Latest news with #PlexTrac
Forbes
4 days ago
- Business
- Forbes
What Cybersecurity Teams Can Learn From Product Management
Dan DeCloss is the founder and CTO of PlexTrac and has over 20 years of experience in cybersecurity. What does it take to be a successful entrepreneur? The most obvious answers are passion, determination and a clear vision. But humility and a willingness to listen and accept feedback are just as—if not more—important. In fact, many successful entrepreneurs will tell you that there's nothing more important than customer feedback. Getting a continuous flow of feedback is a great scenario; however, it presents a big challenge: What do you prioritize first? This is the exact question that product teams ask every day. Just as entrepreneurs look to make the biggest impact on their product in the shortest amount of time, product teams want to maximize efforts. The challenge is determining what is actually going to move the needle while also taking into account which customer requests must be addressed first, which bugs and defects are make-or-break and what new features will outweigh the cost of technical debt. Other teams, like cybersecurity, can also learn a lot from product teams. Prioritization challenges are common among product teams, which is why they've developed mature processes and frameworks to manage them effectively. If you take these same challenges and apply them to cybersecurity teams, the similarities are striking. Both disciplines ultimately share the same mission: to enable the business to succeed and serve its customers. This alignment means both product and cybersecurity teams must base their plans and priorities on how best to support business goals. While cybersecurity program management is still maturing, product management (PM) offers a well-established playbook to learn from. By drawing these parallels, security teams can uncover valuable insights and adopt proven practices to advance and streamline their own operations. Let's dive into some of the challenges in cybersecurity and identify ways that product management is solving them. Cybersecurity teams are always responding to alerts, leaving them in a constant state of reaction. This can lead to a common sense of 'alert fatigue' and burnout. Security teams also tend to get inundated with vulnerabilities and findings from proactive scans and assessments. This problem has a direct correlation to the prioritization challenges within product management. Product management teams manage this with a systematic approach, using sprints, capacity planning and backlog grooming to plan for work. Each sprint is loaded with work for the team and a dedicated buffer to allow for any unplanned work, such as critical bugs, etc. Security teams can make great strides in their journey to accomplish more work and move to a proactive state by following similar principles. If a security team operates in a sprint model, they can load planned work while leaving room for unplanned work. This feeds directly into the prioritization discussion. Establishing a clear process around planning work is the foundation for meaningful prioritization discussions. In cybersecurity, this is especially vital as teams are inundated with all kinds of vulnerabilities, compliance items, alerts, etc. By taking a page from the PM playbook, security teams can build a roadmap of initiatives based on their priority. One effective method is scoring each initiative based on its relative importance and impact on the business. Applying this framework helps security teams assess risk and prioritize efforts in the context of broader business goals. Of course, prioritization becomes challenging when urgent injections or alerts arise. That's where a defined escalation process—similar to an incident response plan—becomes essential, enabling teams to handle interruptions in a structured and consistent manner. Once you have defined your roadmap and established your work cadences, you're fully operational. But are you successful? This is where metrics come into play. PM teams measure how long it takes to get a feature or product to market as well as the adoption rate of the features. They also measure the allocation of time within each sprint. Security teams should adopt a similar mindset, dedicating 60% of sprint time to proactive security measures and 40% to reactive tasks. Additional metrics should be used to track mean time to resolution, meant time to detection and risk reduction over time. There are many other metrics to consider, but the goal is to ensure you're able to show progress in achieving KPIs and reducing risk exposure. Prioritization remains one of the toughest challenges for nearly everyone, from entrepreneurs sifting through customer feedback to cybersecurity leaders triaging vulnerabilities, alerts, compliance requirements and managing risks. Product teams have spent years refining their approaches to prioritization—turning feedback overload into focused roadmaps and aligning work with business goals. It's time for cybersecurity to steal from that playbook. By borrowing the frameworks, mindset and strategic discipline of product management, security teams can navigate complexity with greater clarity, build more impactful programs and, ultimately, drive better outcomes for the business. The blueprint already exists—are you bold enough to use it? Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Associated Press
15-04-2025
- Business
- Associated Press
PlexTrac Expands Offering with Enhanced Continuous Threat Exposure Management (CTEM) Capabilities
BOISE, Idaho--(BUSINESS WIRE)--Apr 15, 2025-- PlexTrac ™, the #1 platform for pentest reporting and threat exposure management, today announced the launch of PlexTrac ™ for CTEM —expanding the platform's capabilities with a proactive and continuous threat exposure management solution designed to help security teams centralize security data, prioritize risk based on business impact, and automate validation and remediation workflows. This press release features multimedia. View the full release here: PlexTrac for CTEM: Proactively manage exposure risk with PlexTrac for Continuous Threat Exposure Management (CTEM). Consolidate security data from tools and manual testing, automatically prioritize risks based on business impact, and automate remediation and retesting workflows for ongoing, more effective threat management. PlexTrac ™ for CTEM enables organizations to move beyond traditional point-in-time assessments and embrace a continuous, proactive security approach. Key capabilities include: Centralized Data Management for Comprehensive Threat Analysis Vulnerability Risk Prioritization Based on Business Impact Automated Remediation Orchestration with Rule-Based Workflows Continuous Validation & Threat Exposure Tracking Framework-Based Reporting & Compliance Alignment 'Security teams are overwhelmed with too many vulnerabilities and not enough time to remediate all of them,' said Dan DeCloss, CEO & Founder of PlexTrac ™. 'With PlexTrac ™ for CTEM, we're equipping security teams with the ability to take a continuous, proactive approach to exposure management by centralizing all pentesting and scanning data, contextually prioritizing risk, and automating remediation workflows. That's how teams move from reactive to proactive security and drive measurable risk reduction.' 'PlexTrac for CTEM has fundamentally changed the way we manage vulnerabilities,' said Ryan Wilson, at ECS, part of the Federal Government Segment of ASGN Incorporated. 'By centralizing our findings from pentest data and other security scanners, and automating remediation workflows, we're able to focus our team's energy on the risks that actually matter and clearly demonstrate progress in reducing our threat exposure.' PlexTrac ™ for CTEM aligns with Gartner's vision for Continuous Threat Exposure Management, which involves constantly exposing an organization's networks, systems, and assets to simulated attacks to identify vulnerabilities and weaknesses. The solution supports the five key stages of CTEM as defined by Gartner: To help organizations stay ahead of the evolving threat landscape, PlexTrac™ for CTEM delivers a comprehensive solution that enables both enterprises and Managed Security Service Providers (MSSPs) to streamline security operations, unify cross-functional teams within a centralized platform, strengthen threat exposure management, and demonstrate measurable improvements in their overall security posture. Tailored for Enterprises and MSSPs For Enterprises: Evolve beyond periodic assessment and cut through the noise of data overwhelm by evolving into continuous threat and exposure management with PlexTrac. Centralize security data, contextually prioritize risk, and automate remediation workflows to streamline the CTEM lifecycle in one platform. For Service Providers: Stay ahead of emerging industry trends and stand out in a crowded market by delivering risk-based exposure management services to help your clients stay ahead of incoming threats. Deliver more value to the pentest and offensive security report you are already delivering by helping your clients prioritize issues and manage threat exposures on a continuous basis. Meet PlexTrac at RSA Conference 2025 PlexTrac will be showcasing PlexTrac for CTEM live at the RSA Conference in San Francisco from April 28 to May 1. Visit us at Booth #2349 to see how you can take a continuous, proactive approach to threat exposure management. To request a demo at the event, please register at About PlexTrac PlexTrac is the leading AI-powered platform for pentest reporting and threat exposure management, trusted by Fortune 500 companies and top security providers including Expedia, Mandiant, Deloitte, and KPMG. Built to help cybersecurity teams continuously manage and reduce threat exposure, PlexTrac centralizes security data, streamlines reporting, prioritizes risk, and automates remediation workflows—empowering teams to drive measurable risk reduction. View source version on CONTACT: Patricia Tantow CMO PlexTrac [email protected] +1 (208) 274-5322 KEYWORD: UNITED STATES NORTH AMERICA CALIFORNIA IDAHO INDUSTRY KEYWORD: SECURITY DATA MANAGEMENT TECHNOLOGY ARTIFICIAL INTELLIGENCE SOFTWARE SOURCE: PlexTrac Copyright Business Wire 2025. PUB: 04/15/2025 08:30 AM/DISC: 04/15/2025 08:31 AM
