Five New York Cybersecurity Companies to Watch
There were 2.5 million data breaches worldwide in 2017 alone and it’s estimated that $170 billion will be spent on cybersecurity by 2020. As cyber threats ramp up, so does the need for new ideas to protect our data, and New York is a growing hub for where they’ll come from.
It’s no surprise that the city is well-suited to meet growing cybersecurity demands — it’s home to the headquarters of 45 Fortune 500 companies, a massive workforce, dozens of academic institutions, and a healthy startup ecosystem. And working to bring them altogether is Cyber NYC, a new $100 million public-private investment operated by a robust network of community and industry partners with the goal to create 10,000 jobs in the space and catalyze the next billion-dollar company.
The initiative couldn’t be better timed — new research we released with Accenture last month forecasts significant increases in tech hiring in 2020, particularly for workers with cybersecurity expertise. The industry, by design, has to move fast to respond to ever-evolving threats, and new startups are popping up all over the city to take on the important and challenging task of keeping up with the threats that put the data of individuals, businesses and governments at risk.
That’s why, this month, we’re showcasing five NYC cybersecurity companies that are strengthening our infrastructure against all kinds of breaches.
OSO
What does your company do?
oso co-founder and CEO Graham Neray: oso makes backend infrastructure security simple for devops and invisible for developers. We do this by automating core security controls in our customers’ infrastructure in less than three minutes.
Why did you found your company in NYC?
GN: There’s a large group of talented people, access to real enterprise customers, and perhaps most importantly, we’re grounded in real life because not everyone in this city breathes tech. I have a friend who’s a classically trained actor; his wife is a dancer. It’s refreshing to step away from tech sometimes and remember that there’s a whole other world worth exploring.
What brought you to New York?
GN: I was living in Boston, and my girlfriend came to New York for grad school. After 6 months of long distance, I moved here too. Three months later we split up, then roughly a week after that, I got a job at MongoDB. I am so grateful for that sequence of events. I met my wife at MongoDB not long afterward, which makes moving to NYC the single best decision I’ve made in my life.
oso is backed by Company Ventures and Sequoia. What does having the support of major firms so early on allow you to focus on as a company founder?
GN: Many founders have to spend a lot of time fundraising. We were lucky in that the combination of current macro conditions (there’s a lot of capital out there right now) and our pedigrees made fundraising a fairly quick endeavor for us. With that behind us, we can focus on building the team, the product, and our customer base.
What do you consider good security?
GN: Security that 1) prioritizes user experience so that 2) it actually gets used.
oso is growing its team. What are you looking forward to most about your next steps?
GN: We have just begun to pull back the curtain on what we’ve been building with a small number of customers, and the response has been unbelievable. Our demo is less than 120 seconds, which is a deliberate choice. We’re showing people that time-to-dopamine with oso is so quick, unlike the nonsense they’ve been stringing together with duct tape and chicken wire for the last 30 or 40 years.
I’m looking forward to sharing the product more broadly as we move towards our launch. And did I mention we’re hiring? Building the team is perhaps the most rewarding part of this whole thing. We’re looking for folks who have some combination of experience in + appetite for low-level systems engineering, building a great experience for a technical end-user, and running critical production systems. Sam is a brilliant but down-to-earth technical leader (and we’re using Rust!), which makes this a great place to learn and grow as an engineer.
How do you get to your office?
GN: N/W from Astoria-Ditmars → Queensboro Plaza, transfer to 7 train → Grand Central
Where do you get your favorite pizza slice?
GN: Xi’an Famous Foods — I’m not a big pizza eater.
Where do you get your favorite bagel?
GN: Brooklyn Bagel (in Astoria, of all places).
What is the best New York waterfront?
GN: Brooklyn Bridge Park.
What’s your favorite New York building?
GN: Tom Fruin's WATERTOWER.
What’s the best place in New York for a coffee or lunch meeting?
GN: La Colombe on Bryant Park — it’s where Sam and I first met, and where I often meet with candidates.
What’s the craziest thing that’s happened to you in NYC?
GN: My first landlord gave me reduced rent in exchange for being able to cook kimchi and bulgogi in my kitchen 2x per week, which he subsequently sold in his deli located on the ground floor of the building.
ATAKAMA
What does your company do?
Atakama co-founder and CEO Daniel H. Gallancy: Atakama provides an encryption platform that mitigates attacks. With perimeters constantly breached, enterprises need a deeper level of security, in which an attack is rendered harmless. With Atakama’s encryption platform, enterprises can have granular protection, with each object encrypted with its own unique key. When attackers breach a network, cloud storage or a local endpoint, what they’ll steal will be valueless, as it is fully encrypted. The system uses no passwords, enables seamless sharing of encrypted data among users and enables users to search through data without decrypting it.
Why did you found your company in NYC?
DG: New York is an exciting environment in multiple respects. It is the epicenter of commerce for the entire Western Hemisphere, making the city a fertile ground for prospecting for clients and for building partnerships. New York also has top-of-the-heap talent, both technical and commercial.
What brought you to New York?
DG: I was born and raised here. Though I’ve visited terrific places all throughout the world, I can’t imagine living anywhere else.
Cybersecurity is a global issue that’s on the minds of governments, businesses, and banks alike. Why should the everyday person think about encryption, too?
DG: Most people think to themselves, “Hey, I’m not a target – who wants my data?” and people who think that way aren’t necessarily incorrect. That said, a great many cybercrimes are crimes of opportunity. It isn’t all that different from burglar finding a house with the door unlocked and taking advantage of the situation. If the door is locked then the burglar will move on to a softer target. Encryption is a great way to lock your data, just as you’d lock the door to your home.
You’re also working in the cryptocurrency space, as CEO of SolidX Partners Inc. How has that helped inform the way you think about cybersecurity?
DG: Anyone in the Bitcoin ecosystem will tell you that keeping cryptographic keys secure is absolutely crucial. But what is the best way to do it? How do we balance security and convenience/accessibility? The answers aren’t always clear. That said, some of the most creative security solutions I’ve ever seen have emerged from the Bitcoin world, and we can take those lessons and apply them to general cybersecurity. In that sense, Bitcoin has been a strong influence on how we think about securing keys in a manner that balances security and convenience.
What’s a common misconception about data privacy and security that you've found?
DG: People – including cybersecurity professionals – think their data is already encrypted when, in fact, that isn’t the case, at least not on a functional basis. For example, full-disk encryption protects you if your laptop is stolen but it doesn’t help whatsoever if your laptop gets hit with malware, the latter being a more likely scenario. Most cloud providers encrypt user data, but the encryption is accomplished using keys derived from user credentials. Consequently, if an attacker can spoof your identity, the attacker can steal your data. That sort of encryption is more security theater than true protection. We can do better. Atakama is built to provide true encryption-based security without compromising usability.
Atakama was recently named a finalist in the NYCx Cybersecurity Moonshot Challenge, which aims to make the city a leader in cybersecurity innovation and talent. Congrats! How are you working with NYC to build more support for data security? What is it like to test your challenge proposal in the city?
DG: The Moonshot Challenge has been a wonderful experience for us. It has inspired us to focus even more heavily on clients in NYC (not that we weren’t already). The evaluation panel was rigorous and we were fortunate to have the opportunity to answer their questions, many of which were quite detailed.
How do you get to your office?
DG: Walk and Citibike.
Where do you get your favorite pizza slice?
DG: Impossible to answer! Too many great choices.
Where do you get your favorite bagel?
DG: Unquestionably the best place is Bagel Oasis, Near where I grew up.
What is the best New York waterfront?
DG: Gantry Plaza Park and Hunter’s Point South Park in Queens.
What’s your favorite New York building?
DG: Grand Central Terminal.
What’s the best place in New York for a coffee or lunch meeting?
DG: Best place to meet for coffee is in Bryant Park if the weather is cooperative.
What’s the craziest thing that’s happened to you in NYC?
DG: The adventure of starting Atakama!
FRAUD.NET
What does your company do?
Fraud.net co-founder and president Cathy Ross: Fraud.net operates a real-time fraud detection and analytics platform, helping companies with high volumes of digital transactions to quickly identify transactional anomalies and pinpoint fraud using big data and live-streaming visualizations. Our first-of-its-kind platform allows enterprises to monitor their end-to-end fraud program’s performance, identify process improvement opportunities, and gain new insights into developing fraud trends in minutes instead of months.
Why did you found your company in NYC?
CR: We have clients from across the world so it’s the ideal spot for a company like Fraud.net to be headquartered. In New York we’ve got the best combination of access to capital, labor, business services and clients. Although New York is our HQ, we also have a presence in Seattle, London, and Frankfurt.
What brought you to New York?
CR: My career started in finance, so I moved to New York for my first set of jobs after college and decided to settle here. I’ve travelled the world quite a bit, but New York is my home now for me and my family.
As rapidly as technology is changing, so can new fraud risks. How do you balance innovation and security? What's the benefit of using AI and machine learning to manage those risks?
CR: Before AI, fraud was a game of cat and mouse. Fraudsters would begin using a method to commit fraud, companies would address that method of fraud, and then a new method would pop-up and the process repeats. What AI and machine learning are doing to this cycle is vastly reducing the time it takes for a new method of fraud to be noticed, as well as allowing merchants to, in real-time, see and stop when someone is trying to use these tricks in their transactions. As such, Fraud.net has a great balance of innovation and security, as we utilize innovative technologies, AI and machine learning, in order to bolster our own and other’s security. Using our program, we have identified 600+ distinct fraud methods, which we can then prevent when other members in our network are confronted with the same groups and approaches.
What’s a recent trend in cybercrime that you’re especially keeping an eye on?
CR: There are two trends we’ve been keeping an eye on in cybercrime: AI-enabled account takeover and synthetic identity fraud. For AI-enabled account takeover, most commonly, attackers will deploy an army of bots with credentials that have been purchased on the dark web or acquired directly in a data breach. The data can be further enriched from the individual victims using a wide variety of social engineering. The sheer size of these attacks will quickly expose which merchants and financial institutions have not taken proper precautions.
Synthetic identity fraud, In which fraudsters create fabricated identities using legitimate seed data like a social security number, is growing fast making banks and digital merchants especially vulnerable. If you don’t catch synthetic identity accounts early, they can be very difficult to catch because they exhibit all the behaviors of an ideal customer. Even companies as agile as Facebook and Google were caught flat-footed and defrauded for more than $140 million this year.
So many parts of our lives are managed online, from banking to shopping to entertainment. Does it surprise you at all how trusting people can be with their information online? How do we get people to consider potential risks more seriously?
CR: As someone who has worked in tech for a long time, it does surprise me. More and more often we hear about data breaches occurring at larger and larger companies, but there seems to be no rising urgency to address that issue for them or the consumer. I think people have gotten so comfortable with how easy the online experience is that they’ve simply become complacent, and that it would be hard to tell people anything more than they already know in order to take their information seriously. People know that they should be considering the risks more seriously, but many don’t seem to care until they can’t log in to their email one day, and realize they’ve become a victim.
Fraud.net is part of a cohort of Mastercard Start Path, which aims to shape the future of commerce. How is that program helping Fraud.net move its mission forward?
CR: By partnering with a world-class technology organization like Mastercard, we are able to leverage their expertise and resources. This partnership uniquely positions Fraud.net to solve for the growing demand for sophisticated solutions while identifying and solving for the problems consumers will face in the next decade. We are extremely honored to be one of the ten members of the 2019 class and to be working with such a forward-thinking institution.
How do you get to your office?
CR: The same way all New Yorkers do: I walk to the tallest building in my area, go to the top floor, and zipline straight to my office.
Where do you get your favorite pizza slice?
CR: Chicago. Ha, yeah, right!
Where do you get your favorite bagel?
CR: Any place that’s closest to me...it’s hard to find a bad bagel in New York.
What is the best New York waterfront?
CR: The Hudson River is my side-yard, and favorite place for walking, biking, fresh breezes, and sunset cocktails.
What’s your favorite New York building?
CR: Grand Central Station.
What’s the best place in New York for a coffee or lunch meeting?
CR: I tend to have lunch in my office, so I think I’d have to say that’s my favorite place.
What’s the craziest thing that’s happened to you in NYC?
CR: I come from a small southern town, population 15,000, so just the fact that NYC is my new home is pretty crazy. Every day is an adventure.
EDWIN
What does your company do?
Edwin co-founder and CEO Amit Lubling: Edwin is a behavioral cybersecurity company that uses proven learning and behavior change techniques to keep employees and their organizations secure. And, in turn, individuals can use their new skills of security habits to keep their family and home secure. Each Edwin program is customized for an organization and then delivered to employees via interactive “missions” that change security behavior in real time — behavior that is measurable and shareable to security officers, auditors, regulators, and clients as needed.
Why did you found your company in NYC?
AL: One of my co-founders, Steven Dean, and I live in NYC. And we incubated and launched Edwin in the NYC startup studio, Prehype, where we are partners.
What brought you to New York?
AL: I grew up in Jersey, just a few minutes from the George Washington Bridge, so this is where my friends and family are. I’ve lived in the city most of my life, and I’ve seen it change a lot.
Edwin’s website says that you don’t believe in using fear to change human behavior. Why is it important to change that narrative surrounding cybersecurity?
AL: Fear doesn’t work. While it may provide an initial trigger to motivate an action, it is unhealthy and unproductive and often creates anxiety and distrust. And may lead to a toxic work environment and relationship between employee and company. If we’re going to get people to take security seriously and make it part of their lives, we have to change the narrative. People want to be happy, healthy, and secure in their lives and so we aim to engage them in positive ways where they can do that at home and at work.
In this day and age of tech, does it feel like the human side of security often gets lost along the way? If so, what’s the impact of that direction?
AL: Absolutely. Despite how important the human side of security is, it is either ignored entirely, or only given cursory attention. Part of the problem is that the security industry doesn’t really have a good model for thinking about security and human behavior the way they do with security systems. Security expertise is not about influencing or changing human behavior, it is about technical systems and vulnerabilities. The security training and awareness industry is designed to solve a problem for CISOs and CTOs, not to actually change the security culture of an organization — which makes sense. Because it’s hard for one security person to take responsibility for the behaviors of all the people in an organization. That sounds like a nightmare. And that is why we want to take responsibility for that on their behalf.
While we’re seeing exciting developments in cybersecurity, would you say there are advancements in cyber threats at the same time? What’s it like developing a product in a field that seems to require constant vigilance?
AL: Threats far outpace the security responses. There is a model of cybersecurity where the threat capability is analogous to breaking into a house. The first layer is leaving your window open. The second layer is leaving your door unlocked. The final layer, which represents state-sponsored attacks, is like tunneling in through your house's foundation. In other words, there is no way to prevent the final layer.
Developing a product in this environment is incredibly exciting for us. We love that constant learning and evolution is required. The promise of focusing on humans in security is precisely that, as long as threats advance, we’ll never change from being reactionary. We need to change ourselves. Change who we are. And change how we live. Security opens the door to changing aspects of ourselves that we want to change, but that are hard to think about. And yet are constantly changing. That’s an interesting problem for us to solve!
All three of Edwin's co-founders have been a part of developing different ventures over the years. How does a combined entrepreneurial spirit help drive Edwin forward?
AL: The three of us are intellectually invested in the problem we’re addressing with Edwin, and in the potential of changing the narrative around security. It would be hard to build a business purely opportunistically. It’s the intellectual interest and passion that keeps us motivated and creative about how to evolve our approach. It is definitely useful that we’ve all built different kinds of businesses in the past, especially those in health care around behavior change. We bring a lot of fresh thinking that we’re trying to apply to this industry.
How do you get to your office?
AL: The subway, how else? I take my son to school every day in Brooklyn, then come back to Chinatown where my office is.
Where do you get your favorite pizza slice?
AL: I can’t eat bread unfortunately, but my wife makes an almond flour focaccia that I use as a base for homemade pizza. It’s nothing like Joe’s Pizza, but I still love it.
Where do you get your favorite bagel?
AL: When I used to eat bread, my favorite bagels were from Celebrity Bagels in NJ.
What is the best New York waterfront?
AL: Brooklyn Bridge Park. They have a great carousel, park areas, activities for kids, and some great restaurants.
What’s your favorite New York building?
AL: That’s tough, but I think the Frank Gehry IAC building. I used to live right by it. It’s a work of art architecturally, and also uses very unique and challenging technology: bent glass.
What’s the best place in New York for a coffee or lunch meeting?
AL: Definitely Spring Natural on Broome. It’s spacious and fairly quiet. Ask for Alejandro and order a “burger salad” (if you like burgers and salad).
What’s the craziest thing that’s happened to you in NYC?
AL: I proposed to my wife at the Met — I was able to put an ancient Roman antiquities ring on display and pull it out at the right moment. I still can’t believe they let me do it.
DISPEL
What does your company do?
Dispel CEO Ethan Schmertzler: Dispel is an industrial control system access and operations service for utilities and businesses. With Dispel, you get a complete platform to grant, monitor, and control operator and third-party access to critical infrastructure through a non-persistent Moving Target Defense SD-WAN.
Why did you found your company in NYC?
ES: We chose New York because of the engineering quality to be had, our deep institutional network in the city, and proximity to Washington, D.C.
What brought you to New York?
ES: I was born in New York City, and I returned to New York to work, starting in finance, and later transitioning to being a software developer. I’d lived in both San Francisco and New York, and I’d always maintained a special connection to the East Coast.
Dispel released its first commercially available Moving Target Defense technology in 2014. What’s a major way you’ve seen the cybersecurity space change since then?
ES: The overarching theme has been one of making the attacker’s lives harder, and making security teams more efficient. We started Dispel during a phase when detection was in vogue. Hardening defenses weren’t working because perimeters were fragmented, so everyone thought they could find attackers faster. Now Moving Target Defense and the whole realm of resiliency is coming into popularity.
You wrote back in 2016 that “waiting for an attack is not a favorable defense posture.” Do you find it still takes some convincing entities with outdated systems to keep up with the times?
ES: We’ve seen the tenor of the conversation with security officers and executives grow over the past three years to today, where we now begin a conversation with an entity on the same page. Moving Target Defense as a methodology is entering the mainstream in published security frameworks. Take the new NIST Cyber Resiliency Engineering 800–160 Volume 2 as a good example–the final public draft of which was released on September 04, 2019. This new framework pushes for Moving Target Defense-style dynamism and deception for achieving modern secure system engineering.
What does innovation look like for you and Dispel’s team? Does it require thinking like bad actors to see potential risks?
ES: Innovation at Dispel revolves around friction and usability. We want to cost an attacker their time and money. We find that taking immensely complex security technologies and making them simple or invisible for users requires clever thinking and careful focus.
This year, Dispel announced its taking part in PricewaterhouseCoopers’s Scale program, introducing the company to the United Kingdom. What are you looking forward to the most about expanding into new markets?
ES: In the past year we’ve expanded into Europe, South Africa, and Asia through partnerships and direct sales. Like North America, the utility and industrial operators in these markets remain underserved in simple, easy-to-use remote management and access tools for OT/IT functions. The security requirements and frameworks we meet in each region helps bolster all the others, so we’re better prepared to support regulatory compliance in each new country we work with.
How do you get to your office?
ES: On good days, I’ll walk to the office. It’s about 15 minutes for me, and it’s a good time to catch up on podcasts. If the weather is crummy, I’ll hop on the bus.
Where do you get your favorite pizza slice?
ES: This is hard because you tie your memories of being in a neighborhood with the particular pizza you have during those moments. Our offices are by Paulie Gee’s in Brooklyn, and that’s definitely a favorite.
Where do you get your favorite bagel?
ES: You need a place that makes a good original bagel that, for me, holds up a lot of lox, onions, and capers on Saturday morning. Bagel Shop on 93rd St and 3rd Ave fits the bill.
What is the best New York waterfront?
ES: The view from Gantry Plaza and Hunter’s Point South Park in Long Island City, hands down. You get to see the lights of Midtown and the cars going up and down the FDR, but you have the peace and quiet of the river. It’s comforting too — no matter what time you look out over the view there’s always something happening; the city never sleeps.
What’s your favorite New York building?
ES: Growing up, I used to come into the city with my parents on occasion on Metro-North. The beauty and bustle of the Main Concourse makes Grand Central Station still my favorite building in the city.
What’s the best place in New York for a coffee or lunch meeting?
ES: Both Macchiato or Gregorys Coffee in Midtown are good coffee meeting spots if you have to sit down. They’re central, and usually easy for everyone involved to get to. Hibino in Long Island City serves a wonderful bento and sushi lunch, and the tables are far enough apart that you can get work done.
What’s the craziest thing that’s happened to you in NYC?
ES: There’s a private portal to control the nighttime illumination of some New York’s iconic buildings. Its existence is better known these days, but when it first came out we won a lot of bets using that special feature. Credit due to the engineer who actually provided the original access.
Author and Editor: Kelly Zegers
All illustrations by Elly Rodgers
Aerial view of Central Park and Times Square: by TierneyMJ/Shutterstock.com