In this episode of Resilient Cyber, we catch up with Katie Norton, an Industry Analyst at IDC who focuses on DevSecOps and Software Supply Chain Security. We will dive into all things AppSec, including 2024 trends and analysis and 2025 predictions.

Katie and I discussed:

• Her role with IDC and transition from Research and Data Analytics into being a Cyber and AppSec Industry Analyst and how that background has served her during her new endeavor.
• Key themes and reflections in AppSec through 2024, including disruption among Software Composition Analysis (SCA) and broader AppSec testing vendors.
• The age-old Platform vs. Point product debate concerns the iterative and constant cycle of new entrants and innovations that grow, add capabilities, and become platforms or are acquired by larger platform vendors. The cycle continues infinitely.
• Katie's key research areas for 2025 include Application Security Posture Management (ASPM), Platform Engineering, SBOM Management, and Securing AI Applications.
• The concept of a “Developer Tax” and the financial and productivity impact legacy security tools and practices are having on organizations while also building silos between us and our Development peers.
• The role of AI in corrective code fixes and the ability of AI-assisted automated remediation tooling to drive down remediation timelines and vulnerability backlogs.
• The importance of storytelling, both as an Industry Analyst and in the broader career field of Cybersecurity.