Companies to Watch: New York Founders at the Forefront of Cybersecurity

Cyberattacks and data breaches continue to rise each year, especially throughout the pandemic. In a “new normal” where we work from anywhere, on more devices and more networks, this risk is greater than ever.

Yet the cybersecurity skills gap remains a top challenge in 2021. According to data released by Tech:NYC and Accenture earlier this year, cybersecurity expertise is one of the top technical areas where NYC companies of all kinds are looking to increase hiring. Even with that demand, some four million cyber jobs are left unfilled globally.

That’s why NYC has been making key investments to make sure the solutions are built right here at home. This summer, a coalition of government agencies and businesses in NYC opened the nation’s first Cyberattack Defense Center, and the city’s Cyber NYC initiative is investing $100 million to add 10,000 new jobs to the homegrown cyber workforce.

For this month’s Companies to Watch, we’re highlighting New York cybersecurity startup founders on how the pandemic accelerated the security needs of individuals, businesses, and governments alike.

DEDUCE

What does your company do?
Deduce co-founder and CEO Ari Jacoby: Deduce helps brands protect their customers from identity fraud, like account takeover and new account creation fraud. We do this by providing the US’s largest identity network comprising over 400M identity profiles generated from 150,000 participating websites and producing over 1.2B daily activities to keep consumer identities and brand reputations safe. 

A question we love to ask every founder: why New York?
AJ: Prior to founding Deduce, I founded and sold three venture-backed startups in the adtech space. New York is really a hub for fintech today so it made sense to be located here for those companies — and hey, why break a winning streak in NYC? 

You launched a new platform that serves as a sort of “cybersecurity radar” for users. What sort of warning signs should people be looking for?
AJ: Over 50,000 consumer identity profiles are stolen every minute — the bad actors are getting more aggressive and smarter at using compromised identities for nefarious purposes. The Deduce Identity Network provides brands with real-time access to data to make informed decisions about the validity of everyone attempting to log in or sign up to their service. Our Identity Insights product provides fraud and risk teams with immediate trusted, potentially fraudulent, and definitely fraudulent trust signals so they can act on the login activity. Potentially fraudulent login attempts can be challenged with our seamlessly integrated Customer Alerts product that prompts the customer via text or email to ensure that their login attempt is valid. This drives brand loyalty through consumer trust. 

Did broad remote work shifts over the last two years make cybersecurity measures more important?
AJ: Our solutions are designed for brands or platforms and the consumers they serve. However, there has been a 67 percent increase in consumer identity fraud since the global pandemic started as more consumers turned to online shopping, banking, and food delivery services. This has been a boon for bad actors. 

You raised your seed round in December 2020, and of course, had no way to know COVID-19 was coming just a few months later. But then you announced your Series A this summer. Did the pandemic impact your plans for those investments?
AJ: If anything, the pandemic and ensuing increase in consumer identity fraud made us more determined than ever to tackle bad actors and shut down their activities. The funding allowed us to stay in stealth mode until we had established the Deduce Identity Network to such a scale that it surprised people when we talk about the data volume and richness we have amassed. Everyone told us what we were proposing was impossible, that we’d never get the collaboration to generate the data we were proposing — we’ve done it! 

If you were to run cyber strategy for a day — say, for NYC’s new Cyberattack Defense Center — what’s the most important issue you would dedicate your time to?
AJ: Consumer awareness is essential. Let’s face it, passwords don’t work. The vast majority of consumers use one or two passwords for all of their online activities and this just makes the job of the bad actors easier. We must all educate consumers about security and until passwordless security becomes the standard  We should give companies the tools and data to provide a frontline defense against identity fraud while laying the foundation for a Trusted User Experience and a passwordless future. 

Okay, some rapid fire questions. First: where do you get your favorite pizza slice?
AJ: Prince Street Pizza.

Where do you get your favorite bagel?
AJ: Murray’s Bagels.

What’s the best place in New York for a coffee or lunch meeting (remember in-person meetings)?
AJ: The old Union Square Coffee Shop, RIP.

What’s your favorite remote work office hack?
AJ: Headphones.

What’s one online safety tip you wish more people knew about?
AJ: Make a New Year’s resolution to update all of your passwords by using the suggested strong password and a password keeper for all online activities.

HACWARE

What does your company do?
HacWare founder and CEO Tiffany Ricks: HacWare caters to your unique security awareness needs by helping your users understand phishing risks and deploys hyper-custom training to change risky user behavior once and for all.

A question we love to ask every founder: why New York?
TR: HacWare originally launched in Dallas, Texas and were heading toward the “valley of death” because we could not find investment funding to fuel our growth plans. New York had everything we needed to get this early stage startup off the ground. Our first very early stage investors who believed in our vision were in New York. The startup community is amazing and supportive, and the NYC Economic Development Corporation and Columbia Technology Ventures provided mentorship and access to security executives which gave us access insights on how to better address their needs.

To start, tell us about your background as an “ethical hacker.” What were you helping companies find out doing that work?
TR: I was helping companies understand how they can get hacked. I was showing them what a cybercriminal can steal from their organization and the impact it can have on them. This is more critical now because more companies are digital and easy to access.

What originally made you want to shift from that work and your experience as a software engineer into a founder role?
TR: I have always been a founder.  As a kid I dreamed about business ideas and I started my first company at 19 when I learned how to code.  I like to think of myself as a founder that uses software to solve problems.

What’s the number one issue early-stage startups overlook in their security strategy? What about larger companies?
TR: Early stage startups are so focused on innovation and solving their problems that they often overlook application security, because software engineers rarely secure coding practices. Once they scale, they often overlook the importance of security awareness training to combat phishing attacks. This is the problem HacWare is solving because our automated platform simulates phishing attacks and our learning management system has a huge selection of secure coding training courses to keep startups safe.

If you were to run cyber strategy for a day — say, for NYC’s new Cyberattack Defense Center — what’s the most important issue you would dedicate your time to?
TR: Human error accounts for 85 percent of cybersecurity data breaches. I would start with the people and build from there — focus on setting the employees and contractors up for success with prescriptive training and then set up guard rails to ensure the organization has a reliant process that focuses on the human element.  

Okay, some rapid fire questions. First: where do you get your favorite pizza slice?
TR: Gino's Pizzeria in Brooklyn.

And where do you get your favorite bagel?
TR: Bergen Bagels in Park Slope.

What’s the best place in New York for a coffee or lunch meeting (remember in-person meetings)?
TR: I like to get a coffee from the Nerd Be Cool Espresso Lab and take the meeting at the Brooklyn Conservatory of Music Garden. It’s quiet, beautiful, and has reliable wifi.

What’s one online safety tip you wish more people knew about?
TR: 85 percent of breaches involve human error and cybercriminals’ number one tool for breaches is email phishing attacks. Security awareness training is the only way to change human behavior and stop email phishing attacks.

SHARDSECURE

What does your company do?
ShardSecure co-founder and CEO Bob Lam: ShardSecure is disrupting the data privacy and security market with its Microshard technology — the only solution capable of breaking data into single-digit bytes and distributing across cloud locations without sacrificing performance. Our microsharding solution provides zero data sensitivity and can be used with or without encryption to provide true defense in depth. 

A question we love to ask every founder: why New York?
BL: Why not? ShardSecure has the best customers in NYC — banks, asset management, healthcare, technology. As the business world has reopened in the last few months, we have been meeting our customers for lunches, dinners, and drinks. Personally, I have lived in NYC for over 25 years — I went to NYU. While I am always on the road, I am proud to call NYC home!

You started your career at J.P. Morgan. How did that role propel you to wanting to found your own company?
BL: I spent seven years on Wall Street at Bear Stearns, which was later acquired by J.P. Morgan. I was a cybersecurity specialist, leading the cyber practice, and it was logical that I started cyber companies after I left Wall Street. I am able to leverage the knowledge and more importantly the network that I’ve built over the years in growing cyber startups, including ShardSecure.

We hear about the cybersecurity practices big Fortune 500 companies have, but have you seen more demand from other types of businesses or industries?  
BL: Our customers are mostly Fortune 500 but we also have great non-Fortune 500 customers including leading regional banks and hedge funds.

Have security breaches gotten worse during the pandemic? Is COVID-induced remote work to blame?
BL: Yes, online activities have accelerated since the pandemic started in March 2020, and as employees continue to work from home, CISOs are not only defending corporate data centers, they also need to ensure remote employees exercise cybersecurity best practices when they work remotely.

If you were to run cyber strategy for a day — say, for NYC’s new Cyberattack Defense Center — what’s the most important issue you would dedicate your time to?
BL: NYC needs better collaboration with the private sector, including with both major Fortune 500 companies and startups. NYC also competes with other global cities, some of which are part of hostile nation-states. NYC needs to be prepared to defend itself against attacks by other national governments not necessarily friendly with the US.

Okay, some rapid fire questions. First: where do you get your favorite pizza slice?
BL: John’s of Bleecker Street for the whole pie. For slices, Joe’s Pizza on Carmine Street.

And where do you get your favorite bagel?
BL: Brooklyn Bagel on 8th Street in Manhattan.

What’s the best place in New York for a coffee or lunch meeting (remember in-person meetings)?
BL:  It really depends on whether the clients are midtown or downtown. There are just so many options in NYC!

What’s your favorite remote work office hack?
BL: Grabbing space at any of the Regus offices close to my client meetings.

What’s one online safety tip you wish more people knew about?
BL: Never use the wifi at airports or Starbucks.