We talked to Slava Bronfman of Cybellum on how to provide better security risk assessment and detecting vulnerabilities in software without access to source code and this is what he had to say.
First of all, how are you and your family doing in these COVID-19 times?
Slava Bronfman: I am happy to say that my family and I are doing pretty well, given the current challenges. Heading a cyber startup, I can continue working and developing the business, obviously with quite a few changes to the work method and life rhythm. The past ten months are the longest I’ve spent in Israel. I usually travel a lot. In 2019 I spent six months on business travels, and this year, I didn’t leave the HQ office.
Tell us about you, your career, how you founded Cybellum.
Slava Bronfman: I started my cybersecurity professional career in the Israeli military. Like many Israelis who work in cybersecurity, I served in the IDF’s Intelligence Corps, where I worked on cybersecurity at both ends: defensive and offensive. It was an excellent place to learn about cybersecurity – because it combined using state of the art technology with world-leading cyber practices.
During my military service, I also met my friend and co-founder of Cybellum, Michael Engstler. Our goal was to automate one of the most exciting and challenging tasks in today’s defensive cyber world, vulnerability detection in connected devices.
As CEO of Cybellum, I am responsible for the business, sales, and marketing operations, working with automotive OEMs and suppliers worldwide to implement risk assessment solutions in the modern, connected vehicle.
How does Cybellum innovate?
Slava Bronfman: Cybellum is all about cyber risk assessment and vulnerability management for the automotive industry. We help product security teams of car manufacturers and their suppliers produce and keep their products secure just as they are safe. Our solution helps them identify, track, and manage their cybersecurity risks throughout the entire product lifecycle—from development to production and through post-production.
The modern, connected car is rich with software, with more code lines than in a jet. With connectivity comes a growing risk that cyber vulnerabilities introduced through accidental errors, lack of secure-coding practices, or insecure open-source software, get exploited by malicious entities.
Detailed representation of a component’s make-up and characteristics, including the software bill-of-material (also known as SBOM or C-SBOM), underlying hardware architecture, OS’s, configurations, encryption mechanisms, and keys, hardening mechanisms, full control flow, use API calls, and more. It provides insights into the composition, inner workings, and context in which device software operates.
Cybellum’s platform basis is on the Cyber Digital Twin platform’s technological concept – a detailed replica of each component’s make-up and underlying characteristics in the vehicle, automatically created within Cybellum and available for any cyber analysis throughout the car lifecycle. On top of this platform come two products – one for performing a full risk assessment of software vulnerabilities, alignment with security standards and regulations, etc. The on-going security operations monitor new software vulnerabilities and help product security teams mitigate those risks quickly before any harm occurs.
The security suite as a whole provides full risk visibility, a detailed mitigation plan for security findings, and on-going risk management for the product security and the security operation teams.
How the coronavirus pandemic affects your business, and how are you coping?
Slava Bronfman: Obviously, there has been a global economic slowdown because of COVID-19. Nevertheless, the automotive industry continues to innovate and prioritize cybersecurity projects to make future vehicles more secure and compliant with the new regulatory standards. Additionally, in these extraordinary times, manufacturers are looking for ways to improve their operations and increase efficiencies. So our team has not been as affected as some in other industries.
Our business’s size means that we are flexible and agile, enjoying frequent opportunities to evaluate the situation and ensure our company thrives going forward. Our quarterly strategies continuously undergo fine-tuning to react with the nimbleness to the changing environment around us.
Did you have to make difficult choices, and what are the lessons learned?
Slava Bronfman: The pandemic has introduced a whole new set of challenges for CEOs. From running a young, vibrant company, we all had to adjust and run the same business from afar. I had to cut budgets across the board, which was challenging and problematic. However, I needed not to cut on the workforce as it was always clear that business will pick up again eventually, as it did.
We invest so much in recruiting our team members, searching for the right professionals with the right experience and knowledge, and the right attitude and personality. I needed not to give up on any member, regardless of the circumstances.
Quite a lot of my time and focus made sure everyone is safe and has what they need to go through this challenging period. Prioritizing personal aspects over business aspects doesn’t always come naturally for a young startup in a competitive market, but it was the right choice for us.
How do you deal with stress and anxiety?
Slava Bronfman: My past – working for the Intelligence Corps of the IDF – means that I am accustoming to high-stress environments, and it has given me an excellent base to deal with the stress of running a business! I practice various mindfulness techniques regularly, and I can categorize pretty well. What’s more critical for me, however, is that my team remains happy and healthy – and I check in on them regularly to make sure they are coping during these trying times.
Who are your competitors? And how do you plan to stay in the game?
Slava Bronfman: There are a few cybersecurity startups, some are Israeli too, competing with us on attention, budgets, and prioritization. Our competitors dip their toes into other industries and don’t focus entirely on automotive. We are the only one that offers a full cycle of automated vulnerability management for the automotive industry, from design through production to operative product lifespan. It gives us a real edge. Quality is the best differentiator you can aim for, and happy customers are the key.
Global expansion is our most significant focus for the future. We are big believers in thinking globally and acting locally, meaning we build a global strategy and always think about expanding to additional markets. We know that the way to achieve this is to have a local presence in each market, with the right people and partners.
Your final thoughts?
Slava Bronfman: We fully expect 2021 to be the year to see a significant acceleration in the company’s growth as we expand into new territories and launch new products. Stay tuned – you will hear a lot more from us. In the meantime, I hope that everyone stays healthy, and here’s to a better year in 2021.