Interview with Nicole Alonso, Co-Founder of Syro
AI FORUM:
Nicole, thank you so much for being here today for to be interviewed by AI Forum. I thought maybe we could just start if you could tell us a little about your company, Syro, and please describe ‘secrets management?’
Nicole Alonso:
A quick introduction. My name is Nicole Alonso, and I'm the co founder and CTO of Syro. Syro is a modern secrets management tool. Think of a password management tool like a 1password or LastPass, but specifically for digital authentication credentials that engineers need access to in order to communicate with systems or allow systems to communicate with other systems. So anything ranging from API keys, SSH keys, encryption keys, database credentials, we help you manage them. A lot of what we're trying to do is provide a centralized platform for engineers to view and manage their secrets, including managing access to them, and then automate a lot of the workflow processes around things like key rotation, detection and remediation, and really build a solution that is geared towards the ways in which infrastructure has changed and modernized over time.
AI FORUM:
Who would your primary clients be?
Nicole Alonso:
Primarily tech companies in more regulated industries, who have an inherent focus on security and compliance. So companies in sectors like FinTech, HealthTech, InsurTech, mainly between the stages of Series A through Series C is what we're looking at right now, which tend to be companies that need a solution that expands past the capabilities of their cloud provider and longer-term, we plan to offer support to enterprise customers as well.
AI FORUM:
So if I'm understanding this correctly, you're providing a password solution, as opposed to a homegrown type of solution or someone just writing admin 123.
Nicole Alonso:
Almost, but not quite. Tech companies work with a number of third-party SaaS tools. Engineers need access to those. One component of that is sharing access. We manage the process of giving engineers access to API keys, and allow them to manage them in different environments. For example, instead of sending these keys over Slack, and having what's known as secret sprawl, where your private credentials are in all different channels, and lose track of who has access to them, you can handle all those processes from within Syro. We have both a web app and a CLI tool for ease of use, and then can track access to secrets with a robust audit log.
AI FORUM:
From your perspective, what’s happening in artificial intelligence? And are you using any AI in your product line at the moment?
Nicole Alonso:
I actually just hopped off a call with our team that was a brainstorming session about how generative AI will influence what's on our roadmap for the coming months. It's something that I say most companies, especially companies, within sectors, like cybersecurity are thinking about, just because advancements in generative AI can have such both such a positive and negative influence on the space. As a company building to prevent against cybersecurity threats, you almost have to build faster than the hackers and the cyber criminals will with these technologies. So for us, we think about it in a number of ways. One would be speed, how do you leverage AI, to make the processes that engineers handle via our platform easier and quicker. Another would be anomaly detection. One of the biggest issues that I see with security is that a lot of it historically has been reactionary. So if there's a breach, if you notice some anomaly, then then what do you do from there? On the flip side, we want to build in a way that is more proactive. We address how a company would identify potential threats and attack vectors before they take place, and that's something that AI will be really helpful with. Audit logs enable a company to see who accesses your secrets, in terms of time, place and IP addresses. Analyzing that information over time helps us figure out how your company specifically interacts with secrets and in turn, detect when there’s an unusual log.
AI FORUM:
So you're looking for patterns.
Nicole Alonso:
Yes, we look for patterns.
AI FORUM:
Do you see the world morphing away from traditional passwords into biometric passwords at some point? What's your thinking on that? Because AI obviously, can play a role in both generating those and detecting those.
Nicole Alonso:
I do think there will be a shift away from traditional passwords and how we've known them, what that shift will look like and how quickly it happens, I think is still very up in the air to some extent, and my sense is that it will be a gradual progression. Some of the more forward-looking tech companies are building their own internal solutions for secrets management, and build systems in a way where no one has long-lived access to any sort of credential those credentials themselves only exist for a certain period of time, because then even if a hacker is to get access to them, the time in which it's valuable for is very minimal, whether that be 24 hours, whether that be a couple of seconds, that truly is just-in-time, I definitely see companies moving more in that direction.
AI FORUM:
Do you do you see AI as a game changer in terms of the introduction of the new technology that's going to have a big impact?
Nicole Alonso:
I entered the workforce at a point in which AI was already pretty prevalent and was influencing my work and what I'm spending time doing was I didn't even realize, for example, I grew up with Grammarly. And that saves me a lot of time.
AI will probably change the expectations of early stage startups and accelerate how quickly they can build. Ten years ago it was fairly difficult to actually build something quickly, even if you had technical expertise. But nowadays, startups get up and running in a matter of weeks, instead of a matter of months, because of all the tools that can generate a landing page for you and enable you to do market research in a couple of minutes instead of a couple of hours or couple of days. So one component will definitely be speed, I see that being a game changer.
The second is that AI technology raises a number of problems that companies and individuals previously didn't have to think about. For example, with content generation, it introduces a world of problems, both in terms of creativity, and morality. From our perspective, when we started writing technical blog posts, for example, we had to grapple with the question of whether we would use AI to save time and what sort of disclosures we needed to make to our customers, because transparency is important. There are no real guidelines that are on that right now. It’s very much up to the discretion of the individuals who are using the technology. And that's something that will probably change over time.
AI FORUM:
How do you guarantee authenticity and transparency? At the same time, you want to utilize the technology because it's there for, you know, economic productivity?
Nicole Alonso:
We are grappling with the question of how to ethically leverage AI, both for customers and our employees. This raises a number of questions: Is it speeding up what we're doing? Is it worth the money that that tool costs, just staying up to date on the technologies? On a broader level within cybersecurity, it is definitely a concern to me to stay up to date on how new attack vectors are appearing. We think about how cyber criminals are using this technology. It's something that has almost been a little too quiet, in my opinion recently, which is more cause for concern. Because just in the way innovative companies are thinking about leveraging these technologies to better what it is that they're building, cyber criminals are thinking about how they can leverage these technologies as well.
Where cybersecurity is lacking right now is the ability to detect threats real time and respond to them quickly. I can see a number of data breaches, ransomware, attacks, phishing attempts continue to flourish, operate and have real negative impacts until solutions emerge. That's something I spoke about on a panel recently, where we observed how many more phishing emails have been sent out recently, and the number was astounding. And that is due to AI. And it's not an answer of technology at this point, a lot of it comes down to education around identifying threats and attacks.
AI FORUM:
Well, thank you so much. You’ve added a really valuable perspective and set of insights on this topic for us.
Transcribed by Otter.ai