Tsahy Shapsa is the Co-Founder & Co-CEO at Jit, a platform that that permits simplifying continuous security, so developers can construct secure cloud apps by design from day zero.

You’ve been involved in cybersecurity for many of your profession, what initially attracted you to the industry?

Growing up, I used to be at all times drawn to science fiction, and it was the movie “WarGames” that really sparked my imagination in regards to the role computers would play in the protection of our world. As I watched the film’s young hacker inadvertently stumble right into a high-stakes cyber conflict, I became captivated by the probabilities and challenges of a digital future. Later in life, as an adult surrounded by the modern spirit of Israel’s “Startup Nation,” I felt a powerful calling to contribute to this exciting and crucial domain. This inspiration, combined with my immigration to the US, ‘the land of opportunity’, led me to begin my first cybersecurity company. I’ve been fortunate to play an element in shaping the long run of cybersecurity while embracing the entrepreneurial spirit of my two home countries – US & Israel.

Could you share the genesis story behind Jit?

The genesis story of Jit.io began with me and my co-founders identifying a critical gap within the cybersecurity landscape. As modern engineering teams rapidly embraced the CI/CD approach, the mixing of cybersecurity often lagged behind, resulting in increased risk of vulnerabilities. A part of the issue was the overwhelming plethora of shift-left security tools available, with engineering teams often needing to stitch together 15-20 tools across AppSec, CI/CD, Cloud, and DAST to create a comprehensive security solution. Each of those tools got here with its own onboarding, management, and developer experience, which significantly slowed down development velocity.

Driven by the mission to make it ridiculously easy for these teams to include cybersecurity into their CI/CD pipelines, Jit.io was born. My team got down to speed up DevSecOps by meticulously curating the world’s best open-source security tools and packaging them right into a single, unified platform. By offering a streamlined DevX, Jit.io empowers modern engineering teams to seamlessly integrate and manage their product security, eliminating the necessity for complex toolchain integrations and time-consuming onboarding processes. This ensures that robust application security measures will not be just an afterthought, but a vital and simply attainable component of the event process.

This modern approach has positioned Jit.io as a game-changer within the realm of cybersecurity, revolutionizing the best way engineering teams tackle the ever-evolving digital threat landscape by simplifying and consolidating the implementation of essential security tools, ultimately increasing development velocity and efficiency.

For readers who’re unfamiliar with the terminology DevSecOps, could you define it for us?

DevSecOps is the practice of integrating security into every stage of the software development and deployment process for contemporary engineering teams, unifying AppSec, CI/CD security, and cloud security. This permits developers to own their product security just as they own CI and CD, while fostering collaboration and shared responsibility amongst development, security, and operations teams.

Jit enables developers to own security for the products they’re constructing from day zero, why is it so essential to prioritize security at such an early stage?

Using a constructing construction analogy, let’s consider how DevSecOps spans various points of the software development process, including AppSec (Application Security), CI/CD (Continuous Integration/Continuous Deployment), Cloud, and DAST (Dynamic Application Security Testing).

Within the constructing construction process, AppSec is analogous to making sure the constructing materials and architectural design are secure and cling to safety standards. CI/CD is akin to the seamless coordination of construction activities, allowing for efficient assembly and integration of various components, similar to plumbing, electrical, and security systems. Cloud security represents the infrastructure and utilities supporting the constructing, similar to water supply, electricity, and web connectivity. Finally, DAST is comparable to conducting regular safety inspections and tests to discover and address potential vulnerabilities within the constructing’s security systems.

By incorporating DevSecOps throughout your entire software development lifecycle, organizations can be sure that security is an integral a part of each stage, from designing secure application code (AppSec) and efficiently integrating security measures into the CI/CD pipeline, to securing cloud infrastructure and conducting ongoing dynamic security tests (DAST). This holistic approach helps create safer, reliable applications and minimizes vulnerabilities and security risks across all points of the software development process.

Could you describe how Jit differentiates itself from other cybersecurity tools?

Jit differentiates itself from other cybersecurity tools by offering a comprehensive, unified DevSecOps platform that simplifies the mixing and management of multiple ‘shift-left’ security tools across AppSec, CI/CD, Cloud, and DAST. This approach streamlines security operations and the developer experience, allowing for seamless collaboration.

By eliminating the necessity for complex toolchain integrations and vendor lock-in, Jit enables product and application security engineers to decide on the best-of-breed security solutions tailored to their specific needs. This adaptability empowers teams to construct robust security measures while maintaining a unified, native developer experience.

Jit’s concentrate on a seamless, consistent experience for each developers and security teams allows for more efficient monitoring, evaluation, and response to threats across all points of the software development lifecycle. In consequence, Jit accelerates the implementation of DevSecOps best practices and promotes a shared responsibility for security across your entire organization.

You frequently discuss avoiding ‘tool lock-in’ with a view to have a future-proof DevSecOps platform, could you describe what tool lock-in is and why it’s such an issue?

Within the context of DevSecOps and shift-left security vendors, tool lock-in could be particularly problematic for several reasons:

1. Mediocre product portfolios: Many shift-left security vendors initially gain success attributable to one outstanding product. Nonetheless, as they expand their offerings, often through acquisitions, they could find yourself with a portfolio of mediocre products that don’t necessarily integrate well or provide one of the best solutions for each aspect of security.
2. Sales and marketing tactics: Vendors with a various portfolio often use various sales and marketing tactics to “force” customers into purchasing their entire suite of products. This approach prevents users from having the liberty to decide on best-of-breed solutions and may result in suboptimal security outcomes.
3. Hindered adaptability: Tool lock-in restricts a corporation’s ability to adapt to evolving security threats or benefit from advancements in technology. When locked into a particular vendor’s offerings, it becomes difficult to explore and adopt higher security solutions as they develop into available.
4. Reduced innovation: Counting on a single vendor’s portfolio for security can stifle innovation, because the organization may develop into overly focused on the capabilities of the present tools reasonably than in search of alternative, potentially superior solutions.

To construct a future-proof DevSecOps tool-chain and avoid the pitfalls of tool lock-in, it’s crucial for organizations to take care of the flexibleness to decide on the best-of-breed security solutions tailored to their needs. This approach enables organizations to create a more robust and effective security posture, ultimately fostering innovation and adaptableness within the face of ever-changing security landscapes.

How does Jit create a unified, ‘one-stop’ solution that avoids this issue?

Jit addresses the problem of tool lock-in by prioritizing flexibility, integration, and adaptableness. Here’s how Jit achieves this:

1. Seamless integration of multiple tools: Jit’s platform is designed to integrate best-of-breed security solutions across AppSec, CI/CD, Cloud, and DAST. This enables organizations to decide on probably the most suitable tools for his or her specific needs, while Jit handles the complexities of managing and integrating these disparate tools right into a cohesive system.
2. Flexibility and selection: Jit empowers organizations to avoid vendor lock-in by providing the liberty to pick out and switch between different security tools as their requirements evolve. This flexibility ensures that organizations can at all times adopt probably the most effective solutions for his or her security needs, without being constrained by a single vendor’s portfolio.
3. Unified developer and security operations experience: Jit streamlines the developer and security operations experience by providing a consistent, user-friendly interface for managing and interacting with various security tools. This unified experience simplifies the technique of incorporating security practices into the software development lifecycle and ensures that developers and security teams can collaborate effectively.
4. Continuous innovation and adaptableness: By allowing organizations to leverage best-of-breed security solutions, Jit fosters continuous innovation and adaptableness. As latest security tools and technologies emerge, Jit’s platform can easily accommodate these advancements, ensuring that organizations at all times have access to cutting-edge security solutions.

By offering a unified, flexible platform that seamlessly integrates multiple security tools while maintaining a consistent developer and security operations experience, Jit effectively avoids the pitfalls of tool lock-in and enables organizations to construct future-proof DevSecOps platforms that may adapt and grow with their evolving security needs

Jit-DevSecOps describes itself as a lean, iterative approach to adding security ‘Just-In-Time’. Could you elaborate on the importance of applying security in this fashion?

Jit-DevSecOps, a lean and iterative approach to adding security “Just-In-Time,” emphasizes the importance of timely and efficient security integration. This method allows for early detection and remediation of vulnerabilities, faster development cycles, and improved collaboration. Jit’s change/delta-based approach focuses on addressing security issues as they arise, ensuring that probably the most critical vulnerabilities are fixed first. By prioritizing a fix-first mentality and adapting to changing security landscapes, Jit-DevSecOps enables organizations to take care of robust security while ensuring agility and efficiency in the event process.

What’s your vision for the long run of DevSecOps and cybersecurity usually?

My vision for the long run of DevSecOps and cybersecurity is to harness the ability of advanced technologies similar to artificial intelligence, machine learning, and automation to discover and reply to threats in real-time. For instance, AI-driven security solutions may help detect anomalies and potential vulnerabilities, while automated incident response may help contain and mitigate security incidents.

As well as, we are going to explore emerging technologies similar to blockchain and encryption to reinforce data security and privacy. These technologies may help make sure the integrity and confidentiality of knowledge, and stop unauthorized access or tampering.

Overall, my vision emphasizes the importance of collaboration, innovation, and proactive measures to remain ahead of emerging threats. And in fact, we’ll at all times remember the golden rule of cybersecurity: the one secure computer is one which’s unplugged, buried in concrete, and never turned on.