50 Innovators of the Year 2021
CIO Bulletin
 
                The explosion of internet-connected devices inside enterprises around the world is revolutionizing the way we all work, but it’s also bringing about new and challenging risks. It’s giving malicious hackers even more ways to infiltrate companies, compromise critical infrastructure operators and generally carry out attacks that are meant to disrupt businesses around the world.
That’s why security testing is more critical than ever. It is not only crucial for the makers of IoT devices to test their products for security vulnerabilities, it is also essential for organizations to ensure their systems and networks are as secure as possible to prevent IoT attacks from compromising the entire enterprise.
“Even the most common vulnerabilities left unpatched inside internet-connected devices can give hackers easy access to execute attacks, steal data or disrupt operations inside the most critically important organizations,” said Jay Kaplan, CEO of Synack, the premier crowdsourced platform for on-demand security testing and expertise.
Synack brings an adversarial approach to testing. The cybersecurity company built an on-demand, crowdsourced platform that combines the talents of the world’s best security researchers with smart technologies to accelerate and scale security testing. This way, organizations benefit from a trusted network of ethical hackers who use some of the same techniques and tricks that malicious hackers use to infect and disrupt systems.
“The ethical hackers working on our platform are some of the best in the world,” said Kaplan, a former offensive cybersecurity specialist at the National Security Agency who cofounded Synack in 2013 with former NSA colleague Dr. Mark Kuhr. “They are attacking organizations just like malicious hackers would, but we’re doing it so they can find and fix the dangerous vulnerabilities.”
It’s an approach that is working around the world. Today, Synack protects leading global banks, federal agencies, DoD classified assets, and more than $6 trillion in Fortune 500 and Global 2000 revenue. The company is working with more than 22 federal agencies that have recognized the value of approaching security with an adversarial mindset.
Recent incidents such as the SolarWinds Orion hacking campaign and the Colonial Pipeline attack call for a more aggressive and offensive approach to security, said Kaplan. “We can’t sit back and continue to let our adversaries infiltrate our critical infrastructure. These attacks call for a new approach to security.”
Synack isn’t advocating layering on more security but doing the necessary work of finding and fixing the vulnerabilities that criminal hackers are taking advantage of time and time again. The Synack approach is an agile way of carrying out testing as it lets organizations narrow in on single assets or tests entirely new and complex systems. It can be as narrowly targeted or as broad as customers want.
Digital transformation is also raising the bar for security. The risk of a cyberattack that can disrupt new digital initiatives has become untenable for organizations worldwide. And yet, it is becoming increasingly cost-prohibitive for security teams worldwide to scale their defenses to the magnitude of the threat by continuing to hire more people or invest more dollars. They need a more efficient solution for security on demand.
“We’ve cut that cost by crowdsourcing the solution with the best security researchers in the world. Most companies wouldn’t be able to afford this kind of talent, let alone putting dozens of researchers onto a single project,” explained Kaplan. “We are also helping solve the cybersecurity skills gap by giving our customers the ability to either augment their internal teams or rely on our SRT (Synack Operations Team) for many of their testing needs.”
The Synack Operations Team provides end-to-end customer support to ensure a smooth process, high-quality findings without false positives, and close alignment with the company’s customers’ workflows. The hackers on the platform come with a variety of experiences and skills that have been developed while working across the industry, in the military, or in some of the top computer science programs in the world.
The Synack platform is the “perfect cybersecurity weapon” because it offers an unparalleled combination of human talent and artificial intelligence. It’s mostly because of the company’s approach to testing with an offensive mindset so that customers can fix their vulnerabilities before criminal and nation-state hackers are able to exploit them and carry out devastating attacks that could endanger national security. “We’re able to stress test critical banking, healthcare, or pharmaceutical assets in ways that mimic a real cyberattack. We have taken all of the adversaries’ strategies and turned them into the best possible defense,” emphasized Kaplan, Synack CEO.
The California-based company has pioneered the crowdsourced approach to cybersecurity successfully since its establishment in 2013. Its technology and expertise are cutting edge and undeniably one of the best in the space.
The Cybersecurity Expert
Jay Kaplan, CEO and Co-Founder
Jay Kaplan is the CEO and Co-Founder of Synack, the leader of crowdsourced security. Prior to founding Synack, Jay served as a DoD’s Incident Response and Red Team member and as a Senior Computer Network Exploitation and Vulnerability Analyst at the National Security Agency.
He has received multiple accolades for classified work at the NSA while supporting counterterrorism-related intelligence operations and was also a former member of the Commission on Cyber Security for the 44th President. Jay received a BS in Computer Science with a focus on Information Assurance and an MS in Engineering Management from George Washington University while studying under a DoD/NSA-sponsored fellowship.







