skip to Main Content
CISO Challenges And Security’s New Path With Zane Lackey

DevOps, Web Application Security

CISO Challenges and Security’s New Path with Zane Lackey


Last week, Zane Lackey, CSO / Co-Founder of Signal Sciences and O’Reilly author, sat down with Help Net Security. He talked about the challenges that CISOs face and the new path security has to take to be successful in era of cloud and DevOps. Read the full interview at, but here are a few of our favorite parts:

On Challenges CISOs Face Today

The challenges facing virtually every CISO right now (and there’s no shortage of those) is the shift to DevOps, cloud, and the journey through digital transformation. With this fundamental shift, more and more organizations are evaluating what this means for their security program, and recognizing the need to make security a real-time part of agile development culture. At a high level, security needs to shift its core role from being a blocker to an enabler. To be successful, security must focus on bringing security capabilities directly to development and operations teams, and enabling those teams to be security self-sufficient.


On Securing Cloud (Hybrid and Multi) Architectures

In the past, enterprises operated on traditional software engineering models of data center, waterfall development, and deployment strategies. In some ways, bringing in new solutions was pretty simple. IT could just buy hardware appliances to plug into the data centers. At the enterprise level, there are now legacy apps in data centers, new apps in the cloud, microservices in containers, and everything in between. As a result, enterprises must focus on bringing in new technologies that are flexible and can be deployed anywhere — whether in a hybrid cloud environment, multi-cloud environment, or even legacy data centers.


On Why Signal Sciences is Popular

We come from being practitioners ourselves. Our story started at Etsy, where we were running security at the forefront of the DevOps / cloud shift and growing increasingly frustrated with legacy web application firewall (WAF) technology that didn’t enable our shift to DevOps cloud and kept breaking our apps with false positives. So, we built a modern approach.

We took the lessons learned from Etsy and started Signal Sciences. We’re now defending more than 10,000 applications for Fortune 500 companies all the way down to small scale startups. We just received distinction for being a 2018 Gartner Peer Insights Customers’ Choice for Web Application Firewalls. Our customers consistently tell us they are shocked and delighted by three key attributes: 

  1. 95 percent of our customers use us in full blocking mode for all of their production traffic with no learning, no tuning, and none of the false positives that they are used to with legacy WAFs, such as Imperva, Akamai and F5.
  2. 9 out of 10 organizations who try us, buy us. This point really speaks to the fact that we’ve all been frustrated with the legacy WAF industry for so long that it’s such a breath of fresh air when you get your hands on something new and modern that just works.
  3. Our architecture is built based on how a modern enterprise is constructed today. This means, an organization can have applications in the cloud, in a data center, and everywhere in between. We provide an architecture that works seamlessly right out of the box for hybrid cloud, multi-cloud, and legacy data center applications.


Back To Top