Pioneering Preemptive Cybersecurity with Sivan Tehila

David Leichner: to the latest episode of Hot in Tech. Today we have with us Sivan Tila, who's the founder and CEO of Onyxia Cyber, an AI powered preemptive cyber resilience platform that helps organizations turn asset visibility into action. Under her leadership, Onyxia focuses on pro. ⁓ actively identifying and mitigating risk before exposures become critical, supporting security teams across complex enterprise environments. Sivan brings more than a decade of hands-on cybersecurity leadership across defense, critical infrastructure, cloud security, and academia. She began her career in Israel's intelligence corps, serving as CISO of the Intelligence Analysis Division and later as head of information security unit. She went on to lead cybersecurity initiatives across national infrastructure and defense organizations and later served as director of solutions architecture at perimeter 81. In parallel, Sivan is the program director and professor for the MS degree in cybersecurity program at Yeshiva University's Katz School of Science and Health, where she built one of the top ranked cybersecurity programs in the United States. A strong advocate for developing the next generation of security leaders. Siobhan is also the founder of Cyber Ladies New York City and has been recognized as one of the most influential women in IT security. Siobhan, welcome to the show.

Sivan Tehila: Thank you so much. I'm really excited to be here.

Yitzy Tannenbaum: So that was a very ⁓ interesting intro, Siobhan, it sounds like.

David Leichner: She's much smarter than I am.

Yitzy Tannenbaum: Probably better, more than both of us combined, but I think that's exactly it. You have such a diverse and big background in cybersecurity. I'm wondering what throughout your career and journey shaped the way you think about proactive security kind of versus the traditional reactive defense.

Sivan Tehila: Yeah, I think it's been quite a journey, right? I'm in this industry for 20 years now. So I think I really have seen the evolution of our ⁓ industry, including all those different solutions out there. And I think also the fact that I've worked for so many different industries, starting from military governance, then shifting into the startup world, working with more ⁓ private companies or public companies in the US. I think it's fascinating to see how things are evolving. and how they evolve fast. And I think that if I look back in the past like 20 years, we were quite in the same place like for the first 10 years for me in my career. But the past five years are becoming very interesting, especially when you're a founder of a startup and you need to develop a product and keep up with all the technologies out there. I think it's way different than what I've seen before, or even, you know, in my time in Perimeter 81 in terms of the expectations. the client requirements, the regulations that we need to follow. So definitely super interesting evolution. And ⁓ it's also part of the things that I always say when I teach or when I develop the cybersecurity program for YU, I realize that it's a different domain. It's not like other domains when you develop some content once and then it stays at CIS. In cybersecurity, You have to be hands-on. You always have to introduce students to all the new cutting-edge technologies to make sure that the academia is really aligned with the fast-evolving industry. So it's fascinating and challenging, but I think we're living in super exciting times where we can build products faster and we can provide more value to our clients faster. On the other end, we have some other challenges, right, in terms of trust and AI governance. ⁓ And even the fact that there is no necessarily a technical mode anymore because anyone can build anything with AI. So how you really defend that. ⁓ So I think it will be super interesting to see where the industry goes and how we really address those challenges.

David Leichner: Incredible. And just looking at your background and hearing what you've done, I'm just curious, maybe you can share some light on when did you decide you wanted to get into cybersecurity?

Sivan Tehila: ⁓ So I think it's, I mean obviously it's, as you know in Israel we have mandatory military service so ⁓ I knew that I'm interested in tech but I never thought that's going to be my career. ⁓ Basically in the military they placed me in an intelligence division and that was really the first time I got exposed to all this and these new technologies and to cyber security as a domain. ⁓ I don't think I would was here without this military service. ⁓ And I served for 10 years in the Army. ⁓ I was, again, CISO, and before that I served in different divisions. And any time I was telling myself before I started a new role, that's it, that's my last two years. I'm gonna do just like two more years, and I ended up ⁓ staying for 10 years. But I think as long as I was ⁓ keeping myself challenged in terms of the technologies, the projects I've worked on, ⁓ it kept me excited. And as long as I enjoy wake up in the morning and do what I do, I stay. But where I saw that there are more things that I can achieve ⁓ outside, and I became a mother, so I decided it's the right move for me. But often I speak to my students. And when I moved here to the US, I realized that ⁓ you Well, when students go to college, they don't necessarily even know that cybersecurity is an option for them. We're not educating, ⁓ there is no cybersecurity education in high school. So most of those high school students will end up going to computer science or some kind of like other different IT type of roles. But cybersecurity became part of the academia just in the past, ⁓ I would say, seven years or eight years we were one of the first programs in the United States and And it's a master's degree. So I think there are many ⁓ challenges I do think it's super important to educate the young generation and to make cyber security at the thing in Israel it's given but in other places and in the US it could be a huge opportunity for young game Young the young generation ⁓ and a special and women too, which by the way, I know we wanted to talk about that, but women make up only 20 % of the cybersecurity workforce. So I invested a lot over my years in this industry to promote women, to expose women to cybersecurity. I even created the cybersecurity program for Manhattan High School for Girls, and I was teaching there for a while until I just didn't have time, but I really believe it's important. I think it's one of the things. I'm very passionate about and I think I had the opportunity to serve and to learn as part of my military service, but if we can ⁓ provide this knowledge and expose more people ⁓ in other ⁓ countries and in other circumstances to join the industry, it's something that we really need to invest in. And especially since we have more challenges, we have more threats, and cyber security is an industry that is here to stay. Thank

David Leichner: Okay, that's incredible. A mom, a CEO, and a professor, probably in that order. I mean, the importance level, you know, being the mom first. It's really incredible. So you're building this company and you're focusing on preemptive resilience rather than alert-driven security. So what gaps do you see in traditional security models that led you to build the company in this way?

Sivan Tehila: Yeah, so I think, you know, going back to what they said before, when I joined the industry, the main challenge was visibility. Everyone were talking about the fact that we don't know what we have, how can we know what we should protect and what we need to focus on. I think over the years, we were able to develop quite good ⁓ visibility and observability tools. But then we stayed with a gap of like, what's next or how we can even prevent those things before they're are happening. ⁓ And the fact that today we're able to leverage ⁓ AI and machine learning and statistical models in order to ⁓ leverage this data and provide more actionable insights to our clients is something that is really changing the industry. And the concept of preemptive resilience is relatively new. The preemptive technologies were first mentioned by Gartner in the past year. But I think Onyxia was doing that even before. One of the things that we provide our clients with is the predictions on where they will be in 30 days from now from an SLA perspective so they can adjust their strategies to avoid potential exposures before they become critical. So I think the fact that we're able to predict the future in cybersecurity, it's really something we were dreaming of. And when I was a CISO myself, I was always saying that my dream is to wake up in the morning and like I'm asking Alexa, how is the weather today? I want to go to a place like Onyxia and ask, hey Onyxia, what are the top things I need to focus on today? What I need to be afraid of today, right? And if there is a platform or a tool that can help me prioritize not just my tasks at CISO, but also across domains to help my team to prioritize and not remediate things in silos, that's a super powerful system. And we call that a resilience engine because if you're looking at the dictionary, resilience means to withstand or recover from difficult situations. And we're really helping companies to prepare and to make sure that they're ready for any potential exposure with the right strategies in place, the right tools, and the right processes.

Yitzy Tannenbaum: So Sivan, you were talking a little bit about kind of how defenders need to use AI and agentic AI. And I get the need to bring everything together, prioritize, understand what really has impact. But I want to push you a little bit further down the road and kind of how you... envision AI influencing security, you know, in a world where there's so many alerts and there's so many tools and CISOs have no idea even how to approach kind of the new challenges that AI introduces. What's your vision to what security looks like in the age of AI?

Sivan Tehila: I think we'll see, I mean, a lot of ⁓ companies and products evolve, but it's again, not more about just visibility, but like really taking action. And with AI, you can take actions faster. You can mobilize things faster within the team. And just as an example, what we do is to provide teams with a context on what they need to prioritize, but also allowing them to close the loop with either letting the agent function within their environment or assign tasks to team members if the organization is not ⁓ ready enough to really let agents to act within their environment. I think it's still, again, challenging. We're still in the middle of the revolution or the evolution, and there is a lot of education and concerns. And we've seen that when we transitioned into cloud solutions when most of the companies used to be on-prem. So I think this transition might be faster because it's actually easier to adopt AI. technologies than, you know, back then to transition from on-prem to cloud. Everything is way more user friendly and we're already used to interact with AI ⁓ technologies on a day-to-day basis. ⁓ So I think it's still something that we're ⁓ in the middle of this revolution. I think there are not yet a clear ⁓ governance elements within this industry. So that's probably one. that slows companies down from really moving forward with those, with adopting those technologies as they should. ⁓ But we're, I know that there are, I mean, there are already some new frameworks. We're working on a domain for AI governance to allow our clients to really measure KPIs when it comes to security. in the past, you know, it's very clear to us what we need to look at when it comes to incident response or network security, vulnerability management, identity access. management, but how do we know that we're doing good or we're doing the right thing when it comes to AI and ⁓ tracking it, measuring it over time to identify potential exposures before they're really becoming significant for the business.

Yitzy Tannenbaum: In your vision, Sivan, what's the role of a security analyst in two years and five years? Because you're talking about all that automation and all kind of the intelligence. Is there a role for security analysts and specifically for the kind of the tier one security analyst?

Sivan Tehila: Yeah, so obviously that's a big question, right? Because those AI tools will replace first, you know, the entry-level jobs of the one-tier analysts. But what they can't replace is, you know, the... the judgment, right? Even when they make a decision, they need to make decisions within a scope. And there are still some scenarios where you need the human touch and you needed the judgment of a person. And maybe that's less related to what I'm building today, but I do see some interesting companies right now doing AI or agentic pen testing, for example, right? What I learned is that they still have this layer of services on top of it and the human touch on top of it and in the past when you were building a startup that was a big no-no. You're not providing services, you're only building a product, that's what investors want to see. But interesting enough, those more AI ⁓ or agentic driven platforms have some kind of like service element on top of it just to ⁓ ensure that you know there is some human being with like actual judgment there. So I think that's another thing that is interesting to see and it's going to be interesting to see where it goes. ⁓ I don't think we can avoid it. I think we'll all need to adapt. And I'm very excited about what's next in the past few years for our industry.

David Leichner: Yeah, I think you're right about the need to adapt. I think a lot of it is psychological. ⁓ I was visiting a friend of mine who he's the CEO of a robotics company that does ⁓ a lot of operations, medical operations. And I said to him, he showed me the system and I said, so why do you need a surgeon even sitting in front of the computer? He said, 100 % because the patient will not go under the knife if it's just going to be a robot at this point. because psychologically they're not ready to see an autonomous robot do the operation. And I think we saw that in the beginning with the autonomous vehicles and there will still be people that won't get into an autonomous car unless there's a wheel and they can take control. I think it's been that way with plane travel for a long time that the planes, they pretty much fly themselves, but the pilots have to be there just in case, you know, there's some emergency or something. ⁓ But I agree with you. think people who don't adapt are going to be out and they're going to have a really hard time. But if they do adapt and they re-train in some cases, if they educate themselves, I think ⁓ the sky is the limit today. It really is.

Sivan Tehila: Absolutely, I agree. ⁓

David Leichner: So on that note, at Hot in Tech, we always ask the guests the same question. So we're in 2026. And from your perspective as a founder and a security leader, what do you think will be truly hot in the tech market in 2026?

Sivan Tehila: Yeah, so I think there are a few industries that we didn't see a lot of disruption in them in the past few years. But now with the new capabilities of AI, we're going to see more innovation in them. I do think that even Gartner said that resilience and readiness is one of the things that CISOs really need to prioritize. They even some kind of did rebranding for program management into the cyber resilience aspect and preemptive solutions as well. ⁓ I also think that the GRSC world, the governance, risk and compliance was quite like more of the same in the past few years. And there is so much we can do. We were mainly focused in the main years in automating the compliance and risk quantification aspects. But the G in the GRSC, which is governance, is an area where we didn't really do any automation, we didn't innovate. And if you connect governance and resilience, at the end of the day, the only way to achieve better resilience is to have a better, like to have a clear governance program that you execute on it on an ongoing basis. And then that's where I think when Exa really comes into play, ⁓ leveraging data and asset inventories, not talking more about visibility, but what we do with it, how all the things that we have really serve our strategy, the governance plan, and help us execute faster and better on the operational side, so at the end we really achieve better security posture and resilience for the company.

David Leichner: But that said, governance is good on paper, but as we know, the hackers will get around it, and that's when they need your preemptive solution.

Sivan Tehila: Absolutely, I mean obviously it's all connected at the end of the day you need you can't have a static governance or cyber security program in place without updating it all the time in the same way that hackers are innovating and that's why You know, I didn't mention it, but the name on Ixia comes from World of Warcraft Onyxia was my favorite character She had a human form and a dragon form and she could adjust based on the evolving environment and what we do for our clients is to really help them adjust their strategies and solutions in order to align and keep up with all the evolving threats out there.

Yitzy Tannenbaum: That's great. ⁓ Yeah. So Sivan, you spoke at the top a lot about your kind of advocacy of getting women more involved in cybersecurity. And I guess ⁓ two questions. One is why do you think you mentioned that only 20 % of the cybersecurity ⁓ workforce are female? And then, so that's question one of.

David Leichner: Thanks

Yitzy Tannenbaum: Why do you think that is and maybe B would be if you have any advice for women who want to get into the industry?

Sivan Tehila: Yeah, so I'll start with the first question. I think ⁓ it's all about getting women more exposed in a young age. I think our system educates our education system in general, not just in the US or in Israel. ⁓ We're not exposing women enough into STEM programs and domains, and that's where we should start. That's why I think middle school, high school, that's the place where we should really make sure that women get the exposure they need in order to make decisions before they go to college and what they want to study because that's eventually what's affecting their career. And that's the point where ⁓ I wish we could do more. I I'm trying in my own environment to create an impact, but I really think that that's the main thing that we can do. And also ⁓ create and expose more role models models in the field, right? Like I had amazing mentors. I still have amazing mentors that are women. And I think they inspired me. providing those ⁓ stories, especially success stories, and exposing even women at the beginning of their career to cybersecurity and to those role models, that's the way we should do it. Going back to... to the why and I think. ⁓ I think, I think, or the how, I'm sorry. I think ⁓ it's super important when you choose a career path to understand what you're getting into. One of the ⁓ exercises I do with my students when they start to look for an internship or even before they really start their program, I tell them, like, let's try and build a career strategy. Where you want to be in 10 years from now. It's not just about finding your entry level role, But the decisions that you make along the way, even on what will be your next role, will affect where you will be in 10 years from now. So it's hard for us, and especially for young students, to really think about their career path. But it's an exercise that is important to do, because then you're doing a research of what it means to be a cybersecurity analyst, a SOC manager. ⁓ GRC consultant, what it means to work for the big four and what their CISA rule even requires. So it will affect the decisions you make and then you can choose, okay, I want to be in cyber security but more on the GRC side or more on the technical side. And a plan like a plan or a strategy like a strategy, you can always adapt and change based on where you are in life. But having a vision is something that I think is super important.

Yitzy Tannenbaum: I remember when I was very young, people would ask the kids in the class, what do you want to do when you grow up? if people want to be a policeman or fireman or a pilot, I would answer, I would say, I want to have a company to manufacture balloons. And the reason I said that, is because it drove me crazy that kids are only aware of like five positions. No child is gonna be like, you know what I wanna be? I wanna be a, I don't know, macroeconomic, like come on, whatever they see, I could be a seller in the store. Like there's not a ton of roles. think.

Sivan Tehila: Thank Yeah.

Yitzy Tannenbaum: I think even adults, how many 20 year olds, 25 year olds know that there is a job of a GRC administrator or a SOC analyst or a ⁓ cloud architect or DevSecOps? How do we even teach them that it exists even before we say, hey, it exists, but then you also should actually do it?

Sivan Tehila: Right. So I was on a panel two weeks ago at CyberTech Tel Aviv, and someone asked me, what keeps you passionate? So as a founder, the first thing I want to say is closing deals, because the excitement, the adrenaline, it keeps you alive. I didn't even realize I enjoy selling and closing deals, but it's really fun. But then I thought about it for a second. And on a personal note, what really makes me ⁓ excited and passionate about what I do is when I walk in the streets of New York with my 11 years old daughter and she looks like a famous brand and she tells me, wow mom, those are your clients, right? At the end of the day, I think that's really what makes me keep going, you know, that my daughter sees her mom work hard, creating an impact. And I tell her those stories. I mean, I want her to be part of it. Sometimes she knows

David Leichner: Cool, very cool.

Sivan Tehila: that I'm working on a deal and she asks me what's going on with the deal. I have more pressure at home than my board to close deals. And that keeps me motivated and passionate. But I also think that's super important for us as leaders in this industry and parents to make sure that this generation have a better future and more exposure to those professions.

Yitzy Tannenbaum: Hahaha.

David Leichner: So Sivan, ⁓ you have an incredible past. Your current story is amazing. And ⁓ we're going to keep an eye on you. see what's going on down the future because it sounds like you've just got an incredible future ahead. You're doing amazing things, setting up programs, running a company, being a mother, it's like all in one. I actually, have a few kids and I have a few grandkids even. And I see my wife doing very similar things, not in tech, but in a different field. But ⁓ yeah, it's pretty amazing. And yeah. wish you the best of luck going forward and you should grow this company really big and just succeed. from what we've heard today and looking at your background, mean, it's obvious that that is going to be the way forward.

Sivan Tehila: Thank you so much. really appreciate it. Thank you for the opportunity. And I really enjoyed the conversation.

David Leichner: And we did as well.

Sivan Tehila: Great, thank you.