James Berthoty
James Berthoty is the Founder and Analyst at Latio, the only analyst firm that independently tests every product it reviews.With over a decade of engineering and security experience across companies like VGS, ReliaQuest, and PagerDuty, James has hands-on experience deploying and evaluating nearly every major CNAPP on the market.
Session
Over the last 10 years, cloud security has experienced the rise and fall of many acronyms: CSPM, CWPP, CNAPP (remember CIEM or WAAS?), each promising to be and define the future. For users and vendors, the question remains the same: are we doing cloud security the right way? This talk is tailored to help practitioners navigate the present of cloud security tooling by understanding its origins and what tools are building towards today.
We’ll start by mapping early approaches to cloud security: what differentiators mattered for security teams versus what technology was ahead of its time. How did early advancements like agent vs. agentless scanning, runtime insights, and eBPF create the tradeoffs many teams are still living with?
We’ll prepare a live walkthrough that unpacks the technical investments vendors made and how those decisions shaped the workflows we know today. We’ll discuss why “platformization” happened, where it genuinely adds value, and where it obscures fundamental gaps.
Attendees can expect to leave with:
1. A clear sense of what to prioritize when building a modern cloud security program
2. What tools and capabilities are available on the market
3. A technical framework for evaluating modern tooling beyond marketing acronyms
4. Insight into architectural tradeoffs that impact scale, signal quality, and response
This talk is for those who want to understand cloud security beyond the acronyms, the current tools landscape and learn what capabilities actually matter for modern cloud security efforts.