Application security spending is at an all-time high, yet attackers continue to breach organizations due to complex attack surfaces and inadequate defenses. The use of connected devices, known as IoTs, has introduced new security risks that must be addressed by CISOs. Pen testing is becoming more effective with crowdsourced testing, which provides a results-based approach to vulnerability identification. Senior development leaders are embracing crowdsourced vulnerability testing as part of the Software Development Life Cycle (SDLC). Social engineering, AI, and machine learning will continue to impact security planning, but human judgment remains crucial in mitigating risks. Finally, bug bounty programs will become more mainstream and integrated into development teams. Overall, 2017 promises to be a challenging year for security professionals as breaches will increase, organizations will focus on reducing business impact, consumers will demand improved device security, and regulation will become even more prevalent.