“Cybersecurity hiring trends can be divided into two buckets. The first is, how do you hire if you are an enterprise trying to build security operations. The second is, how are you as a vendor hiring the right person or people for your R&D and product and marketing teams.”
Hi Yaniv. Please tell us about your role as CEO and the team / technology you handle at Vulcan Cyber. How did you arrive here?
As the CEO of Vulcan Cyber, I oversee all business operations, while driving strategy and product with the rest of the senior leadership team. Most importantly, I try to create harmony among all the different departments – from sales, product, customer success, R&D, HR, operations and others, in order to provide the best possible service and technology to our customers.
We’re focused on remediating vulnerabilities before they result in a breach. On a practical level, we help large enterprises confront the chaos that comes from using multiple vulnerability management tools – including vulnerabilities in infrastructure, in applications, in code, in the cloud. But instead of simply identifying vulnerabilities like most tools, we focus on driving remediation outcomes.
We started the company out of professional pain.
While Tal Morgenstern, our current CPO, and I were working on a government project, we were requested to run a vulnerability assessment on the product we were about to deliver. While running the assessment, we encountered an unmanageable degree of discovered vulnerabilities, we had to keep pushing the project out to address all of these individually.
Tal worked tirelessly to patch and harden the platforms, but then when we rescanned to make sure they were fixed, we discovered a hell of a lot of new issues. This is where we found out that this process is very inefficient. We got so many findings that we got to a point where we couldn’t even remediate. When we tried, it took so long the results were ineffective. We had to develop a more efficient way to drive remediation outcomes, one that leveraged automation to ensure our teams could move at the same speed as vulnerabilities.
And so we got to work on Vulcan Cyber.
How has the role of the CEO evolved during the pandemic? How did your previous experiences with technology management help you scale your efforts and meet unprecedented challenges?
When I look at the CEO role, I see the main priority as removing obstacles from the path of your organization. This can look a lot like being used as a chess piece on the table of your executives. This also involves convincing people to get hired or to stay. When it comes to Vulcan Cyber, my most important role was supporting the mental well-being of our employees. They were and are still isolated from any real working environment, with no real work-life balance, so during the pandemic, it became a continuous improvement curve for us to better our WFH processes.
I became laser-focused on two things.
One, I became focused on maintaining the mental health of our people, and two, I became focused on continuing to deliver our technology for the benefit of our customers, in order for the business to be successful.
From my previous experience in managing technology corporations, and particularly in my experience working in the army as part of Israel’s Intelligence Unit, I gained immense experience working under pressure. I learned that in any given situation, if you align good people with a good process, you can get better results without harming overall business operations. No doubt, this previous experience in the army helped me lead Vulcan Cyber through the pandemic. So as I faced this new global challenge, I applied the same mindset, and it proved to be extremely helpful.
Can you tell me a little more about Vulcan Cyber? What exactly is Vulnerability Remediation and how does it fit into the current security universe disrupted by AI, ML and deep learning?
Vulcan Cyber remediates risk for small to large enterprises. These enterprises are handling and applying different tools that provide visibility into their risk – such as vulnerability assessment scanners, cloud security tools or posture management tools – and as they get these findings, they don’t really have an effective and impactful way to remediate the risk they are discovering. Vulcan Cyber connects with these tools, collects the different vulnerabilities and plugs them into our platform. Remediation intelligence is collected from an engine called Remedy Cloud, which is powered by machine learning and artificial intelligence, collecting info in high throughput and in real time to find threats and corresponding remediation paths. This all then leads to automatic remediation orchestration, actually reducing risk using AI instead of relying completely on limited human resources.
As the CEO of a Cloud-native Vulnerability Remediation service provider, how do you keep your own company protected from security risks? What kind of tools and solutions do you currently use to combat security risks?
On the most practical level, we use our own platform to make sure we’re secured. The best thing about handling risk mitigation is that we understand inside and out the nuances. With the insight that we have providing vulnerability remediation products, we intentionally apply specific vendors to gain the same visibility that our customers have, giving us an intimate understanding of what our customers are seeing and dealing with. We also in turn use the platform itself to manage our assets better and to better triage the vulnerabilities to actually remediate and better collaborate with teams – from security and engineering to DevOps – in order to automate and orchestrate towards remediation.
What is the Vulcan “Vulnerability Remediation Community”? What kind of expertise does one need to be part of this community? What are the benefits of joining the Vulnerability Remediation Community?
First and foremost, we have our Remedy Cloud, which is a public, free remediation intelligence service. Access Remedy Cloud, for a completely open database that provides you with the ability to find relevant remedies, solutions and fixes to thousands of vulnerabilities. What you also can see there is that our Remedy Cloud users can submit their own solutions and can also enjoy the wisdom of a collective community in a way that helps IT security teams around the world reduce risk.
Secondly, our community is connected via a Slack workspace and we are talking with these community members daily in the vulnerability remediation Slack channel. Some of these users also another Vulcan Cyber freemium service called Vulcan Free, which is a subset of our enterprise platform that provides risk-based vulnerability management and vulnerability prioritization capabilities for free to any user. We provide this because we believe that although vulnerability prioritization is important, it’s definitely not the main goal. The main goal is reducing risk. So we’re happy to provide prioritization capabilities for free to our users, then help them migrate to the orchestrated stage with our enterprise offering. Vulcan Free and Remedy Cloud are changing the economics of CISO organization and the vulnerability management market.
What are the major security challenges for IT-driven companies that have erupted in the recent times? How can automation technology transform business outcomes?
There are three major security challenges I see:
- First, there’s the impact of the distributed workforce. This is something that will continue to accompany us as an industry and as a global community because employees won’t return to the same capacity, even when they are back into the office, as before. We have to understand the ways to make sure they are secured in their homes and enterprise environments, keeping them secure from these different attack vectors and securing a much bigger IT footprint.
- Second, the hybrid enterprise is not only cloud & on-prem. It’s also the combination of SaaS applications that are coming in as well as IoT devices. The attack surfaces we have to protect are very diverse, and therefore we need to understand how we can understand the entire risk stack and reduce that risk in an effective way.
- Third, there is the human challenge: In 2021, the market isn’t producing enough cybersecurity professionals. This means that we will always have a deficit of people and we will have to improve our education around cybersecurity in the university. As organizations, we also have the responsibility to train new employees, but also relying more and more on software and automation (aka things that can help us do more with our current workforce).
What kinds of IT frameworks are most susceptible to cyber-attacks? How does Vulcan Cyber ensure protection to traditional IT companies who may not have a CIO in their hierarchy? Do you provide any kind of consulting services to such companies?
While we don’t provide consulting services, Vulcan Cyber is SaaS for IT and security teams looking to get fix done through risk remediation orchestration. We support this platform, and the vulnerability management industry, with the Vulnerability Remediation Maturity Model framework. This framework is designed to help any IT security organization understand where they are on a scale of “reactive” to “transformative” when it comes to understanding the gaps and shortcomings of vulnerability management and remediation effort. Understanding where you stand, and knowing what you can do to improve your remediation maturity, is a big part of the challenge.
To this end, we offer two free services to the industry to help professionals understand their maturity levels against a benchmark of their peers.
First, we suggest cybersecurity executives take a few minutes to take our vulnerability remediation maturity self-assessment survey. Then, based on maturity level, we provide prescriptive guidance through the Vulnerability Remediation Maturity Model eBook which is offered to anybody taking the self-assessment survey.
Tell us more about the hiring trends you are seeing in the security industry. What kind of talent / skills do you hire for in your company to lead Product and Marketing?
Cybersecurity hiring trends can be divided into two buckets. The first is, how do you hire if you are an enterprise trying to build security operations. The second is, how are you as a vendor hiring the right person or people for your R&D and product and marketing teams.
The problem is the same: you are challenged as an enterprise and as a vendor. There is just not enough talent. So what we are doing, and what I believe is going to become a growing trend, is that we build great talent internally. We build training courses and we build opportunities for junior people that we work to promote internally. We work very hard in order to not be dependent on the rare talent out there, but actually build a very successful onboarding and training machine that allows people with potential, talent and strong experience in other areas to eventually become cybersecurity professionals.
Thank you, Yaniv Bar-Dayan! That was fun and we hope to see you back on itechnologyseries.com soon.
Yaniv Bar-Dayan is a veteran of an elite Israeli military intelligence unit and has led multiple real-world cyber security projects throughout his career. Yaniv has spent more than a decade helping some of the largest companies in the world improve cyber security and reduce risk. With his “solutions, not problems” mantra, Yaniv co-founded Vulcan Cyber to help security and IT teams scale vulnerability remediation and ultimately get fix done.
Vulcan Cyber has developed the industry’s first vulnerability remediation orchestration platform, built to help businesses reduce cyber risk through measurable cloud and application security. The Vulcan platform orchestrates and tracks the remediation lifecycle from scan to fix by prioritizing vulnerabilities, curating and delivering the best remedies, and automating processes and fixes through the last mile of remediation. Vulcan Cyber helps IT security teams collaborate and “get fix done” at scale. Vulcan Cyber is proud to offer Remedy Cloud and Vulcan Free as freemium SaaS solutions for businesses of all sizes. The unique capability of the Vulcan Cyber platform has garnered Vulcan Cyber recognition as a 2019 Gartner Cool Vendor and as a 2020 RSA Conference Innovation Sandbox finalist.