InfoSec Startup Buzzword Bingo: 2019 Edition

Kelly Shortridge
Feb 27 · 4 min read

This is the third edition of my Infosec Buzzword Bingo, just in time for 2019’s RSA Conference (RSAC). Rather than relying on my keenly tuned snake oil spidey senses to generate the words populating the bingo card, I took a more data-driven approach this year.

I surveyed 100 companies’ websites*, the vast majority of which are exhibiting at RSAC and possess VC funding. I did not include any of the large security vendors**, who probably could populate their own bingo cards across their mastodonian websites.

The idea is to take this with you to RSAC or any other vendor halls at information security conferences this year to see how many times you can win bingo at a single vendor booth! For more fun, try out my Cyber Tagline Generator script to create your own maniacally terrible buzzword salad (then @ it to me on Twitter).

Without further introduction, here’s the bingo card in all its glory — read on if you want more analysis on the stats:

The top word by far this year was automated and its variants — nearly three quarters of all companies used it on their sites in one way or another (e.g. automatically, automation, automates, etc.). There were a few repeats from prior bingo cards, perhaps proving my natural acuity for sensing the buzziest buzzwords. The following table of the top 25 buzzwords (the ones on the bingo card) includes the number of companies who cited the buzzword, along with whether the buzzword was on prior bingo cards:

Which buzzwords are on the rise?

Allegedly, security professionals now want to discover things, and I suppose with most data lakes being more akin to data swamps, the predilection for adventure that discovery implies is required. And, taking a page from the DevOps world, orchestration is peppered around enough now to create a veritable symphony of infosec startups orchestrating away.

Not quite making it to the bingo card, but still heating up, is collaborate and collaboration. Who knew that infosec teams wanted to work together? And if your security product isn’t optimized, what are you even doing? Note that you do not have to say for what your product is optimizing, just that it is, in fact, optimized.

Finally, solutions for runtime security are growing, which basically is just saying it doesn’t break the computer as it is computing. The fact that this assurance must be stated at all says more about the infosec vendor situation than perhaps even a long thought piece can.

Which buzzwords are starting to fall?

As far as threats, they are notably less sophisticated, and less found on the dark web or in IoT devices. You def don’t want to talk about your product as a single-pane-of-glass anymore (try intuitive instead, which is on the rise). And, cloud-based is becoming less relevant as most security solutions move to a SaaSy model. If anything, companies should now specify when they aren’t cloud-based.

Which buzzwords are the weirdest?

Another odd buzzword was holistic, also cited by seven companies, which is perhaps the most credible buzzword due to its close association with essential “healing” oils. However, the one I hate the most by far is quantum-resistant. For my sanity’s sake, I am grateful only one company chose to use that term.

* I scoped it to the websites’ landing and product/platform pages (e.g. no blog content).

** When I say “large” security vendors, think those who are publicly traded, are more than ten years old, or who have entire product “suites.”

Kelly Shortridge

Written by

VP of Strategy @Capsule8. “In the information society, nobody thinks. We expected to banish paper, but we actually banished thought.”