Although Craig Adams has only been in his role as Chief Product Officer at Rapid7 for six months, his insights reflect years of extensive industry experience.
With experience spanning threat intelligence and cloud security, Rapid7 Chief Product Officer Craig Adams is driven by a clear philosophy: effective cybersecurity must bridge the gap between tools, data and connectivity.
“I fell into the trap that everyone does when it comes to security, thinking that there is a magic app that solves everything,” he said.
“I have since realized that the modern security problem is a connectivity problem: how do systems communicate with each other? This is what brought me to Rapid7.
Rapid7, a 20-year-old global cybersecurity company, addresses the critical issues plaguing organizations today.
Adams explained his mission succinctly: “We help customers identify exposures in their environments, whether on-premises, cloud, or hybrid, and provide them with integrated visibility. » From unpatched vulnerabilities to misconfigured applications, Rapid7 equips more than 10,000 customers with tools and services to effectively manage threats.
The Defender’s Dilemma
Adams described the primary challenge in cybersecurity as the “defender’s dilemma,” in which defenders must be right every time, but attackers must only get it right once.
“Technology environments are exponentially more complex today than they were five years ago, and they will be twice as complex in five years,” he explained.
“By giving organizations insight into their exposures and helping them prioritize risks, we enable the most critical issues to be addressed first.”
Rapid7 also provides managed detection and response (MDR) services. Adams highlighted the importance of addressing the “alert fatigue” that many security teams face.
“No one wants another alert; they want actionable information,” he said. “That’s why our MDR services are so impactful: we can augment staff and manage threats so organizations can focus on what matters most.”
Creating solutions for practitioners
Adams’ role involves a unique organizational structure at Rapid7, where the Chief Information Security Officer (CISO) function operates under the product organization. “We consider ourselves customer zero,” he explained.
“Everything we build, we use first, to ensure our solutions truly meet the needs of security professionals. »
This practitioner-focused philosophy is at the heart of Rapid7’s approach, particularly as organizations grapple with increasing demands and static or shrinking budgets. Adams emphasized that this is an important issue: “Security budgets are growing, but the demands on security teams are outpacing them. We focus on delivering what teams need, cost-effectively.
AI: promises and perils
The rise of artificial intelligence is reshaping cybersecurity, and Adams sees AI as both a challenge and an opportunity. As adversaries use AI to augment their attacks, Rapid7 leverages AI to improve detection, prioritize risks, and automate responses.
“One of the great things AI can do is pull the hay from the needle in the haystack,” Adams said.
“It’s about eliminating trivial signals so teams can focus on what really matters.” He added that Rapid7’s AI tools not only accelerate threat detection, but also manage initial response stages, allowing human analysts to intervene only when necessary.
Adams has been outspoken about the risks AI poses, particularly when it comes to phishing and identity theft.
“AI makes spear phishing incredibly precise. Attackers can craft messages using publicly available data and create personalized, compelling campaigns. Voice cloning tools can leave frighteningly effective voicemails impersonating for leaders.”
He also warned that many organizations are not yet securing their AI environments as rigorously as their other assets.
“This is a blind spot for many, and we help our customers address it,” he said.
Bridging the talent gap
One of the pressing issues facing Adams globally is the shortage of qualified cybersecurity professionals.
“It’s not just about finding talent, it’s about finding experts who understand your specific stack of 10 or 15 tools. It’s a problem of multiplication,” he said.
Rapid7’s MDR services address this problem by providing detection and response expertise that complements a company’s internal team.
“We help organizations focus on their core operations while we manage threats,” Adams explained.
Prioritize visibility
A recurring theme in Adams’ commentary was the critical importance of visibility. “The biggest challenge organizations face today is understanding their attack surface,” he said.
“Most don’t have a complete picture of what they’re protecting. If you can’t measure it, you can’t manage it.”
Rapid7’s approach integrates visibility across cloud and on-premises environments, providing a comprehensive view of assets and vulnerabilities.
“We are the only organization to provide integrated visibility and risk detection,” Adams said. “That’s why customers choose us.”
Glimpses of Australia
Adams’ recent visit to the ANZ region was of personal and professional significance. Speaking at the CISO New Zealand conference, he shared Rapid7’s threat intelligence research findings.
“We found that more than 40% of compromises come from remote access without multi-factor authentication, 30% from unpatched vulnerabilities, and 12% from social engineering,” he said. “Our goal is to help organizations prioritize actions that will have the greatest impact.”
Final Thoughts
As cybersecurity threats evolve, Adams highlighted the need for organizations to adopt integrated and proactive strategies.
“Security is a hydra: we’re never finished,” he said. “But by focusing on visibility, prioritization, and responsibly leveraging tools like AI, we can help organizations stay ahead of the curve.”
Adams ended on an optimistic note: “It’s a privilege to work on solutions that make a real difference. Cybersecurity is not just about technology: it is about enabling people to feel safe and confident in a digital world.