For the next interview in our series speaking to technology and IT leaders around the world, we’ve welcomed Cybellum CEO Slava Bronfman to share his views on the state of security today.
Tell us about the business you represent, what is their vision & goals?
Cybellum’s product security platform enables manufacturers to keep the products they build secure and compliant, every single moment of their life. With Cybellum, security can finally be infused into every part of the product lifecycle.
From living SBOMs to automated vulnerability management, teams can make sure their entire product portfolio is secure by design and stays that way. Powered by Cyber Digital Twins™ technology, a live digital replica of every software component inside your devices, Cybellum allows product security teams to manage risk continuously, whichever new threat arises.
Can you share a little bit about yourself and how you got into cybersecurity?
I learned cybersecurity when I was in the intelligence unit in the Israeli army where I was involved in leading many cybersecurity projects. As CEO of Cybellum I am responsible for the business, sales, and marketing operations, working with IoT OEMs and vendors worldwide.
I am the official representative of the Standards Institution of Israel in the ISO 21434 standard technical committee, leading ISO21434 Use-Case TF. I am also a member of the NTIA Software Component Transparency working group, working on the future standardization of SBOM.
What advice would you give to someone wishing to start their career in cybersecurity?
Jump right in and start exploring. Get as practical as possible and start to understand the vast expanse of cybersecurity. It is a huge field. Start taking classes, there are plenty online. And choose the niche you want to get experienced in. Start networking within the many groups and meetups available.
What are some misconceptions that you believe businesses have about cybersecurity?
Businesses tend to think that they can apply the same security across all attack surfaces. Securing IoT is unlike security applications, and unlike securing devices. Each attack surface requires its own methods, processes, and technology.
Also, risk might be seen as a one-time thing when it's really an ongoing process.
Are there any books, blogs, or other resources that you highly recommend?
The Cybellum blog, webinars and our soon to be launched product security podcast.
Would you like to share any cybersecurity forecasts or predictions of your own with our readers?
The rise of product and device security and the rise of the Chief Product Security Officer (CPSO). Product security is the next big wave and we predict its market size will be equivalent to IoT and OT security. If you enjoyed this article and wish to keep reading then why not check out our previous guide on Kibana dashboards or see our Kibana query language cheat sheet?