20 December 2021
Gal Helemski, Co-Founder and Chief Innovation and Product Officer at PlainID was named one of the “Top 25 Women Leaders in Cybersecurity of 2021” by The Software Report.
In honor of that award, we present this Q & A with Gal, talking about her career path, why IAM is such an important field, what’s next for PlainID, and a touch of advice for women entering the field of cyber security.
Like many other founders of start-up companies in Israel, it all kicked off for me when I was in the Israeli Defense Force. I served in the Mamram, which is the IDF’s main computing unit, as a system developer and instructor.
I really enjoyed my job and wanted to continue with it or something similar; technology fascinated me. So when I finished my national service, I joined MEMCO, one of the first cybersecurity companies in Israel. It was later acquired and I moved on to CyberArk, another cybersecurity company.
There was a constant learning curve and I felt incredibly lucky to be surrounded by the talented people I worked with; I invested in understanding and learning more about cybersecurity. I went on to become a consultant in cybersecurity, with special emphasis on Identity and Access Management and worked with some of the largest organizations in Israel.
This eventually led to what I'm doing now, which is PlainID, of course.
After having worked with multiple companies and leading several identity and access management implementations, I realized there was a gap in the area of IAM. At the time, I was working with Oren Harel (co-founder of PlainID) who was deputy CISO at the largest bank in Israel.
We decided to work together to build a solution for the wide gap in the IAM market that many companies were experiencing.
There is a lot of innovation in this space; for quite some time, there was a lot of work primarily around identity and authentication. So the market was kind of positioned there. Many organizations were implementing that part of identity and access management because the authorization area is more difficult, obviously. But now, things are changing.
They’re changing because technology has advanced. There are better options for adopting new technologies in a simpler way. The implementation process, the ability to use those advanced solutions has become even simpler. It has to work side by side with the technology advances in the market. For example, let's take microservices. Moving to the microservice based architecture introduced a great opportunity to advance identity and access management solutions.
There are things you couldn't really do in the past - you couldn’t control access dynamically, you couldn't control access external from your code, or it was very difficult to do so. Now it's easy. It’s simple as the technology enables you to do that. And that's what organizations need to know. They need to know that they are no longer confined by the old boundaries, but they can really use and take advantage of the new technologies and developments in this market.
Well, there are still a lot of legacy systems out there and they don't always work that well with the newer solutions. And that's fine. That’s why you need a solution that can possibly also work with your older technology. In any case, the goal is not 100% coverage of all your identities and data within the IAM solution that you've built., lesser coverage also provides high value, gradually reduces the overall invested resources and sets the infrastructure for what's to come.
Organizations need an IAM strategy that covers identity, authentication and authorizations. It must also take into account the current technology stack in use, and what is planned in the near future. Then consider what’s the best set of solutions to support that, efficiently and securely.
What challenges do you want to tackle next? What's on your IAM bucket list of problems to be solved
There are several, if we’re looking at what we are doing here at PlainID. We are always aiming to provide advanced IAM solutions, identity and access management solutions - we want to push this space forward, and we are doing that in several ways.
We have just launched a new product which is a Partner Identity and Access Management. This is an area which, again, isn’t covered well by existing products. We are able to provide a solution that enables companies to manage partners' access easily, in a way that is aligned with the way they do business.
If you are relying on external users to build your business, then you are impeded by a major gap in current IAM solutions. Your partners need proper access controls, and delegated management tools for it to be efficient. The solution should be aligned with the existing partner onboarding/offboarding process, partners as organizations, and not just singular identities. So this is one major area we are currently addressing with a new product launch.
A second area is of course, advanced authorization solutions. I want to specifically highlight microservices. I think this is a great opportunity for many organizations to rethink how authorizations fit into their overall architecture, and to provide more dynamic advanced enforcement capabilities.
There’s more on the product roadmap; but these are the main challenges on our table currently.
Overall, our goal is to advance with the IAM market to provide better authorization solutions.
You can see the risks all over the news all the time. If you don't have good cybersecurity solutions in place, then you're exposed and businesses can’t afford that anymore. They can't afford for the wrong people to gain access to their data or to their resources.
There are many aspects to cybersecurity in general. At PlainID we are dealing with identity and access management. And not having that in place in the right way, exposes organizations. It exposes their data, it exposes capabilities. Proper controls need to be in place, that is the area of cybersecurity on which we focus.
I think first of all, the ability to listen, to learn and understand from everyone around you. And then to be able to share your opinion but in a way that enables the people you are working with to cooperate with you. Showing the options and suggesting the path which they should take is key.
I don't think it's especially important for women. I think it's important for women to know it is possible. Taking leadership roles in cybersecurity or any area is important to everyone, male and female. I do not distinguish, but sometimes I think it may seem to women that it's not an option. To both men and women I’d say, if you made a decision that this is what you want to do, this is your choice of career path, then go after it.
Yes, obviously, I did. I am a mother, I have three great kids, and I had to make some decisions when they were very young. I had to make decisions about where and how I spend time with my family, and invest in that. But they are grown now and I can move forward in the way I wanted to begin with and that's what I'm doing. You need to prioritize. Motherhood is not a blocker. You just need to know how to manage it all, and you need to be able to share with your family your considerations and what's important for you, what you want to do, and see together how that can work.
Just know it is possible. What is possible is what you choose to be possible. That’s very, very important. There aren't any blockers, only those you place on yourself. You can build yourself into whatever position you want. You have to be complete and feel comfortable with your decision.
It’s not always a smooth path, for men or women, but know that you can have a good career in cybersecurity, if that's what you choose.
First of all, we are very particular in our screening. We want our team to be professional But also, we want them to fit in with the company culture. We invest in education. We invest in advancing employees in the company, to take more responsibility in their positions. I think it's important to show a career path for our employees, both men and women.
If we identify talents, we encourage them to move forward and to be able to use all their abilities where they can feel more complete and excited by what they are doing.
We aim to provide professional and advanced solutions. We like to work closely with our customers and we want to hear their opinion. Their opinions matter and really affect our product development roadmap. I believe most of our customers know how much we value them. So that won’t be new to them.
To lean more about PlainID and our IAM solutions, contact us using the form below.