Resilient Cyber

Resilient Cyber w/ Katie Norton - AppSec Industry Analysis & Trends

Feb 24, 2025

Katie Norton, an Industry Analyst at IDC specializing in DevSecOps and software supply chain security, shares her insights on the evolving AppSec landscape. She discusses key trends for 2024, including the ongoing debate of platform versus point products, the impact of 'Developer Tax' on productivity, and the role of AI in automating code fixes. Katie also highlights her research focus for 2025, touching on Application Security Posture Management and the significance of storytelling to bridge the gap between security and development teams.

47:19

Episode guests

Katie Norton

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Katie Norton emphasizes the shift towards proactive security measures in response to open-source vulnerabilities, highlighting a critical evolution in application security practices.

The merging of various security categories into cohesive platforms signifies a trend towards better integration and collaboration between cloud security, observability, and DevOps tools.

Deep dives

Importance of Diverse Perspectives in Cybersecurity

Having a diverse set of voices in cybersecurity is crucial for addressing the varied threats present in the landscape today. This podcast highlights the insights of professionals from different backgrounds, as they discuss the influence of roles such as developers, IT specialists, and analysts on security practices. Katie Norton, an industry analyst, emphasizes that her prior experience in data administration allows her to approach security with fresh eyes, challenging some long-held beliefs. This demonstrates how varied perspectives can drive innovation and improvement in security measures.

Intro

4min

Navigating Application Security Trends

19min

Navigating Software Factories and SBOMs

12min

Navigating the Developer Tax: Security Challenges in Software Development

6min

Navigating Cybersecurity Challenges

7min

In this episode of Resilient Cyber, we catch up with Katie Norton, an Industry Analyst at IDC who focuses on DevSecOps and Software Supply Chain Security. We will dive into all things AppSec, including 2024 trends and analysis and 2025 predictions.

Katie and I discussed:

Her role with IDC and transition from Research and Data Analytics into being a Cyber and AppSec Industry Analyst and how that background has served her during her new endeavor.
Key themes and reflections in AppSec through 2024, including disruption among Software Composition Analysis (SCA) and broader AppSec testing vendors.
The age-old Platform vs. Point product debate concerns the iterative and constant cycle of new entrants and innovations that grow, add capabilities, and become platforms or are acquired by larger platform vendors. The cycle continues infinitely.
Katie's key research areas for 2025 include Application Security Posture Management (ASPM), Platform Engineering, SBOM Management, and Securing AI Applications.
The concept of a “Developer Tax” and the financial and productivity impact legacy security tools and practices are having on organizations while also building silos between us and our Development peers.
The role of AI in corrective code fixes and the ability of AI-assisted automated remediation tooling to drive down remediation timelines and vulnerability backlogs.
The importance of storytelling, both as an Industry Analyst and in the broader career field of Cybersecurity.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Resilient Cyber

Resilient Cyber w/ Katie Norton - AppSec Industry Analysis & Trends

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Importance of Diverse Perspectives in Cybersecurity

Emerging Trends in Application Security

The Shift Towards Platform Consolidation

Challenges in Securing AI Applications

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Resilient Cyber

Resilient Cyber w/ Katie Norton - AppSec Industry Analysis & Trends

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Importance of Diverse Perspectives in Cybersecurity

Emerging Trends in Application Security

The Shift Towards Platform Consolidation

Challenges in Securing AI Applications

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights