Virtual Event Today: Cyber AI & Automation Summit - Register/Login Now
Connect with us

Hi, what are you looking for?


Management & Strategy

The VC View: Hot Trends in Security After the Pandemic

What Spaces Are Hot in Security and Will Get Attention in 2021?

What Spaces Are Hot in Security and Will Get Attention in 2021?

“What’s hot right now in security?” is one of the most common questions I hear from CISOs, vendors and VCs alike. Being a part of one of the largest and most active VC firms in security, we are fortunate to have thousands of touchpoints each year about the state of the industry, to understand the key nuances and to share that knowledge with others.

The reality is that every practitioner, market, company and team is different in what they prioritize as part of their security program. So below are ten spaces, in no particular order, that I think are hot now and will get attention in 2021. In following articles, I’ll propose solutions I’ve seen get traction in each space and worth spending some attention.

1. Data – There is no question at this point that data is valuable. Of course it takes a lot of work and thoughtfulness to get that value, but the insights and learnings we’ve been able to generate from data have significantly changed behavior for a long time now. The issue, however, is that anything of value also comes with risk and concerns. Leading to PCI, HIPAA, COPO, GDPR, etc. This is a solvable problem.

2. Cloud – In terms of hype, Cloud Computing is one of the few categories that has gotten to ride that wave multiple times over. When the space was at risk of practitioners reverting back to optimizing their existing compute infrastructure instead of investing more in public cloud, we got COVID-19 in response. Accessible cloud resources anywhere in the world and by anyone has become the “only” option for some at this point. The only question is what is the answer?

3. Identity – To manage complexity and diversity in our infrastructure, first we started with endpoint, then network, then SaaS and then added Public Cloud. There is no easy chokepoint to inspect all incoming and outgoing activity anymore, leveraging identities to manage the perimeter is the only option. This one will take a long time but worth the effort.

4. IT / WFH Enablement – This isn’t a classic “control” but worth attention. Every single company had to triage when COVID-19 hit and had to build the fundamental infrastructure to enable employees to do their work. Triage looked a bit different for every organization but had the same fundamental goal. Now that we’re past a year and cases are moving in the right direction, the IT role has forever changed and security practitioners either own it or have to support it. We’re close to figuring this one out.

5. Digital Transformation – Another buzzword worth attention. Especially because everyone has a different definition of what digital transformation means. In some companies, the word digital transformation is said and heard at least once a day, in others once a year. Companies in the former are thinking about what this term means and have the support to make more strategic changes in their security program. Another long-term program but worth it.

Advertisement. Scroll to continue reading.

6. Vendor Risk – Of course this one is on the list because of Solarwinds. Everyone is aware of this problem and everyone is at different levels of comfort with their Vendor Risk Management (VRM) program. There are going to be some successful projects in VRM this year.

7. Endpoint – Yes the endpoint is becoming an unlikely single control point in security. However it is still one of the highest fidelity places to get a sense of what is going on currently and historically. There is a reason why endpoint solutions are so popular in incident response cases. Visibility is the new black.

8. Response / SOC Evolution – The concept of “everyone will get breached” has been incredibly powerful and supported by a rapid increase in the frequency of public breach disclosures for a long time now. It has both created and energized multiple categories focused on what to do when “right of the boom”. Now with a lot of budget spent on existing solutions in this space, it’s inevitable that folks are thinking how they can get more value from it. 

9. DevSecOps – This one I have to put in this list even though it’s obvious. It’d be silly to not mention the impact and importance of security in developing public-facing, data-rich applications that have the risk of losing both your employer’s data but your customer’s data as well.

10. AppSec – This is my opportunity to bring up something not obvious but still a bit obvious: AppSec & DevSecOps are different spaces. So many folks combine or confuse the two. DevSecOps is securing and enabling the SDLC. AppSec is finding ways to defend the actual applications. A lot of obsession with DevSecOps with phrases like “shifting left”, “shifting right”, “shifting everywhere”. DevSecOps is hot because it’s relatively new but AppSec at the end of the day is the bigger lever.

That’s ten categories and ten planned accompanying articles that I’ll be writing and publishing here in the future. Thanks to SecurityWeek for having me as a columnist, and I’m very much looking forward to sharing my thoughts about security in general and on these spaces here.

Written By

Will is a Managing Director and a founding team member at ForgePoint Capital. He has been an avid technology enthusiast for decades: building his first computer in elementary school and starting online businesses while completing his bachelor’s degree from the University of California, Berkeley. Focusing on security startups for a decade, he has worked with more than 20 cybersecurity companies to date. In his spare time he’s a foodie with friends, enabling serendipity and building communities.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.