The world of cybersecurity is facing unprecedented challenges as organisations rapidly adopt multi-cloud and hybrid cloud environments. With applications and data scattered across multiple deployment locations, ensuring seamless delivery and robust security has arguably never been more challenging.
Speaking with Cyber Magazine at F5’s AppWorld event in London, Kara Sprague, the company’s Chief Product Officer, shares her insights on tackling the complexities of modern multi-cloud and hybrid environments. As the leader overseeing F5's BIG-IP, NGINX, and Distributed Cloud solutions, she explores F5's approach involving AI and machine learning to simplify application delivery and security, while discussing her experiences as a woman in cybersecurity and strategies for bridging the gender gap.
Please tell us about your role at F5
I'm the Chief Product Officer at F5. That means I oversee our entire portfolio of solutions, which includes three product families: BIG-IP, NGINX and Distributed Cloud. My organisation comprises the product managers, engineering team members and product marketing team members who work on all of those product families.
You spoke in a keynote at AppWorld called 'Multi-Cloud Made Easy'. Could you please tell us more about that?
Today, we're seeing that our customers are in a crisis. F5's main users are network operators, security operators, and we also have product offerings that appeal to DevOps and developers. As we've now found ourselves living in this hybrid and multi-cloud reality, customers are not able to keep up with the growing amount of complexity in their operations.
It is very different from where customers thought they would be five or six years ago. Five or six years ago, most customers were operating their apps out of their on-prem data centres or co-location facilities, and they thought they were going to be moving things into the cloud. Generally, there was little consideration given to what the impact would be on application delivery and security.
Where we find ourselves now is totally different. From our survey, the average customer is deploying applications across four-and-a-half different deployment locations. Maybe that's their on-prem data centres, co-location facilities, two public clouds, or maybe one public cloud and the Edge. What that means is that they now have 10 times more application data paths that they have to manage and secure than when they just had their application sitting in their data centre.
That level of complexity is not being made up for with new resources. Obviously, there's a tremendous talent gap in cybersecurity, and it's not really been served to them by rationalisation or consolidation of vendors. There's just an enormous amount of vendors and tools across all these different environments. We call that a crisis.
What F5 is doing about that is we have committed to making application delivery and security ridiculously easy. We are doing that by providing customers with the only solution provider that can deliver, secure, and optimise any app, any API, anywhere.
Going forward, we're integrating more and more of the product families that we have – BIG-IP, NGINX, and Distributed Cloud – in order to address all of our customers' delivery, security, and connectivity needs in hybrid and multi-cloud environments.
You've highlighted the cyber skills gap the industry is currently facing, but there is a sizable gender gap too. What can be done to fix this?
We have a huge talent gap, and it's a gap that needs to be addressed. If we only address it with half of the available talent supply, we're not really making the smartest choice there.
Equally, if we're looking at building technology solutions that serve the diversity of the constituents that consume technology, and I think it's fair to say that technology is now permeated into every corner of human lives, it's really important that we have a diverse representation of the people that are creating that technology and also servicing it.
I see gender diversity in tech as serving both of those ends. One, we need more people, period. Therefore, let's make sure that we have as many of the available talent as possible that are moving into these STEM fields and cybersecurity. Secondly, let's make sure that the people developing the solutions are as diverse as possible.
What have been your personal experiences as a woman in the cybersecurity space?
I studied engineering in college, and my engineering classes in computer science and electrical engineering had probably less than 25% women. I then went into the software engineering profession and served as a member of technical staff for a few tech companies. There, too, the representation of women was incredibly low.
I then had a 13-year consulting career where, at least in the early part, you might be closer to 40%, sometimes 45% women. But as you get closer to the top-notch parts of the consulting firms, it's at times less than 10% female. So, I am fairly used to being in a professional environment that has a huge disparity in the number of women versus men.
Cybersecurity itself is also an area where the historical image of people in cybersecurity has been the person in the basement wearing a hoodie, and generally a man or a younger male. That has not done us any favours in terms of trying to get young women really encouraged and wanting to participate.
In general, I've navigated my own career from the perspective of where I believe I can have the most impact and where I see the course of technology taking humans, and therefore, where I should invest my time. I have not prioritised my own personal experience very explicitly.
However, there are a number of women, especially earlier in their careers and younger generations, where their personal experience is a very important part of how they think about their career journey. For that reason, I think we all have to have deep introspection about how we make cybersecurity and the field of tech, in general, much more welcoming.
Tell us about how you are using AI at F5
We see AI as basically an accelerant for all of these dynamics that we have talked about. It's going to drive more applications. AI-driven applications have more APIs, so more apps, more APIs. It's going to enable more actors with sophisticated capabilities. So your cyber threat, both the sophistication of attacks and the surface area, is going to expand further.
In general, AI is going to just basically accelerate what we're referring to as the ball of fire and make it even more of a crisis. That said, there are a lot of things that AI can also do for good.
For example, F5 has been embedding AI into our solutions for many, many years now. Our anti-bot solution, for example, is using very sophisticated machine learning based on signals from client devices and browsers in order to decipher if the application traffic is coming from an automation, like a bot, or a human, and also if it's good or bad. That's one application of AI.
We see a lot of other very interesting applications of AI technologies. We use it, also, in our API security solutions. We just talked about the acquisition of Heyhack. Heyhack is using AI, also, in order to drive a lot of the automation for its vulnerability discovery. So AI has a really important role to play in supercharging all of these application delivery and security solutions.
We’ve previously talked about F5 going from hardware to software and beyond. What do you see as the next stage of the transformation at F5?
That's a great question. For a very long time, when we started out on this journey roughly six years ago, we said, "Look, we're largely a perpetual hardware player selling into on-prem data centres." That was 87% of our product business. Just two years ago, we hit the 50% mark in terms of becoming software organisation.
Where we see ourselves going is what we describe as SaaS-led. We're very specific in the terminology we use for that because we're not going from hardware to software to SaaS, but it's really about this proposition, and, that I talked about in my keynote, which is we want to have a comprehensive set of solutions, including hardware, including packaged software, and including SaaS, but led from a SaaS perspective to give customers a unified experience, so that we can really continue to meet all of the needs of their diverse applications and APIs.
******
Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024
******
Cyber Magazine is a BizClik brand
- Sustainability Secured: SolarEdge Devices Cyber CertifiedCyber Security
- ISC2: How AI is Reshaping the Cyber Workforce ChallengesTechnology & AI
- Customer Confidence: Hiscox Reveals Growing Cost of AttacksCyber Security
- Supply Chain Security: Why Is It Key for the Energy Sector?Cyber Security