arctic Wolf for a low price because it wasn't performing well under Blackberry. They lost money and weren't competitive in the endpoint security market.
  2. Arctic Wolf aims to enhance its services by integrating Cylance's AI and technology, making it more appealing to businesses looking for effective security solutions.
  3. The acquisition could help Arctic Wolf diversify and strengthen its offerings ahead of a possible IPO, potentially attracting mid-sized companies searching for value in security services.
254 implied HN points β€’ 10 Dec 24
  1. AI security companies face both market and product risks. If there's no market for their products, they can't succeed.
  2. Startups often fail due to common issues like poor timing or operations. This is true for AI security startups as well.
  3. Many AI security companies are throwing out new ideas to see what works. This trial-and-error approach leads to uncertainty in the market.
508 implied HN points β€’ 20 Nov 24
  1. AI is becoming essential for companies, just like the internet once was. Every business will need an AI strategy as it can boost their operations.
  2. Instead of resisting AI, security teams should welcome it. Setting up policies that allow safe use of AI fosters innovation rather than stifling it.
  3. AI can improve security tasks, like app security and incident management, which are often tedious. It can help analyze data quickly and flag issues, making processes more efficient.
355 implied HN points β€’ 10 Nov 24
  1. Security by design is a good idea but hard to implement. Most companies prioritize speed over security, treating security as an afterthought.
  2. Many existing cybersecurity solutions focus on adding security measures after a product is built instead of integrating it from the start.
  3. Tools like Pangea help address security issues early in product development, making it easier for developers to implement security as they build.
Get a weekly roundup of the best Substack posts, by hacker news affinity:
203 implied HN points β€’ 26 Nov 24
  1. Understanding AI is crucial for its security. If you don't understand how something works, it's hard to protect it.
  2. The basic security issues with AI are similar to existing security practices. Protecting data and conducting regular audits can help.
  3. Setting policies for AI security is important. This includes knowing what data is used and how internal AI tools are developed.
305 implied HN points β€’ 23 Oct 24
  1. A good security product isn't about having a lot of features. It's more important that it provides real value and helps people work efficiently.
  2. Security tools should help fill gaps in a team's capabilities rather than just adding more complexity. Sometimes a 'good enough' solution is better than a perfect one.
  3. The focus should shift from just ranking products to understanding what really helps customers. A good product makes life easier and solves the right problems.
50 implied HN points β€’ 01 Nov 24
  1. The breach simulation market is confusing because companies market their products in different ways. It's hard to understand exactly what these tools are supposed to solve for security teams.
  2. Turning security services into products is challenging. Many customers prefer high-quality services rather than automated tools because they believe they catch more sophisticated attacks.
  3. For these simulation tools to succeed, they need to show clear benefits to businesses, like saving money or preventing incidents. Right now, many organizations view them as nice-to-have rather than essential.
305 implied HN points β€’ 29 Feb 24
  1. Security companies are shifting focus to platforms, leading to acquisitions and consolidations to improve operational efficiency.
  2. Cybersecurity is moving towards more building and software engineering, away from solely relying on buying tools to solve problems.
  3. The adoption of reasonable metrics is becoming crucial for cybersecurity, allowing for better justification of funding and overall security enhancement.
305 implied HN points β€’ 15 Feb 24
  1. Crowdstrike initially succeeded by focusing on incident response, not just products, which differentiated them from competitors like Symantec.
  2. The company's expansion into adjacencies and acquisitions, like PAM and logging, is an effort to move from endpoint protection to a broader platform play for sustained growth.
  3. Crowdstrike may face challenges if they don't adapt successfully to selling to DevOps, security engineers, and managing acquisitions, risking plateauing growth and loss of market interest.
254 implied HN points β€’ 19 Dec 23
  1. Developer security education products are seen as features, not platforms or products.
  2. There is a growing importance on in-depth security education for developers, especially in regulated industries.
  3. Developer security education focuses on teaching developers how to identify vulnerabilities and adopt secure development practices, often following the OWASP Top 10 guidelines.
152 implied HN points β€’ 13 Mar 24
  1. Cybersecurity industry faces challenges due to rapid evolution of technology forcing a reactive approach instead of proactive problem-solving.
  2. Security teams are overwhelmed with solutions, leading to over-reliance on tools without understanding root causes of problems.
  3. Security needs to shift focus back to problem-solving and building comprehensive solutions that go beyond just using tools.
254 implied HN points β€’ 16 Nov 23
  1. The current security review process is outdated and not aligned with modern development practices.
  2. Implementing efficient and effective security measures may involve integrating software engineers with security teams.
  3. Scaling security efforts requires a rethink of traditional security review processes towards more collaborative and contextual approaches.
355 implied HN points β€’ 16 Aug 23
  1. Snyk is a developer-focused application security product that integrates security into the development process.
  2. Snyk's core product is a software composition analysis (SCA) tool that quickly detects vulnerabilities in dependencies.
  3. Despite success, all startups, including Snyk, still have the possibility of failure.
355 implied HN points β€’ 05 May 23
  1. There are three types of cybersecurity companies: mature security organizations, companies that ignore security, and compliance- and product-focused security teams.
  2. Small companies might struggle to assess and implement proper security measures, leading many to focus on compliance certifications rather than robust security practices.
  3. It's crucial for companies, regardless of size, to prioritize and implement effective security measures to protect themselves and their partners from potential cyber threats.
101 implied HN points β€’ 06 Mar 24
  1. Application security has evolved rapidly with the changing landscape of development practices like shorter cycles and SaaS distribution methods.
  2. Security organizations will face a pivotal moment in adopting new application security methods to stay effective.
  3. In the past, application security was less competitive due to slower development cycles which allowed for comprehensive security checks and reviews.
254 implied HN points β€’ 13 Jun 23
  1. Companies are focusing more on engineering-focused security functions to become efficient.
  2. Cloudflare is seen as an underrated security company with a strong engineering following.
  3. Cloudflare transformed from a CDN company to offering security services like WAF, SWG, and email security.
254 implied HN points β€’ 18 Apr 23
  1. Cloudflare is considered an underrated security company in the industry, focusing on SASE and zero-trust solutions.
  2. Cloudflare's infrastructure is seen as a strong advantage and moat, making it valuable and defendable against competition.
  3. Cloudflare is making a bet on the future by targeting DevOps and security engineers for their products, showing a shift in the market towards software being purchased by technical personnel.
203 implied HN points β€’ 22 Mar 23
  1. Establishing a foundational security strategy integrated into the engineering process is crucial for tech companies.
  2. The rise of security engineering leaders will be inevitable for growth companies of all sizes.
  3. Strong security design and fast iteration processes require a security engineering team rather than a traditional risk-focused security organization.
0 implied HN points β€’ 07 Jan 25
  1. In 2025, security budgets are expected to focus more on hiring skilled people than on buying security tools. Many tools don't really solve the security problems they claim to address.
  2. Artificial Intelligence is set to change the landscape of security tools, especially in outdated categories like data and application security. AI could help with understanding complex security issues better.
  3. The cybersecurity industry might see more companies staying private or being acquired instead of going public. The tough business environment is making IPOs less likely.