Meet Arik Solomon, CEO at Cyber GRC Automation Company: Cypago


Since the company was founded in 2020, Cypago has operated at the forefront of the cybersecurity compliance management software space.

Co-founder and CEO Arik Solomon has worked in the cyber and compliance spaces since 2007, when he was named Cyber R&D Group Leader by Israel’s Office of the Prime Minister. Over the decades since, Solomon noticed that cyber compliance management was dominated by manual processes that are not scalable, heavy on resources, and prone to errors.

A far cry from legacy cyber GRC platforms, today Cypago allows CISOs and compliance teams to import data from relevant sources, to turn those signals into compliance gaps insights and to set up workflows for closing those gaps. The software accomplishes this by offering extensive integrations with the leading platforms that today’s digital organisations use for managing code repositories, identity permissions, cloud infrastructure and projects.


Do CISOs View Security And GRC Compliance As Separate Things?


Many CISOs tend to build their cybersecurity program in buckets, according to the type of threat. For example, they might have tools and processes to handle email attacks, and separately, they will make sure they have tools to ensure remote access is safe.

This is a simplified yet effective way for a CISO to ensure they answer all applicable threats. Under this model, GRC compliance is often considered a separate need – not necessarily a threat, but rather a business requirement they must implement.

While the approach described here is rather common, increasingly more CISOs understand that cyber GRC is essentially a roadmap by which they should analyse potential risks, design governing processes, and apply security controls. This new approach defines a scalable model, essentially allowing CISOs, and organisations in general, to continuously assess relevant risks and measure how well their existing cybersecurity program fits these risks.


What Are Some Of The Key Pitfalls Associated With Deploying Automated Cyber Compliance Workflows That CISOs Need To Be Aware Of?


There’s a common belief that automation means taking existing processes and converting each manual step into a segment in the automation chain. While that sounds easy to understand and implement, it is actually an awkward path to take for implementing automation.

The approach that I recommend is to first identify the manual processes  that currently take most of the team’s resources and are difficult to scale. The next step is to identify the input to that process and the type of expected outcomes – for example, providing proof that a certain security configuration is in place. Once the inputs and desired outcomes are clearly defined, it all gets easier.

Using an intelligent and customisable automation platform, users can connect the inputs, wire them to the expected results, and let the automation tool do the work for them, instead of mimicking the manual process.

What Kinds Of Platform Integrations Are Most Impactful To Compliance Teams?


Generally speaking, integrating your cloud platforms, SSO providers, endpoint management tools, and SDLC tools would provide the highest value for automating compliance processes.


When Collecting Data Across Platforms, What Compliance Gaps Are Often Most Surprising To CISOs?


I’m always amazed by how many CISOs are surprised by the sheer fact that they have gaps at all. They’re used to their teams reporting that the dashboard is all green. In many cases, we see wrong MFA implementations, missing secure SDLC controls, production databases and other data sources weakly protected, to name just a few common gaps.


What Types Of Cyber Compliance Gaps Are Generally The Easiest And Hardest To Correct?


A lot depends heavily on the organisation’s tech stack, existing processes, and the team’s skillset, so it’s hard to point to universal trends.

But very generally speaking, anything that requires a specific configuration to be correctly set (such as turning on database encryption) might be considered easy to implement, whereas even cases like these can turn out to be highly complex when a production system is involved and there are major implications in terms of potential interference with availability and uptime.


How Has Cypago Changed Most Over The Last Couple Of Years?


As a company, we are in constant motion, learning new things every week and doing our utmost to share the insights we learn with our customers through the innovation we incorporate into our platform.

Looking back, we can safely say that our technology has dramatically evolved to a point where it has the power to significantly reduce costs and increase the security state for mature organisations. In addition, our support and customer success processes are now able to provide not only product help but also the guidance many organisations need to successfully go from manual to automated GRC management.


What Can We Hope To See From Cypago In The Future?


The road ahead is exciting, and we can barely wait for it to materialise. Cypago’s cyber GRC automation platform will continue to provide unmatched capabilities to mature organisations. We will also include highly advanced AI engines to streamline document-based processes, as well as powerful risk management automation and many other cutting-edge technologies to empower Cyber GRC teams; helping them scale their skills and provide greater value to their organisations.