We attended RSAC 2024 in San Francisco from May 6-8. Our days at the conference were packed with back-to-back briefings.
Here’s some notes on our briefing with Lisa Matherly (Chief Marketing Officer), Anne Nielsen, and Jason Lamar (Senior Vice President of Product) of Cobalt. The briefing was organized by Caroline Wong (Chief Strategy Officer) who was unable to attend due to other meetings at RSAC.
Key takeaways from our conversation:
- Cobalt offers a marketplace for pentesting. Companies that want a pentest performed engage with Cobalt to find a best-fit pentester based on matching their description of the pentest engagement with the skills, capabilities, and expertise of the pentesters available via the Cobalt marketplace. Cobalt calls its offering Pentest as a service (PtaaS). We wrote a report for Cobalt back in early 2020 on PtaaS.
- Becoming a Cobalt pentester is a non-trivial exercise. It is very hard to get into the program. Cobalt says it has more than 400 trusted security experts (pentesters) in their community, and they work with thousands of customers.
- Based on the value organizations have obtained from Cobalt’s initial PtaaS offerings, Cobalt is being asked to offer complementary services, such as threat modeling, source code review, and LLM review. Getting another set of eyes plus an external perspective on source code, for example, enables the identification of security issues much earlier in the application development lifecycle. That’s good for everyone (except bad actors).
- Cobalt published its sixth annual State of Pentesting Report just before the RSAC 2024 conference. It presents data from two data sets – 4,068 pentests in 2023 and 904 responses from security practitioners to a survey run from mid-March 2024. As would be expected, AI features prominently in the report.
For more, see Cobalt.
Leave a Reply