Paul Davis
Field CISOPaul is an experienced IT Security Executive who, as Field CISO at JFrog, works to help CISOs, IT execs and security teams, enhance protection of their software supply chain. Additionally, he advises IT security startups, mentors security leaders, and provides guidance on various IT security trends. Paul also spends his time exploring the latest technologies, DJing, reading, and boating.
The Latest From Paul Davis
-
Confessions of a CISO: I Have Trust Issues
| 12 min readThe speed of software development today is driven by fierce competition and the constant demand for innovation. Organizations are launching software faster than ever to keep up with the market and drive growth. This need for speed has led to several key trends: Greater Accountability Demanded of Developers: Developer productivity is no longer only measured…
Read More -
Using JFrog to Align Your Systems for ISO 27001 Compliance
| 8 min readISO/IEC 27001 is an information security standard that is quickly becoming a must-have for any organization that handles proprietary customer data. ISO 27001 certification is now often a requirement to do business, particularly for IT and SaaS organizations - JFrog included! In this blog, you’ll learn more about ISO 27001, how to get certified, and…
Read More -
The Need for Proactive GRC (Governance, Risk, Compliance)
| 5 min readToday, businesses must rethink GRC (Governance, Risk, and Compliance) to stay ahead of the game. With a proactive approach, GRC isn’t a cost center; it’s a strategy to streamline innovation at scale. We’ll discuss how to build your foundation for GRC with a proactive stance, helping you grow and protect your business. The Need for…
Read More -
RSAC 2025 Recap: Software Supply Chain Security Takes Center Stage
| 5 min readThe RSA Conference 2025 at the Moscone Center in San Francisco on April 28 - May 1, brought together over 44,000 cybersecurity professionals from around the world. This year's event, marking the 34th annual flagship conference, placed significant emphasis on software supply chain security and secure software development lifecycle (SDLC) practices. From the keynotes, speaking…
Read More -
Mind the Gap: The Disconnect Between Execs & Developers
| 4 min readNote: This blog post was previously published on Hackeroon We surveyed 1,200+ technology professionals from around the globe, including 300+ VP and C-level executives, on their AI/ML usage and software supply chain security efforts. Upon analysis, a surprising gap emerged between what executives believe is happening and what developers and engineers report is happening. Here’s…
Read More -
Key Take Aways from RSA 2024
| 7 min readThe impact of the 2024 RSA Conference on security in San Francisco was beyond expectations. It was really a fantastic opportunity to meet an amazing group of individuals from all stages of the software supply chain from CISOs to researchers to development and security teams. Our discussions reflected the key challenges facing software security professionals…
Read More -
Removing Friction Between DevOps and Security is Easier than you Think
| 11 min readRemoving friction between DevOps and Security teams can only lead to good things. By pulling in the same direction, DevOps can make sure developers continue to work with minimum interruption, while automation and background processes make security more effective and consistent than before. And, security teams have the visibility and understanding of the software development…
Read More -
Friction between DevOps and Security – Here’s Why it Can’t be Ignored
| 5 min readNote: This post is co-authored by JFrog and Sean Wright and has also been published on Sean Wright's blog. DevOps engineers and Security professionals are passionate about their responsibilities, with the first mostly dedicated to ensuring the fast release and the latter responsible for the security of their company's software applications. They have many common…
Read More
