Frankly Speaking

Frankly Speaking is a Substack by an early-stage security/cloud investor, focusing on enterprise technology insights, particularly in cybersecurity. It explores challenges and predictions within the cybersecurity industry, evaluates companies like Wiz, Snyk, and Cloudflare, discusses the importance of security in software development, and critiques current security practices and education.

Cybersecurity Industry Insights Company Evaluations and Case Studies Security in Software Development Security Practices and Education Tech Policy and Legislation Security Leadership and Career Development

The hottest Substack posts of Frankly Speaking

And their main takeaways

5 Cybersecurity Predictions for 2024

305 implied HN points β€’ 29 Feb 24
πŸ•Ή Technology Cybersecurity Artificial Intelligence Data Analysis
  1. Security companies are shifting focus to platforms, leading to acquisitions and consolidations to improve operational efficiency.
  2. Cybersecurity is moving towards more building and software engineering, away from solely relying on buying tools to solve problems.
  3. The adoption of reasonable metrics is becoming crucial for cybersecurity, allowing for better justification of funding and overall security enhancement.

Security needs to be build again

152 implied HN points β€’ 13 Mar 24
πŸ•Ή Technology Cybersecurity Problem Solving Tooling
  1. Cybersecurity industry faces challenges due to rapid evolution of technology forcing a reactive approach instead of proactive problem-solving.
  2. Security teams are overwhelmed with solutions, leading to over-reliance on tools without understanding root causes of problems.
  3. Security needs to shift focus back to problem-solving and building comprehensive solutions that go beyond just using tools.

How Crowdstrike fails

305 implied HN points β€’ 15 Feb 24
πŸ•Ή Technology Cybersecurity Companies Cloud Acquisitions Challenges
  1. Crowdstrike initially succeeded by focusing on incident response, not just products, which differentiated them from competitors like Symantec.
  2. The company's expansion into adjacencies and acquisitions, like PAM and logging, is an effort to move from endpoint protection to a broader platform play for sustained growth.
  3. Crowdstrike may face challenges if they don't adapt successfully to selling to DevOps, security engineers, and managing acquisitions, risking plateauing growth and loss of market interest.

The changing reality of appsec

101 implied HN points β€’ 06 Mar 24
πŸ•Ή Technology SaaS Software Development
  1. Application security has evolved rapidly with the changing landscape of development practices like shorter cycles and SaaS distribution methods.
  2. Security organizations will face a pivotal moment in adopting new application security methods to stay effective.
  3. In the past, application security was less competitive due to slower development cycles which allowed for comprehensive security checks and reviews.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Developer security education products are pointless

254 implied HN points β€’ 19 Dec 23
πŸ•Ή Technology Security Training Developers Education
  1. Developer security education products are seen as features, not platforms or products.
  2. There is a growing importance on in-depth security education for developers, especially in regulated industries.
  3. Developer security education focuses on teaching developers how to identify vulnerabilities and adopt secure development practices, often following the OWASP Top 10 guidelines.

Let's get rid of security reviews

254 implied HN points β€’ 16 Nov 23
πŸ•Ή Technology Security Development Software Engineering
  1. The current security review process is outdated and not aligned with modern development practices.
  2. Implementing efficient and effective security measures may involve integrating software engineers with security teams.
  3. Scaling security efforts requires a rethink of traditional security review processes towards more collaborative and contextual approaches.

How Snyk fails

355 implied HN points β€’ 16 Aug 23
πŸ•Ή Technology Security Startups
  1. Snyk is a developer-focused application security product that integrates security into the development process.
  2. Snyk's core product is a software composition analysis (SCA) tool that quickly detects vulnerabilities in dependencies.
  3. Despite success, all startups, including Snyk, still have the possibility of failure.

Frankly Speaking - Cybersecurity maturity: 3 types of companies and what this means for the industry

355 implied HN points β€’ 05 May 23
πŸ•Ή Technology Cybersecurity Companies Industry Trends Security
  1. There are three types of cybersecurity companies: mature security organizations, companies that ignore security, and compliance- and product-focused security teams.
  2. Small companies might struggle to assess and implement proper security measures, leading many to focus on compliance certifications rather than robust security practices.
  3. It's crucial for companies, regardless of size, to prioritize and implement effective security measures to protect themselves and their partners from potential cyber threats.

How Cloudflare fails

254 implied HN points β€’ 13 Jun 23
πŸ•Ή Technology Security Engineering Networking
  1. Companies are focusing more on engineering-focused security functions to become efficient.
  2. Cloudflare is seen as an underrated security company with a strong engineering following.
  3. Cloudflare transformed from a CDN company to offering security services like WAF, SWG, and email security.

Frankly Speaking - Cloudflare is the most underrated security company

254 implied HN points β€’ 18 Apr 23
πŸ•Ή Technology Security Networking Infrastructure Sales Market Analysis
  1. Cloudflare is considered an underrated security company in the industry, focusing on SASE and zero-trust solutions.
  2. Cloudflare's infrastructure is seen as a strong advantage and moat, making it valuable and defendable against competition.
  3. Cloudflare is making a bet on the future by targeting DevOps and security engineers for their products, showing a shift in the market towards software being purchased by technical personnel.

Frankly Speaking - The rise of the technical security leader

203 implied HN points β€’ 22 Mar 23
πŸ•Ή Technology Security Cloud API Innovation Leadership
  1. Establishing a foundational security strategy integrated into the engineering process is crucial for tech companies.
  2. The rise of security engineering leaders will be inevitable for growth companies of all sizes.
  3. Strong security design and fast iteration processes require a security engineering team rather than a traditional risk-focused security organization.