• Home
  • Blog
  • DevSecOps
  • The Need for Speed: Key Takeaways from the FS-ISAC Annual Summit

The Need for Speed: Key Takeaways from the FS-ISAC Annual Summit


Publish Date

May 23, 2019

Written by

Ernesto DiGiambattista

Tagged with


Our team recently attended the FS-ISAC Annual Summit. If you’re unfamiliar, that’s the Financial Services Information Sharing and Analysis Center, and it’s one of the best industry forums to learn more about the security threats facing financial services.

When people say “follow the money” it’s usually pretty good advice, and it’s something hackers have really taken to heart in their efforts targeting companies in the financial sector. As someone who managed the security and risk profiles of software assets at some of the nation’s largest financial institutions in my past life, I say that with confidence.

The industry is quickly recognizing that a more holistic security risk management strategy is a must, but there seems to be general confusion on where efforts should be focused and how to plug the holes in an organization’s security posture.

At FS-ISAC, we had a number of good discussions about the biggest challenges facing security teams in the finance world. And there were some key themes that popped up across conversations – here are some of the most notable:

Risk is the Word
The sessions focusing on “Quantifying Cyber-risk,” “Gaining Success with Intelligent Vulnerability Management,” and “Closing the Risk Management Loop with Cyber-Risk Quantification” point to cybersecurity risk as being elevated to a top business issue. This of course makes sense. With breaches a daily occurrence, the business needs to understand what its risk exposure is. “Where are my vulnerabilities, how do we remediate them and how fast?”

Making Digital Transformation and Security Work Hand-In-Hand
Digital transformation was a hot topic across conversations. It’s hard to ignore how pivotal digital transformation initiatives are to the success of any business. But it’s also especially hard for financial services organizations to progress through the process. They are hesitant to do anything that will rock the boat, upset the equilibrium. Though centralized in structure, these organizations are often fragmented by practice, creating inefficient, and sometimes ineffective, silos of information that prevent a holistic understanding of risk profile. They often employ legacy workflow models and focus on “which tool, which person” versus efficiently automating and orchestrating security for better visibility and understanding of risk.

The Need for Speed
The key to differentiating yourself in an industry as competitive as financial services is simple in theory and difficult in execution: move fast. Today every organization is in the software business. Software and the infrastructure it runs on are critical assets and continuous deployment is essential. But speed cannot be at the expense of security. Velocity equals speed PLUS quality and security. Because of this, financial services organizations are eager to deploy the right mix of technologies to enable security that moves at the speed of the business. Those that aren’t able to achieve this feat understand that they’ll be left behind, leaving them looking for answers.

Overall, the conversations we had at FS-ISAC were incredibly valuable and I think eye-opening for those in attendance. If you’re finding yourself with concerns or challenges similar to the above, be sure to connect with the ZeroNorth team to learn how you can make sure your organization’s security runs at the speed of your business.

eBooks & Research Reports

Research Report: The Journey to True DevSecOps

Many questions emerge as the topic of DevSecOps is volleyed about. First, confusion exists in terms of understanding what it actually means to get to true ...

Read Now


Application Security: Bridging the Gap Between DevOps and Security Teams

When AppSec and DevOps teams aren’t aligned on how to deliver secure software, fast, organizations are at risk. This video discusses how to tackle this challenge ...

Watch Now

Related Articles


When DevOps as a Service Meets Security

By Joanne Godfrey Jul 20, 2021

DevOps is one of the latest IT methodologies to be offered ‘as a Service’. With DevOps as a Service (DaaS), all tasks related to selecting, managing ...

Read More

Vulnerability Correlation

What is Application Vulnerability Correlation and Why Does it Matter?

By ZeroNorth May 28, 2021

As applications become more complex, and attack vectors grow more sophisticated, the critical importance of comprehensive software security testing emerges. These days, application testing has become ...

Read More

The ZeroNorth DevSecOps platform offers options for your DevSecOps journey—getting started with AppSec, finding enterprise visibility or fully integrating security into DevOps.