Frankly Speaking

Frankly Speaking is a Substack by an early-stage security/cloud investor, focusing on enterprise technology insights, particularly in cybersecurity. It explores challenges and predictions within the cybersecurity industry, evaluates companies like Wiz, Snyk, and Cloudflare, discusses the importance of security in software development, and critiques current security practices and education.

Cybersecurity Industry Insights Company Evaluations and Case Studies Security in Software Development Security Practices and Education Tech Policy and Legislation Security Leadership and Career Development

The hottest Substack posts of Frankly Speaking

And their main takeaways
305 implied HN points β€’ 29 Feb 24
  1. Security companies are shifting focus to platforms, leading to acquisitions and consolidations to improve operational efficiency.
  2. Cybersecurity is moving towards more building and software engineering, away from solely relying on buying tools to solve problems.
  3. The adoption of reasonable metrics is becoming crucial for cybersecurity, allowing for better justification of funding and overall security enhancement.
152 implied HN points β€’ 13 Mar 24
  1. Cybersecurity industry faces challenges due to rapid evolution of technology forcing a reactive approach instead of proactive problem-solving.
  2. Security teams are overwhelmed with solutions, leading to over-reliance on tools without understanding root causes of problems.
  3. Security needs to shift focus back to problem-solving and building comprehensive solutions that go beyond just using tools.
305 implied HN points β€’ 15 Feb 24
  1. Crowdstrike initially succeeded by focusing on incident response, not just products, which differentiated them from competitors like Symantec.
  2. The company's expansion into adjacencies and acquisitions, like PAM and logging, is an effort to move from endpoint protection to a broader platform play for sustained growth.
  3. Crowdstrike may face challenges if they don't adapt successfully to selling to DevOps, security engineers, and managing acquisitions, risking plateauing growth and loss of market interest.
101 implied HN points β€’ 06 Mar 24
  1. Application security has evolved rapidly with the changing landscape of development practices like shorter cycles and SaaS distribution methods.
  2. Security organizations will face a pivotal moment in adopting new application security methods to stay effective.
  3. In the past, application security was less competitive due to slower development cycles which allowed for comprehensive security checks and reviews.
Get a weekly roundup of the best Substack posts, by hacker news affinity:
254 implied HN points β€’ 19 Dec 23
  1. Developer security education products are seen as features, not platforms or products.
  2. There is a growing importance on in-depth security education for developers, especially in regulated industries.
  3. Developer security education focuses on teaching developers how to identify vulnerabilities and adopt secure development practices, often following the OWASP Top 10 guidelines.
254 implied HN points β€’ 16 Nov 23
  1. The current security review process is outdated and not aligned with modern development practices.
  2. Implementing efficient and effective security measures may involve integrating software engineers with security teams.
  3. Scaling security efforts requires a rethink of traditional security review processes towards more collaborative and contextual approaches.
355 implied HN points β€’ 16 Aug 23
  1. Snyk is a developer-focused application security product that integrates security into the development process.
  2. Snyk's core product is a software composition analysis (SCA) tool that quickly detects vulnerabilities in dependencies.
  3. Despite success, all startups, including Snyk, still have the possibility of failure.
355 implied HN points β€’ 05 May 23
  1. There are three types of cybersecurity companies: mature security organizations, companies that ignore security, and compliance- and product-focused security teams.
  2. Small companies might struggle to assess and implement proper security measures, leading many to focus on compliance certifications rather than robust security practices.
  3. It's crucial for companies, regardless of size, to prioritize and implement effective security measures to protect themselves and their partners from potential cyber threats.
254 implied HN points β€’ 13 Jun 23
  1. Companies are focusing more on engineering-focused security functions to become efficient.
  2. Cloudflare is seen as an underrated security company with a strong engineering following.
  3. Cloudflare transformed from a CDN company to offering security services like WAF, SWG, and email security.
254 implied HN points β€’ 18 Apr 23
  1. Cloudflare is considered an underrated security company in the industry, focusing on SASE and zero-trust solutions.
  2. Cloudflare's infrastructure is seen as a strong advantage and moat, making it valuable and defendable against competition.
  3. Cloudflare is making a bet on the future by targeting DevOps and security engineers for their products, showing a shift in the market towards software being purchased by technical personnel.
203 implied HN points β€’ 22 Mar 23
  1. Establishing a foundational security strategy integrated into the engineering process is crucial for tech companies.
  2. The rise of security engineering leaders will be inevitable for growth companies of all sizes.
  3. Strong security design and fast iteration processes require a security engineering team rather than a traditional risk-focused security organization.