Resilient Cyber

Resilient Cyber w/ Katie Norton - AppSec Industry Analysis & Trends

Feb 24, 2025

Katie Norton, an Industry Analyst at IDC specializing in DevSecOps and software supply chain security, shares her insights on the evolving AppSec landscape. She discusses key trends for 2024, including the ongoing debate of platform versus point products, the impact of 'Developer Tax' on productivity, and the role of AI in automating code fixes. Katie also highlights her research focus for 2025, touching on Application Security Posture Management and the significance of storytelling to bridge the gap between security and development teams.

47:19

Episode guests

Katie Norton

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Katie Norton emphasizes the shift towards proactive security measures in response to open-source vulnerabilities, highlighting a critical evolution in application security practices.

The merging of various security categories into cohesive platforms signifies a trend towards better integration and collaboration between cloud security, observability, and DevOps tools.

Deep dives

Importance of Diverse Perspectives in Cybersecurity

Having a diverse set of voices in cybersecurity is crucial for addressing the varied threats present in the landscape today. This podcast highlights the insights of professionals from different backgrounds, as they discuss the influence of roles such as developers, IT specialists, and analysts on security practices. Katie Norton, an industry analyst, emphasizes that her prior experience in data administration allows her to approach security with fresh eyes, challenging some long-held beliefs. This demonstrates how varied perspectives can drive innovation and improvement in security measures.

Intro

4min

Navigating Application Security Trends

19min

Navigating Software Factories and SBOMs

12min

Navigating the Developer Tax: Security Challenges in Software Development

6min

Navigating Cybersecurity Challenges

7min

In this episode of Resilient Cyber, we catch up with Katie Norton, an Industry Analyst at IDC who focuses on DevSecOps and Software Supply Chain Security. We will dive into all things AppSec, including 2024 trends and analysis and 2025 predictions.

Katie and I discussed:

Her role with IDC and transition from Research and Data Analytics into being a Cyber and AppSec Industry Analyst and how that background has served her during her new endeavor.
Key themes and reflections in AppSec through 2024, including disruption among Software Composition Analysis (SCA) and broader AppSec testing vendors.
The age-old Platform vs. Point product debate concerns the iterative and constant cycle of new entrants and innovations that grow, add capabilities, and become platforms or are acquired by larger platform vendors. The cycle continues infinitely.
Katie's key research areas for 2025 include Application Security Posture Management (ASPM), Platform Engineering, SBOM Management, and Securing AI Applications.
The concept of a “Developer Tax” and the financial and productivity impact legacy security tools and practices are having on organizations while also building silos between us and our Development peers.
The role of AI in corrective code fixes and the ability of AI-assisted automated remediation tooling to drive down remediation timelines and vulnerability backlogs.
The importance of storytelling, both as an Industry Analyst and in the broader career field of Cybersecurity.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Resilient Cyber

Resilient Cyber w/ Katie Norton - AppSec Industry Analysis & Trends

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Importance of Diverse Perspectives in Cybersecurity

Emerging Trends in Application Security

The Shift Towards Platform Consolidation

Challenges in Securing AI Applications

Remember Everything You Learn from Podcasts