Transcript
Hi Mike Matchett Small World Big Data. We are here at RSAC 2025 talking to all the latest and greatest cybersecurity vendors we have Cycode here today. I've got Amir. Welcome to did I get that right? Yep. You got it right. Nice to meet you, Mike. And thanks for having us today. Yeah. So let's let's just get right into it. Um, there are definitely lots of places that security breaches happen. Security vulnerabilities happen. You guys focus on, uh, something you're calling ACM. Could you maybe just explain that a little bit to the audience? Yeah, absolutely. So Cycode actually is a what we call ourselves is a complete ACM. So not all apms are created equal. So and the reason why we call ourselves a complete aspm is because not only do we ingest third party scanners, but we also have our own proprietary enterprise grade scanners as well. So for those that don't know what ACM stands for, it's application security, posture management. And ultimately what the crux of that is, is we help customers gain visibility, prioritization and remediation, but also help them fix what actually matters in in code and beyond code as well. So I've talked to a few people here that think about this, like posture management is one side of the house. And then there's this remediation as the other side house. Are you are you saying you kind of help close that loop and that cycle and bring it together? Yeah, absolutely. I think one of our philosophies with Appsec is making sure that application security is more of a team sport, and what we're trying to essentially do is bring appsec and security teams and the developers a lot closer together. So what that means is giving Appsec teams all the visibility to do what they want, you know, give them visibility into all the blind spots, and then the developer teams more of that self-serve way to remediate the things that actually matter to them. Once you do that, you start to build more of that circle of trust. So now you can build at a much higher developer velocity. You're decreasing the amount of false positives and the vulnerabilities and so on. So that's a big part of our philosophy here at Cycode. So you talked about having your homemade I shouldn't say homemade, your purpose built custom built scanners. Right. Not to disparage proprietary scanners. Could you just walk us through what a scanner might actually do with a code base? Yeah, there's different types of scanners. We do coverage across from code to cloud. So one of them being secrets in code and beyond code as well. So looking at your passwords, your API tokens and secrets and so on, not only within code but also across your developer tools or even productivity tools like slack, confluence, Jira, and so on. The other is SaaS and SCA. So Sast is for the audience's static application security testing. And then SCA is software composition analysis. So looking at both your own proprietary code but also open source code as well. All right. So so you're going to help people also look a little bit at that supply chain problem we mentioned before in terms of software supply chain on there. Yeah absolutely. I think one of the unique things about CI code as well, and our complete APM is we're one of the first to market to bring the convergence of application security, aspm and software supply chain together into one platform in itself. And this is what's helping application security leaders, product security leaders and developers really come together. All right. That's pretty cool. So we're here at RSAC. If you looked around the show floor here, is there something that you would want to tell everybody as a key takeaway, you know, relevant to what you guys are doing that they should probably keep in mind as they go home? Yeah, absolutely. As everybody knows, we're in the era. And I think now is the time where we're seeing two major shifts happening, especially with this whole Ten-x developer output. Right? One shift is around, you know, this whole resource capacity shift, where in the past you had a ratio of one appsec engineer to 100 developers, and I think that increases by an order of magnitude by ten x now. So effectively you're at like one appsec engineer for every 1000 developers, even though you might not have those 1000 developers. So that's one aspect. The other aspect is a risk element to it as well. So now you're exceeding the capacity for risk in in comparison to the amount that you can actually remediate as well. So it's just such an unmanageable attack surface at this point with all the AI happening. All right. This is pretty interesting. And there's probably a lot more to talk about. There's lots of pretty visualizations and ways you help people prioritize and look at those reports. But if someone wants to like, learn a little bit more about what you guys do, dig a little deeper. Uh, probably have a website like everyone else, but is there something for the RSA crowd you would point them to specifically? Yeah, absolutely. I would say just visit our website on cycode.com. Uh, and if you'd like to speak to one of our engineers on staff, definitely book a demo with us and we're happy to walk you through the platform. Thank you so much, Amir, I appreciate it. Thank you so much. Thanks for having. Us. All right. Take care, folks. Check it out.
