Checkmarx: 'It's very difficult for CISOs to know how to safely incorporate genAI'

'It’s an unfortunate reality that developers have not traditionally been big fans of security'

Checkmarx: ‘It’s very difficult for CISOs to know how to safely incorporate genAI’

Image:
Checkmarx: ‘It’s very difficult for CISOs to know how to safely incorporate genAI’

Zack Bentolila, director of global field, channel and alliance marketing at application security vendor Checkmarx, talks to Computing about the latest in cyber security, and what it means for marketing strategy. This is a sponsored article.

Cloud-native application development is driving changes in the way that enterprises approach application security. They're now thinking of securing applications from code to cloud – meaning the establishment of security controls at every step of the development process from the first line of code to deployment in the cloud.

The increasing pace of digital transformation is driving adoption of DevSecOps because the only way to secure applications is to embed a security-first approach, from culture, to processes, to automated controls, inside the development process itself.

The increasing complexity of applications – and the number of security tools required to secure them – is driving enterprises to seek out consolidated security platforms. The goal is to find a way to do more of what they need to do on fewer platforms from fewer vendors.

Checkmarx focuses on large enterprises. In that space, the increasing pace of digital transformation and complexity of applications has driven the focus on a unified platform that has all the different capabilities that customers need to secure application development from code to cloud.

What are some of the marketing strategies and priorities at Checkmarx?

We are laser-focused on enterprises, one narrow set of titles, and a certain level of buying intent. That means our marketing strategies are in alignment with account-based marketing.

We prioritise activities that get our sellers and partners in front of the buyers and decision makers, meaning we choose to focus on C-level events or roundtables versus tradeshows and industry events. Going forwards, Checkmarx is focusing with our partners on targeting key accounts.

Tell us about some of the challenges you're facing.

AI and genAI are everywhere, and it's very difficult for enterprise CISOs to know how to safely incorporate its use into their development teams and other business units. Customers need to know how they can both benefit from the efficiencies and strengths of AI and genAI tools, but they must also understand how to mitigate against the new risks it can bring, including AI hallucinations.

Our approach with the AI-driven Checkmarx One platform is to help the enterprise reduce exponential AppSec risk while accelerating and expediting use of genAI for application development. For example, jailbreaking and prompt injection are two prominent types of threats to GenAI models and applications built using them.

Within AppSec, prompt-injection attacks and new software supply chain attack methods are constantly evolving. Checkmarx's own security research team uncovered evidence that users of ChatGPT are being misled into installing malicious open-source software packages that they believe are legitimate.

Tell us about some of your marketing successes.

Checkmarx had many successful direct events last year that are now part of our ongoing plan. Our typical format is a roundtable model or one focused on C-level engagement. We find that these are the right industry events for us and our partners. While there, our focus is on meeting the buyers together with our sellers, business development representatives, and partners.

Our indirect events included a highly successful technology partner showcase. With all our MVP partners, we tailor a showcase on how our integrations with other technology leaders prove our "better together" story. We had such a great turnout at this showcase event and it truly echoed the partnership elements we appreciate and work to build at Checkmarx.

What are your observations on tech buyer behaviour? How does that affect your marketing strategy?

We sell from the CISO down because we have a solution that helps every key role at every level. It's also the case that an AppSec platform is going to require buy-in from the ultimate decision-maker very early on. At the same time, winning over developers is important, so we do sell to them while simultaneously selling to CISOs and AppSec leaders.

Developers in our case are influencers. They are the users and in many cases getting their support is critical to closing a deal. In 2024 we started doing user groups and investing in OWSAP events to get more and more recognition in those audiences and to help them understand the benefits of the Checkmarx solution for their daily processes.

It's an unfortunate reality that developers have not traditionally been big fans of security. They have intense time-to-delivery deadlines for their applications, and a massive list of vulnerabilities they need to fix that are seen as impossible hurdles. When we give a demo on using our platform, we show them how we make their AppSec processes and tasks simple and streamlined. When we demonstrate how we can prioritise those vulnerabilities and bring everything they need right into their favourite IDEs, gaining buy-in becomes much easier.

Do you have tips or advice for other marketers?

Cyber threats are rising, and IT leaders need the latest information to stay ahead of the curve. Join us in London at the Cybersecurity Festival on 2nd May, where we bring together the most senior and influential voices from security leaders throughout the UK. Click here to secure your free place.