A strategy to prevent data breaches and minimize damages from compromised systems is not only essential but also in need of continual updating. Attacker techniques, and the tools that are available to thwart them, are always evolving. Here are 10 of the innovators who are working to shape the future of breach prevention.
Jameeka Green Aaron <span>Okta</span>
CISO for customer identity, Okta
At identity platform Okta, Aaron collaborates with the product development team on new features for keeping logins secure, offering her insights as a longtime cybersecurity practitioner on the front lines. She initially joined identity and access management startup Auth0, which was later acquired by Okta, as CISO in 2021 — following a more than two-decade career that included IT and cybersecurity leadership positions for the U.S. Navy, Lockheed Martin, and Nike.
Stephan Chenette <span>AttackIQ</span>
Co-founder and CTO, AttackIQ
It may seem like a no-brainer, but the idea of actually testing cybersecurity controls to validate their effectiveness in preventing breaches is still a fairly new one. AttackIQ, which Chenette co-founded in 2013, is among those looking to blaze that trail with its platform for breach and attack simulation. The concept is gaining momentum, with a number of U.S. agencies saying last month that they now recommend continual testing of security controls by businesses.
Stina Ehrensvard <span>Yubico</span>
Co-founder and CEO, Yubico
Counted among the fan base for YubiKeys, the hardware security keys co-invented by Ehrensvard, are major companies like Google and Atlassian. Cybercriminals are less fond of the technology, which blocks some of their schemes by requiring a user to physically touch a device to complete a login. According to Yubico, the YubiKey maker that Ehrensvard co-founded in 2007, the devices are in fact “unphishable” — an increasingly difficult claim to make these days.
Gal Helemski <span>PlainID</span>
Co-founder, CTO, and chief product officer, PlainID
It’s no easy task to lock down policies for which resources certain people are allowed to access in today’s digital enterprise — especially given the fact that each application has a different way of implementing those policies. PlainID aims to be a centralized platform for more effective management of policies across applications, while also allowing organizations to do this in a more dynamic and secure fashion based on real-time data. Prior to co-founding PlainID, in 2014, Helemski spent six years in the Israel Defense Forces’ Mamram computing unit and was an early member of the team at privileged access management vendor CyberArk.
Hasan Imam <span>Obsidian Security</span>
CEO, Obsidian Security
As businesses rely more and more on SaaS apps, the security shortcomings are only becoming more and more apparent. In particular, many businesses face heightened SaaS security risks due to a lack of visibility into the use of the apps. That’s something Obsidian Security is aiming to address with its platform for detecting issues such as account compromise and risky insider activity across apps including Salesforce, Microsoft 365, and ServiceNow. Imam, who joined Obsidian as CEO in 2021, was previously chief revenue and customer officer at Shape Security, which went on to be acquired by F5.
Evan Reiser <span>Abnormal Security</span>
Co-founder and CEO, Abnormal Security
Many of the major tools for email security were built in an age when companies ran their own email servers in on-premises data centers, and having the ability to scan for malware and spam were the big concerns. But as email has shifted to the cloud, adversary tactics have shifted. Abnormal Security, which Reiser co-founded in 2018 after leading a major product team at Twitter, aims to offer email security that’s tailored to modern threats arriving in Microsoft 365 and Google Workspace inboxes — using advanced AI to block attacks such as credential phishing and executive impersonation.
Tarun Thakur <span>Veza</span>
Co-founder and CEO, Veza
When it comes to protecting data in cloud environments, a lot comes down to the question of authorization: What are users sanctioned to do? Among Veza’s big innovations is the ability to give organizations a look at all of its access privileges in the cloud. Veza, which Thakur co-founded in 2020, does this by mapping all of an organization’s human identities to all of its cloud assets — and then visually displaying information based on search criteria, ultimately providing a unique view into issues such as anomalous access privileges.
Ricardo Villadiego <span>Lumu Technologies</span>
Founder and CEO, Lumu Technologies
As it stands today, many breaches are only discovered months after they first begin, allowing attackers to do significant harm over that period. Lumu Technologies wants to shrink that time frame for discovery way down, by continuously measuring for signals that a network is behaving in a way that suggests it’s been compromised. Prior to launching Lumu in 2019, Villadiego founded Easy Solutions, which was acquired by Cyxtera Technologies.
Caroline Wong <span>Cobalt</span>
Chief strategy officer, Cobalt
Following a career that included serving as senior manager of the security program at Zynga and as director of global product management at Symantec, Wong joined Cobalt in 2016. Wong was named chief strategy officer in 2019, and in the role she has focused on helping the company, which provides penetration testing as a service, to innovate to stay ahead of emerging cyberthreat and breach trends.
Howie Xu <span>Zscaler</span>
Vice president of machine learning and AI, Zscaler
In 2017, Xu co-founded and served as CEO of TrustPath, a startup focused on developing AI-powered methods for identifying new threats. The startup was acquired by Zscaler, a large vendor in the zero-trust security space, the following year. At Zscaler, Xu has continued to focus on the effort to enhance the role of AI in cybersecurity, including in areas such as threat prevention and automation of security policies.
Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at email@example.com.