What Cybersecurity Teams Can Learn From Product Management
What does it take to be a successful entrepreneur? The most obvious answers are passion, determination and a clear vision. But humility and a willingness to listen and accept feedback are just as—if not more—important.
In fact, many successful entrepreneurs will tell you that there's nothing more important than customer feedback.
Getting a continuous flow of feedback is a great scenario; however, it presents a big challenge: What do you prioritize first?
This is the exact question that product teams ask every day. Just as entrepreneurs look to make the biggest impact on their product in the shortest amount of time, product teams want to maximize efforts.
The challenge is determining what is actually going to move the needle while also taking into account which customer requests must be addressed first, which bugs and defects are make-or-break and what new features will outweigh the cost of technical debt.
Other teams, like cybersecurity, can also learn a lot from product teams.
Prioritization challenges are common among product teams, which is why they've developed mature processes and frameworks to manage them effectively. If you take these same challenges and apply them to cybersecurity teams, the similarities are striking.
Both disciplines ultimately share the same mission: to enable the business to succeed and serve its customers.
This alignment means both product and cybersecurity teams must base their plans and priorities on how best to support business goals.
While cybersecurity program management is still maturing, product management (PM) offers a well-established playbook to learn from. By drawing these parallels, security teams can uncover valuable insights and adopt proven practices to advance and streamline their own operations.
Let's dive into some of the challenges in cybersecurity and identify ways that product management is solving them.
Cybersecurity teams are always responding to alerts, leaving them in a constant state of reaction. This can lead to a common sense of 'alert fatigue' and burnout. Security teams also tend to get inundated with vulnerabilities and findings from proactive scans and assessments.
This problem has a direct correlation to the prioritization challenges within product management. Product management teams manage this with a systematic approach, using sprints, capacity planning and backlog grooming to plan for work. Each sprint is loaded with work for the team and a dedicated buffer to allow for any unplanned work, such as critical bugs, etc.
Security teams can make great strides in their journey to accomplish more work and move to a proactive state by following similar principles. If a security team operates in a sprint model, they can load planned work while leaving room for unplanned work. This feeds directly into the prioritization discussion.
Establishing a clear process around planning work is the foundation for meaningful prioritization discussions. In cybersecurity, this is especially vital as teams are inundated with all kinds of vulnerabilities, compliance items, alerts, etc.
By taking a page from the PM playbook, security teams can build a roadmap of initiatives based on their priority. One effective method is scoring each initiative based on its relative importance and impact on the business. Applying this framework helps security teams assess risk and prioritize efforts in the context of broader business goals.
Of course, prioritization becomes challenging when urgent injections or alerts arise. That's where a defined escalation process—similar to an incident response plan—becomes essential, enabling teams to handle interruptions in a structured and consistent manner.
Once you have defined your roadmap and established your work cadences, you're fully operational. But are you successful? This is where metrics come into play. PM teams measure how long it takes to get a feature or product to market as well as the adoption rate of the features. They also measure the allocation of time within each sprint.
Security teams should adopt a similar mindset, dedicating 60% of sprint time to proactive security measures and 40% to reactive tasks. Additional metrics should be used to track mean time to resolution, meant time to detection and risk reduction over time. There are many other metrics to consider, but the goal is to ensure you're able to show progress in achieving KPIs and reducing risk exposure.
Prioritization remains one of the toughest challenges for nearly everyone, from entrepreneurs sifting through customer feedback to cybersecurity leaders triaging vulnerabilities, alerts, compliance requirements and managing risks.
Product teams have spent years refining their approaches to prioritization—turning feedback overload into focused roadmaps and aligning work with business goals. It's time for cybersecurity to steal from that playbook.
By borrowing the frameworks, mindset and strategic discipline of product management, security teams can navigate complexity with greater clarity, build more impactful programs and, ultimately, drive better outcomes for the business. The blueprint already exists—are you bold enough to use it?
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
20 minutes ago
- Yahoo
A Look At The Fair Value Of Balchem Corporation (NASDAQ:BCPC)
The projected fair value for Balchem is US$164 based on 2 Stage Free Cash Flow to Equity With US$165 share price, Balchem appears to be trading close to its estimated fair value Our fair value estimate is 17% lower than Balchem's analyst price target of US$197 Does the July share price for Balchem Corporation (NASDAQ:BCPC) reflect what it's really worth? Today, we will estimate the stock's intrinsic value by taking the forecast future cash flows of the company and discounting them back to today's value. This will be done using the Discounted Cash Flow (DCF) model. Don't get put off by the jargon, the math behind it is actually quite straightforward. We would caution that there are many ways of valuing a company and, like the DCF, each technique has advantages and disadvantages in certain scenarios. Anyone interested in learning a bit more about intrinsic value should have a read of the Simply Wall St analysis model. We've found 21 US stocks that are forecast to pay a dividend yield of over 6% next year. See the full list for free. We are going to use a two-stage DCF model, which, as the name states, takes into account two stages of growth. The first stage is generally a higher growth period which levels off heading towards the terminal value, captured in the second 'steady growth' period. To start off with, we need to estimate the next ten years of cash flows. Where possible we use analyst estimates, but when these aren't available we extrapolate the previous free cash flow (FCF) from the last estimate or reported value. We assume companies with shrinking free cash flow will slow their rate of shrinkage, and that companies with growing free cash flow will see their growth rate slow, over this period. We do this to reflect that growth tends to slow more in the early years than it does in later years. Generally we assume that a dollar today is more valuable than a dollar in the future, so we discount the value of these future cash flows to their estimated value in today's dollars: 2026 2027 2028 2029 2030 2031 2032 2033 2034 2035 Levered FCF ($, Millions) US$189.0m US$202.7m US$214.8m US$225.7m US$235.7m US$245.1m US$254.1m US$262.8m US$271.5m US$280.1m Growth Rate Estimate Source Analyst x2 Est @ 7.27% Est @ 5.97% Est @ 5.06% Est @ 4.42% Est @ 3.98% Est @ 3.67% Est @ 3.45% Est @ 3.30% Est @ 3.19% Present Value ($, Millions) Discounted @ 6.9% US$177 US$177 US$176 US$173 US$169 US$164 US$159 US$154 US$149 US$144 ("Est" = FCF growth rate estimated by Simply Wall St)Present Value of 10-year Cash Flow (PVCF) = US$1.6b We now need to calculate the Terminal Value, which accounts for all the future cash flows after this ten year period. For a number of reasons a very conservative growth rate is used that cannot exceed that of a country's GDP growth. In this case we have used the 5-year average of the 10-year government bond yield (2.9%) to estimate future growth. In the same way as with the 10-year 'growth' period, we discount future cash flows to today's value, using a cost of equity of 6.9%. Terminal Value (TV)= FCF2035 × (1 + g) ÷ (r – g) = US$280m× (1 + 2.9%) ÷ (6.9%– 2.9%) = US$7.2b Present Value of Terminal Value (PVTV)= TV / (1 + r)10= US$7.2b÷ ( 1 + 6.9%)10= US$3.7b The total value is the sum of cash flows for the next ten years plus the discounted terminal value, which results in the Total Equity Value, which in this case is US$5.4b. In the final step we divide the equity value by the number of shares outstanding. Compared to the current share price of US$165, the company appears around fair value at the time of writing. The assumptions in any calculation have a big impact on the valuation, so it is better to view this as a rough estimate, not precise down to the last cent. We would point out that the most important inputs to a discounted cash flow are the discount rate and of course the actual cash flows. If you don't agree with these result, have a go at the calculation yourself and play with the assumptions. The DCF also does not consider the possible cyclicality of an industry, or a company's future capital requirements, so it does not give a full picture of a company's potential performance. Given that we are looking at Balchem as potential shareholders, the cost of equity is used as the discount rate, rather than the cost of capital (or weighted average cost of capital, WACC) which accounts for debt. In this calculation we've used 6.9%, which is based on a levered beta of 0.919. Beta is a measure of a stock's volatility, compared to the market as a whole. We get our beta from the industry average beta of globally comparable companies, with an imposed limit between 0.8 and 2.0, which is a reasonable range for a stable business. Check out our latest analysis for Balchem Strength Earnings growth over the past year exceeded the industry. Debt is not viewed as a risk. Weakness Dividend is low compared to the top 25% of dividend payers in the Chemicals market. Expensive based on P/E ratio and estimated fair value. Opportunity Annual earnings are forecast to grow for the next 2 years. Threat Annual earnings are forecast to grow slower than the American market. Valuation is only one side of the coin in terms of building your investment thesis, and it ideally won't be the sole piece of analysis you scrutinize for a company. The DCF model is not a perfect stock valuation tool. Preferably you'd apply different cases and assumptions and see how they would impact the company's valuation. For instance, if the terminal value growth rate is adjusted slightly, it can dramatically alter the overall result. For Balchem, there are three pertinent aspects you should assess: Financial Health: Does BCPC have a healthy balance sheet? Take a look at our free balance sheet analysis with six simple checks on key factors like leverage and risk. Future Earnings: How does BCPC's growth rate compare to its peers and the wider market? Dig deeper into the analyst consensus number for the upcoming years by interacting with our free analyst growth expectation chart. Other High Quality Alternatives: Do you like a good all-rounder? Explore our interactive list of high quality stocks to get an idea of what else is out there you may be missing! PS. Simply Wall St updates its DCF calculation for every American stock every day, so if you want to find the intrinsic value of any other stock just search here. Have feedback on this article? Concerned about the content? Get in touch with us directly. Alternatively, email editorial-team (at) article by Simply Wall St is general in nature. We provide commentary based on historical data and analyst forecasts only using an unbiased methodology and our articles are not intended to be financial advice. It does not constitute a recommendation to buy or sell any stock, and does not take account of your objectives, or your financial situation. We aim to bring you long-term focused analysis driven by fundamental data. Note that our analysis may not factor in the latest price-sensitive company announcements or qualitative material. Simply Wall St has no position in any stocks mentioned. Sign in to access your portfolio
Bloomberg
20 minutes ago
- Bloomberg
It's Déjà Vu for Option Traders as Markets Calm Into Tariffs Day
In the days leading up to President Donald Trump's July 9 tariffs deadline, equity investors having flashbacks of Liberation Day showed little concern. The MSCI All-Country World Index reached a peak last week, while gauges of volatility expectations from the US to Europe and Hong Kong have more than halved from their highs in April.
Yahoo
24 minutes ago
- Yahoo
4 Reasons People Are Using 401(k)s for Emergencies, According to Vanguard
Vanguard recently released its 2025 report on how America saves. It revealed that a record 4.8% of 401(k) holders took a hardship withdrawal in 2024, up from 1.7% in 2020. Be Aware: Check Out: So why are more Americans raiding their retirement accounts? The report listed the following reasons for hardship withdrawals. Over a third (35%) of account holders who took a hardship withdrawal listed avoiding foreclosure or eviction as their motivation. 'Traditionally, homeowners in financial distress might refinance or tap home equity to stay afloat,' said Josh Richner of FaithWorks Financial. 'But with mortgage rates hovering near 7%, refinance volume has dropped to its lowest level since the mid-1990s. That leaves many turning to the only sizable resource they can access: their retirement savings.' Read Next: At 30%, medical expenses made up the second most common driver of hardship withdrawals last year. It doesn't help that many Americans have little to no emergency savings. A study by GOBankingRates found that half of Americans have $500 or less in savings. Vanguard reported that 16% of hardship withdrawals went to cover a home repair or purchase. Brett Daniel, founder of Daniel Safe Money Retirement Solutions, cautioned homebuyers against raiding their retirement savings. 'While purchasing a home can make a great financial investment, using retirement savings for the down payment or home repairs is risky due to the fees involved on the amount withdrawn from your 401(k).' It also leaves you with less money in financial investments to compound throughout your career and pay for your retirement. Another 14% of hardship withdrawals went to covering tuition costs, and 5% were uncategorized. While some of those withdrawals helped the account holders themselves get degrees and improve their future earnings, some likely went to account holders' children. But most financial experts agree that's a dangerous path, as children have many options to fund their college degree, but retirees have just one: their savings. 'Parents looking to help with tuition should look at 529 college savings plans or Coverdell Education Savings Accounts, rather than draining their own retirement accounts,' Daniel said. Vanguard noted that it is now easier to request a hardship withdrawal, due to a 2019 budget act, which could account for some of the increase. Additionally, another recent law could also help explain the bump in hardship withdrawals from 401(k)s. The Secure 2.0 Act of 2022 required employers to automatically enroll new workers in 401(k) accounts, if available. That led to many lower-income workers having retirement accounts, and for some, it represents their only source of savings. Overall, Vanguard doesn't see much cause for alarm with the heightened hardship withdrawals. The report pointed to these legal changes as significant drivers, taking a sanguine stance on the 4.8% hardship withdrawal rate. More From GOBankingRates Mark Cuban Warns of 'Red Rural Recession' -- 4 States That Could Get Hit Hard 10 Used Cars That Will Last Longer Than an Average New Vehicle 5 Cities You Need To Consider If You're Retiring in 2025 This article originally appeared on 4 Reasons People Are Using 401(k)s for Emergencies, According to Vanguard
