Cyber Leaders of the World: Shay Siksik, VP of Customer Experience at XM Cyber

Please tell us a bit about yourself, your background and your journey at XM Cyber

As a teenager, back then, in the 90s, when I got my first PC, instead of playing computer games, I always tried to understand what is happening behind the scenes of my windows 3.1 machine. I used to reverse engineer things as a hobby, identifying vulnerabilities, and always found it fascinating. Since then, everything I do revolves around cyber security. In recent years, I had many customer-facing roles where I enjoyed connecting people to cyber security.

I joined XM Cyber one year ago, and as the VP of Customer Experience at XM Cyber, my department is responsible for the entire customer journey. It begins by onboarding customers, understanding their business needs and challenges, defining goals, and delivering value to meet those business goals. It includes many aspects; monitoring and ensuring that our SaaS platform works correctly and that we tackle potential issues before they happen. User training, partner enablement, and acting as a trusted security advisor are all key functions to highlight critical risks and provide consultancy and guided remediation.

Tell us about your business, what are your company’s vision and goals?

XM Cyber is a hybrid cloud security company that’s changing the way innovative organizations approach cyber risk. Its attack path management platform continuously uncovers hidden attack paths to businesses’ critical assets, enabling security teams to cut them off at key junctures and eradicate risk with a fraction of the effort. 

Our goal is to give security teams the ability to quickly understand and correct their security posture continuously, including weaknesses, exposures, and compensating security controls across the internal and external attack surface, covering on-prem, cloud, and SaaS platforms.

In which industries and processes do you see the greatest opportunities for your solution and why

We have customers from different industries, but most are from the Manufacturing, Telecom, Financial, and Retails industries.

Mid to large size organizations get the most value from our solution. Our approach solves big problems. The bigger the organization is, the bigger the challenge is, and our value is higher. If you think of large organizations, they have many processes and siloed security solutions to identify and remediate risk, for example, vulnerability management, risk management and cloud security controls, in each of them they end up with endless lists of issues to check and remediate. Those come with no real prioritization, no business context, and lack the understanding of what the real adversary will exploit.

Moreover, you see these different issues are seen individually and disconnected from each other. It causes a big disconnect between what the defenders are doing and how adversaries see and attack networks. Our Attack Path Management platform identifies potential attack paths that adversaries could use, connecting the dots between different security issues and allowing organizations to identify “choke points” – the junctions between different attack paths. Organizations can then focus their remediation efforts and cut the attack paths in a cost-effective manner.

Which tools can a regular user or a small company use to better secure their data and business?

I would start with the basics – invest in cyber security awareness tools and have the bare minimum Antivirus and Endpoint tools installed and properly configured. The first would make you consider any website and email you open and hopefully will prevent phishing or drive-by attacks that are more common for a regular user. The second will allow the detection and actual prevention of attacks.

On top of the basics, it depends on the company. Given that not every company is equal, each has a different IT footprint, security stack, threats, and assets they need to protect; I would recommend running a risk assessment, manually or automatically using tools, to identify this area of investment.

What is something surprising you’ve learned this year that our readers would benefit from knowing?

I learn many things every day, and I especially enjoy statistics. When analyzing our data, we discovered that organizations have 80% less issues to remediate by knowing where to disrupt attack paths. In addition, on average, attackers can compromise 94% of critical assets in less than 4 steps. This emphasizes the need to prioritize and focus on the most critical issues.