A strategy to prevent data breaches and minimize damages from compromised systems is not only essential but also requires constant updating. Attack techniques, and the tools available to thwart them, are constantly changing. Here are 10 of the innovators working to shape the future of breach prevention.
Jameeka Green Aaron Okta
CISO for customer identity, Okta
At identity platform Okta, Aaron works with the product development team on new features for keeping logins secure, offering him insights as a longtime cybersecurity practitioner on the front lines. He first joined identity and access management startup Auth0, later acquired by Okta, as CISO in 2021 — following a more than two-decade career that included IT and cybersecurity leadership positions for the US Navy, Lockheed Martin, and Nike.
Stephan Chenette AttackIQ
Co-founder and CTO, AttackIQ
This may seem like a no-brainer, but the idea of actually testing cybersecurity controls to prove their effectiveness in preventing breaches is still relatively new. AttackIQ, which Chenette co-founded in 2013, is among those looking to blaze that trail with its platform for breach and attack simulation. The concept is gaining momentum, with several US agencies saying last month that they now recommend continuous testing of businesses’ security controls.
Stina Ehrensvard Yubico
Co-founder and CEO, Yubico
Counted among the fan base for YubiKeys, the hardware security keys co-invented by Ehrensvard, are major companies like Google and Atlassian. Cybercriminals are less tech-savvy, blocking some of their schemes by requiring a user to physically touch a device to complete a login. According to Yubico, the maker of the YubiKey that Ehrensvard co-founded in 2007, the devices are in fact “unphishable” – an increasingly difficult claim to make these days.
Gal Helemski PlainID
Co-founder, CTO, and chief product officer, PlainID
It’s no easy task to lock down the policies that certain resources are allowed to access in today’s digital enterprise — especially when each application has different ways of enforcing those policies. PlainID aims to be a centralized platform for more effective application policies management, while also allowing organizations to do so in a more dynamic and secure manner based on real-time data. Prior to co-founding PlainID, in 2014, Helemski spent six years at the Israel Defense Forces’ Mamram computing unit and was an early team member at privileged access management vendor CyberArk.
Hasan Imam Obsidian Security
CEO, Obsidian Security
As businesses rely more on SaaS apps, security flaws are becoming more and more apparent. In particular, many businesses face increased SaaS security risks due to a lack of visibility into apps usage. That’s something Obsidian Security aims to address with its platform for detecting issues such as account compromise and risky insider activity in apps including Salesforce, Microsoft 365, and ServiceNow. Imam, who joined Obsidian as CEO in 2021, was previously chief revenue and customer officer at Shape Security, which was acquired by F5.
Evan Reiser Abnormal Security
Co-founder and CEO, Abnormal Security
Many of the main tools for email security were developed in an age when companies ran their own email servers in on-premise data centers, and having the ability to scan for malware and spam the big concern. But as email moved to the cloud, the adversary’s tactics changed. Abnormal Security, which Reiser co-founded in 2018 after leading a core product team at Twitter, aims to offer email security tailored to modern threats arriving in Microsoft 365 and Google Workspace inboxes — using advanced AI to block attacks such as credential phishing and executive impersonation.
Tarun Thakur Veza
Co-founder and CEO, Veza
When it comes to protecting data in cloud environments, a lot comes down to the question of authorization: What are users authorized to do? Among Veza’s big innovations is the ability to give organizations visibility into all of its cloud access privileges. Veza, which Thakur co-founded in 2020, does this by mapping all of an organization’s human identities across all of its cloud assets — and then visually displaying the information based on search criteria, ultimately provides unique insight into issues such as anomalous access privileges.
Ricardo Villadiego Lumu Technologies
Founder and CEO, Lumu Technologies
Currently, many breaches are discovered only months after they begin, allowing attackers to do significant damage in that time. Lumu Technologies wants to shorten that time frame for detection, by continuously measuring for signs that a network is behaving in a way that suggests it has been compromised. Before launching Lumu in 2019, Villadiego founded Easy Solutions, which was acquired by Cyxtera Technologies.
Caroline Wong Cobalt
Chief strategy officer, Cobalt
Following a career that included serving as senior program security manager at Zynga and as director of global product management at Symantec, Wong joined Cobalt in 2016. Wong was named chief strategy officer in 2019, and the role focuses him in helping the company, which provides penetration testing as a service, to evolve to stay ahead of emerging cyberthreats and breach trends.
Howie Xu Zscaler
Vice president of machine learning and AI, Zscaler
In 2017, Xu co-founded and served as CEO of TrustPath, a startup focused on developing AI-powered methods for identifying new threats. The startup was acquired by Zscaler, a large vendor in the zero-trust security space, the following year. At Zscaler, Xu continues to focus on efforts to improve the role of AI in cybersecurity, including areas such as threat prevention and automation of security policies.