The Cribl team descended on National Harbor in Washington, DC, for Gartner’s annual Security & Risk Summit. For two and a half days, we spoke with leaders in cybersecurity, risk management, and compliance. This year’s audience far surpassed the 2022 audience, with over 4300 delegates attending from across the US and internationally, up from roughly 2600 from the year prior.
(One reason for the steep increase? Not competing with the RSA Conference in San Francisco. Because of COVID-19, RSA was rescheduled for the same dates as Security & Risk, which led to obvious conflicts.)
Summit Themes
From walking the exhibitor showcase, one clear trend became apparent, and that’s compliance and risk management. There were dozens of vendors advertising everything from data security posture management (DSPM) to software supply chain solutions, and everything in between.
A surprising omission from the showcase was AI and its impact on security professionals. While some companies are rolling out their bolted-on ChatGPT and generative AI features, these features weren’t in evidence in the demos I saw. However, AI and its impacts permeated several of the presentations delivered by Gartner analysts. Lots of cautionary advice on offer, but my view is even the analysts are still figuring out how AI helps, and hurts, enterprise cybersecurity efforts.
My conversations with analysts all pointed to two recurring themes:
Cybersecurity budgets are stable or increasing, unlike broader IT
Staffing remains the single largest challenge for enterprise security teams
We’ve written and spoken at length about cybersecurity budgets and the drivers there. No CEO or board member wants their company name making the wrong kind of headlines. New regulations for public companies are making cybersecurity incidents more onerous for boards. This is resulting in the budget taps opening for CISOs.
With this increased budget comes increased accountability. CIOs, CFOs, and risk leaders are holding the CISO accountable for ROI on this new spend. ROI isn’t solely judged on avoiding breaches and resolving incidents quickly. Today’s CISO is responsible for pushing cybersecurity into the fabric of the organization and forecasting needs twelve to eighteen months out. A core part of this is adapting security policies and needs to specific business units.
The second theme, staffing, is a perennial challenge for cybersecurity teams. Given that the summit took place in DC, I interacted with a number of federal security leaders and each lamented the challenges in retaining staff. Federal salaries cannot compete with the private sector, and people change jobs shortly after getting qualified or being within the role long enough to burnish a resume.
There is a constant need to help cybersecurity teams scale, which brings me to our interactions on the showcase floor.
At the Booth
Normally when a vendor exhibits at a show like Security & Risk, you spend a lot of time explaining your company to attendees. We’re used to handling questions like “What does Cribl do?,” “Do you compete with so-and-so?,” and “Can I get a stuffed goat?” That’s what it was like last year when we exhibited.
This year, everything changed.
Nearly every person that visited the booth had heard of Cribl and knew what we did. Many were already customers, or about to become customers. They’d heard of us through peers at other companies, through social media, or our steady cadence of events and other marketing. Seeing that recognition firsthand is incredibly gratifying after years of hard work building Cribl’s brand and the observability pipeline market category.
What’s Next?
We have a packed events calendar for 2023. Next up is AWS Re:inforce. Then it’s time for CriblCon, taking place in Vegas on July 17th, followed by Black Hat in August, and AWS re:Invent later in the year. If you’re attending any of those events, make sure to stop by.
