OpenText Cybersecurity helps organizations navigate the evolving threat landscape

OpenText Cybersecurity aims to help organizations successfully implement and secure the DevSecOps pipeline in a rapidly evolving threat landscape. In this show, Dylan Thomas, Senior Director of Product and Engineering at OpenText Cybersecurity, discusses the evolution of security practices, the role of AI in enhancing and challenging cybersecurity, and the steps organizations need to take to stay ahead of emerging threats. Thomas notes, “We aim to achieve a true DevSecOps culture without compromise,” adding that this means neither developers nor security teams have to sacrifice their needs to satisfy the other.

Overview of OpenText Cybersecurity’s evolution and growth

Thomas talks about the history of OpenText Cybersecurity, noting that the company has been in the market for over 25 years and has achieved a $6 billion revenue, illustrating its substantial impact and growth in the cybersecurity sector.
OpenText Cybersecurity’s primary focus is on information management and it has strategically expanded its cybersecurity portfolio, aiming to position itself as a leader in this area.
Thomas shares his professional journey, highlighting his extensive experience in engineering design for semiconductors and explaining how he transitioned into application security over the last ten years, which now informs his work at OpenText Cybersecurity.

The evolution from traditional security practices to DevSecOps

Thomas discusses the transition from traditional security practices to the integration of DevSecOps principles. This shift emphasizes embedding security throughout the development process rather than treating it as an afterthought.
The importance of security champions within organizations has grown, with new key performance indicators (KPIs) and metrics being used to measure and drive risk remediation efforts. This reflects a more proactive and integrated approach to managing security risks.
There is an ongoing challenge of fully implementing DevSecOps while balancing the needs of developers and maintaining robust security. The goal is to achieve a seamless integration that supports both secure development practices and operational efficiency.

What are the challenges in implementing and sustaining DevSecOps?

Thomas feels that although many organizations assert they are implementing DevSecOps, the actual execution often differs between teams and products, highlighting a disparity between reported practices and real-world application.
Thomas stresses the critical role of security champions within teams, who serve as subject matter experts and are crucial for effectively integrating security into the development process.
Thomas identifies personnel turnover and the rapid pace of technological change as major obstacles to sustaining robust application security programs. These factors complicate efforts to maintain consistent and effective security practices over time.

What is the impact of AI and Generative AI on security?

Thomas discusses the dual role of AI and generative AI (GenAI) in cybersecurity, highlighting how AI can both enhance security measures and introduce new complexities.
Thomas emphasizes the need to protect AI systems from potential risks, such as prompt injection and cross-site scripting vulnerabilities, to ensure secure implementation.
He underscores the importance of careful and intentional integration of AI to prevent the introduction of new security threats, advocating for a balanced approach that leverages AI effectively while mitigating associated risks.

Strategies for enhancing collaboration between developers and security teams

Thomas emphasizes the importance of collaboration between development and security teams, stating that aligning people, processes, and technology is crucial for effective security integration.
Thomas proposes using gamification as a strategy to encourage business leaders to engage more actively in security practices through healthy competition.
The necessity of top-down executive support for successful security implementation is highlighted, with Thomas noting that top-level buy-in is crucial for achieving effective outcomes.

OpenText Cybersecurity’s approach to security solutions and investment

Thomas outlines how OpenText Cybersecurity secures the DevSecOps pipeline through key tools like static analysis, software composition analysis, and dynamic testing. He underscores the need to integrate these tools throughout the DevSecOps lifecycle and enhance them with AI capabilities.
For almost 20 years, OpenText Cybersecurity has been dedicated to advancing its security solutions by investing in state-of-the-art technologies. Thomas talks about how this track record ensures they offer robust and up-to-date security tools for their clients.

Strategies for improving security posture and continuous improvement

Thomas advises that organizations should perform maturity assessments to gauge their current security status. Effective KPIs and goals should be set based on these assessments to drive continuous improvement in security practices.
A continuous improvement mindset is crucial in cybersecurity. Thomas emphasizes that organizations need to regularly update and refine their security strategies to stay ahead of evolving threats.

The current state and ongoing challenges in cybersecurity

Thomas compares maintaining cybersecurity to the routine upkeep of vehicles or airplanes, stressing the need for ongoing vigilance. He acknowledges that maintaining security requires constant investment due to the persistent threat from cybercriminals.
Cybersecurity is an ongoing journey, not a final destination. Thomas discusses the evolving nature of threats means organizations must continually adapt and invest in their security measures.

Understanding the motivations and tactics of cybercriminals

Thomas distinguishes between nation-state actors and commercial cybercriminals, with the latter primarily involved in illicit activities such as identity theft and ransomware. Thomas explains how these criminals exploit a vast underground economy.
Thomas highlights how cryptocurrencies are increasingly used by cybercriminals for their transactions. Thomas discusses how they provide a level of anonymity that facilitates various forms of cybercrime, making it harder to trace and disrupt their activities.

What are the future trends and anticipated advancements in cybersecurity?

Thomas stresses the need to integrate GenAI thoughtfully within cybersecurity practices and to dismantle existing obstacles in DevSecOps workflows, while pointing out that significant progress is being made in certain areas such as threat detection.
Thomas conveys a positive outlook on cybersecurity’s future, noting that OpenText Cybersecurity’s innovative solutions are well-positioned to tackle new and evolving security threats and will play a significant role in shaping the industry’s approach to emerging challenges.

Guest: Dylan Thomas (LinkedIn)
Company: OpenText Cybersecurity (Twitter)
Show: Let’s Talk

OpenText Cybersecurity helps organizations navigate the evolving threat landscape

Broadcom’s Rally Anywhere empowers organizations to tackle security and compliance requirements

With Ondat, Akamai is planning to expand its storage capabilities

Broadcom’s Rally Anywhere empowers organizations to tackle security and compliance requirements

With Ondat, Akamai is planning to expand its storage capabilities

You may also like

Why Cloud Development Feedback Loops Fail and How to Fix Them | Waldemar Hummer, LocalStack | TFiR

How Kubernetes 1.36 Handles GPU Scheduling, DRA, and Kubelet Security | Ryota Sawada, Kubernetes | TFiR

Your HA Backup System Has Hidden Gaps — SIOS Technology’s Trey Isaac Explains How to Find Them | TFiR

Escaping VMware After Broadcom: How Vates Is Winning the Open Source Virtualization Market | TFiR

Why Multi-Cluster Kubernetes Is Now a Platform Engineering Crisis | Julian Fischer, anynines | TFiR

Coro’s MCP Integration Brings AI-Native Security Operations to Lean IT Teams | TFiR