If numbers such as $13.28 billion fiscal 2019 revenue or 171,000 Dreamforce attendees last month are any indication, Salesforce nailed the tech side of building a wildly loyal customer following for its sales, marketing, customer service and e-commerce clouds during its first 20 years.
For the next two decades, it will take continuous technology innovation, especially in the areas of cloud integration, AI and voice to prevent those customers from defecting to Adobe, Microsoft, SAP and Oracle platforms. Far more important to the future of Salesforce, employees, customers and analysts said, is growing a Salesforce talent pool beyond the company’s control: partners, developers, admins and consultants.
To woo partners, Salesforce opened its platform. It hosts the AppExchange, a third-party marketplace similar to the Apple App Store or Google Play. Lightning Platform, a low-code appdev environment launched in 2009 as Force.com, enables individual users to create low-code apps and integrations themselves. Finally, Trailhead, a free, self-paced Salesforce training site, debuted in 2014; it has attracted 1.7 million people to learn developer, admin and consultant skills.
Yet it’s not enough. Salesforce developer and admin talent are in short supply. They will get even shorter if the company realizes CEO and founder Marc Benioff’s oft-stated revenue targets of $20 billion by 2022 and $60 billion by 2034 as more customers come to Salesforce.
“Salesforce’s biggest innovation is building this open community, whether it’s admins and recognizing how crucial they are, or creating Force.com and encouraging other developers to come in and develop on their platform,” said Nicole France, an analyst at Constellation Research. “Going forward, the challenge will be keeping up with the pace of innovation — it’s a lot harder when you’re a behemoth company.”
AppExchange, Dreamforce built over many years
When Salesforce first started, what we call cloud companies today were referred to as application service providers. Salesforce’s big innovation was building an entire platform in the cloud instead of just one app, said Michael Fauscette, an analyst at G2.
Michael FauscetteAnalyst, G2
“Salesforce, and NetSuite, too, really had this idea of scaling infrastructure up and down really quickly with multi-tenancy, according to need,” Fauscette said, which found a different buying audience. “When Salesforce first got into the enterprise, they didn’t go in the traditional way. IT bought tech — except for Salesforce automation. It came in through the sales guy. They could just start using Salesforce immediately.”
Quickly, though, Salesforce knew it couldn’t keep up with every individual customer’s tech needs, especially integrations with outside business applications. So, in 2006, it threw open its platform to third-party developers by introducing the AppExchange, which provided sales teams with tools to integrate Salesforce with applications such as calendars, email, accounting, HR and ERP. Today, AppExchange hosts 3,400 apps.
Force.com, now called Lightning Platform, came along two years later, and enabled individual developers or even nondevelopers to build their own apps and connectors among Salesforce and other apps.
The AppExchange evolved into a Salesforce revenue generator in several ways, said Woodson Martin, executive vice president and general manager of Salesforce AppExchange. First, Salesforce earns revenue when an app is sold. Second, AppExchange enables customers to use Salesforce to grow their companies and, in turn, increase their Salesforce subscription. Third, it generates new leads for Salesforce when a developer creates a connector to a vertical-specific app.
“We think of AppExchange as the hub of the Salesforce ecosystem,” Martin said. “In some cases, apps are the tip of the spear for new industry verticals.”
G2’s Fauscette said that shuttling data between clouds, and between clouds and on-premises systems, will require more and more integrations between Salesforce and outside applications for at least the next decade. That makes AppExchange a crucial part of the future of Salesforce.
Acquisitions give partners new opportunities
Moving forward, AppExchange will expand into new domains, Martin said, as Salesforce integrates features and capabilities from companies it acquired, including Tableau and MuleSoft, into its platform. That will create opportunities for developers to create new customizations for data visualizations and data integrations.
Martin also said that Salesforce closely watches technology trends in the consumer retailing and e-commerce space — personalization and AI are two recent examples — to bring to its B2B platform. That’s what customers want, he said: a B2B buying experience that works as well as Amazon does at home.
But it takes outside developers to buy into the AppExchange concept, and so far, they seem rosy on the future of Salesforce. AppExchange partners such as configure-price-quote (CPQ) provider Apttus generally believe there’s room for developers of all stripes to grow their own franchises, even when Salesforce adds native overlapping features that directly compete.
That happened when Salesforce acquired Apttus competitor SteelBrick and added Salesforce-native CPQ three years ago, said Eric Carrasquilla, senior vice president of product at Apttus. That’s because Salesforce has hundreds of thousands of CRM customers now — and the number keeps increasing.
“Salesforce is a force of nature,” Carrasquilla said, adding that Apttus and Salesforce CPQ have roughly 3,500 customers combined. “That’s still a fraction of a fraction of a fraction of the opportunity within the CRM market. It’s a very deep pool, businesswise, and there’s more than enough for everyone in the ecosystem.”
After nine years running, DerbyCon held its ninth and final show, and attendees and a co-founder looked back on the conference and discussed plans to continue the community with smaller groups around the world.
DerbyCon was one of the more popular small-scale hacker conferences held in the U.S., but organizers surprised the infosec community in January by announcing DerbyCon 9 would be the last one. The news came after multiple attendee allegations of mistreatment by the volunteer security staff and inaction regarding the safety of attendees.
Dave Kennedy, co-founder of DerbyCon, founder of TrustedSec LLC and co-founder of Binary Defense Systems, did not comment on specific allegations at the time and said the reason for the conference coming to an end was that the conference had gotten too big and there was a growing “toxic environment” created by a small group of people “creating negativity, polarization and disruption.”
Kennedy claimed in a recent interview that DerbyCon “never really had any major security incidents where we weren’t able to handle the situation quickly and de-escalate at the conference with our security staff.”
Roxy Dee, a vulnerability management specialist, who has been outspoken about the safety for women at DerbyCon, told SearchSecurity that “it’s highly irresponsible to paint it as a great conference” given the past allegations and what she described as a lack of response from conference organizers.
Despite these past controversies, attendees praised DerbyCon 9, held in Louisville, Ky from Sept. 6 to 8 this year, there have been no major complaints, and Kennedy told SearchSecurity it was everything the team wanted for the last year and “went better than any other year I can remember.”
“When we started this conference we had no idea what we were doing or how to run a conference. We went from that to one of the most impactful family conferences in the world,” Kennedy said. “It’s been a lot of work, a lot of time and effort, but at the end of the day we accomplished everything we wanted to get out of the conference and then some. Family, community and friendship. It was an incredible experience and one that I’ll miss for sure.”
As a joke, someone handed Kennedy a paper during the conference reading “DerbyCon 10” and the image quickly circled the conference via Twitter. Kennedy admitted he and all of the organizers “struggled with ending DerbyCon this year or not, but we were all really burned out.”
“When we decided, it was from all of us that it was the right direction and the right time to go on a high note. We didn’t have any doubts at all this year that there would ever be another DerbyCon. This is it for us and we ended on a high note that was both memorable and magical to us,” Kennedy said. “The attendees, staff, speakers and everyone were just absolutely incredible. Thank you all to who made DerbyCon possibly and for growing an amazing community.”
The legacy of DerbyCon
Kennedy told SearchSecurity that his inspiration for fostering the DerbyCon community initially was David Logan’s Tribal Leadership, “which talks about growing a tribe based on a specific culture.
“A culture for a conference can be developed if we try hard enough and I think our success was we really focused on that family and community culture with DerbyCon,” Kennedy said. “A conference is a direct representation of the people that put it on, and we luckily were able to establish a culture early on that was sorely needed in the INFOSEC space.”
April C. Wright, security consultant at ArchitectSecurity.org, said in her years attending, DerbyCon provided a “wonderful environment with tons of positivity and personality.”
“I met my best friend there. I can’t describe how much good there was going on, from raising money for charity to knowledge sharing to welcoming first-time attendees,” Wright said. “The quality of content and villages were world class. The volunteers and staff have always been friendly and kind. It was in my top list of cons worldwide.”
Eric Beck, a pen-tester and web app security specialist, said the special part about DerbyCon was a genuine effort to run contrary to the traditional infosec community view that “you can pwn or you can’t.”
“We all start somewhere, we all have different strengths and weaknesses and everyone has a seat at the table. Dave [Kennedy], set a welcoming tone and it meant that people that might otherwise hesitate took that first step. And that first step is always the hardest,” Beck said. “DerbCon was my infosec home base and where I recharged my batteries and I don’t know who or what can fill its shoes. I have a kiddo I thought I’d share this conference with and met people I assumed I’d see annually. I’m personally determined to contribute more in infosec and make the effort to reach out, but I have a difficult time imaging being part of something that brought in the caliber of talent and the sense of welcoming that this conference did.”
Danny Akacki, senior technical account manager with Gigamon Insight, said his first time attending was DerbyCon 6 and the moment he walked in to the venue he “fell in love with the vibe of that place and those people.”
“I still didn’t know too many people but I swear to god it didn’t matter. I made so many friends that weekend and I had the hardest bout of post-con blues I’ve ever experienced, which is a testament to just how profound an effect that year had on me,” Akacki said. “I had to skip 7, but made it to 8 and 9. Every year I went back, it felt like only a day had passed since the last visit because that experience and those people stay with you every day.”
For Alethe Denis, founder of Dragonfly Security, DerbyCon 9 was her first time attending and she said the experience was everything she expected and more.
“The atmosphere was like a sleepover, compared to the giant summer camp that is DEF CON, and I really enjoyed that aspect of it. It felt like it was a weekend getaway with friends and the lack of casinos was appreciated. But I don’t feel that the quality of the talks and availability of villages was sacrificed in the least,” Denis said. “Even as small as Derby is, it was really tough to do everything I wanted to do because there were so many interesting options available. I feel like it brought only the best elements of the DEF CON type community and DEF CON conference to the Midwest.”
Micah Brown, security engineer at American Modern Insurance Group and vice president of the Greater Cincinnati ISSA chapter, echoed the sentiments of brother/sisterhood at DerbyCon and the cheerfulness of the conference and added another key tenet: Charity.
“One of the key tenets of DerbyCon has always been giving back. During the closing ceremonies, it was revealed that over the past 9 years, DerbyCon and the attendees have given over $700,000 to charity. That does not count the hours of people’s lives that go into making the presentations, the tools, the training that are freely distributed each year. Nor does it factor in the personal relationships and mentorships that are established and progress our community,” Brown said. “It was after my first DerbyCon I volunteered to be the Director of Education for the Greater Cincinnati ISSA Chapter and after my second DerbyCon I volunteered to be the Vice President of the Chapter. DerbyCon has also inspired me to give back by sharing my knowledge through giving my own presentations, including the honor to give back to the DerbyCon community with my own talk this year.”
Xena Olsen, cyberthreat intelligence analyst in the financial services industry, attended the last two years of DerbyCon and credited the “community and sense of belonging” there with encouraging her to continue learning and leading her to now being a cybersecurity PhD student at Marymount University.
“The DerbyCon Communities initiative will hopefully serve as a means for people to experience the DerbyCon culture around the world,” Olsen said. “As far as a conference taking the place of DerbyCon, I’m not sure that’s possible. But other conferences can adopt similar values of community and inclusiveness, knowledge sharing and charity.”
Wright said she has seen other conferences with similar personality and passion, “but none have really captured the heart of DerbyCon.”
“There are a lot of great regional cons in the U.S. that I think more people will start going to. They are affordable and easily accessed, with the small-con feel — as opposed to the mega-con vibe of ‘Hacker Summer camp’,” Wright said, referencing the week in Las Vegas that includes Black Hat, DEF CON, BSides Las Vegas, Diana Con and QueerCon plus other events, meetups and parties. “I don’t think anyone can fill the space left by DerbyCon, but I do think each will continue with its own set of ways and personality.”
Akacki was adamant that “no other con will ever take Derby’s place.”
“It burned fast and it burned bright. It was lighting in a bottle, never to be seen again. However, I’m not sad,” Akacki said. “I can’t even say that its vibe is rising from the ashes, because it would have to have burned down for that to happen. The fire that is the spirit of DerbyCon still burns and, I’d argue, it burns brighter than ever.”
Alethe DenisFounder, Dragonfly Security
Denis said it will be difficult for any conference to truly replace DerbyCon.
“I feel like the people who organized and were passionate about DerbyCon are what made Derby unique. I’m not sure any other con will be able to truly capture that magic and fill the space left by Derby,” Denis said. “But I guess that remains to be seen and hope that more cons, such as Blue Team Con in June 2020 in Chicago bring high quality content and engaging talks to the Midwest in the future.”
Wright noted that some of her favorite smaller security conferences included GRRcon, NOLAcon, CircleCityCon, CypherCon, Showmecon, Toorcon and [Wild West Hackin’ Fest], and she expressed hope that the proposed “DerbyCon Communities” project “will help with the void left by the end of the era of the original DerbyCon.”
The DerbyCon Communities initiative
The organizers saw DerbyCon growing fast, but “didn’t want to turn the conference into such a large production like DEF CON,” Kennedy told SearchSecurity.
“We wanted to go back to why DerbyCon was so successful and that was due to three core principles: Posivitiy and Inclusiveness, Knowledge Sharing and Charity. There is a direct need for a community to help new people in the industry and help charity at the same time,” Kennedy said. “The goal for the Communities initiative is to bring people together the same way DerbyCon did for one common goal.”
Kennedy also confirmed that there will be some involvement with the Communities initiative from the “core group” of organizers, including his wife Erin, Martin Bos and others.
Akacki said that with the local Derby Communities initiative, “the spirit of Derby has exploded into stardust, covering our universe.”
“You can’t kill what we’ve built, you can’t contain it and you can’t stop it,” Akacki said. “I’m not crying because it ended, I’m smiling and laughing … because it just became bigger than ever.”
Attendees for next week’s 2018 Black Hat USA conference said they are still facing significant challenges when it comes to cybersecurity staffing and budgets.
According to the 2018 Black Hat USA Attendee Survey, which was conducted in May with 315 infosec professionals, a majority of respondents said they don’t have “the staffing or budget to defend adequately against current and emerging threats.” Sixty-five percent of infosec professionals said they do not have enough qualified staff members to deal with potential threats; this is the fourth consecutive year, according to the study, that approximately two-thirds of respondents believed they had inadequate staff.
In addition, 66% of respondents said they do not possess enough skills and training to perform all of the job functions required of them by their organizations. The cybersecurity skills shortage was also the most frequently cited answer from respondents (34%) when asked for the primary reason for why enterprise security strategies fail.
“While the shortcomings of current security technology and potential vulnerabilities in emerging cloud services are new aspects of security’s current landscape, it is an old nemesis — staffing shortages — that continues to plague the data centers and minds of Black Hat Attendee Survey respondents,” the report states.
Another cybersecurity staffing issue reared its head in the survey: Nearly half the respondents (47%) said the lack of women and minority infosec professionals was a concern to them. The gender gap in the infosec industry has been cited as a major issue in recent research from other organizations such as ISACA.
While cybersecurity staffing continues to be a major obstacle, budgets are also a consistent pain point, according to the survey. Fifty-three percent of respondents said they do not have enough of a cybersecurity budget to defend their organizations against current threats. However, that number is an improvement from both 2016 and 2017, when 63% and 58% of respondents said they had inadequate budgets.
This year’s Black Hat conference has several Community track sessions that deal with cybersecurity staffing and related workforce issues, including a session on hiring and retaining female engineers. Other sessions will focus on negative influences on the cybersecurity workforce such as sexual harassment, addiction, depression, suicide and post-traumatic stress disorder.
Black Hat USA will take place Aug. 4-9 in Las Vegas.
Imagine organizing a conference and not being sure who the attendees are or what they’re interested in. It could be a disorganized mess — or it could be organized using policies to identify attendees’ interests.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Using pure software-defined networking in local area network design could function along similar lines.
Full SDN in local area network design could be forever on the horizon, but not all aspects of it. Some enterprises are looking at “SDN-lite” elements that enable centralized automation of policies that govern users. For example, the ability to automate LAN policies can cut down on the massive amount of manual labor required to provide users and devices with the ever-changing access they need to different parts of the network.
In this month’s cover story, we look at the elements of SDN that have begun to filter into local area network design.
Also in this issue, network pros are seeing fast-paced evolution in their fields. What does that mean for their skill sets? At one university, it meant retraining the IT staff. See how Oral Roberts University is transitioning to cloud unified communications, as the IT team is taking on greater data analytics and computing roles.
Finally, in our Subnet Q&A, find out how first responders in the Santa Clara County Fire Department are using new technologies to stay more connected while battling fires and responding to medical emergencies.