Live on RSACTV at the Moscone Center in San Francisco, Infosecurity Magazine interviewed Chris Wysopal, CTO and co-founder of Veracode.
Infosecurity: One year on from the last RSA Conference, how has the industry matured over the past 12 months?
Chris Wysopal: There’s always a new cool thing, a new cool tool, and this year it has been machine learning. There are a lot of benefits, but there is still a long way to go. We’ve also seen others focusing on going back to basics, so there has been a mix of approaches.
Infosecurity: Do you think we’re in a better or worse situation than we were a year ago?
Chris Wysopal: Well, we’ve seen a lot of investment leading to real improvements on the end point and in application security. Developers are getting used to working with security and the awareness has improved. Phishing awareness in particular has come a long way.
Infosecurity: What advice would you give to those starting out in infosec in 2017?
Chris Wysopal: Look at, and consider, the long-term industry trends and work out which direction you want to go in with your career. Infrastructure is moving to the cloud, and we need to be able to trust servers and clients.
Infosecurity: We talk a lot about what we do wrong as an industry, but what do we do right?
Chris Wysopal: We get a security benefit from the cloud and we’re getting over our cloud-phobia. We’re doing this right and kudos goes to Apple and Amazon for their part in this.
Infosecurity: It’s no secret that you consider insecure coding to be the greatest challenge facing this industry. What could we be doing about it?
Chris Wysopal: We’re seeing DevOps where security is now becoming a part of the process which is great because it’s a security imperative. We still need work on app security – that’s an unsolved problem.
Infosecurity: In five years’ time, what do you expect to have changed in the industry?
Chris Wysopal: We’ll see a great increase in the usage of SaaS and everything will be moving to multi-factor risk-based authentication.