October 25, 2024 By nathan.toledo@ibm.com 4 min read

When you bring a comedian to offer a keynote address, you need to expect the unexpected.

But it is a good bet that no one in the crowd at Salesforce’s Dreamforce conference expected John Mulaney to tell a crowd of thousands of tech trailblazers that they were, in fact, not trailblazers at all.

“The fact that there are 45,000 ‘trailblazers’ here couldn’t devalue the title anymore,” Mulaney told the audience.

Maybe it was meant as nothing more than a punch line, but Mulaney’s comments had some truth to them. If everything in the tech and cybersecurity world is seen as the greatest new thing, then doesn’t that mean nothing stands out as a game-changer? Or, as Sumedh Thakar, President and CEO of Qualys, pointed out in a keynote address at QSC24 Americas, if everything is critical, nothing is.

“There are too many threats, too many patches, too many alerts, too many vulnerabilities,” Thakar said. “It seems like we’re playing risk whack-a-mole.”

In cybersecurity, it also feels like there are too many tools and so many new technologies that, while maybe not considered disruptive, are considered solutions that could revolutionize the way analysts, CISOs and security teams address threat prevention and response.

We asked a number of cybersecurity professionals to provide their thoughts on what they consider to be a disruptor and why they consider a technology, solution or even a company to be a true game-changer.

When everything IS a disruptor — except AI?

Full disclosure: I expected generative artificial intelligence (gen AI) to be mentioned by most, if not all, of the people I spoke with as the truest disruptor we’ve seen in years. After all, it is impossible to go to a conference or have a conversation around cybersecurity or tech without talking about AI, and it is clear that companies are thinking about how to both use the technology for good and come up with solutions to prevent it from being a conduit for threats.

And yet, generative AI was mentioned once, and not in the way I expected.

“The term ‘disruptor’ is overused and tired,” said Drew Perry, Chief Innovation Officer at Ontinue, in an email comment. “It doesn’t help that most people use ChatGPT to announce and promote their products and services, which by default results in overly cheerful messages that often throw in the word ‘disruptor,’ but not as often as the other phrase that is overused: Game-changing.”

The game is always the same, said Perry. Cybersecurity vendors want to garner attention for their solution and hope that enough people buy it.

“The real disruptors are those focusing on the human element,” Perry added. The goal should be to provide a solution that people love and share with their colleagues. This doesn’t just have to be a new technology or tool. But good old-fashioned disruption by doing a good job with passion.

Perry points out Cloudflare as an example of such a solution. “They build really cool, useful things that disrupt. Such as providing a solution to content creators to monitor AI bots scraping their content to train models and to monetize it… now that, in my opinion, is disruptive.”

The negative events define the disruptor

There have been many negative events over the years, such as notPetya, Stuxnet, the Sony Hack and recently the Microsoft bluescreen, triggered by Crowdstrike, that have shaped the cybersecurity industry today, said Agnidipta Sarkar, Vice President of CISO Advisory at ColorTokens, in an email comment.

“For me, two innovations stood out when I look back at where we stand today with the tech and the people in cybersecurity influencing digital behaviors. The first is the evolution of the concept of zero trust architecture. The second, equally impacting event, was the rise of regulatory influence beginning with GDPR, which has made cybersecurity a board room topic,” said Sarkar.

Taking it one step further, John Anthony Smith, Founder and CSO at Conversant Group, argued that the true disruptors in cybersecurity are the threat actors themselves.

“What commonly surprises me are the lengths that threat actor groups will go to provoke the payment of a ransom — deletion of backups, deletion of data, encryption of systems in mass, etc.,” Smith explained. “Threat actor groups are becoming far more cunning and destructive than before. As a matter of fact, it is at times completely baffling the lengths they will go to prevent recoverability — despite desiring a ransom payment.”

Threat actors that are challenging traditional paradigms and use the type of technologies used by cybersecurity’s good guys are the true disruptors, in Smith’s opinion. “Threat actors use IT orchestration against organizations, and they do it with breakneck speed and skill, however, largely few organizations are catching on to what must be done to combat this threat.”

Rethinking cybersecurity by rethinking how to address risk

Ken Dunham, Director of Cyber Threat with Qualys Threat Research Unit, believes his own company has introduced a true disruptive technology. Whereas most companies have a Security Operations Center (SOC), Qualys has introduced a Risk Operations Center (ROC) in the cloud.

During a conversation at QSC24, Dunham described the problem of “drowning in data.” For many, the solution is to throw a lot of money at the problem, often with tools that aren’t working. Instead of using an ROC to address risks around data, security is approached more like a business problem.

Dunham also sees risk management as a trailblazer in security because you have to look at the problem differently. By focusing more on risk management, you get a measurement of the impact of a cyber event and put the level of risk an organization can withstand into context.

“The bottom line is you only have five percent of the things you actually need to care about,” said Dunham. “How do you prioritize them to systematically and holistically reduce your risk?”

What makes a technology, solution or company a trailblazer? Based on these responses, trailblazer or disruptive all depends on the individual and their needs and goals. So maybe Mulaney had it wrong. His audience was filled with trailblazers; they just were all trailblazing in the direction that worked best for them.

More from Uncategorized

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today