Reflections on joining Noetic, and the market opportunity for CAASM in Europe.

A photo of a digital globe.

I was delighted to join Noetic Cyber back at the end of January 2022 to lead the team in Europe, the Middle East and Africa. Just over a month into my journey with Noetic seemed like a good time to reflect on what I have learnt so far, and how my discussions with partners, customers, security leaders and CISOs are informing my understanding of the market we are serving.

My decision to join Noetic had been made over the previous months, based on several different criteria. The main factor was my earlier experience of working with many of the key leadership team at previous companies, particularly PGP Corporation. I knew the caliber of Paul Ayers and the rest of the team at Noetic, and I was excited to work again with respected colleagues and friends. But it was based on more than that. I have been fortunate in recent years to lead high-performing customer facing organizations in disruptive cybersecurity markets, including Skyhigh Networks in the Cloud Security Access Broker (CASB) space and Exabeam who brought important innovation to the Security Information and Event Management (SIEM) sector.

From my initial research, I had identified that Noetic was part of a similar market, where customers were not happy with the status quo, and where innovation was creating an opportunity to look at an old problem differently, and it is always exciting to try and solve fundamental cybersecurity challenges.

Since joining Noetic, my initial impressions have been confirmed in countless meetings with CISOs, security leaders and partners; Cybersecurity Asset Attack Surface Management (CAASM) addresses a clear gap in our customers’ current cyber portfolios.

Speaking to a range of organizations in the UK and continental Europe across different market sectors, I keep hearing different versions of the same themes. Security leaders are thinking differently about how they can reduce their cyber risk and improve their security posture. This is being driven by the need for a better understanding of the business’s growing attack surface, and a recognition of the limitations of a cybersecurity strategy that is centered around ‘detect and respond.’

I have been surprised at how consistent this message has been, from some of the UK’s largest international companies, to smaller regional European suppliers, we have been hearing consistent drivers for change. If I were to summarize this down to a few main reasons it would be the following:

  • Measuring risk in the Supply Chain. With recent systemic challenges such as Log4J, security teams have had to perform detailed analysis on their assets, 3rd-party software, and suppliers. This has exposed potential risk to their environments that they struggle to measure and manage. Security leaders need a more effective way to understand coverage gaps throughout their supply chain, and don’t want to rely on manual processes to do so.
  • A shift in focus on compliance. Historically seen as a ‘point in time’ exercise to check a required box, forward-looking security teams are now using controls frameworks as a way to drive continuous improvement. Equally, auditors are now being more proactive and expecting to see evidence of ongoing cyber posture assessment and asset management.
  • The ongoing move to the Cloud. Most companies I’m speaking to have now adopted a ‘cloud first’ approach, accelerated by the previous two years of remote working. The productivity and elasticity of service delivered by cloud providers is impressive, but security teams now have a greatly expanded portfolio to cover. The need to secure and manage assets across hybrid multicloud environments has caused an explosion in cloud security tools. Aggregating and consolidating the insights provided here is a huge area of interest for our customers.

So where is CAASM going in Europe?

I believe that we are only at the beginning of market interest in cybersecurity asset management and attack surface management in Europe (and indeed globally). Recent research from Gartner indicates that less than 1% of enterprises will have implemented CAASM technology by the end of 2022, and our own research backs this up. There is a huge opportunity for us to help European customers with gaining a better understanding of cyber risk and building a culture of continuous security improvement.

At Noetic we are somewhat unique; in that we have been building both our European and North American teams at the same time. This means that we have developed a platform from the beginning that thinks about the specific needs of European customers around data residency, privacy, and regulatory requirements.

We are continuing to build out our sales, technical and customer support teams in Europe, engaging with MSSP and consulting partners and developing our European customer community. I am excited to be part of the Noetic journey and strongly believe that we can work together to improve our cyber resilience.

We’d love to show you more. Watch this video to learn more about how the Noetic platform builds out a new kind of ‘full-stack’ visibility for the security team, or you can request a personalized demo to see the platform in action.