Thank you so much for joining us in this interview series. Before we dive into our discussion our readers would love to “get to know you” a bit better. Can you share with us the backstory about what brought you to your specific career path?
I started my career in cybersecurity in the Israeli military, serving for 10 years in the cyber and intelligence division. While I have held various roles in both the military and private sector, it was my time as a Chief Information Security Officer (CISO) that led me to found Onyxia. As the responsibilities of the CISO role grew, I realized that there was a lack of tools to help CISOs manage their security programs and bridge their security programs to the business. While other C-suite roles have dedicated management tools, like Salesforce for CROs, there just wasn’t anything out there for CISOs.
What do you think makes your company stand out? Can you share a story?
Like so many successful companies it is all about the people. When you have the right people who align with the core values you’ve instituted, you get the necessary communication and buy-in to grow. Joining me in the leadership are people I trust and whose experience I value. In fact, I chose our CTO and VP of Marketing precisely because I’d worked with them previously on a similar mission of introducing a new category to the cyber world.
You are a successful business leader. Which three character traits do you think were most instrumental to your success? Can you please share a story or example for each?
– My passion for community building. Several years ago, when I moved to the US, I was saddened to see the lack of diversity and representation in the cybersecurity workforce, so I founded and led the Cyber Ladies NYC group. Community and mentorship were a key part of what the group offered and I witnessed numerous women break into and advance their careers in cybersecurity through the connections they made. Today, as I build and lead Onyxia, our team regularly hosts community CISO dinners and events. These events inspire me and reinforce my drive to fulfill Onyxia’s mission of empowering CISOs in their increasingly high-profile and business-driven role. I continually learn from CISOs in the community as they share the challenges they face and exchange knowledge and tips on how to address the struggles of the role.
– My background as an educator. As the Program Director for a Cybersecurity Master’s program, I get to help develop the next generation of cybersecurity leaders and promote diversity in the field. This shapes the way I view the market, manage my organization, and encourage my team’s professional development. For example, for New Year’s we hosted a lecture for the team from former Israeli tennis star Shahar Pe’er. She spoke to the team about her experience and mentality and connected it back to what we do in business and cybersecurity. In her lecture, she shared that just as in tennis you need to take it “point by point” and focus on each win. And though tennis is mostly an individual sport, you still have to rely on the people around you — your team. So too with business and cybersecurity, you need to trust the people around you and focus on all your wins, big and small.
– My strategic mindset. My time working as a CISO really taught me the value of this trait. Like everything in life, planning in advance can help you deal better with opportunities and failures. When we first started to develop the product, we were addressing a specific market category and problem related to evaluating program performance, but we quickly realized that this focus was too narrow and would limit the growth of our business. Rather than get discouraged, I regrouped with my team and we established our own category, Cybersecurity Management, and a long-term strategy and vision for our product that would address several of the pains CISOs face — including ensuring security stack coverage and efficiency, optimizing the ROI of the cybersecurity budget and the business-level communication of the cybersecurity strategy.
Let’s now move to the main point of our discussion about AI. Can you explain how AI is disrupting your industry? Is this disruption hurting or helping your bottom line?
AI is having a revolution in Cyber on both sides of the spectrum. On one hand, it is empowering bad actors to develop more advanced threats and take advantage of the curiosity and excitement that surrounds this new technology. On the other hand, it also brings immense benefits to cyber defense — from faster detection and response times to deeper data analysis — enabling a more proactive approach to strategy and planning.
Which specific AI technology has had the most significant impact on your industry?
In an environment that requires a rapid response to threats, CISOs need to be able to dynamically manage their cybersecurity programs. Embracing AI can help CISOs adopt a proactive and even predictive approach rather than a reactive one.
A notable area where AI can help CISOs and cybersecurity leaders is with communicating the impact of their cybersecurity program to executive teams. The majority of CISOs rely on spreadsheets or a team of analysts for manual reporting on their key security metrics. CISOs often have to work manually, together with their teams, to collect this data.
AI can potentially help CISOs alleviate this pain. Through AI-powered solutions, CISOs can automate the collection of their key security metrics, as well as gain comparative industry intelligence and actionable recommendations, so that they can not only be better prepared to deal with security breaches and real-time risks, but also, more easily measure and convey the financial and business impact of their cybersecurity initiatives.
Can you share a pivotal moment when you recognized the profound impact AI would have on your sector?
The first time I sat with a customer to do their onboarding on our platform it really hit me how profoundly AI could impact cybersecurity, particularly in strengthening cybersecurity management. It was incredible to see how the AI capabilities and data intelligence within our platform could pull, map, correlate, and present our customers’ cybersecurity program data in a way that gave them incredible clarity on their program performance, as well as highlight where they had gaps and redundancies in their security stack coverage.
How are you preparing your workforce for the integration of AI, and what skills do you believe will be most valuable in an AI-enhanced future?
We are quickly learning, adopting and working with new AI technologies and incorporating these into the service we provide. For example, we are partners with Microsoft and they offer resources and courses for startups on copilots, generative AI, and more that our development and product teams have leveraged to increase their knowledge on the latest AI tools and trends.
What are the biggest challenges in upskilling your workforce for an AI-centric future?
The technology is developing so rapidly and there is so much to learn. Our challenge is keeping fully up-to-date on the rapid advancements in AI technology while working to best implement new AI innovations within our own technology.
What ethical considerations does AI introduce into your industry, and how are you tackling these concerns? Cybersecurity is all about data privacy and protection and if you are going to use Chat GPT, for example, you have to understand where that data is going and also be careful of what data you are inputting into it. We are transparent with our customers about how we are implementing AI into our platform, how we are using it, and what data we are collecting.
What are your “Five Things You Need To Do, If AI Is Disrupting Your Industry”?
1. Educate yourself. AI is coming, whether you want to embrace it or not. It is in your best interest to get up to speed on it so you can answer the inevitable questions you will face both from within your organization and from clients.
2. Develop a policy on how to use AI in your company. Restrict it, block it, grant full access to use it, or choose one service. If you don’t get ahead of setting these policies, you are putting your organization at risk.
3. Don’t try to deny or stop the progress! I remember at the very beginning of ChatGPT’s launch, a group of tech leaders wrote a letter with a proposal to pause ‘giant AI experiments’. I didn’t agree with this because I believed and still believe that the rise of AI is inevitable, so better that we as cybersecurity professionals continue to become more familiar with the emerging threats and benefits as AI capabilities develop.
At the end of the day, hackers will always find ways to exploit new technologies. Rather than trying to pause inevitable AI development, it is more beneficial for companies and cybersecurity professionals to ensure new models are released in a secure fashion, to regularly update security protocols based on new AI capabilities, and to adopt AI-based platforms and protection systems to effectively counter the evolving threat landscape.
4. Take it for a test drive. There are so many benefits to adopting AI, so see how it can work for you and improve your workflow or organization. My dream for Onyxia is that it will become the Alexa for CISOs. Just as we wake up and ask Alexa, “What’s the weather today?” I want CISOs to be able to say, “Hey Onyxia, what are the top security issues I need to address in my organization today?” The addition of GenAI to our platform will soon enable that.
5. Speak to others in the industry openly and share experiences to better your understanding of what’s working, what isn’t, and what is most of value. This way, you can work to establish best practices at a faster pace.
What are the most common misconceptions about AI within your industry, and how do you address them?
While AI cyber threats are abundant, AI can also be used to empower our defenses by automating manual or tedious tasks. There is a lot of skepticism in our industry about AI’s power to truly help rather than being all ‘buzz.’ Our team is addressing this by thoughtfully incorporating AI into our platform and conducting thorough testing on the advancements we introduce. AI and predictive security is an exciting part of our platform but we also recognize that a key value we deliver is our data fabric and intelligence — which enables security leaders to fully utilize all the data in their environment to gain a better understanding of how to improve their cybersecurity programs. So while new AI innovations are important, I think that it’s equally important to acknowledge the positive impact of data, automation, and Machine Learning, as well.
Can you please give us your favorite “Life Lesson Quote”? Do you have a story about how that was relevant in your life?
“Life’s a series of waves to be embraced and overcome.” — Danny Meyer
When I’m not working on cybersecurity or spending time with my daughter, I’m out SUPing (stand-up paddleboarding) on the Hudson. I call it my active meditation, so it’s fitting that the first thing I did when I moved to New York was find a boathouse to store my paddle board. During the summer I launched Onyxia, I was out paddleboarding with friends who were kayaking. As we made our way back from the Statue of Liberty, it was very windy and I fell behind. Out of nowhere, someone showed up on their kayak, and we started talking. Wading in the water, I told him about what I was building and why I was passionate about it. Looking back, I was essentially pitching it to him, but at the time, I knew almost nothing about raising funds and wooing investors. Even so, we stayed in touch… and he ended up becoming my first investor!
Off-topic, but I’m curious. As someone steering the ship, what thoughts or concerns often keep you awake at night? How do those thoughts influence your daily decision-making process?
Building a company and providing a service that supports the successful cybersecurity programs of enterprises is a great responsibility and not one that I take lightly! During my career in cybersecurity, I observed the disastrous impact of cyber attacks on government, businesses, and individuals, and in parallel, the struggles CISOs experienced in manually managing their cybersecurity programs with spreadsheets or hours of analyst work. This is a problem I am deeply committed to solving and while the ramifications of this problem keep me up at night, they also drive my persistence and passion to ensure the success of the company we are building.
You are a person of great influence. If you could start a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂
I’m really passionate about bringing more women into cyber, and am proud to share that our team at Onyxia is 50 percent women. There is a large gap in cybersecurity between men and women that needs to be closed. It may seem obvious, but a great way to make women feel more included and see more diverse representation among leadership is to make an effort to hire and promote more women. While we’ve seen a rise from 2013 (where women only held 11% of jobs in the industry) to today (where the number stands at a quarter), there is still, obviously, much room for improvement.
When I moved to the States, I quickly realized there were not enough women in the field. It was disheartening to see so few women applying to the MS in Cybersecurity for the Katz School at Yeshiva University. In my role as Program Director and Professor, I’ve addressed this by launching a mentorship program to attract and promote a young generation of women security professionals. The goal of the mentorship program is to bring in more women professionals as role models and thereby increase awareness of the industry among women, attracting them to explore the opportunities it offers.
The cyber job market is underserved, in general, creating immense opportunities for women, but this shortage in cyber talent must be addressed early on in the career decision process to have a real impact on the problem.
I firmly believe that education about the career path needs to start as early as high school. I developed a program at the Manhattan High School for Girls to expose young women to technical professions. When young women learn about the cybersecurity field in high school, they are more likely to study computer science and get a master’s degree in the field. If they don’t have this exposure at a young age, they’re less likely to make this decision before college, which makes the field feel more difficult to conquer.
How can our readers further follow you online?
Please connect with me on LinkedIn or X. I’m always happy to connect with fellow cybersecurity professionals and women in business!
Thank you for the time you spent sharing these fantastic insights. We wish you only continued success in your great work!