In an interview with Insights Success, the CEO of Tinfoil Security, Ainsley Braun shares the vital contributions of Tinfoil Security to the security industry. Tinfoil Security was founded in 2011 by Ainsley Braun and Michael Borohovski, two MIT and intelligence community alumni who were tired of seeing their own information insecure on the internet. Tinfoil Security streamlines the security process and focuses on developers, providing the first line of security tools that easily integrate into the DevOps and development processes. Today, many companies are using Tinfoil Security to secure their websites.
Below are highlights from the interview conducted between Ainsley Braun and Insights Success:
Give a brief overview of the company, its uniqueness and its vision.
Tinfoil Security builds cybersecurity solutions that empower DevOps teams. With the most comprehensive and usable security products on the market, Tinfoil streamlines your security needs with tools that easily integrate into any DevOps process or SDLC. Your DevOps teams become the critical first line of defense, increasing bandwidth for security teams to prioritize and focus on more strategic security initiatives. Tinfoil Security works to continuously improve the state of the industry’s tools in combating attackers around the world. Tinfoil’s vision is to empower Developers and DevOps teams with full and continuous cybersecurity integration.
What are the cutting-edge products/solutions offered by Tinfoil?
API SCANNER: The Tinfoil Security API Scanner is able to detect vulnerabilities in any API, including webconnected devices such as mobile backend servers, IoT devices, as well as any RESTful APIs. Tinfoil’s API scanner has been built, from the ground up, to focus on APIs specifically, rather than jury-rigging a web application scanner to be able to handle APIs half-well.
“We focus on providing security for developers and DevOps teams with real-time security reports pushed directly into your their workflow”
WEB SCANNER: The Tinfoil Security web scanner checks for over 70 classifications of vulnerabilities, with hundreds to thousands of specific checks for each type, including all of the OWASP Top 10 Web Application Security Risks. Additionally, they are always adding more as new zero-day vulnerabilities are discovered. The company scans each time a new version of its clients’ site is deployed, and can also log into any website, including SAML / Single Sign- On authenticated sites. Its patent-pending Login Recorder allows companies to teach the Tinfoil Security scanner how to authenticate into their applications by recording their login sequence. Tinfoil constantly updates in real-time, so customers can be confident that their applications are being protected against the latest threats. The platform regularly incorporates new tests, and consistently scores higher than any other scanner on open-source benchmarks.
Give a detailed description of the featured personnel’s influence over the company and his/her respective industry.
I realized that I wanted to be a leader and innovator in the cybersecurity industry during consulting with Booz Allen Hamilton, where I worked upon graduating from MIT. I teamed up with fellow MIT alumnus Michael Borohovski to build Tinfoil Security. I am also a member of the Silicon Valley Leadership Group, and a Board Member on the council for Women in Cybersecurity at California Technology Council (CTC), working on initiatives to help educate and attract more women into the industry. I’m fairly involved with StartX, the Stanford-affiliated startup accelerator, mentoring teams as a Neighborhood Lead, sitting on the Female Founders Board as a Member, and as a part of their Selection Committee.
Describe the experiences, achievements or lessons learned that have shaped the journey of your organization in becoming a Unicorn company.
In the early years, Tinfoil was focused exclusively on SMBs, as it was an underserved market that sorely needed help with their application security tooling and process. As we grew and gained SMB market share, we discovered that enterprise organizations actually had very similar problems and lacked solutions to bridge the gap between the vastly increased speed of development and the relatively smaller security teams. We quickly realized in order to steer Tinfoil Security in the direction of becoming a globally competitive player in this space, we had to switch our focus into the enterprise. This strategy has led the company well into profitability, while still maintaining, supporting, and selling to tens of thousands of customers in the SMB market.
What are the challenges faced while providing solutions and services in a volatile and competitive market and how is Tinfoil serving to tackle them?
At Tinfoil Security, we understand that for large enterprise companies, development teams are hundreds to thousands strong, while security teams are often vastly smaller. Their development teams continually test for functional bugs (unit tests, integration tests, etc.), but due to the complexity and time it can take, there is zero or very little testing done for cybersecurity-related issues. We have focused on creating the most comprehensive, transparent and usable security products on the market to solve those challenges.
What, according to you, could be the potential future of your field of expertise/operations and how do you envision sustaining competency?
Security is constantly changing and it’s important to stay ahead of the game as much as you can. I see security becoming more seamless and automated as technology progresses. I see so many organizations where the security team can’t keep up with the development teams; faster security can only be achieved by giving the development teams training and tools to implement security. In the world I see, security teams will be distributed across the organization and collaboration should increase over the next few years.
I also see security engineers getting more training on attacking systems. Corporations are slowly creating their own red teams (attack teams) to analyze their systems on a continuous basis, and more and more companies are beginning to use Capture The Flag (CTF) competitions to train their employees on attack and defense.
“Tinfoil Security makes our developers’ lives easier – and they actually want to use it. Not only can they find exactly where to fix vulnerabilities, but the developers gain education and knowledge on why vulnerabilities need to be fixed, increasing collaboration.” – AL GHOUS, Senior Director, Cyber Security, GE Digital