A Catch-Up With PlainID Founder, Gal Helemski

June 17, 2021

Gal Helemski, Co-Founder and Chief Innovation and Product Officer at PlainID was named one of the “Top 25 Women Leaders in Cybersecurity of 2021” by The Software Report.

In honor of that award, we present this Q & A with Gal, talking about her career path, why IAM is such an important field, what’s next for PlainID, and a touch of advice for women entering the field of cyber security.


Tell us a little bit about your career history - How did you get into the field of cybersecurity and why did you choose this as a career path?

Like many other founders of start-up companies  in Israel,  it all kicked off for me when I was in the Israeli Defense Force.  I served in the Mamram, which is the IDF’s main computing unit, as a system developer and instructor.  

I really enjoyed my job and wanted to continue with it or something similar; technology fascinated me.  So when I finished my national service, I joined MEMCO, one of the first cybersecurity companies in Israel.  It was later acquired and I moved on to CyberArk, another cybersecurity company.

There  was a constant learning curve and I felt incredibly lucky to be surrounded by the talented people I worked with;  I invested in understanding and learning more about cybersecurity. I went on to become a consultant in cybersecurity, with special emphasis on Identity and Access Management and worked with some of the largest organizations in Israel.

This eventually led to what I'm doing now, which is PlainID, of course.

How and why did you start PlainID? What need were you trying to fill?

 After having worked with multiple companies and leading several identity and access management implementations, I realized there was a gap in the area of IAM.  At the time, I was working with Oren Harel (co-founder of PlainID) who was deputy CISO at the largest bank in Israel.

We decided to work together to build a solution for the wide gap in the IAM market that many companies were experiencing. 

What do you think is important for folks to know about the state of IAM today? What should people be thinking about?

There is a lot of innovation in this space;  for quite some time, there was a lot of work primarily around identity and authentication.  So the market was kind of positioned there.  Many organizations were implementing that part of identity and access management because the authorization area is more difficult, obviously.  But now, things are changing. 

They’re changing because technology has advanced.  There are better options for adopting new technologies in a simpler way.  The implementation process, the ability to use those advanced solutions has become even simpler.  It has to work side by side with the technology advances in the market.  For example, let's take microservices.  Moving to the microservice based architecture introduced a great opportunity to advance identity and access management solutions.  

There are things you couldn't really do in the past -  you couldn’t control access dynamically, you couldn't control access external from your code, or it was very difficult to do so. Now it's easy.  It’s simple as the technology enables you to do that. And that's what organizations need to know.  They need to know that they are no longer confined by the old boundaries, but they can really use and take advantage of the new technologies and developments in this market.

What You Need To Know About Cybersecurity Mesh Read Now

What are the current roadblocks?  What is there that still needs to be fixed and improved in IAM?

 Well, there are still a lot of legacy systems out there and they don't always work that well with the newer solutions. And that's fine. That’s why you need a solution that can possibly also work with your older technology.  In any case, the goal is not 100% coverage of all your identities and data within the IAM solution that you've built., lesser coverage also provides high value, gradually reduces the overall invested resources and sets the infrastructure for what's to come.     

Organizations need an IAM strategy that covers identity, authentication and authorizations. It must also take into account the current technology stack in use, and what is planned in the near future. Then consider what’s the best set of solutions to support that, efficiently and securely. 

What challenges do you want to tackle next?  What's on your IAM  bucket list of problems to be solved

There are several, if we’re looking at what we are doing here at PlainID.  We are always aiming to provide advanced IAM solutions, identity and access management solutions - we want to push this space forward, and we are doing that in several ways.   

We have just launched a new product which is a Partner Identity and Access Management.  This is an area which, again, isn’t covered well by existing products.  We are able to provide a solution that enables companies to manage partners' access easily, in a way that is aligned with the way they do business. 

If you are relying on external users to build your business, then you are impeded by a major gap in current IAM solutions.  Your partners need proper access controls, and delegated management tools for it to be efficient. The solution should be aligned with the existing partner onboarding/offboarding process, partners as organizations, and not just singular identities.  So this is one major area we are currently addressing with a new product launch.

A second area is of course, advanced authorization solutions.  I want to specifically highlight microservices.  I think this is a great opportunity for many organizations to rethink how authorizations fit into their overall architecture, and to provide more dynamic advanced enforcement capabilities. 
There’s more on the product roadmap; but these are the main challenges on our table currently. 
Overall, our goal is to advance with the IAM market to provide better authorization solutions.

What are the risks to a company of not having sufficient cybersecurity?

You can see the risks all over the news all the time.  If you don't have good cybersecurity solutions in place, then you're exposed and businesses can’t  afford that anymore.  They can't afford for the wrong people to  gain access to their data or to their resources.  

There are many aspects to cybersecurity in general. At PlainID we are dealing with identity and access management. And not having that in place in the right way, exposes organizations. It exposes their data, it exposes capabilities.  Proper controls need to be in place, that is the area of cybersecurity on which we focus.

What do you think makes a good leader, either in a corporation or in society?

I think first of all, the ability to listen, to learn and understand from everyone around you.  And then to be able to share your opinion but in a way that enables the people you are working with to cooperate with you.  Showing the options and suggesting the path which they should take is key.

You were just named one of 25 women leaders in cybersecurity. Why do you think it's especially important for women to take leadership roles in the area of cybersecurity?

I don't think it's especially important for women. I think it's important for women to know it is possible.  Taking leadership roles in cybersecurity or any area is important to everyone,  male and female.  I do not distinguish, but sometimes I think it may seem to women that it's not an option.  To both men and women I’d say,  if you made a decision that this is  what you want to do, this is your choice of career path, then go after it.

Did you face any particular roadblocks because you are a woman?

Yes,  obviously, I did.  I am a mother, I have three great kids, and I had to make some decisions when they were very young.  I had to make decisions about where and how I spend time with my family, and invest in that.  But they are grown now and I can move forward in the way I wanted to begin with and that's what I'm doing. You need to prioritize.  Motherhood is not a blocker.  You just need to know how to manage it all, and you need to be able to share with your family your considerations and what's important for you, what you want to do, and see together how that can work.

What advice do you have for younger people, particularly young girls, who are starting out in their career in cybersecurity?

Just know it is possible.  What is possible is what you choose to be possible.  That’s very, very important.  There aren't any blockers, only those you place on yourself.  You can build yourself into whatever position you want.  You have to be complete and feel comfortable with your decision.  

It’s not always a smooth path, for men or women,  but know that you can have a good career in cybersecurity, if that's what you choose.

What does PlainID do specifically to invest in people's future and help them succeed?

First of all, we are very particular in our screening.  We want our team to be professional  But also, we want them to fit in with the company culture.  We invest in education.  We invest in advancing employees in the company, to take more responsibility in their positions.  I think it's important to show a career path for our employees, both men and women.

If we identify talents, we encourage them to move forward and to be able to use all their abilities where they can feel more complete and excited by what they are doing.

What should your customers and partners know about you and PlainID that they might not know?

We aim to provide professional and advanced solutions.  We like to work closely with our customers and we want to hear their opinion. Their opinions  matter and really affect our product development roadmap.  I believe most of our customers know how much we value them.  So that won’t be new to them.

To lean more about PlainID and our IAM solutions, contact us using the form below.


Most Popular Posts