Daniel Kennedy

Use of GenAI security solutions has spiked, continued uptake projected: blog.451alliance.com/use-of-genai...

Turns out it’s not the company clothing store…

Webinar Recap: Reimagining Application Security Posture Management In a timely discussion hosted by S&P Global Market Intelligence, Principal Research Analyst Daniel Kennedy sat down with Idan Plotnik (Founder of Apiiro) and Jason Espone (Global Head of Application S...

apiiro.com/blog/webinar...

AI Delivers AppSec Gains, but Ransomware Overconfidence Persists Cybersecurity leaders are embracing generative AI for its practical value in security operations and application security. But as ransomware tactics evolve, S&P's

I had the opportunity again this year at #RSAC to discuss my latest end user security research with @mathewjschwartz.bsky.social at the ISMG studio.

Full interview: www.databreachtoday.com/ai-delivers-...

YouTube video by S&P Global Market Intelligence RSA Conference Preview

#RSAC 2025 - www.youtube.com/watch?v=F7GX...

Thank you to all who joined our 451 #RSAC breakfast this year, it was great catching up, however briefly.

As the RSA Conference kicks off this week, listen to our conference preview on the Next in Tech podcast: www.spglobal.com/market-intel... #rsac2025

I recently had the opportunity to sit down with a couple of folks who have spent significant time working out real world challenges in enterprise application security programs, catch the replay here: event.on24.com/wcc/r/490723...

Security talent gap cannot be expressed in job numbers alone The 451 Alliance shares key findings from a recent information security study. The topic? Organizational behavior.

How important are information security certifications?

Almost half (47%) of respondents to our recent survey note certifications are very important, and they require job candidates to have them. Another 43% note they are somewhat important - blog.451alliance.com/security-tal...

Meta just fired about 20 employees for leaks The Facebook parent company fired the workers for sharing confidential information

From an old hand, step 1 in the 'finding leakers' handbook is...don't announce you're looking for or have found leakers. I know you think it has a deterrence effect, it doesn't. You want folks to make mistakes and leave bread trails, not get better at leaking information.

qz.com/meta-fires-2...

a man in a black shirt and tie is writing on a notebook with a pen . ALT: a man in a black shirt and tie is writing on a notebook with a pen .

Let's see, from what I'm reading you're making some demands here, somewhat impolitely, I just need to check a couple things...

- Yup, not in my chain of command, ok, next thing...

- You don't add value, either now or project to in the future...

And there you go, right on the 'pay no mind' list.

"We have a new guideline in place, if you could just sign the form..."

Gotcha, well I apologize, I have a process where I'm not allowed to 'just sign' anything I don't understand or agree with or that lacks the force of law, you understand, can't be upsetting the folks upstairs here at Kennedy Inc.

"SecOps managers said they were aware of but unable to investigate 43% of alerts they received through security operations center (SOC) tools.It's a number that has remained consistent over the years..."

www.techtarget.com/searchitoper...

TikTok replaced Vine, and if it’s banned something will replace it (YouTube shorts and Instagram reels among the options). All of these ‘it will be healthy’ takes…20 million kids aren’t going to walk outside and rub their eyes in the sun, and then ‘play until the street lights come on’.

Explosive use of GenAI in 2023 results in need to secure it What's in store for 2024? The 451 Alliance asks security professionals about their planned spending for the new year.

Explosive use of GenAI in 2023 results in predictable need to secure it - blog.451alliance.com/explosive-us...

Multicloud multiplies the pain for information security - 451 Alliance The 451 Alliance explores the evolution of cloud security practices in organizations and key pain points identified in securing the cloud.

Multicloud multiplies the pain for information security - blog.451alliance.com/multicloud-m...

Ransomware Defender Risk: 'Overconfidence' in Security Tools Are your defenses against ransomware good enough to survive contact with the enemy? Don't be so sure. A new study from market researcher 451 Research finds that "overconfidence in security tooling rem...

"indicating the importance of a resilience-based strategy focusing on backup technologies such as immutable storage" www.databreachtoday.com/blogs/ransom...

Don’t celebrate #ransomware’s decline just yet - blog.451alliance.com/dont-celebra...

I had the opportunity to sit down with Beth Pariseau on her podcast for a wide ranging discussion on the notion of a cybersecurity skills shortage & the effects of the Crowdstrike outage on a long-running debate about platforms vs best-of-breed: www.podbean.com/media/share/...

Exploring the shifts in attitudes around 'coordinated disclosure': www.veracode.com/sites/defaul...

Managing privileged identities remains a headache for organizations’ security leaders — it is the top-cited pain point in identity management (36%). blog.451alliance.com/privileged-i...

YouTube video by GitLab App Sec and the shift to DevSecOps with 451 Research and GitLab

App Sec and the shift to DevSecOps, a conversation with GitLab: www.youtube.com/watch?v=LFtW...

YouTube video by S&P Global Market Intelligence [Ep. 152] Cyber Insurance | Next in Tech

A discussion on cyber insurance with Eric Hanselman, @scott-crawford.bsky.social and Tom Mason on the 'Next in Tech' podcast: www.youtube.com/watch?v=keg8...

Lol, whatever it takes...

Security pros see potential in AI-augmented fixes for security flaws As generative AI is increasingly applied to information security, a key emerging use case emerges. The 451 Alliance shares key findings.

While much has been said about GenAI’s potential to enhance developer productivity by generating usable code in integrated development environments, automating code patches for security vulnerabilities may enable similar efficiency gains in application security. blog.451alliance.com/security-pro...

Enterprises and the Multi-Cloud of Madness.mp4 This is "Enterprises and the Multi-Cloud of Madness.mp4" by Fastly on Vimeo, the home for high quality videos and the people who love them.

The challenges in securing the 'multicloud of madness', a panel discussion with CISOs Mike Johnson and Lora Vaughn: vimeo.com/759687623

“Should I engage a MSSP or bring security in-house?”

You should reject the premise of the question, as that is not how the majority of managed security services relationships are set up, as an ‘either-or’.

YouTube video by Black Duck Open Source Security Risk - Managing the Threat in Mergers & Acquisitions | Black Duck

Discussing the prevalence of open source in applications today and what risks that poses in the realm of Mergers & Acquisitions (M&A) - www.youtube.com/watch?v=JrJv...

Cyber insurance remains a sought after risk transference strategy for enterprise security leaders, but the market for acquiring insurance remains complex to navigate. Most of that complexity is due to the shift and growth in ransomware... blog.451alliance.com/cyber-insura...

Organizational Dynamics of Information Security Positioning Information Security within the enterprise presents its own set of challenges. Our recent survey data from hundreds of senior security and IT leaders like you uncovered a number of systemi...

'Organizational dynamics in information security': www.brighttalk.com/webcast/1315...