When Aviva Zacks of Safety Detectives set up the interview with Max Aulakh, CEO of Ignyte, she never imagined she would get to meet an American hero who learned about cybersecurity in the USAF.
Safety Detective: What motivated you to start Ignyte?
Max Aulakh: I started Ignyte because I was already doing cybersecurity and information security as part of the US military, and I really wanted to help small and larger businesses. I wanted to serve as a chief security officer because they have a pretty tough mission, at least in the military where it is very difficult to manage attack surfaces and I was drawn to that. That’s the reason I started Ignyte.
SD: Can you tell me a little bit more about your background in cybersecurity?
MA: I started my career in the Air Force where I enlisted as a security specialist. I worked all across the Middle East right after 9/11 when security was in demand and learned everything I know about security in the Department of Defense. Eventually, I pivoted over to the commercial side and started working with the private sectors, large businesses, hospitals, banks, and tech companies. That’s where I really got to test my knowledge in the commercial application of cybersecurity.
SD: Can you give me a brief overview of what your company does?
MA: I started out as a technical practitioner in the field looking at software and source code analysis. Over the years, our company has really focused on trying to connect a lot of these technical deficiencies and technical risks into management. We call that integrated risk management or governance risk and compliance because whenever a policy writer or a lawmaker writes some sort of rule, they don’t necessarily have the complete insight on how that impacts a particular software or a computing system. Our software Ignyte Assurance Platform connects the two together.
We do that through language processing and through analytics. We leverage machine learning techniques where we partner up with other research labs to enhance the accuracy of information. You can apply these techniques to internal compliance, vulnerability management, foreign organization supplier risk, and supply chain risk management. Our platform brings some of those features, functions, and capabilities together for some of the businesses that we work with.
SD: What are the verticals that you provide your services for?
MA: Today we’re primarily focused on the defense industrial base, which works with the Department of Defense as private contractors. We also focus heavily on healthcare systems and medical device companies that fall within that realm. We also work with financial services: small banks, regional banks, credit unions, and anybody else that falls within financial services.
SD: How does your company stay ahead of the competition?
MA: It’s really hard to stay ahead of the competition. There are so many great companies out there with a lot of innovation. We tend to partner with companies that are innovating in the space and with the US Air Force or DoD directly. We are under various Cooperative R&D Agreements, which are called CRADAs where we’ll partner with a research lab. If the lab is trying to discover something very unique that doesn’t exist in the world, how do we solve this really tough problem? We have relationships with the US government to help us understand what’s going to happen in the next five to ten years when it comes to cybersecurity. In addition to working with labs, we have several customers and internal teams that push out innovation through our platform.
SD: What do you feel are the worst cyberthreats that are out there today?
MA: Today, I honestly think it’s still the human factor. We tend to make the worst mistakes, and it’s hard to change human behavior so you still have things like clicking on things that you’re not supposed to. We’re still getting emails from the Nigerian king that’s trying to offload money and people are still falling for that. You could say all of that is underlying and targeted towards phishing or hijacking somebody’s passwords. I think, by and large, the consumers are impacted by that.
Organizationally, at an enterprise level, those things do happen but there is a rigor to internal security and an expectation from an employee to not do those things. So, I think it’s getting better when it comes to the enterprise side. The enterprise side suffers from just managing the chaos, which we relate to the problem of governing the whole cybersecurity space. There’s a lot of abuse and the loss of resources because we’re doing too many things that are not very effective. We’re losing money because we’re spending time in the wrong areas, which is a big issue for the enterprise side.
For the consumer side, the issue is still the human who doesn’t know what they clicked on and downloaded ransomware and now their files are locked up and they have to pay someone with a credit card or Bitcoins to get data back.
These are the two ends of the spectrum. I see the problems either as a governance resource management issue or the human where we still don’t quite understand that an email can actually cause a lot of harm and damage to an individual.
SD: Where do you feel that cybersecurity is headed in light of the pandemic?
MA: I believe that cybersecurity is just accelerating where it was going to go—distributed computing model, zero-trust environments, and remote employment. Everybody is working from home and has access to information anywhere and at any time. The way we do operations today is generally managed, governed, and controlled from a central point of view.
I believe information security has accelerated in that we extend that protection scheme around the consumer of technology even when they’re at home. This means that we need to start considering managing the end-user not just their personal device and training the user even though they’re at their home and that computing resource might be shared between an employee and their spouse.
This is something we have to figure out in the next five to six years—how to control the attack surface when it’s constantly moving away from central control points. I think we’ll start to see a lot of folks leverage techniques like machine learning and artificial intelligence. You hear a lot of these things as buzzwords, but I think they’re going to start to become the reality of how we do automated response and how we actually leverage some of these techniques to help out all the technology consumers that might be impacted as we shift things from office to home.