CyberTech Top Voice: Interview with Oasis Security’s Danny Brickman

Hello, CyberTech community. Welcome to part #12 of the CyberTech Top Voice interview series with Oasis Security’s CEO and Co-founder, Danny Brickman.

The latest CyberTech Interview with Danny Brickman is an interactive Q&A-styled conversation. In the interview, Danny highlights the idea behind starting a cybersecurity company and the fundamental challenge for CISOs linked to the non-human identities (NHIs). For context, last month, Oasis Security introduced a new AI-powered engine to automatically discover the human owners of NHIs without pre-existing knowledge and even in the absence of metadata, such as tags or naming. It’s called The Oasis NHI Ownership Discovery Engine. Let’s learn more about the company and the cyber technology driving its platform.

Join us in shaping the future of cybersecurity. Learn more about how Oasis Security tackles the distinct challenges of visibility, security, and governance of NHIs within hybrid cloud environments.

Here’s what Danny had to say to our AI and cybersecurity community.

How did you make the transition from an elite IDF personnel to the CEO of Oasis Security, the leading management and security solution for non-human identities (NHIs)?

Danny Brickman: My transition from serving in the cyber operations unit of the IDF to becoming the CEO of Oasis Security was a natural progression of my passion for cybersecurity. From a young age, I was fascinated with computers and ethical hacking, which led me to spend 11 years in the IDF focusing on advanced cyber operations. During this time, my passion for cybersecurity deepened as I became driven to close the gaps that cybercriminals could exploit.

In 2022, Amit Zimerman and I co-founded Oasis Security to address a critical and often overlooked vulnerability: unmanaged Non-Human Identities (NHIs). As businesses increasingly adopt cloud services, IoT, and automation, NHIs have grown exponentially. Traditional identity management solutions, which are designed for humans, are ineffective at managing and securing NHIs. Amit and I recognized the growing need for a solution that directly addresses these risks in the context of digital transformation.

Since we founded Oasis Security in 2022, we’ve experienced exponential growth, raising $75 million in total funding and building a customer base that includes several Fortune 500 companies. We’ve pioneered the first enterprise platform designed to secure the entire lifecycle of NHIs, from discovery to governance and compliance.

This journey has been incredibly rewarding, allowing me to apply my expertise from the IDF to solve one of the most pressing challenges in modern cybersecurity.

Tell me about Oasis Security. What was the idea behind it?

Danny: Amit and I founded Oasis Security to tackle the growing challenges around machine-to-machine access security which are controlled by what the industry refers to as Non-Human Identities, or NHIs. As businesses adopted cloud services, IoT, APIs and microservices, the number of NHIs skyrocketed and completely transformed the identity fabric of enterprise environments. NHIs now outnumber human identities by a factor of 20x, according to ESG research, creating a massive attack surface that must be secured. As organizations increasingly automate business processes using AI-powered workflows, NHI growth is poised to continue to accelerate. Despite the risks, however, NHIs remain a blind spot for most enterprises because they lack the right tools to manage and secure them.

To turn the idea for Oasis into a reality, we conducted extensive research and spoke with numerous cybersecurity leaders to validate the problem. We made it our mission to engage with as many CISOs as possible to understand their pain points, gathering real-world insights about the gaps in managing NHIs. This validation was crucial in refining our approach and ensuring we were solving the right problems.

As we analyzed the problem, we realized that a big part of the problem has been that traditional tools for identity management were built for a world in which identities are centrally managed from the start via a well-defined process. This is not the case with NHIs, which are created by developers or application owners directly in the cloud. The lack of a central database that provides a complete inventory of the NHI in the environment makes it impossible for IAM tools to provide the necessary visibility and governance. We also know that developers like to take advantage of native cloud services to move fast with a high degree of automation. Cumbersome centralized IAM solutions that attempt to implement security by restricting developers choice or imposing cumbersome governance processes typically end up being ignored or slow the business down.

In this context, we recognized the need for a new approach and solution that would bring security and engineering teams together allowing both to accomplish their individual missions without tradeoffs. As a result, we designed Oasis to be infrastructure agnostic, to seamlessly integrate with tools and processes of choice and to be effortless to use. We built inside the platform a new class of purpose-built AI analytic engine to automate the discovery, risk assessment, and governance of NHIs, ensuring our platform adds value without creating friction.

Oasis Security is the first enterprise platform specifically designed to tackle the unique challenges of managing NHIs in hybrid cloud environments. By ensuring visibility, security, and governance across the full NHI lifecycle, Oasis addresses the complexities of NHI management that other solutions fail to resolve. Its comprehensive, automated, and integrated approach positions Oasis as a leader in identity security, uniquely equipped to secure NHIs in modern enterprise environments.

As financial institutions digitally transform – adopting AI, ML, and blockchain – NHIs proliferate. How should these institutions secure NHIs to prevent cybersecurity issues and ensure secure and seamless access?

Danny: Financial Services organizations are among the most highly regulated and cybersecurity-aware organizations due to the critical nature of their role and the sensitivity of the data they handle in modern economies. They are a high-value target for cybercriminals due to the vast amount of confidential data they have access to. NHIs are key enablers of all major technology priorities for FSI, such as GenAI, Open Banking, FinTech, Blockchain, Cloud Migration, etc. Implementing a successful strategy to manage and secure NHIs needs to be a top priority for FSI cybersecurity and IAM programs.

Focusing only on humans alone is no longer enough because the identity perimeter is now mostly Non-human. There are three critical steps to achieve:

1. Visibility: gain a comprehensive understanding of your environment and all identities within it.
2. Security: understand the perimeter risk exposure, developing security policies tailored to your specific business needs, and establishing a process for continuous review and assessment of the security posture.
3. Governance: Take control of the lifecycle of NHIs without creating operational headaches and minimizing the response time to issues. This means moving beyond slow email-based processes for remediation and adopting a more efficient policy-based automation model that can orchestrate workflows across existing infrastructure and services without disruption.

Choosing the right NHI Management platform is essential to complete this mission.

What do you see as the biggest challenge for a CISO today? How do you tackle these challenges at Oasis Security?

Danny The role of a CISO is particularly challenging today due to the evolving nature of cybersecurity threats and the complexities of managing organizational security while enabling business innovation. We see securing the new identity fabric while balancing business objectives with resource constraints as a major new challenge for enterprise CISO.

As NHIs have become the bulk of the enterprise identity fabric, it is our goal to provide CISOs with a best-in-class platform specifically built to secure the entire NHI lifecycle without adding any new operational burden. This is why we put powerful AI at Oasis core to automatically discover, assess, and govern NHIs to ensure security teams have the visibility and control they need without disrupting operations. We understand the pain points CISOs face and work closely with our customers to continuously refine our solution.

Let’s talk about Oasis Safe Secret Rotation, as we know rotating secrets is a critical part of an NHIM strategy. How do you help organizations keep their “secrets a secret”, and which industries particularly benefit from this solution?

Danny: While password rotation for human accounts is a mature process, the same cannot be said for secrets and keys due to the lack of visibility of usage and ownership context. While solutions like secret scanners can help spot vulnerabilities such as hard-coded or shared secrets, the operational complexity of performing operations like rotations or decommissioning is often insurmountable.

Secret rotation is a key NHI governance process, yet all too often, NHIs leverage secrets that are infrequently rotated. Rotating secrets reduces the risk of credential compromise by minimizing the window of opportunity for attackers and mitigating exposure to insider threats, yet is often neglected for fear of “breaking things.” Leveraging a solution that is purpose-built to address the unique needs of NHIs is critical against this backdrop.

At Oasis, we understand the complexities of secret rotation and recognize that there are several scenarios to be accounted for. That’s why we’ve developed a range of capabilities to help you rotate secrets safely and efficiently depending on the use case you want to resolve and the level of automation you want to leverage.

The AI-powered Security Posture Engine built into Oasis automatically identifies secrets that haven’t been rotated according to policy. From within the platform, the user can understand which identity uses the secret to access which resources. With the complete understanding of the operation context, the end user can initiate a secret rotation directly from Oasis in just one click. For the most advanced users who seek a high degree of automation, we prove a secret rotation autopilot capability that takes care of the process automatically based on predefined policies. Set it and forget it.

Which cyberattacks are you most worried about in 2025? Can traditional Identity & Access Management (IAM) solutions protect organizations from advanced cyber threats, or are more specialized solutions needed?

Danny: We see attacks on NHIs as a growing threat. In its latest survey, ESG Research found that over 40% of organizations have suffered from an NHI related breach. The recent Dropbox, Okta, Slack, and Microsoft cyberattacks, which involved the exploitation of NHIs, spotlight the costly effects of improper NHI management. I expect this to worsen as the uptick in use of AI technologies in the enterprises will increase the number of NHIs. Now is the time for enterprise organizations alike to incorporate comprehensive NHI management into their security and identity programs.

Traditional PAM and Identity & Access Management (IAM) solutions and best practices cannot address the scale, ephemerality, and distributed nature of NHIs. Unlike human users, NHIs cannot be protected with Multi-Factor Authentication (MFA), which makes it harder to limit the impact of breaches.

With traditional identity best practices rendered obsolete and NHIs proliferating every day, the industry needs solutions to properly secure this massive attack surface. Implementing an NHI management platform empowers organizations with:

• Complete visibility, providing a holistic view of all NHIs, and understanding their usage; dependencies; and relationships within an IT stack.
• Proactive security posture management, continuously assessing and improving the security posture of NHIs, and taking proactive measures to mitigate risks.
• Automated governance, automating the entire lifecycle of NHIs from discovery to decommissioning, ensuring robust security and operational efficiency.
• Seamless integration, integrating with an existing security stack, providing a unified approach to identity management.

What kind of skill development and hiring trends do you foresee for cybersecurity professionals in the next 3 years, and what is your guidance for professional development?

Danny: The cybersecurity field will increasingly demand professionals who combine technical expertise with a strong understanding of business objectives. As the threat landscape grows more complex, organizations will prioritize candidates with a hybrid skill set—deep cybersecurity knowledge paired with expertise in risk management and regulatory compliance. This shift will be driven by the need for cybersecurity to be seamlessly integrated into broader enterprise strategies, moving away from a siloed approach to one that aligns directly with overall business goals.

My guidance for professional development is to stay closely connected with the market and continuously adapt to its evolving needs. Just as I stress the importance of customer engagement to understand pain points and expectations, cybersecurity professionals, especially early in their careers, should seek feedback, attend industry events, and collaborate with peers to stay ahead.

What are your top predictions for the cybersecurity market in 2025?

Danny: Cybersecurity will have to evolve alongside rapidly advancing technology. Just as modern cars require advanced safety features to match their increased speeds, cybersecurity measures must adapt to the new reality. Traditional tools, including Identity & Access Management (IAM) and Privileged Access Management (PAM) solutions, originally designed for a world where information was primarily accessed by humans, will no longer suffice. Instead, there will be a shift toward more intelligent AI-powered systems capable of making sense of the complexity of modern environments.

Please tag a leader in the cybersecurity industry or an influencer you would like to invite to a CyberTech Top Voice interview roundtable discussion.

Danny: Erik Wahlstrom, Gartner VP Analyst and Key Initiative Leader of the Identity and Access Management team within Gartner for Technical Professionals.

LinkedIn: https://www.linkedin.com/in/erik-wahlstr%C3%B6m-98bba117/

Thank you so much Danny for participating in our CyberTech Top Voice Interview series. We look forward to having you and Oasis Security again!

Recommended CyberTech Interview: Fintech’s Digital Fortress Under Attack: Cybersecurity Challenges in 2025

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com