Author Archive

Security Gaps in the Digital Transformation Journey

Posted by

In a recent webinar produced in partnership with 451 Research, part of S&P Global Market Intelligence, Kelly Shortridge and Fernando Montenegro discussed the elements necessary for security teams to better engage with DevOps. But to realize that kind of transformation, context is needed.

Digital transformation is a holistic process. It’s a journey that every organization goes on, and challenges are sure to arise on that journey. To drill down into some of the challenges and gaps that companies are facing, 451 Research runs their ongoing Voice of the Enterprise survey program. From that program, we’ve extracted key insights on how this process looks for many enterprise organizations and what is needed to realize the kind of coordination needed between DevOps and security.

Right now, digital transformation is real for over 90% of respondents in one of the surveys, and nearly 50% are already executing to some degree, meaning the rest are in stages of planning and evaluating potential next steps. As part of this, 60% indicated that they see IT becoming more strategic in this process. But with key skills missing in the areas of cloud expertise and information security, there are gaps to fill.

The Collaborative Nature of Digital Transformation

One of the biggest takeaways in 451’s research is that digital transformation is more collaborative and involves more people than traditional IT projects. This will have a substantial impact on security as new initiatives are implemented.

In fact, 60% of respondents now indicate that non-IT functions/roles will have more influence on decisions related to their organization’s workloads/applications.

Base: All respondents (n=510)

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2019 & 2020

A number of respondents indicated they are involving more people in the conversation. As you involve more people there is more friction in communication. Getting people to communicate better across silos in a large organization is increasingly important because of this.

The Future of Workload Deployment

Another somewhat cloudy element is the deployment location for workload and applications. While  38% of respondents indicate the majority of their workloads are on-premises in 2020, only 15% respond that they expect the majority of their workloads will be on-premises by 2022, with an even split among on-premises private cloud, hosted private cloud, third-party colocation, IaaS, and SaaS making up the rest. We’re very likely to see a hybrid future in aggregate, meaning there is no single answer to future workload. Security teams need to remain nimble to respond to such diverse needs.

Q. Thinking about all of your organization’s workloads/applications, where are the majority of these currently deployed?

Q. And thinking about all of your organization’s workloads/applications, where will the majority of these be deployed two years from now?

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2020

The future is cloudy because it’s more of a hybrid. There is increased nuance around being able to support multiple environments and multiple trends. This will increase the need for communication and collaboration between stakeholders.

A Nuanced View of Modernization Destination

Another major shift seen between 2019 and 2020 is an increase in the number of respondents who indicated that they plan to modernize or refactor and shift their approach to mission-critical legacy applications and workloads. For many of these organizations, there is no direct path to the cloud. They are modernizing on-premises, with more modern applications and infrastructure architectures deployed locally. At the same time, fewer are taking a lift and shift approach to the process, down from 17% to 10% year over year.

Base: All respondents (n=496)

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2019 & 2020

For years, the push had been to lift and shift everything away from on-premises to the cloud. In the last few years, that movement has reversed and many organizations are looking for more creative, hybrid approaches to maintain control over their applications and workloads. But why? Let’s take a closer look at the reasons why this is happening from both the IT and management perspective.

Driving Factors in Workload Placement Decisions

So with more organizations indicating they will modernize on-premises, what factors are influencing that decision most?

Base: All respondents

Source: 451 Research’s Voice of the Enterprise: Digital Pulse, Workloads & Key Projects 2020

The reasons for this decision vary significantly between IT/engineering managers and senior management in an organization. For example, while 48% of respondents indicated data and system security are important, only 32% of senior management indicated this as a reason, compared to 50% of IT and Engineering managers surveyed. Contrast that with 50% of senior managers saying they want to leverage existing IT infrastructure and datacenter investments and 56% indicating they want to optimize application performance and uptime by staying on-premises, and there is a gap in the approach and reasoning behind it among respondents.

Some organizations are opting to keep more things on-prem, but the reason to do so varies significantly between stakeholders and departments. Of course, there are also some misconceptions about the security benefits of modernizing infrastructure in the cloud versus on-premises. The benefits of a distributed, immutable, and ephemeral (DIE) approach to deployment is starting to emerge in the collective consciousness of enterprise organizations and will likely significantly impact how this is viewed going forward. Regardless of future trends, however, there’s a very different understanding of security needs and benefits between people actually hands-on with the applications and those in senior management.

Determining How to Proceed with DevOps Adoption

William Gibson famously said, “the future is already here — it’s just not evenly distributed.” We’re seeing that for many organizations there is a gap in execution they are working to close. There are different perspectives on what digital transformation should look like, how it will be executed, and what benefits should be gained. Whether it’s a concern over security or the desire to amortize existing investments, a diverse range of voices will influence how organizations approach DevOps adoption.

Watch the full replay of Divided We Fail: How Security Teams Can Better Engage With DevOps to learn more about the relationship between DevOps and security teams and how existing and developing digital transformation efforts impact that relationship.

Put Us In Coach – Cloud Security is a Team Sport

Posted by

Recently Fernando Montenegro of 451 Research, part of S&P Global Market Intelligence, released a new thought leadership report, “Cloud Security is a Team Sport,”* (*Login required) that breaks down the need for collaboration and teamwork when tackling cloud security in two key areas:

  • Within the vendor community, highlighting the need for collaboration between cloud service providers (CSPs), third-party security vendors, and services firms, as most customers are looking to secure their cloud deployments with a combination of these three key players.
  • Within the organization itself, as internal teams such as DevOps and Security need to come together when building and operating cloud security in order for it to be effective.

The report explores how each and every cloud provider is unique in its own approach to cloud infrastructure security, which can raise additional challenges as very few organizations are run on one cloud alone. With each individual cloud provider differing in how they define identities, assign privileges, and so on, the security challenges across clouds, and across teams, grow.

Fernando also takes a look at how the third-party vendor landscape breaks down to provide additional security and bridge a lot of these gaps. (Full disclosure – Capsule8 is listed as a newer vendor with offerings around cloud workload security, primarily containers and Kubernetes).

Now when it comes to Security and Operations teams, it may seem like they are on different sides of the table during discussions about who can do what and why in a production environment, but to quote an entirely overused movie quote, “We’re not so different, you and I.” Both departments are working towards the same goal, a successful and secure production environment.

While we can only briefly summarize Fernando’s most recent report above, we’ve compiled a number of resources that may be helpful in overcoming some of the challenges raised by his report, notably moving to secure the cloud and helping Security and Operations teams work harmoniously toward their goals.

The Journey Toward Smoother and More Secure Workload Modernization Efforts

451 Research, part of S&P Global Market Intelligence,  recently investigated the considerations that organizations made in deciding how to proceed with application modernization efforts and released their findings in the Business Impact Brief, “The Journey Toward Smoother and More Secure Workload Modernization Efforts.” In it, they discuss how organizations can successfully and securely use cloud environments and technologies to drive their business forward.

Webinar Replay: How Security Teams Can Better Engage With DevOps

In a recent live webcast, 451 Research’s Fernando Montenegro and Capsule8’s Kelly Shortridge discussed the relationship between Security and DevOps. For DevOps, performance degradation issues or production crashes are not a risk they are willing to take by adding security to their systems, regardless of how important it is for business. So how can CISOs help both teams work together? Fernando and Kelly give tips to help CISOs improve engagement among the teams.

30 Techniques to Align Security with What DevOps Already Loves

David Spark of CISO Series jokes that the difficult relationship between security teams and developers needs couples counseling. They both know that they need the other, but cannot compromise on how to work together. So, when Sparks asks security professionals what they think security is already doing or could do that would be embraced by DevOps, there are a multitude of responses. Read about what 30 techniques security professionals suggest to help align security and DevOps.

Security Is Suffering From DevOps FOMO

On this episode of the CISO/Security Vendor Relationship Podcast, hosts David Spark and Mike Johnson welcome as a guest, Dayo Adetoye, senior manager of security architecture and engineering at Mimecast. Together, they discuss how to include security in DevOps without disrupting operations.

Capsule8 Enhances Linux Protection for Production Infrastructure

Posted by

The growth of Linux environments powering commercial organizations is rapid, especially as more workloads are migrated to the cloud. Attackers are targeting Linux systems with tactics built specifically for them, not copy-and-paste versions of Windows attacks, presenting a challenge for many businesses that have yet to fully understand or mitigate the risk.

At Capsule8, we understand the challenges of Linux-specific attacks, which is why we’ve built our Protect Solution to deal with them. Capsule8 Protect is built to defend enterprise infrastructure against attacks that have been developed against Linux, from cloud-native to on-prem data center environments and everything in between.

Those attacks keep changing, and we are changing to keep up with them. Today, Capsule8 is pleased to announce that we’ve launched enhancements of our flagship product, Capsule8 Protect, that bolster monitoring, detection of cryptomining, and protection for production systems. 

The Capsule8 Protect suite is designed to avoid costly downtime, overloaded hosts, or stability snafus caused by traditional security tools. Organizations looking to protect their Linux infrastructure, be it a few hundred hosts or tens of thousands, are now able to choose SaaS or on-prem hosting of the management console, as well as select from a number of tiers to best meet their needs. 

We’ve made some big enhancements to our detections that not only help us detect attacks quickly, which reduces incident impact, but also bolster our coverage of the MITRE ATT&CK Framework. We have a full breakdown of our MITRE ATT&CK coverage coming soon (stay tuned!), but some newly enhanced detections include: 

  • Cryptomining: A notable enhancement are the updates to existing cryptomining detection capability. Cryptomining is becoming an increasingly imperative threat consideration for businesses and a priority for infrastructure deployment. We provide a low-noise, high-accuracy method of detecting cryptomining that helps remove unwanted users who eat up CPU and drive up costs on any public cloud instance.  
  • Remote, Interactive Shell Detection: We’ve also enhanced our remote, interactive shell detection. Direct system shell interaction with containers running in production is unwanted activity, whether it’s an indicator of an attack or risky developer behavior, and spawning shells is a common final step. The latest remote interactive shell detection distinguishes between shells that are wrapped in encryption and author and when a random process spawns a shell that’s wired up directly to a network socket. Capsule8 not only detects that a shell session was spawned, but also what commands were executed. 

Additionally, we have worked hard to remove any operational burden for clients – from installation to deployment to management. Our new, enhanced user experience is focused on making the solution easy to scale and manage from an operational perspective, as well as presenting security information in an intuitive manner, all through an interactive console. All relevant information is in the same view, allowing teams to make quick decisions on high-priority incidents with the necessary supporting investigatory data. 

This new flexibility also extends to two deployment models. Teams wanting to leverage their existing operations workflows can export the findings into their existing automation, orchestration, log management, and incident response tooling. Teams who prefer a dedicated graphical interface can leverage Capsule8’s console via a SaaS deployment or on-prem model, with SaaS providing decreased operational overhead. Capsule8 has also developed a tier structure so organizations can access protection in a way that best fits their teams and their environments. 

The newly available tiers include: 

  • Capsule8 Protect, which is designed for organizations that require protection of their Linux production environments from the most prevalent threats and are predominately running workloads in AWS, GCP, or Azure with standard kernels. 
  • Capsule8 Protect+, which is designed for organizations that require more detailed security monitoring with an increased level of system context, as well as those looking to satisfy compliance or regulatory needs, and may be operating in more complex or custom Linux environments. 
  • Capsule8 Complete, which is designed for organizations that require a complete Linux security solution and have incident response or threat-hunting teams who are experienced in building their own detections and specialized threat models. Capsule8 Complete supports customers with highly complex Linux environments, including custom kernels, that need additional tailoring for their unique operational context. 

Regardless of which level of solution you choose, Capsule8 enables security and operations teams to efficiently defend their Linux infrastructure with monitoring, detection, and protection built for production systems. No matter what mix you are of on-prem legacy systems, public and private cloud, or microservices and containers, Capsule8 protects your infrastructure as it looks now and as you continue to evolve it.

We’re proud of how far we’ve come in the past three years and we’d love to show you what we can do.

If you’re interested in learning more about Capsule8 Protect, you can view our new product brief here.

Ready to see it in action? Request a demo here and see how we can help you modernize without compromise. 

aka AK: Capsulator Adrian Kwak

Posted by

According to Capsule8 Product Manager and Console Designer Adrian Kwak (aka AK), a common misperception of her role is that she “makes websites pretty.” Since joining the team a year ago, AK has been a huge part of our product team and while we at Capsule8 know her contributions far exceed that simple definition, it can still be a challenge to explain her job when she meets new people. Always the creative, AK has an analogy to help: 

“Imagine there is a car company. There would be engineers building the various parts of the car: the engine, wheels, etc. There the product designer comes in to understand their customers, make design decisions based on those strategies, and design the car. For instance, if we were to design a car for families, I would first conduct research to understand what typical families look for in a car. Which may lead to a design decision that the car should be all wheel drive that’s economical yet safe. Then I would design the way different parts should be placed and used in the car, but within limits. People are used to having a steering wheel in front of them at arm’s length and that’s the most ergonomic place for it – why fix something that isn’t broken? Besides that there’s the design of where and how the signals, climate, audio, dashboard, and other controls are made available to you. The next time you sit in your car, try to imagine all the various design decisions that were made for your car to look and work as it is right now. That’s what I do as a product designer, but mostly for digital products like websites, software, and apps.” 

According to AK, an average day is never the same. Depending on which phase of the project we are in, she could be in full product management mode and “consolidating feedback or prioritizing and descoping necessary items for the roadmap.” If she’s tackling some of the new, innovative projects Capsule8 is working on, she’s “developing proposal slides and drafting up the product requirement documents (PRDs), then taking over as a product designer – conducting research, brainstorming, sketching, making mock-ups, and conducting user testing.” 

AK was initially introduced to Capsule8 through a recruiter and we are very lucky that out of all the different opportunities the recruiter presented to her, Capsule8 stood out the most. 

“I was initially interested in working for a company that makes a B2C product, but became intrigued by the problems I could be solving with a complex security tool. I looked up Capsule8’s website to do some research, and thought – if they can do everything they’re saying here, that’s pretty darn impressive.”

Since Capsule8 had dedicated the first few years to its core technology in order to build a solid product, AK felt the company was still relatively new and provided room for her to grow. But it was the chemistry when meeting the team that really sealed the deal. 

“I got to meet five people during the interview and they were all friendly and knowledgeable which left a positive impression on me. Talking to a couple of people made me note that there was great work-life balance and the unlimited PTO was actually implementable and real! I came in on the final day of interviews as the last candidate to be interviewed and heard back that I got the offer the very same day.”

AK is in a unique position and collaborates with almost all of the different teams at Capsule8. While she described it as “bugging them with a lot of questions,” (Editor’s note: No, she doesn’t) she feels that everyone at Capsule8 is genuine, kind, and smart and has found it easy to get along with everyone. 

She believes there needs to be a conscious and continuous effort rooting from upper management to make a workplace enjoyable and for AK, that happens here. In addition to work-life balance, she feels encouraged to grow professionally and personally.

“I was given opportunities to pursue different ideas and reach outside of my initial responsibilities as a designer. This eventually led to my role as a product manager where I got to strategize – like I had wanted – for the product.”

Her favorite project so far? The policy configuration UI. “There are so many moving parts to it and different use cases and variables to address that it went through lots of iterations and versions. It’s been a challenging project, making it all the more fun for me. This project has been thought through so many times that its design is pretty future-proof for upcoming detection policies and dynamic cloud environments and addresses a spectrum of user needs from minimum to maximum customization – or that’s what I would like to think.” 

When AK isn’t spending her time making all of these projects happen here Capsule8, she’s a self-described “homebody and a game junkie.” 

“If you ask anyone on the team, you’d know that I’m obsessed with Animal Crossing right now. At other times I would play Call of Duty on my phone. My motivations for getting out of the house – on rare occasions – are snowboarding and hiking with some kimbap and cup noodles. Oh and I love to karaoke, so I have a karaoke mic at home.” 

AK’s impact in only one year since joining Capsule8 has been massive and we are so grateful. She’s more valuable than a turnip and we hope that if she was asked to do it again, she would use her Nook Miles to land on our island.  

Are you interested in joining the Capsule8 team? You can check out our open listings on the Capsule8 Careers page!

Q&A: Secure Cloud Migration During a Crisis

Posted by

Back in July, Capsule8’s Chief Product Officer, Rob Harrison, chatted with guest speaker Andras Cser, vice president and principal analyst at Forrester Research, about how security considerations for a cloud migration have changed over the past few months and how future trends change risk when adopting accelerating strategies. The evolving technology landscape can already make a well planned cloud migration strategy seem daunting, but as we’ve learned in the past few months with global crises and remote workforces, there are often additional challenges thrown into the works that you never would have foreseen. They not only took on challenges from both a business execution level and a cybersecurity level, they also broke down how new technologies can help mitigate those risks. 

If you missed the webcast, you can watch the on-demand version here

Following the webcast, Capsule8 commissioned Forrester to expand a bit on their discussion and highlight both security considerations for unforeseen circumstances, but also how recent news on data privacy shields and US law failing to adequately protect EU personal data impact cloud migration.

Andras Cser, principal analyst, provides Forrester’s analysis in a Q&A document that you can download below:

Read the Q&A: Security Considerations for Cloud Migration During a Crisis 

HR-You Ready?: Capsulator King Krompicha

Posted by

One of the first people you’ll meet when you apply for a job at Capsule8 is our wonderful Director of Human Resources, King Krompicha. King joined our team one year ago after leading the tech recruiting efforts at Harry’s, a direct-to-consumer goods company, and has made a huge impact on not only human resources, but the entire culture of our company. 

The direct-to-consumer to securing-linux-production-environments transition may seem like a big jump, but all it took was a call from Capsule8’s CFO to convince King otherwise. 

“The company that I was working for at the time announced they were merging with a larger player in the space. Around that same time, Scott Kenerly, CFO, reached out to discuss opportunities at Capsule8. I took the call because I knew the co-founders and was conflicted with my situation. On one hand, I was curious and wanted to stay to see how the merger played out. On the other hand, this was my third merger/acquisition and I was very concerned about a possibility of a layoff. It took several more conversations and a few months to convince me to join Capsule8. As I said, I was conflicted.”

Well, what changed her mind?  

“Through the follow-up conversations, I was able to uncover answers to things that were important to me – work/life balance and flexibility. As a working mother, I wanted to find a company that recognizes I’m still a mother, among other things, in addition to being an employee. What gave me comfort and ultimately propelled me toward Capsule8 was a conversation I had with John Veiga, CEO. He told me about his vision for the company, the potential for my role, and his upcoming vacation. What resonated and stuck with me the most was why he was taking time off. He was doing it so he could help his daughter move into college. We spent some time talking about our families and how our children grow up so darn fast.”

Lucky for us, King took on the charge and is helping build the HR department for Capsule8 from the ground up, which is not a task that she takes lightly. She is responsible for everything from managing our immigration process to designing a new leveling framework, and everything in between.

When I was offered the opportunity to lead and build an HR department for Capsule8, I was elated and terrified. There’s something intimidating about being the first (of anything) regardless of your experience. There isn’t a roadmap or existing strategy that you can pick up, analyze and execute on. While it was unnerving at times, I have grown so much as a professional and learned a lot about myself.” 

When she’s not at the office, some of King’s favorite hobbies are traveling and photography. 

“In the last five years, my family and I have travelled across fourteen different countries. From swimming in the Blue Lagoon in Iceland to giving alms in Laos, and island hopping in Greece to eating tagine in Morocco

She strongly believes that life’s greatest lessons are best learned through experiences as it shapes the way we view the world. And we are so grateful to King for sharing her experiences with us and helping shape everything that is Capsule8. 

Are you interested in joining the Capsule8 team? You can check out our open listings on the Capsule8 Careers page!

Capsule8 named CB Insights Cyber Defender for 2020

Posted by

The folks at CB Insight recently released a new report, “Cyber Defenders 2020” where they highlight what they consider emerging cybersecurity trends for 2020 and recognize the startups they believe will shape the space in the coming year. The report discusses vendors in a number of categories, including Anomalous Behavior Detection, Third-Party Risk Management, and Zero-Trust Networking. Capsule8 is honored to be included in the report in the Container Security category, alongside Anchore. It’s important to note that Capsule8 also protects your Linux infrastructure beyond just containers, such as bare-metal, or heterogeneous as bare-metal, virtualized, single cloud or hybrid, or some combination, but containers are a huge focus right now for a lot of teams looking to modernize their current production environment. 

Source: CB Insights

Container use is on the rise, introducing new attack surfaces and potential security concerns. As noted in the report, not unlike non-containerized applications, containers need to be secured throughout their entire lifecycle – development to deployment to runtime (that’s where we fit in – runtime container security).

These phases and the disparate vendors that secure them cause a lot of confusion in the marketplace. There are a large number of vendors in this space, certainly more than just Capsule8 and Anchore. Capsule8’s VP of Product Management and Product Strategy, takes a stab at clearing it up in her blog post, “Container Security – Nobody Knows What It Means But It’s Provocative” if you’re interested in learning more about the container security market landscape.

If you’d like to learn more about how Capsule8 protects your containerized systems from runtime threats to security and performance, check out our Solution Brief: How Capsule8 Protects Containerized Environments or contact us and we would be happy to walk you through how we can help.

Detecting Container Escapes – Capsule8 Demo

Black Hat Preview: Uncommon Sense

Posted by

Detecting Exploits with Novel Hardware Performance Counters and ML Magic

The end of July usually comes with a bit more preparation involving updating your software, encrypting your devices, buying a burner phone, and so on, as the infosec community prepares to descend down onto the Las Vegas strip for Black Hat and Defcon. While the show is a little different this year because it is an all-virtual conference (a result of the world being a lot different this year because of an all-virus pandemic) we’re still eagerly anticipating some of the incredible research being presented at the show.  

On Wednesday, August 5, two of Capsule8’s finest, Nick Gregory (Ghost), research scientist and Harini Kannan, data scientist, will be presenting, “Uncommon Sense: Detecting Exploits with Novel Hardware Performance Counters and ML Magic.” 

The session focuses on the role of hardware performance counters (HPCs) as detectors for exploits. A performance counter is code that monitors or counts events in software and registers them with the operating system. Using those counts, you can often derive patterns to see what is going on, good or bad. The research into HPCs was initially sparked by Capsule8’s detection of Spectre and Meltdown back in 2018, and the team began to look a bit more into other exploits detected by HPCs. So far, only relatively simple and well-understood counters have been used, which not only limits the amount of information that can be gleaned from the system, but also provides an attacker with the opportunity to easily bypass known counter-based detection techniques with minimal changes. 

Harini and Ghost want to “move beyond just scratching the surface of the HPC iceberg,” by uncovering previously overlooked/undocumented counters to help build up defenses against these types of attacks. The machine learning aspect is critical here, as the challenge became “What if we just try ALL of them?” 

They began their journey by using the simplest models possible, from simple logistic regression, single layer perceptron to ensemble methods like random forests and gradient boosted trees, so that the model was as interpretable as possible. It was important to learn not only what models were doing well, but also what the models learned. Once the proper model was determined, and using the entire corpus of performance counters for commonly used baseline programs and behaviorally-similar malicious programs, they were able to zero in on which counters to use as features for their supervised classifiers. 

During their talk on Wednesday, August 5th from 1:30pm-2:10pm PT, Ghost and Harini will showcase the results of this research, highlighting the uncommon and previously ignored performance counters that were lurking in the dark, with so much useful information.

If you haven’t registered for Black Hat yet, you can visit https://www.blackhat.com/us-20/ and if you do attend, be sure to stop by Capsule8’s virtual booth!

Security Considerations for Cloud Migration

Posted by

Many companies have long resisted migrating to the cloud for security reasons. An evolving technology landscape can already make a well-planned cloud migration strategy seem like a complex task, but what if you add in a global pandemic? An entire workforce operating remotely? Murder hornets? These unforeseen challenges (OK, maybe not the murder hornets) can mean a business needs to kick plans into overdrive when operational activities are already difficult. How can you be sure you’re taking the necessary precautions pre-, during and post-migration?

Let’s talk about it together. 

On July 28th at 11 am ET,  Rob Harrison, Chief Product Officer at Capsule8, and guest speaker, Andras Cser, Vice President and Principal analyst at Forrester Research, will discuss on a live webcast how security considerations for a cloud migration have changed over the past few months and how future trends change risk when adopting accelerating strategies. They will discuss the challenges from both a business execution level and a cybersecurity level and how to mitigate those risks. Andras will also be sharing some of Forrester’s predictions in cloud security and both experts will be available to field your questions. 
If you’d like to join us, you can sign up here, and be sure to keep an eye out for the on-demand recording.

Register for the webinar

More Content You Might Enjoy

Black Lives Matter. Actions Speak Louder Than Words.

Posted by

The most recent killings of Black people at the hands of police – Rayshard Brooks, George Floyd, Ahmaud Arbery, Breonna Taylor – are tragically only the most recent reminders of the police brutality that our country has struggled with for decades, and of the broader racial injustice and inequality that has plagued us since inception. The racial problems we face as a country are both systemic in our institutions, and acute in our daily lives. 

As a technology/cybersecurity company, Capsule8 is in a unique position to lead reform in an industry that has long-suffered from a lack of diversity, specifically from the Black communities. We realize like much of the industry, it’s a reaction. There’s no simple solution and we take this position seriously. In doing so, we also recognize our own shortcomings to date: not one member of our current leadership team is Black.

To address this, we have launched a framework that we believe will lead to near-term career opportunities for BIPOC communities both within our company and the wider technology industry, while doing our part to drive fundamental, long-term reform. The framework has three core tenets:

1. Creating Economic Opportunities – We will create and improve the economic circumstances of underrepresented communities by increasing our efforts to attract, hire, and mentor. 

2. Spreading Tolerance and Acceptance – We will continue to educate and bring awareness through ongoing dialogue and dedicated training and teaching. 

3. Supporting Reform – We will provide support (e.g. financial, volunteer, etc.) to organizations representing marginalized communities. 

Within this framework, we will continually launch initiatives so that these tenets are ingrained in our company culture from this point forward. To facilitate, we have created a Diversity, Equity, and Inclusion (DEI) department – with budget, goals, KPIs, etc – that will ensure that racial equality will be pari passu with all other strategic initiatives. 

Additionally, many members of our team are raising funds or contributing to organizations supporting racial justice and equality.  To double the impact, we are matching their contributions. As a start, our team used Summercon as a platform and raised over $14,000. 

Finally, today our company is observing Juneteenth, a nationally celebrated commemoration of the ending of slavery in the United States. While we realize this is a small gesture, we believe this symbolizes the launch of our renewed commitment to reform. We must continue to fight against the racial injustices that have continued since that day 155 years ago. 

Change must come now, and Capsule8 stands with the thousands of protesters across the country who are committed to affecting real change today and beyond.