Gily: Our vision is to continue and make continuous security validation accessible and achievable for security teams with various levels of skill sets and matureness. Our platform is an open framework that combines the flexibility to create and automate customized attack scenarios while at the same time we provide smaller security teams out-of-the-box templates enabling them to launch comprehensive assessments.
The platform is Saas- based, making it simple to deploy, we are the only company that can be fully up and running within an hour, and its modularity makes it easy for companies to procure; many start off with the common attack vectors; Web WAF, email and endpoint vectors and then as they mature they add the advanced modules; lateral movement and APT simulations. Companies that have in-house pen testing skills will use the purple team module to operationalize and scale their capabilities.
We are also the only BAS vendor to provide tools that evaluate employee security awareness proactively and the only vendor to provide attack surface management. We provide end-to-end visibility of the key aspects of a company’s security posture from one platform with a consistent scoring methodology that enables them to assess risk across all the links of the cyber kill chain.
Do you think working from home is good or bad for employee experience? How is Cymulate planning it’s office strategy in Post covid19 days?
Gily: I hear more and more executives talking about the advantages of working from home. I have been mixing working from the office and from home for many years now. I think it’s the best combination. Allows time for employees at the office to spend time with their co-workers, align, connect, collaborate f2f, and when working from home, save the time in traffic and either gain more time to work or more time for work: life balance, invest the time at home on the things you need to focus on quietly away from the office rash.
I am not in favor of being radical either way. The combination is the secret source. Cymulate is planning just this once things get back to the new “normal.”
Check our interview section for more interviews with industry leaders!
Hi Gily, tell us about yourself and share some background about Cymulate (how you ended up joining the company)
Gily: I have spent my entire career in marketing and in the last 20 years, particularly international B2B Cybersecurity marketing. With two very active lobes in my brain, I bring strategy and GTM to the table that takes into account a results-oriented, data-driven approach along with a passion for innovation and creativity. I drive approximately 50% of the business and consistent growth YoY.
In my past marketing leadership roles, I was fortunate to work at startups such as Cymulate, Illusive Networks, and large brands, including Symantec.
I am a contributor to publications such as Forbes, Help Net Security, CyberSecurity Ventures, IT Toolbox, etc. and enjoy being able to share my knowledge and thoughts with cyber and marketing professionals and executives.
Two years ago, I chose to join Cymulate. Cymulate’s continuous security validation enables companies to challenge, assess and optimize their cyber-security posture against the evolving threat landscape, simply and continuously. The platform provides out-of-the-box, expert, and threat intelligence-led RISK assessments that are simple to use for all skill levels and constantly updated. It also provides an open framework for ethical hackers to create and automate red and purple team exercises and security assurance programs tailored to their unique environment and security policies. Cymulate helps security professionals to know and control their dynamic environment.
Online commerce was booming in 2020, and so are security breaches; how did it affect Cymulate? – What are you going to focus on this year?
Gily: Looking back at 2020 and the consequences of the COVID pandemic, we saw an acceleration in digital initiatives to address the needs created by the shutdowns and working from home. This accelerated cloud adoption, online commerce, remote collaboration, education, health, and financial services, and many other aspects of our lives. Yes, subsequently, a rise in cybercriminal activity exploited the new situation. The cybersecurity industry also saw a transition to more cloud-based services, which also benefited Cymulate and our SaaS-based continuous security validation platform. It allowed security teams working from home to continue with their security testing and assurance activities uninterrupted. Looking forward to 2021, we will continue to expand the coverage of the platform and continue to update it with new attack scenarios and threat intelligence-based capabilities. We have grown our team of researchers so that our customers can continue to identify and fix their exposures to new threats that emerge daily, like the SolarWinds attack.
The evolution of the security industry
How much has your industry evolved in the last 2-3 years with the arrival of automation, customer experience, and enterprise apps?
Gily: The Security industry is one of continuous evolution, driven by innovation, to meet the need for companies to confront the threat landscape. Unfortunately, the aspect of testing, validating, and assuring the effectiveness of a company’s security posture has remained the same for the past 25 years as it has relied on human powered penetration testing. Although their tools have advanced, the methodology has remained unchanged, and so have its limitations; these include limited scope, reliance on the varying skills of pen-testers, cost, and time to receive, validate and implement the recommendations of the test.
This results in infrequent testing, and cost also makes them inaccessible for small to medium size companies. In the last four years, a new paradigm has evolved that automates security testing, solving manual and periodic pen-testing limitations. Companies can validate their security by launching attack simulations of new threats and techniques daily and get answers in minutes. It makes security validation accessible to a broader market, and because the simulations are safe to run in production, the scope is unlimited. The customer experience has also improved significantly, security teams can customize the attack scenarios to their specific needs, and the results are presented immediately together with remediation guidance. The security team can remediate and test again to ensure security posture improved.
Tell us about the CMO’s role in a pandemic crisis – what role digital transformation has in this crisis?
Gily: Part of a CMO’s job is to understand the market, understand the buyers, their needs, their pains, what drives them, what their KPIs are, what motivates them emotionally, what their priorities are, etc. During times of crisis and during the pandemic that broke early in 2020, even more so. Marketers could not have allowed themselves to ignore the delicate situation people found themselves in, both professionally – many were furloughed, many were facing new professional and emotional, personal challenges.
On the professional side, for example, security professionals now had to protect the companies networks and assets of employees working from home, sometimes with their own device – unprotected, without VPN, in very short notice, they had to ramp up 3rd party cloud services to adapt, and all this could have created allot of security gaps they were not keeping up with.
On the personal and emotional side, people were afraid, a lot of unknowns about COVID, what it means, how to be careful, worry about family members, worry about the potential loss of business or loss of work, etc.
Things like this completely change the market, change behaviors, change everything we expected. So, CMOs had to almost scratch out the 2020 plan, and the physical world was “out of business,” no events, conferences, meetups, roadshows, etc. We had to rethink the whole thing through.
From understanding the buyer, their pain, their challenges, and priorities, to where and how to play in the virtual world to compensate for the loss of the traditional field marketing.
Of course, most companies had to deploy a “digital 1st” strategy, but I felt it’s not enough. For me, even in B2B (not only in B2C), but people also do business with people. So, we started exploring a Business to Human (B2H) B2B approach.
The anchor thought was to make people feel better, and it meant shifting from short-term ROI to longer-term ROI expectation. By deploying tactics that foster relationships and trust, we aimed to help people and companies at this very ambivalent and difficult pandemic time as well as for them to get to know us and consequently invest in BAS and adopt our Cymulate Continuous Security Validation Platform. Those tactics included virtual hospitality events for our audience and their families, complementary and continuous use of our platform to enable them to validate their security in minutes and feel safer. This would clearly also allow them to understand the power and value of our platform, and it would be up to them if they decide to be a customer in the future.
We saw great engagement and received incredible feedback from prospects, customers, and partners and feel confident that with the wealth of solutions out there, the key is connecting to people, relationships. Being the leader in terms of technology and usability and breadth of the platform in our category is, of course, an advantage.
How is Cymulate changing the cybersecurity landscape?
Gily: Cymulate is changing the way decisions are being made about a company’s security. By turning the lights on their security posture, showing them where they are exposed, and identifying security gaps, companies can take better, informed decisions.
These include both short-term decisions, for example, which security gaps are attackable and require immediate attention over less exploitable vulnerabilities and long-term decisions in procurement – is my current technology detecting and protecting the organization from the latest threats, should it be replaced, or can it be optimized? And if it needs replacing, I can evaluate the alternatives objectively by testing them. Cymulate’s customers report they have also gained improvement in productivity through automation, and their teams have enhanced their professional skills because the platform shows them how an attacker operates, and this makes them better defenders. As one of our customers wrote on the Gartner Peer Insights Reviews, “it’s like having a full-time virtual pen tester team on hand. You can validate your security controls before and after procurement. You can validate the detection capabilities of EDR platforms. You can exercise incident response playbooks and SOC capabilities. You can simulate almost any scenario and make sure your people, processes, and technology are prepared to confront a real attack.”
What makes Cymulate different from your competitors?