The delegation was focused on introducing new and innovative technologies & companies in the Cybersecurity space to both corporations and government entities in the North-East.
We kicked off the roadshow at the Rise accelerator which was created by Barclays bank to help them incubate and collaborate with startups. The team at Barclays shared their insights into the challenges and opportunities the bank is facing in the Cybersecurity realm. The insights provided regarding how to engage with Barclays and partner with them were very valuable.
From Manhattan, we boarded the bus and headed down to Philadelphia for a meeting with local businesses in the Delaware Valley area hosted by the Philadelphia – Israel Chamber of Commerce.
We saw a number of presentations and held a few panel discussions. Some of the presenters shared their focus areas and the Cybersecurity challenges faced by organizations today. We received strong confirmation that most organizations are looking to deploy DAST solutions that can integrate into their SDLC and help drive automation to reduce risk.
The presentations were followed by a pitch event where each company presented for 3 minutes.
Here’s a short clip from our presentation:
We wrapped up with B2B meetings with local businesses.
On day 2 we traveled back to Trenton, NJ and met with a delegation from the NJ Govt and Homeland Security for an insightful discussion about their view and insights about Cybersecurity threats and challenges. The issues of shortage in security professionals and the need for spreading the responsibility for security across the organization and from the security organization to the development organization were prominent. This again provided strong validation for Bright’s approach and our ability to help organizations of any size improve their Cybersecurity posture.
We then headed back to Manhattan and had a marathon session of meetings with a long list of companies at the SOSA offices in NY.
On day 3 we were hosted by Citibank in their Manhattan HQ and met with a group of Cyber and development professionals. It was very interesting to learn that large companies like Citi face similar issues to all the other companies we met, al-be-it at a far larger scale.
A special thank you to Mr. Inon Elroy, Economic Minister to North America and his entire team and Ms. Yaara Sabzerou, Manager, Cyber Security Unit, the Israel Export and International Cooperation Institute for organizing the event and all their support.
We are already engaged with a number of prospects from the event and look forward to participating in future events.
CircleCI and Bright team up to provide a superior DevSecOps process
Implementing a DevSecOps process was never easier!
CircleCI, a leader in cloud-native Continuous Integration, according to Forrester, and Bright, the maker of the world’s first AI-powered Application Security Testing Tool (AIAST ® ) partner to make the process of delivering secure applications faster and easier than ever.
What does that mean for you?
Continuous integration gives teams the confidence to ship quality software at a rapid pace. That’s why leading companies like Samsung, Spotify, and Coinbase rely on CircleCI to enable market-leading value delivery.
But delivering fast, without paying attention to security will not get you far!
Bright helps eliminate the huge shortage of security personnel by enabling developers and QA teams to run their own Dynamic Application Security Tests. Our application security solution is fully integrated with the CircleCI Orb enabling you to incorporate our automated DAST solution into your DevOps process. We enable you to resolve security concerns as part of your agile development process resulting in significant time saving and improved collaboration between the security organization and the development organization. Test results are provided to security teams so they have complete visibility into vulnerabilities found and remediate.
“We are very excited to partner with an amazing company in CircleCI and integrate our solutions within their Orb. This partnership enables organizations using CircleCI for their DevOps to not only ship code quickly, but deliver secure code as well. We look forward to helping many CircleCI customers achieve a higher level of security”
Shoham Cohen, Bright’s CEO
Why does it matter?
With the huge global shortage in security professionals, integrating security into the DevOps process and enabling developers to detect and remediate vulnerabilities early in the process provides significant advantages to companies. It reduces the reliance on overworked security people while improving developer happiness levels and enabling faster deployment of a higher quality application.
Writing secure code is becoming a greater challenge every day. Even large multinational companies that attract the best developers from all around the world, face this problem. They suffer vulnerabilities from SQL Injection, Cross-Site Scripting, to backdoors in their code.
The effects of integrating security too late, or as we have seen in some cases, not at all, into the SDLC, is a dangerous and expensive game to play. Whether being fined and suffering financial and reputational losses when breaches occur, or being more costly to remediate vulnerabilities when they are discovered late or in the production environment.
Bright Welcomes new VP of R&D, Sijawusz Pur Rahnama
Bright is proud to announce and welcome Company’s new VP of R&D, Sijawusz Pur Rahnama.
Sija has a wealth of experience gained from years of hands-on experience as a startup founder, CTO and various engineering roles. His diligence fueled by a product-oriented approach and a keen eye for detail has turned him into a pillar of a number of development communities and enabled his clients to achieve technological advantage and market visibility.
At Bright our focus is on acquiring and developing the best talent so we can serve our customers and continue driving technological innovation empowering DevSecOps. We are very excited to have a leader like Sija leading our development organization and we are already benefiting from his knowledge and experience
Shoham Cohen, CEO
Before joining Bright, Sija lead next-generation software implementations and shaped team cultures as a founder & CTO of a few companies. His abilities and acute technological instincts are the results of more than 16 years of hands-on experience working closely with software engineers, product teams, UI/UX designers and of course – users. Driving synergy between vision, technology, product, and achieving business objectives lies at the heart of his decisions.
At Bright, Sija will be in charge of developing sound organization culture, organizing internal development processes and creation and implementation of new technological solutions to advance DevSecOps and QA markets.
About Bright
Bright created AIAST(R) technology that automates a human’s critical thinking process when detecting vulnerabilities. Bright’s full suite of Dynamic Application Security Testing solutions deliver full automation of your AppSec testing, at scale, allowing organizations of all sizes to stay ahead of even the most ruthless of hackers, by comprehensively testing, assessing and improving their cybersecurity posture regardless of the industry, whether for software and web applications, Blockchain exchanges and applications, FinTech, Smart industries, Automotive, Healthcare, IoT and more.
For more growth stories and cybersecurity news, make sure to follow our LinkedIn page.
What We Learned At CyberTech Europe
A synopsis of our experience whilst exhibiting at the Innovation Zone at Cybertech Europe 2019 by our SVP Sales & Partnerships, Oliver Moradov.
CyberTech has historically been a great event for us, winning the CyberTech TLV 2019 competition as the most innovative and disruptive solution in Cyber – and the event in Rome was as successful, in different ways.
The event was a great opportunity for Italian Cyber, InfoSec and IT professionals to get up to speed with the latest and cutting edge CyberSec technologies, especially with those exhibiting in the Innovation Zone, as we were.
It was also a great opportunity for us to learn more about the Italian market and more importantly, the current status of Italian enterprise and public body organisations in terms of their InfoSec and cyber security practises and posture.
Globally, it is clear that the cyber security industry is growing, fuelled by companies realising that simply being compliant will not cut it, especially in the wake of the high profile attacks and breaches over the last 12 months.
I had an absolute whirlwind of a week with my colleagues, enjoying back-to-back-to-back meetings, speaking to almost 100 people / organisations across a complete cross-section of industries and sectors, who specifically wanted to understand how they could approach developing and releasing more secure applications, faster, whilst also being able to scale the testing of their applications in production.
There were several common themes across every engagement we had, but I will use one example that highlights all the salient lessons I learnt.
Speaking to InfoSec representatives of one Public Services organisation, who will of course remain unnamed, they were completely disjointed from the development team. They were candid in their responses – they knew absolutely nothing about the security measures, in particular the AppSec testing, that their development colleagues had in place prior to release, even though they headed up InfoSec. They would perform periodic (but not regular) testing, that would consist mainly of manual testing internally, but admitted they didn’t have a sizeable team with the requisite experience to cover the 950 applications they continue to manage. Over 700 of the applications they have are legacy ones (a common theme across industries and sectors we spoke to), on old frameworks and languages and current DAST tools simply do not work. When asked how much they spend on manual PT, the universal “Mama Mia..!” explained its magnitude perfectly.
Interestingly, whilst speaking to them, another delegate approached our stand and started talking to my colleague, only for me to notice from his pass around his neck, that they were from the same organisation! They had never met (which with thousands of employees was understandable) and after making our introductions, we realised we had the development to left of me, InfoSec to the right, “here I am…..at CyberTech with you…”
Normally played out over a webex, I had the benefit of now being able to watch two departments that are intrinsic to an organisations security, whose actions directly effect each other, discuss their issues.
The immature DevOps process relied solely on SAST. They were not happy with it and the false positives created, a major drain on their resource. They wanted to implement DAST, but after a few evaluations and PoCs, they realised that the tools would slow them down and not give them the coverage they need.
The InfoSec guys complained that too many vulnerabilities were getting through, the detection of these was too late and the mammoth task of effectively prioritising remediation had snowballed so much that they didn’t even know where to start..!
Sounds familiar..? They and you are not alone and is why the concept of DevSecOps is one that is gaining more and more traction, but is at the embryonic stages in Italy at the moment.
It’s well known that software vulnerabilities are the main cause of successful cyber attacks and data breaches, an issue that needs to be addressed immediately.
The processes adopted by companies to develop software and organisation’s dependency on these applications has changed exponentially, resulting in a greater exposure to risk.
Everyone agrees that application security is a business critical process, but is one that historically does not compliment or indeed fit the application / software development methodologies like DevOps and so is doomed to failure, failure at being used or integrated into the processes at all, so as not to impact on the commercial business goals.
All of the engagements that I had agreed that in order to succeed, the gap between security and development needs to be eradicated all together.
The interest in our innovative approach and the pain points we remove was amazing – we spoke about how easy it is to embed and to seamlessly integrate comprehensive, accurate and automated security testing into the DevOps process, regardless of the maturity of the DevOps process, or indeed if they had one yet at all.
They were able to understand that with the solutions on our AIAST platform (like Bright), that deliver simple to use, intuitive and unrivalled testing capabilities that require no cyber security experience, security testing can be put into the hands of their developers, integrated into their agile development or unit testing processes and / or enabling even their QA to introduce automated AppSec security testing.
Based in the UK, the number of Brexit jokes I had to endure over the trip was understandable, but whilst we determine if its better to be in or not, to be unified or not, one thing is for certain….a union of DevOps and security is of paramount importance to reduce exposure and AppSec Testing automation is the only way of effectively achieving this.
