Today, every business is leveraging the power of internet to connect with their target audience and create brand awareness among their customers. Hackers, on the other hand, are taking advantage of the connectivity to gain access to sensitive data from systems, apps and business websites for their personal benefit, and with illicit intentions. This leads to an increased demand for security in the digital world. To fight these problems and stop the critical privacy issues, Michael Borohovski and Ainsley Braun, two MIT and intelligence community alumni, started Tinfoil Security.
Michael, the Co-founder and CTO of the company, shares, “Since we got started, the question I ask myself every day is always the same: how do I serve our customers better? What things do they need, and what pain points do they face, that our product (or a related one) can solve?” Considering the issues of customers, Tinfoil Security provides companies with frontline security defense through developer-friendly vulnerability scanning tools designed to fit seamlessly into the DevOps process. This service increases efficiency, keeps customer data safe, and engages security professionals to further improve the process with flexibility.
How do they do it?
With their prime goal being to safeguard clients, the team at Tinfoil has developed a simple to use, developer-friendly service that lets customers scan their applications for vulnerabilities and helps get them fixed quickly and easily. Its flagship API Scanner looks for vulnerabilities in web services, mobile application backend servers, IoT devices, and other applications backed by APIs. Instead of following an old approach towards improving new problems, the team of Tinfoil has built the platform from the ground up. To build it, they used Elixir — a functional programming language built on Erlang that looks like Ruby. Building the platform on Elixir has provided the company with numerous benefits, as Tinfoil’s engineers don’t have to worry about concurrency or many other common problems. Likewise, Elixir makes building distributed systems trivial, and the resultant systems are insanely fast. The average time of a scan performed by the API scanner is less than one minute. Lastly, Elixir is a budding language, which means that hiring engineers is actually a bit easier, as many of them want to work on Elixir.
Comprehensive Set of Security Tools from Tinfoil Security’s Hub
The Tinfoil team ensures that everything they do is as automated as possible. They use Jenkins to build their continuous integration and uninterrupted delivery pipeline. On the engineering side, they use Atlassian’s JIRA tool as it is infinitely customizable and users can adjust it to focus on their specific needs. To further increase the security of the product, Tinfoil integrates its own security tools into their DevOps process; their web application and API scanning products are plugged into their Jenkins and JIRA instances. Often the CTO and his team end up being consultants to their customers, helping them to understand the software development life-cycle (SDLC), and assisting them in planning to adopt it into their processes.
Speaking about the importance of team, Michael advises, “Focus on your team and on your customers. Those are the two things you have control over.” Therefore, a leader should spend more time talking to customers and making the team happy.
Simplifying Team’s Work with Investments in Novel Technologies
Being in the security industry for more than 13 years, Michael currently has six patents (with an additional two pending) under his belt. Michael’s aim is to make their customers secure, not just to sell them products.
He states, “Our goal has always been to secure the internet, one business at a time.” Thus, on the expedition of securing the customer’s digital platforms, Michael and his team invest in improved technology. He explains, “Before making any investment, I ask myself a question—do the benefits outweigh the costs to either our team or our customers?” According to Michael, sometimes the upfront cost is quite high. However, it is worth it when the investment pays off and the team or customers like the new additions. Initially, creating something new to support technology or a specific customer costs the company extra cash. But, in the long run—it helps Tinfoil develop a positive relationship with clients and also enables the company to build a loyal customer base.
In the coming days, Tinfoil aims to be the market leader and continue to work on developing a suite of best-in-class products, including dynamic web application security scanning and API vulnerability discovery. Unlike others, the team at Tinfoil aims to build interoperable tools that will facilitate customers eliminating security vulnerabilities and fighting cyber-threats.
If I got a chance to start my career over again…
When Michael was asked what he would do differently, given a chance to start his career all over again, he said, “If I had all the knowledge I do now, back then, I would start to focus on sales earlier. Many entrepreneurs, spend too much time focused on problems they think matter, rather than the problems their customers actually face.” Hence, talking to customers and listening to their suggestions is the key to develop a product that precisely fits what the market needs.
According to Michael, one should speak to at least 20 customers in the market before writing a single line of code. Approaching clients with an open mind and asking open-ended questions greatly helps in improving the customer experience. Michael asserts, “Don’t try to ask and lead customers to the answer you want to hear; instead, truly understand their pain points and work towards building a comprehensive product that solves them, even if it’s different from what you had thought they wanted.”
