Frankly Speaking

Frankly Speaking is a Substack by an early-stage security/cloud investor, focusing on enterprise technology insights, particularly in cybersecurity. It explores challenges and predictions within the cybersecurity industry, evaluates companies like Wiz, Snyk, and Cloudflare, discusses the importance of security in software development, and critiques current security practices and education.

Cybersecurity Industry Insights Company Evaluations and Case Studies Security in Software Development Security Practices and Education Tech Policy and Legislation Security Leadership and Career Development

The hottest Substack posts of Frankly Speaking

And their main takeaways

Data security should be making a comeback

254 implied HN points 10 Jun 25
🕹 Technology Data security Cybersecurity Software Development Cloud Computing Artificial Intelligence
  1. Data security needs a fresh look because the way we use and manage data has changed a lot. With new technologies, protecting data is more complicated now.
  2. Current tools often struggle with identifying what data is sensitive and how to handle it properly. We need better solutions that help organizations use their data wisely while keeping it safe.
  3. Companies must rethink how they approach data risk. Creating clear guidelines on how data can be used could help in managing security while still allowing businesses to benefit from their data.

My thoughts on the Zscaler acquisition of Red Canary

305 implied HN points 05 Jun 25
💼 Business Technology Acquisitions Cybersecurity Market Trends Managed Services
  1. Zscaler bought Red Canary to create a more integrated and powerful security platform. This move helps them adapt to the changing needs of businesses that want fewer, but more effective tools.
  2. The combination of Zscaler’s services with Red Canary’s managed detection capabilities allows companies to reduce their security staff while improving response times. This can make security easier and potentially save money.
  3. The security market is shifting away from using many separate tools and towards unified platforms. As Zscaler and others adapt, there's potential for growth, but they must also navigate challenges in merging cultures and technologies.

Will AI lead to more "managed" security services?

101 implied HN points 29 May 25
🕹 Technology AI Cybersecurity Managed Services Automation Software Development
  1. AI is set to change the way security services operate by taking over repetitive tasks. This means teams can focus on more important work instead of getting bogged down by routine maintenance.
  2. With AI managing security tasks, new types of services will emerge that work better and require fewer people. This helps businesses save costs and improves consistency in security measures.
  3. Instead of fearing job loss, security professionals should see AI as a tool that helps them do their jobs better. AI can handle tedious tasks, allowing security teams to focus on critical areas like designing better security systems.

My thoughts on DeepSeek and what it means for security

355 implied HN points 04 Feb 25
🕹 Technology AI Security Innovation Startup Industry Trends
  1. DeepSeek is a new AI that can learn on its own without needing human help. This makes it cheaper and more accessible, similar to how Uber made ridesharing easier for everyone.
  2. Many people are concerned about the rapid advancements in AI, especially when it seems like the US could fall behind China in technology. But instead of worrying, we should learn from these innovations and adapt our strategies in AI.
  3. The introduction of cheaper AI means that companies will use it more, and security needs to adjust to support this tech rather than restrict it. It's time for security teams to embrace AI and understand how to manage its risks effectively.

How the AI security space will evolve

203 implied HN points 18 Feb 25
🕹 Technology AI Security Software Innovation Market Trends
  1. Many AI security companies may struggle to survive because large language models (LLMs) are easier and cheaper to use. Most businesses prefer using LLMs instead of creating their own models.
  2. The future of AI security is unpredictable because it's hard to guess when companies will start using their own AI models. This makes it a challenging space for startups to gain traction.
  3. There’s a lot of activity in both security and AI, making it tough to keep up. The combination of these two fast-evolving fields adds more complexity to security concerns.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

How to use AI in security

508 implied HN points 20 Nov 24
🕹 Technology AI Security Software Engineering Cybersecurity
  1. AI is becoming essential for companies, just like the internet once was. Every business will need an AI strategy as it can boost their operations.
  2. Instead of resisting AI, security teams should welcome it. Setting up policies that allow safe use of AI fosters innovation rather than stifling it.
  3. AI can improve security tasks, like app security and incident management, which are often tedious. It can help analyze data quickly and flag issues, making processes more efficient.

There are different types of security organizations, and that's ok

203 implied HN points 28 Jan 25
🕹 Technology Cybersecurity Software Risk management Industry Trends
  1. There are many kinds of security organizations, and it's important to recognize that they each manage risks differently. This means not all tools will work for every organization.
  2. The cybersecurity industry has too many tools, which can create confusion and ineffective security management. Instead of just buying tools, companies should focus on building talent and critical thinking skills.
  3. Different businesses face different security risks, so their security needs should vary too. Tools should be tailored to meet these specific needs rather than forcing a one-size-fits-all solution.

Security by design is hard

355 implied HN points 10 Nov 24
🕹 Technology Cybersecurity Product Design Software Development Startups Tech Trends
  1. Security by design is a good idea but hard to implement. Most companies prioritize speed over security, treating security as an afterthought.
  2. Many existing cybersecurity solutions focus on adding security measures after a product is built instead of integrating it from the start.
  3. Tools like Pangea help address security issues early in product development, making it easier for developers to implement security as they build.

How AI security companies fail

254 implied HN points 10 Dec 24
💼 Business Startups Market Trends Product Development AI Technology Risk management
  1. AI security companies face both market and product risks. If there's no market for their products, they can't succeed.
  2. Startups often fail due to common issues like poor timing or operations. This is true for AI security startups as well.
  3. Many AI security companies are throwing out new ideas to see what works. This trial-and-error approach leads to uncertainty in the market.

5 Cybersecurity Predictions for 2024

203 implied HN points 27 Dec 24
🕹 Technology Cybersecurity AI Software Engineering Data
  1. In 2024, cybersecurity companies will focus more on creating platforms instead of using many separate tools. This means they can work faster and solve problems better.
  2. Cybersecurity is moving towards building its own solutions rather than just buying products. This change is necessary to keep up with the evolving threats.
  3. The use of AI in cybersecurity will become more effective. Companies will learn how to use AI to make their security processes better and faster.

AI SOC Automation isn't the right problem to solve

152 implied HN points 14 Jan 25
🕹 Technology AI Cybersecurity Information Security Data Analysis Automation
  1. Focusing on better detection engineering is key in security operations. It helps identify threats more effectively rather than just automating processes.
  2. Many traditional security operations centers (SOCs) may not be necessary for most companies. Smaller, more efficient models or managed detection services can be better alternatives.
  3. The future of SOCs is likely to involve fewer human analysts and more automation, emphasizing custom detections that fit the specific needs of a business.

What makes a security product "good"?

305 implied HN points 23 Oct 24
🕹 Technology Security Software Engineering Tools Platforms AI
  1. A good security product isn't about having a lot of features. It's more important that it provides real value and helps people work efficiently.
  2. Security tools should help fill gaps in a team's capabilities rather than just adding more complexity. Sometimes a 'good enough' solution is better than a perfect one.
  3. The focus should shift from just ranking products to understanding what really helps customers. A good product makes life easier and solves the right problems.

Security for AI: A lot is unknown

203 implied HN points 26 Nov 24
🕹 Technology AI Security Data Protection Risk management Tooling Policies
  1. Understanding AI is crucial for its security. If you don't understand how something works, it's hard to protect it.
  2. The basic security issues with AI are similar to existing security practices. Protecting data and conducting regular audits can help.
  3. Setting policies for AI security is important. This includes knowing what data is used and how internal AI tools are developed.

Thoughts on the Cylance and Arctic Wolf Acquisition

152 implied HN points 19 Dec 24
💼 Business Mergers Acquisitions Technology Cybersecurity Market Analysis
  1. Cylance was acquired by Arctic Wolf for a low price because it wasn't performing well under Blackberry. They lost money and weren't competitive in the endpoint security market.
  2. Arctic Wolf aims to enhance its services by integrating Cylance's AI and technology, making it more appealing to businesses looking for effective security solutions.
  3. The acquisition could help Arctic Wolf diversify and strengthen its offerings ahead of a possible IPO, potentially attracting mid-sized companies searching for value in security services.

5 Cybersecurity Predictions for 2024

305 implied HN points 29 Feb 24
🕹 Technology Cybersecurity Artificial Intelligence Data Analysis
  1. Security companies are shifting focus to platforms, leading to acquisitions and consolidations to improve operational efficiency.
  2. Cybersecurity is moving towards more building and software engineering, away from solely relying on buying tools to solve problems.
  3. The adoption of reasonable metrics is becoming crucial for cybersecurity, allowing for better justification of funding and overall security enhancement.

How Crowdstrike fails

305 implied HN points 15 Feb 24
🕹 Technology Cybersecurity Companies Cloud Acquisitions Challenges
  1. Crowdstrike initially succeeded by focusing on incident response, not just products, which differentiated them from competitors like Symantec.
  2. The company's expansion into adjacencies and acquisitions, like PAM and logging, is an effort to move from endpoint protection to a broader platform play for sustained growth.
  3. Crowdstrike may face challenges if they don't adapt successfully to selling to DevOps, security engineers, and managing acquisitions, risking plateauing growth and loss of market interest.

Developer security education products are pointless

254 implied HN points 19 Dec 23
🕹 Technology Security Training Developers Education
  1. Developer security education products are seen as features, not platforms or products.
  2. There is a growing importance on in-depth security education for developers, especially in regulated industries.
  3. Developer security education focuses on teaching developers how to identify vulnerabilities and adopt secure development practices, often following the OWASP Top 10 guidelines.

Security is finally embracing data

203 implied HN points 21 Feb 24
🕹 Technology Security Data Cybersecurity Tools
  1. Security is increasingly leveraging data for enhanced analysis and insights.
  2. Breaking down data silos in security operations is crucial for providing meaningful information.
  3. There is a shift towards BI-focused security products and new use cases emerging in the security data world.

How Snyk fails

355 implied HN points 16 Aug 23
🕹 Technology Security Startups Application Security Development Process
  1. Snyk is a developer-focused application security product that integrates security into the development process.
  2. Snyk's core product is a software composition analysis (SCA) tool that quickly detects vulnerabilities in dependencies.
  3. Despite success, all startups, including Snyk, still have the possibility of failure.

Breach simulation is a complicated market

50 implied HN points 01 Nov 24
🕹 Technology Cybersecurity Software Development Product Management Market Analysis User Experience
  1. The breach simulation market is confusing because companies market their products in different ways. It's hard to understand exactly what these tools are supposed to solve for security teams.
  2. Turning security services into products is challenging. Many customers prefer high-quality services rather than automated tools because they believe they catch more sophisticated attacks.
  3. For these simulation tools to succeed, they need to show clear benefits to businesses, like saving money or preventing incidents. Right now, many organizations view them as nice-to-have rather than essential.

Let's get rid of security reviews

254 implied HN points 16 Nov 23
🕹 Technology Security Development Software Engineering
  1. The current security review process is outdated and not aligned with modern development practices.
  2. Implementing efficient and effective security measures may involve integrating software engineers with security teams.
  3. Scaling security efforts requires a rethink of traditional security review processes towards more collaborative and contextual approaches.

Security needs to be build again

152 implied HN points 13 Mar 24
🕹 Technology Cybersecurity Problem Solving Tooling
  1. Cybersecurity industry faces challenges due to rapid evolution of technology forcing a reactive approach instead of proactive problem-solving.
  2. Security teams are overwhelmed with solutions, leading to over-reliance on tools without understanding root causes of problems.
  3. Security needs to shift focus back to problem-solving and building comprehensive solutions that go beyond just using tools.

Frankly Speaking - Cybersecurity maturity: 3 types of companies and what this means for the industry

355 implied HN points 05 May 23
🕹 Technology Cybersecurity Companies Industry Trends Security
  1. There are three types of cybersecurity companies: mature security organizations, companies that ignore security, and compliance- and product-focused security teams.
  2. Small companies might struggle to assess and implement proper security measures, leading many to focus on compliance certifications rather than robust security practices.
  3. It's crucial for companies, regardless of size, to prioritize and implement effective security measures to protect themselves and their partners from potential cyber threats.

How Cloudflare fails

254 implied HN points 13 Jun 23
🕹 Technology Security Engineering Networking
  1. Companies are focusing more on engineering-focused security functions to become efficient.
  2. Cloudflare is seen as an underrated security company with a strong engineering following.
  3. Cloudflare transformed from a CDN company to offering security services like WAF, SWG, and email security.

The changing reality of appsec

101 implied HN points 06 Mar 24
🕹 Technology Development Practices SaaS Software Development
  1. Application security has evolved rapidly with the changing landscape of development practices like shorter cycles and SaaS distribution methods.
  2. Security organizations will face a pivotal moment in adopting new application security methods to stay effective.
  3. In the past, application security was less competitive due to slower development cycles which allowed for comprehensive security checks and reviews.

Frankly Speaking - Cloudflare is the most underrated security company

254 implied HN points 18 Apr 23
🕹 Technology Security Networking Infrastructure Sales Market Analysis
  1. Cloudflare is considered an underrated security company in the industry, focusing on SASE and zero-trust solutions.
  2. Cloudflare's infrastructure is seen as a strong advantage and moat, making it valuable and defendable against competition.
  3. Cloudflare is making a bet on the future by targeting DevOps and security engineers for their products, showing a shift in the market towards software being purchased by technical personnel.

Frankly Speaking - The rise of the technical security leader

203 implied HN points 22 Mar 23
🕹 Technology Security Cloud API Innovation Leadership
  1. Establishing a foundational security strategy integrated into the engineering process is crucial for tech companies.
  2. The rise of security engineering leaders will be inevitable for growth companies of all sizes.
  3. Strong security design and fast iteration processes require a security engineering team rather than a traditional risk-focused security organization.