Get to know the 2020 DataTribe Challenge Finalists:

Q&A with oak9 founder Raj Datta

Q: Tell us about your background.

I am Raj Datta, the CEO of oak9. I have held various senior leadership roles in the technology industry over the last 20 years. Together with my co-founders, I believe our founding team is uniquely positioned to address the challenges of cloud native application security. Our combined expertise is that of a business operations leader, a security expert, and a development innovator – a triad optimized to build not just a product, but a business that is going to shape the future of security for modern development. We have a deep understanding of the problem and the technical chops to solve it.

Co-founder and CEO, Raj Datta

My education was business focused, with an MBA from Northwestern’s Kellogg School of Management and an undergrad degree from University of Illinois in Economics, but I have spent my entire career building and rebuilding software businesses. Over the course of 20 years, I have held various senior leadership roles at IBM and Software AG. I have held both global and North America-based executive roles, and have extensive experience developing new routes-to-market (partnerships, OEM, etc). In my last role at IBM, I was responsible for IBM’s Cloud, Analytics and AI business for their distribution market ($750M in revenue). Prior to joining oak9’s founding team, I was at Software AG, where I was responsible for end-to-end operations and P&L in North America ($500M), which accounted for 50 percent of their total business.

Co-founder and CTO, Aakash Shah

Aakash is a proven leader in Cybersecurity. Over his 17 years in the industry, he has held a wide range of roles involving foundational research, product development, security strategy, security architecture, teaching, and writing industry standards.

During a period when the healthcare industry was transforming, Aakash worked with some of the largest players and hospital networks to build and evolve security practices to enable new business models and support their transformation. When the Department of Defense was looking to build satellite terminals faster and cheaper with commercial off-the-shelf parts and open-source software, Aakash led the effort to design the security architecture of the new satellite terminals that would provide similar security assurances without the use of custom software and hardware.

Aakash started his career conducting foundational research in Cybersecurity at organizations like MIT Lincoln Laboratory and Carnegie Mellon. He holds a M.S. in Information Security from Carnegie Mellon and an undergrad degree in Computer Engineering from University of Illinois, Urbana-Champaign.

Co-founder and CPO, Om Vyas

Om has spent his entire 17-year career in software development. It’s his expertise that gives our team the development perspective of the problem we are solving. Om brings the innovative ideas that make sure that the oak9 platform seamlessly integrates into what development teams are doing. Prior to oak9, Om was working with organizations to build DevOps practices and lead large ($10M+) development efforts.

Om has successfully led digital transformations at organizations across different industry verticals. There he helped companies address their most ambitious projects and build new products that deliver a competitive advantage across web, mobile and IoT.

Om holds a M.S. in Computer Science from the University of Chicago and received his undergraduate degree in Computer Science from the University of Illinois, Chicago.

Q: Tell us about your business/idea.

At oak9, we are passionate about removing the friction between development and security so that businesses can achieve velocity and agility without compromising on security. We are a SaaS company that provides a security automation platform to analyze infrastructure-as-code and build security into cloud native applications, so they are secure and compliant by design.

Our platform seamlessly integrates with the development pipeline and intelligently remediates security design gaps in infrastructure-as-code to deliver applications that are secure & compliant by-design. Once deployed, oak9 continuously monitors and addresses any security-relevant drift in the application.

We like to say that our platform is Built for Developers and Blessed by Security. Developers get a security platform that stays out of their way and makes life easier for them. Security engineers get a platform that enables them to build in security and gain visibility across all changes to the application design.

The oak9 platform fuels collaboration and shared responsibility to accelerate delivery and provide comprehensive security. Developers are not slowed down, and security teams can become true partners in design and development to make the product more secure from the outset.

Q: What was the original inspiration for your company/product?

The oak9 founding team has lived through the pain points that our platform is addressing. Our CTO Aakash has seen first-hand how security organizations struggle to keep up with the speed and rate-of-change of modern development. Our CPO Om has seen his critical product development efforts slowed down because of security organizations’ inability to provide a timely security assessment of their infrastructure-as-code. These challenges impact the overall business velocity and agility. It is a problem that CIOs and CTOs routinely bring up in my discussions with them.

As Om and Aakash were working with organizations to build DevSecOps practices, they realized quickly that there is a foundational technology capability gap in the market that needs to be addressed for development teams to truly accelerate and ensure security. They were so passionate about this that they quit their full-time jobs to start oak9 and soon convinced me to join them on this amazing journey.

Q: What’s your vision for the future … “What will the market you are pursuing look like in 5-10 years?”

Today, infrastructure automation is still an emerging technology. Over the next 5-10 years, we will see incredible growth in the use of infrastructure-as-code solutions to deploy cloud native applications. This will be driven by growth in platform-as-a-service and cloud native offerings as cloud adoption increases globally. 

Development organizations will be empowered to manage the lifecycle of infrastructure-as-code, using the same modern development practices used for application code, to drive business velocity and agility. Increasingly, organizations will adopt immutable infrastructure practices. The cloud native architectures of tomorrow will be dynamic  and continuously evolving. This all will introduce new security challenges for organizations. We believe that oak9 is well positioned to support this shift in the market. 

As the development space evolves, so will security. Over the next decade, security organizations will need to continue to evolve to support modern development. Organizations will see a changing threat landscape where attackers will take advantage of weaknesses in cloud native solutions. The security compliance landscape will also change with increasingly prescriptive regulations, customer mandates and oversight rigor (e.g. see CCPA and 23 NYCRR 500 today). 

Today, many security organizations are evolving from a risk-management organization to a business enabler. In the next decade, we expect security organizations to take the next step in their evolution as they truly integrate into the modern development lifecycle to accelerate the delivery of secure applications. These organizations will rely on strategic investments in platforms like oak9 to ensure that applications are designed to be secure, changes to the application are automatically assessed and that the security design can be easily evolved as business and security requirements change.

Overall, we see a bright future for oak9 as the market evolves over the next decade.

Q: How does your business address pressing cyber and data challenges for the commercial sector?

Security teams across industry verticals are struggling to keep up with the speed and unprecedented rate of change of modern development. Development teams are consequently slowed down, and security is often seen as a roadblock. The end-result is that organizations are forced to make tradeoffs between time-to-market and security – leading to substantial risks, delays, and opportunity costs.

Security and development teams face several challenges that lead to this problem. Cloud-native architectures are constantly changing as developers continuously iterate to meet additional business requirements. In order to assess security for these applications, security teams must review the infrastructure-as-code as it is source-of-truth for the solution architecture. However, typical applications are tens of thousands of lines of infrastructure-as-code (that is continuously changing) and most security engineers do not have expertise in this area. In addition, security engineers must be aware of all of the changes across cloud service provider features and capabilities, to provide security guidance. When security engineers are unable to provide appropriate implementation guidance, it puts the burden on the developers to make security decisions. As a result, applications get deployed with potentially significant security flaws. If these flaws are identified post-deployment (through reactive tooling or costly application assessments), it creates additional friction with development teams, as they must engage in a time-consuming redesign.

The oak9 platform has been specifically designed to address these challenges. It is a platform built for developers and blessed by security to accelerate delivery and provide comprehensive security. 

oak9 seamlessly integrates into the development pipeline to analyze infrastructure-as-code and remediate security gaps early in the development lifecycle. Once the application is deployed, oak9 continuously monitors the application for any security-relevant drift and enables the developers to immediately remediate it by pushing a change through the pipeline.

With oak9, developers get a security platform that stays out of their way and makes their lives easier. Without ever leaving their existing workflows, developers can review the change requests that oak9 creates. With the push of a button, they can update the infrastructure-as-code to transform the security design of an existing or new cloud-native application. They can now focus on the functional capabilities of the application while relying on oak9 to bake security in.

Security engineers, on the other hand, are no longer seen as a roadblock and can provide coverage across the entire application portfolio. They can quickly customize security for their organization by building off of oak9’s vetted security designs. They get the assurance that every change to the application’s design is reviewed and security is tailored to the application’s security and compliance requirements. oak9 visualizes the infrastructure-as-code as an architectural diagram so that security engineers can easily understand the current security state of an application.

Q: What attracted you to the DataTribe Foundry? Why did you choose to participate in the DataTribe Challenge?

As we have learned more about DataTribe, we not only see a global cyber foundry that invests in next-generation cybersecurity companies, but an organization that offers valuable feedback and is genuinely interested in helping a company like ours build a successful business. 

We have gotten to know the DataTribe leadership team well over the past few months. We have really enjoyed collaborating with the team and brainstorming different ideas to address the market. Feedback from the team has not only inspired us to embrace new perspectives but has also taught us how to approach the problem space in new ways. It is obvious that DataTribe takes pride in helping early-stage companies grow and be successful.

What excites us most about participating in the DataTribe challenge is the opportunity to gain exposure to the broader cybersecurity community. We value feedback and collaboration, so this is a great way for us to gain insight from industry leaders.

Q: What’s your long-term vision for your business?

In the long term, as more and more organizations build cloud native applications, our vision is to have oak9 be the security platform of choice that all developers and security engineers rely on to gain security visibility and ensure that their applications are secure and compliant by-design. 

We see a community of developers relying on oak9 to seamlessly build security into their application with each release, regardless of the infrastructure-as-code language or cloud service provider features they choose to use. Developers will be able to focus on solving the business challenges of their application and will rely on oak9 to build and evolve security for their application. 

We also see a community of security engineers using oak9 to build cloud-agnostic security designs for different use-cases, gain security visibility across their application portfolio and automate the evolution of security across their organization. Security engineers will be able to focus on the strategic security needs of the organization and will rely on oak9’s ever growing security blueprint catalog to quickly address new technology use-cases that their organization adopts. Security engineers will not be required to be infrastructure-as-code experts or experts in cloud service provider features. oak9’s Capabilities well help them to ensure that their security and compliance requirements are met.

oak9 will help developers and security engineers effectively collaborate, work autonomously and share responsibility, while delivering with velocity, stability, security, and agility.