Skip to main content
June 18, 2014

I Like the Monster!

greg-infront-of-monsterOur corporate “Monster In Your Corner” theme really landed with me — when was the last time you heard the EVP of Development say something like that about a marketing campaign?

Here’s why.

The “Monster in your corner” means you have the full force of Veracode’s scalable cloud-based service in your corner — backed by our world-class security experts — to help you reduce application-layer risk. The stakes are very high for executives like me. We either deliver innovative software on a timescale of relevance, securely — or we’re toast. Harsh, but true. Second, the “securely” part is — as we say in New England—“Wicked Hahd,” particularly if you try to go it alone. So, I feel like I need a monster in my corner.

Innovate securely or else!

Look, my customers are probably very similar to yours. They want new offerings and product enhancements fast — we’re a SaaS player so if we fail to meet their expectations, they shut us down — no renewal, no expansion, no reference — no IPO! Our team leverages Agile, DevOps, and AWS to meet customer expectations — and we leverage good security hygiene across the SDLC plus Veracode’s cloud-based service to do it rapidly and securely. Shameless plug alert — check out previous content by Pete Chestna and Chris Eng to learn how Veracode implements secure agile in our own development environment.

Application security is “Wicked Hahd” — and going it alone sets your Dev and Security teams up for failure. Security isn’t just another non-functional requirement like quality or performance—not that quality and performance aren’t important or challenging in their own right but neither involve planning for malicious intent in the face of focused cyber-attackers — that don’t need to be right very often to cause significant harm to your enterprise. As a result, it’s not enough to ask a developer to get more knowledgeable about writing secure code and/or to train them on a simple scanning tool. Better development security hygiene is no longer enough, given today’s AppSec threat landscape, because it’s the equivalent of bringing a pen knife to a gun fight. So, I like the “Monster in Your Corner” theme because it suggests that those of us leading Dev organizations (and our CISO counterparts) need help (no, not psychological help, although there are days…) from experts on implementing enterprise-wide governance programs to reduce risk across web, mobile, legacy and third-party applications. The AppSec threat landscape has evolved to a point where the only way to setup your Dev team for success — you know, deliver timely innovation without sacrificing security — is by having a Monster in Your Corner. Honestly, this sounds so corny that I can’t believe I wrote it, but it’s true. Look, it’s fair and reasonable to ask my development team to develop software with secure coding practices in mind, and to incorporate corporate security policy into “doneness” criteria, etc.—all while going at a breakneck, Agile-at-scale pace. That said, it’s irresponsible not to give them access to a powerful, centralized AppSec platform with on-demand AppSec expertise to help level the ridiculously disproportionate playing field that they’re dealing with.

Learn More

Greg Nicastro has been around technology since the late 70s when his mom got him interested in fiddling around with computer systems and software. He considers himself lucky to have worked for some game changing large companies like Digital Equipment Corporation, founded by one of his professional heroes (Ken Olsen), Sun Microsystems (not Oracle), and Iron Mountain where he worked on product/technology strategy with long-time CEO and another professional hero, Richard Reese. Greg has also worked for some technology innovators like Predictive Systems—security consulting/managed security services and Connected Corporation—PC data protection before today’s providers could spell it. Prior to joining Veracode, Greg was the CEO at MyPerfectGig— search and match technology innovator funded by North Bridge Ventures and Commonwealth Capital. He is currently EVP of Software Development and SaaS Operations at Veracode and also serves on the board of directors at Archive Systems. Greg lives in Sudbury Massachusetts with his wife, two kids, and Bubba (the family bulldog).

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.