CyberTech Top Voice Interview: Sivan Tehila, CEO and Founder of Onyxia

Hello, CyberTech community. Welcome to part #18 episode of the CyberTech Top Voice interview series with Sivan Tehila, CEO and Founder of Onyxia.

Happy Women’s Day and Month to all our readers. 

This is our exclusive “Women Leaders in CyberTechnology” top voice conversation, featuring one of the most renowned CEOs in the industry. As part of our initiative for women leaders and emerging talent in cybertech space, Sivan Tehila sat down with us to share her incredible insights on transforming cybersecurity management for CISOs. With experience in Israel’s Intelligence Corps and consulting for critical infrastructures, she founded Onyxia to streamline security program management and operations using AI-driven insights. She highlights the complexity of cybersecurity, the need for automation, and the growing role of AI. Sivan also emphasizes cybersecurity education and women’s empowerment in tech. Onyxia helps CISOs optimize risk management, compliance, and security alignment with business objectives.

Hi Sivan, welcome to the CyberTechnology Top Voice Interview Series. Please tell us about your role at Onyxia and your founder’s journey.

I founded Onyxia with the vision to transform the way CISOs manage their cybersecurity programs. Prior to founding Onyxia, I had several roles during my career in the cybersecurity field, including CISO of the Research and Analysis Division and Head of the Information Security Department of the Israeli Intelligence Corps. After, I consulted on cybersecurity for Israel’s critical infrastructures and defense industries. During my time working as a security leader, I observed the disastrous impact of cyber attacks on government, businesses, and individuals, and in parallel, the struggles CISOs experienced in manually measuring and justifying the impact of their cybersecurity investments. I felt that security leaders could be better prepared to defend their organizations against threats with a core Cybersecurity Management Platform. This became the inspiration for Onyxia.

What makes the global cybersecurity landscape so complex to deal with? How does Onyxia simplify this for CIOs and CISOs?

The threat landscape is becoming more complex with advancements in AI, and for CISOs and Security Leaders to be able to address these new challenges they need to first have a strong cyber defense foundation. Still, CISOs often struggle to track and manage upwards of 50 security tools and measure and report on their security programs through manual data collection and spreadsheets. These processes exhaust resources and time that could instead be used for threat defense and risk management. 

With increased emphasis on cybersecurity and attention from global regulating bodies, boards are expecting their security leadership to answer how they are quantifying and measuring the business impact of their cybersecurity programs. 

Onyxia empowers CISOs with an AI-powered and data-driven Cybersecurity Management Platform that delivers real-time security assessment and benchmarking, security stack coverage visibility, predictive insights, and streamlined board reporting. With Onyxia, CISOs gain a dedicated platform that optimizes their ability to ensure organizational compliance, improve risk management, and align their security initiatives with business goals.

Recommended CyberTech Interview:  CyberTech Top Voice: Interview with Zimperium’s Krishna Vishnubhotla

What types of content should CISOs and Security leaders consume and subscribe to strengthen their cybersecurity management practices?

One of the most important aspects of strengthening your security program is understanding how your performance measures against your industry peers. This is why, for the last two years, we published reports of research surveys we conducted with hundreds of CISOs. These reports, Key Metrics to Defend Against Threats: The CISO’s Perspective and Regulations, Reporting, and Risk Management: The Voice of the CISO,  share valuable insights into how CISOs are setting their targets and inform the community of recommended performance ranges. We also provide important benchmarking information within our platform.

Onyxia recently published “The Definitive Guide for CISOs: Cybersecurity Board Reporting.” What are the key highlights of this whitepaper and its benefits for the security teams?  

Yes, and we collaborated with and got so many important insights from our CISO advisor, Rinki Sethi, VP & CISO of BILL. For me, the top 3 that stand out are:

Cybersecurity Board Reporting is an Art, Not a Science: When it comes to cybersecurity board reporting, there isn’t a one-size-fits-all approach. Unlike established C-suite functions, cybersecurity reporting is a relatively new practice with less standardized structures.

Tell a Data-Driven Story: Present the data in a narrative format that makes it easier to convey your security team’s efforts and the impact of their work. This can include highlighting successful security awareness campaigns, sharing anecdotes about incident response, or discussing future security initiatives.

Know Your Audience:  Dedicate time to learning your audience before crafting a cybersecurity board report. Try to have one-on-one conversations to discuss their concerns and what they’re hearing about cybersecurity, gauge the board’s overall cybersecurity knowledge, and agenda setting to collaborate with the board to establish a clear agenda for cybersecurity reporting throughout the year.

Which cybersecurity categories have the highest potential to grow in market size and revenue generation? 

Well, of course, I am a big believer in AI/ML Security Analytics, CPPM (Cybersecurity Program Performance Management), CDPO (Cyber Defense Planning and Optimization), CTEM (Continuous Threat Exposure Management), and Predictive Security categories. I believe the rise of new industry regulations, increasing demand for security leaders to report to the board, and advancements in AI make all of these categories especially relevant in the current market. 

Where would you bet in terms of Cybertech innovations and why? 

In cybersecurity, we always have the opportunity to innovate because there are always new threats. In particular, I am excited about the potential of AI and ML for cybersecurity management. I always say that when I was a CISO, it was my dream to be able to wake up in the morning and ask a service like Alexa: “What are the top 3 things I should be aware of? What are the top 3 things I should focus on? What are the top 3 threats I need to be afraid of?”

And now, with machine learning, generative AI, and predictive analytics, this dream can truly become a reality. And I’m positive that if I wished for this as a CISO, I’m not the only security leader that’s been hoping for and looking forward to this kind of innovative technology.

This is why I’m so proud of what we’ve developed with OnyxAI, Onyxia’s Predictive Cybersecurity Management Engine. We integrate with, collect, and analyze data from the organization’s entire security ecosystem, and then we utilize AI and machine learning to cut through the noise and provide security leaders with actionable insights on how to optimize security program performance, address gaps in coverage, and predictively reduce risk. So far, our customers have given us amazing feedback on the insights they’ve received and how they’ve positively impacted their cybersecurity programs.

Please tell us what a modern CISO’s enterprise security tech stack in 2025 should look like. What are the benefits of having AI-powered tools in the Cybertech stack?

Recommended CyberTech Interview: CyberTech Top Voice: Interview with ABBYY’s Max Vermeir

It is important to have a stack that offers full coverage over all their security domains and keeps them in compliance with regulatory requirements. The problem there is understanding what you already have in your stack: Where do you have redundancies or gaps? How are you allocating your budget? Am I overspending in one area? Can I redistribute my spend to improve my coverage? That is where Onyxia’s Security Stack Management solution comes in. We make it easy to track your spend, evaluate your tech stack coverage, and provide AI insights into the performance of your stack. 

What are your predictions for the cyber tech market in 2025?

My prediction for the cyber tech market in 2025 is that automation will become increasingly relevant in light of the ongoing talent shortage. This comes from my perspective as a cybersecurity entrepreneur and educator. In addition to being the founder and CEO of Onyxia, I’m also the Program Director and Cybersecurity Professor for the Cybersecurity Master’s Program at Katz School of Science and Health, Yeshiva University. I see that while we face a talent shortage in our industry, we also have so many new evolving threats. So we need to educate more people and students to grow the next generation of security experts and CISOs, and also, come up with technologies to help us automate manual processes.

Tag a leader in the cybersecurity industry or an influencer you would like to invite to a CyberTech Top Voice interview roundtable discussion: 

Any one of our CISO advisors would be an amazing choice for the roundtable discussion. I would recommend Rinki Sethi, VP & CISO of BILL, who was instrumental in guiding us in publishing our Cybersecurity Board Reporting resource, Lucas Moody, SVP & CISO of Alteryx, or Chris Roberts, Deepfake Cyber Strategist at WWT, all of whom have participated in our Conversations with CISOs.

Thank you so much, Sivan, for your delightful insights. We look forward to having you again at the CyberTech Top Voice engagements.

Recommended CyberTech Interview: CyberTech Top Voice: Interview with Oasis Security’s Danny Brickman

To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com