Companies to Watch: New York Founders at the Forefront of Cybersecurity

Written By Tech:NYC

Information security technologies evolve quickly by design — they’re built to respond to attacks and defend against future ones. But that job has become even more complex as the infrastructure they’re tasked with guarding changes, and as more businesses rely on digital-first tools in the era of hybrid work. AI, machine learning, and cloud adoption have all skyrocketed. Automation is king, and as a result of the pandemic, digital transformation is accelerating at previously unheard-of rates.

For Cybersecurity Awareness Month, Tech:NYC convened a roundtable of cybersecurity leaders to exchange ideas with US Senator Kirsten Gillibrand on how to improve efforts to secure national infrastructure. One major takeaway: invest in the future of the cyber workforce.

Globally, there are 3.4 million cyber jobs vacant around the world, and in NYC, businesses of all types — not just in tech — are rushing to hire cyber talent. Earlier this year, research Tech:NYC conducted with Accenture found that 64% of C-suite executives surveyed planned to expand cybersecurity hiring this year, making it the most sought-after area of expertise in bringing on new talent.

For the latest edition of our Companies to Watch series, we talked with NYC founders building tools that not only protect businesses, but offer case studies for how to safeguard everything from households, governments, and more.

 

COMPYL

What does your company do?
Compyl founder and CEO Stas Bojoukha: Compyl is a B2B SaaS platform created for IT Compliance and Security Teams that automate 85% of their day-to-day activities. We like to think of ourselves as the mechanism that will change compliance, audit, risk, and cyber forever. I know that could sound pretentious but we believe in what we do. It’s not about the fame – it’s about the impact for us.

A question we love to ask every founder: Why New York?
SB: NYC is the lifeblood of the world! Everything happens here, everyone has a unique perspective, and there is never a dull moment. What better place to attract the best talent and change the world from? We have a handful of forward-thinking innovators making strides in this space, and we couldn’t have done it anywhere else in the US, let alone the world!

How many security tools is the average company using? How does Compyl’s platform integrate them all?
SB: Depending on the size of the company, you will generally see about 10 products in a typical mid-tier customer – everything from endpoint device management, malware protection, security and awareness training, vendor management, IT Asset, GRC, SIEM, etc. This is the problem with the market at the moment: people look at tools as a fix-all. Yes, they provide some additional functionality and reduce risk impact, but nothing does it all or makes the job easier. 

This is where Compyl comes in. The platform allows your systems to link together for audit testing, IAM testing, risk management, and compliance testing to give that single pane of glass. Add the automation and capacity to make key decisions on your security landscape, and Compyl ends up being a very valuable tool.

Do those information security needs change or evolve between small organizations versus large enterprises?
SB: Small organizations should have access to enterprise-grade products that will not break the bank. Small businesses face the same challenges as large enterprises and should have access to the same products. Without the same levels of security compliance in the smaller businesses, they can’t compete with the larger ones. We’re working to bridge the gap of enterprise versus the rest, enabling the smaller companies to gain enterprise-level accreditation and security protections that are usually only reserved for big players. Admittedly, implementing security controls in a smaller organization is much easier, but the same premise and roadblocks will and do apply.  

You’ve been working in IT for more than 15 years, and of course, security technologies need to evolve very quickly by design. What’s changed about the cyber sector itself throughout your career? Are there skills/trends in the cybersecurity workforce that have become more important not only to businesses but say, educational institutions or governments in the coming years?
SB: Cyber has evolved dramatically over the past two decades, and hacking has become as simple as figuring out how to use Metasploit or hiring a third-party SaaS platform to conduct ransomware campaigns on your behalf. Due to this, it’s become easier to exploit organizations. 

On the opposite side, organizations have become more complex, typically have legacy products, employees that are afraid of change, and automations that cross trust boundaries. There is a huge trend moving toward cloud and migrating to a zero-trust model of authentication. Skilled resources in this space are few and far between. Automating your daily tasks is imperative to use your skilled resources for big problems and heavy-hitting decisions.

What’s the next goalpost on your product roadmap?
SB: AI and machine learning. We want to be able to productively determine events before they happen. Although Compyl has the capacity to track and trace, preemptive insights are the next step. Ultimately, we want Compyl to be the tool you log into at the start of the day, make key decisions based on your dashboard, work out where to spend budget, watch your security go up, and at the end of the day, press a few buttons to report your results to your clients, auditors, insurance company, and executive team. It will be the standardized ‘one-stop shop’ for everything you could possibly need.

Okay, some rapid fire questions. First: where do you get your favorite pizza slice?
SB: Ace’s in Williamsburg. Always fresh, always tasty.

What’s the best place in New York for a coffee or lunch meeting?
SB: Jeffrey’s Grocery is a sweet spot to kick back and enjoy a few oysters and cocktails.

What’s one everyday online security practice every New Yorker should adopt?
SB: A password manager! Some personal recommendations are Bitwarden and Lastpass. The best thing about them is they’re free!

 

ELPHA

What does your company do?
Elpha Secure co-founder and CEO Preetam Dutta: Elpha is a cyber insurance MGA serving small and mid-size businesses across a range of industries. We embed proprietary cybersecurity technology within each cyber insurance policy. Effectively, for one price, a company will receive cybersecurity protection and controls plus the insurance coverage they need to be truly cyber resilient. 

A question we love to ask every founder: Why New York?
PD: NYC is the best city in the world. We are able to build our team, meet with partners, and grow our network within a small radius. And if we need to travel anywhere, it’s super convenient to have three airports that fly everywhere. 

Do most small businesses even think about having cyber insurance plans like they do other insurance plans? Is that need changing?
PD: A few years ago, definitely no. But with the world we live in today, everyone knows someone that was the victim of a cybercrime. Many companies are now purchasing cyber insurance because of contractual requirements, as well. Cyber is not optional coverage anymore – it’s a compulsory product for all organizations.  

Do you think remote and hybrid work is here to stay? How does that change how a CISO or head of IT thinks about security needs for the workplace?
PD: I believe that depends on the company, culture, and industry. Some industries simply work better in office settings while others can thrive remotely. Many great companies were remote before COVID as well. Like many aspects of the evolving work and threat landscape, hybrid work environments undoubtedly increase the need for continuously improving security hygiene. 

You closed a Series A round earlier this month (congrats!). How will you use the new funding? What’s next on your roadmap?
PD: Thank you, we are humbled by the support from our investors. It is a huge opportunity, and we are looking to continue to build market traction while building the best cybersecurity products for our customers. 

Okay, some rapid-fire questions. First: Where do you get your favorite pizza slice?
PD: Tough question. It’s definitely not the “best,” but my favorite is Koronet Pizza near Columbia University. It’s great to be close to my alma mater and get one of the largest slices of pizza you’ve ever seen in your life.

What’s the best place in New York for a coffee or lunch meeting?
PD: My spot of choice (and the birthplace of Elpha Secure) is Joe and the Juice. Grab a small sandwich with delicious juice, and you’re good to go. 

What’s your favorite hybrid/remote work office hack?
PD: I do a lot of work at the gym. It forces me to get up and get a workout in eventually. 

What’s one everyday online security practice every New Yorker should adopt?
PD: 2FA. It’s not always fun to have to use your phone for two-factor authentication, but it makes you a much harder target to hack. 

 

ONYXIA

What does your company do?
Onyxia founder and CEO Sivan Tehila: Onyxia is a dynamic cybersecurity strategy and performance SaaS solution. We empower security leaders and teams to maintain an accurate picture of their cybersecurity posture and continuously automate remediation strategies in real-time through a single proactive cyber security platform. Our automated platform helps companies clarify their existing environment and highlight the most relevant threats, best solutions, and strategies to close security gaps on an ongoing basis. 

A question we love to ask every founder: Why New York?
ST: This is the best city to be an entrepreneur and founder. Besides the inspiring people you can meet here, there’s access to professional networks, investors, and customers that allows you to move fast and grow your business. 

We see a lot of news of breaches, which tells me that many companies’ security strategies are still largely defensive — attacking threats as they arise. Is that true?
ST: Cyber threats are constantly evolving as well as the internal network of any company. To keep up with all the relevant threats, cyber technologies, and trends, companies must have a very clear, yet dynamic cyber strategy. At Onyxia we're actually helping companies and security leaders to always stay on top of their threats and proactively respond to any incident or situation. 

Onyxia’s platform is unique in that it leverages AI to monitor performance. Why is that beneficial in a security context?
ST: To get an accurate picture of the organization’s posture score, security professionals need to analyze an enormous amount of data from different intelligence sources and from within their existing security tools. To process this data and analyze it in an accurate way and make decisions, they need to invest a lot of time and manual work. By leveraging AI and ML capabilities we can make these analyses much faster and by that security, teams can make decisions and respond faster. 

What are some of the warning signs, say, a CISO of a small business or early-stage startup, might want to make a habit of monitoring daily?
ST: Mapping the company’s critical assets and having the right cybersecurity strategy in place is key. As a CISO you always want to make sure that you are covering the main 5 pillars of NIST — identify, protect, detect, respond, and recover — and the way to do that is by implementing the right process and technologies. If there are limited resources and budget, I’d suggest focusing on visibility, making sure you protect the perimeter, and implementing training and awareness plans. 

You closed a seed round at the end of last month (congrats!). How will you use the new funding? What’s next on your roadmap?
ST: We are using the funding to grow our product development, marketing, and sales efforts. We are in an advanced stage of development, and we can't wait to start helping CISOs protect their organizations using next-gen AI technologies. 

Okay, some rapid fire questions. First, where do you get your favorite pizza slice?
ST: Bravo Pizza is definitely the go-to place when you want a fresh authentic slice of NYC. I love going there for a quick snack or to hang out with friends. 

What’s the best place in New York for a coffee or lunch meeting?
ST: I love Birch Coffee. They have multiple locations in the city, the coffee is great, and I love the community they are building around their brand. 

What’s one everyday online security practice every New Yorker should adopt?
ST: The one cyber risk that always bothers me and others in the Big Apple is the threat of shoulder surfing. Shoulder surfing is when others around you snoop on your devices without your permission. This is extremely relevant in coffee shops and on the subways where people tend to use their devices in crowded places.  

 

SONRAI

What does your company do?
Sonrai Security co-founder and CEO Brendan Hannigan: Sonrai helps enterprises secure their AWS, Azure, and Google public clouds.

A question we love to ask every founder: why New York?
BH: It's phenomenal to be close to customers and New York is home to so many from all industries. It also helps that I live here!

More and more businesses are moving to cloud-centric data infrastructures, but the cloud itself also has security needs, right? What measures do you think are most important for businesses to focus on in making the transition/scaling to cloud?
BH: Eliminate the ability for attackers to roam freely around inside a cloud without detection. As enterprises scale their clouds, this is paramount.

What vulnerabilities are surfacing as top concerns for Sonrai’s customers?
BH: Exploding permissions and entitlements inside the cloud that leave open lots of ways for attackers to get to sensitive data or admin privileges. There are tens of thousands of entitlements that can be set across major cloud providers, and as companies expand their cloud real estate, this leads to a scary level of risk under the hood.

You spent some time running the security division staffed by thousands for IBM. What does a multinational corporation like that have to teach early-stage cyber startups, and what could those startups teach IBM?
BH: Multinational companies cannot innovate in fast-moving new markets, and constantly trying is as fruitful as burning money in a furnace. For innovative companies, the massive scaling phase requires management skills that are entirely different from earlier stages.

What’s the next goalpost on your product roadmap?
BH: We have an upcoming release that delivers amazing insights on the exact steps needed to eliminate lateral movement risks in a customer's AWS, Azure, and Google clouds. 

Okay, some rapid fire questions. First: where do you get your favorite pizza slice?
BH: Gino's on 83rd and 1st.

What’s the best place in New York for a coffee or lunch meeting?
BH: Pershing Square by Grand Central! Everybody who visits Sonrai in New York has been there with me. Decent food and easy to get to.

What’s your favorite hybrid/remote work office hack?
BH: Go old school, get off Zoom, and have more phone calls!

What’s one everyday online security practice every New Yorker should adopt?
BH: Get a password locker!

 

Related Articles

Tech:NYC
Previous

Tech Jobs Are Fueling NYC’s Economy — Here’s How To Expand Them to All New Yorkers
Next

New York’s National Electric Vehicle Infrastructure (NEVI) plan unlocks $175 million in new funding