Hello, CyberTech community. Welcome to our CyberTech Top Voice interview series.
The latest CyberTech Interview features an insightful Q&A with Symmetry Systems’ Mohit Tiwari. In this conversation, Mohit discusses how data-first security is reshaping enterprise cybersecurity. He delves into the evolving challenges of securing complex information flows in modern digital ecosystems, where organizations face increasing risks from both internal and external threats. Mohit also shares his perspective on how data security strategies need to adapt to meet the compliance and security challenges of today’s cloud-driven world. Learn how Symmetry Systems is leading the charge in securing critical data flows and building robust, future-ready security architectures for businesses across industries with Data+AI security capabilities.
Join us in exploring the future of data security and compliance with Mohit Tiwari.
Hi Mohit, welcome to the CyberTechnology Top Voice Interview Series. Please tell us a little bit about your journey as an IT and security professional. How did you come up with the idea for Symmetry Systems?
Thank you for having me on the CyberTech interview series. Before Symmetry, and to this day, I am also a cybersecurity professor at the University of Texas, Austin. Symmetry grew out of our research at Spark Lab at UT Austin, where we were working on information flow security. The initial inspiration came from hospitals trying to enable complex-care for children across multiple applications while maintaining HIPAA compliance. We saw an opportunity to apply our research to solve real-world data security challenges.
Though hospitals weren’t ready to be early adopters, this led us to work with cloud providers, NSA, General Dynamics, and Lockheed Martin. By late 2019, we had enough validation to spin out Symmetry Systems. Our focus became clear: understanding how data flows between identities – whether human, machine, internal, or external. While others were focusing on securing endpoints, we saw the need to first map and secure core information flows. This data-first approach to security became our foundation for solving complex compliance and security challenges across enterprises.
Recommended CyberTech Interview: CyberTech Top Voice: Interview with AvePoint’s Dana Simberkoff
The biggest cybersecurity update of the year: Which one would you pick for our audience and why?
The Snowflake security incidents are particularly significant because they highlight how even sophisticated cloud platforms can be compromised because of reliance on basic authentication. What’s noteworthy isn’t just the breaches themselves, but the role that the shared responsibility model played in the media coverage and response. Ultimately Snowflake’s response – implementing mandatory MFA enforcement across their platform was a watershed moment for the industry because it demonstrated how a major player was forced to respond to a failure by their customers to implement appropriate security. It shows that sometimes the most impactful security updates aren’t about introducing new technology, but rather about ensuring fundamental security practices are universally adopted and properly implemented.
ConfusedPilot: Why is this suddenly in the news? What kind of threat does this pose to GenAI users?
The ConfusedPilot research has gained attention because it highlights a critical tension in today’s business environment. Companies are racing to adopt AI tools like Microsoft Copilot and other RAG (Retrieval-Augmented Generation) solutions because the business benefits are compelling – increased productivity, faster time-to-market, and improved operational efficiency. This rapid adoption is happening across industries, driven by competitive pressure and the promise of significant ROI.
However, research like ConfusedPilot serves as a wake-up call. In our haste to implement these transformative technologies, we might be overlooking fundamental security concerns. When a developer uses Copilot or a knowledge worker uses an RAG system, they’re essentially trusting these tools with sensitive business logic and data. The research shows how easily this trust can be compromised, potentially exposing intellectual property or sensitive data through carefully crafted prompts and inputs.
Data + AI Security: Please explain this from a CIO’s/ CISO’s point of view. How do you bring together AI + DATA SECURITY with Symmetry DataGuard?
From a CISO’s perspective, there’s a critical balance to strike. AI promises incredible efficiency – faster knowledge working, automated responses, streamlined operations, and reduced headcount. But here’s the challenge: AI is only as trustworthy as the data it’s trained on and accessing. If you can’t verify what data your AI systems are consuming or producing, you’re essentially building a high-speed highway without guardrails.
With Symmetry DataGuard, we focus on this balance. Yes, we want AI to help security teams work faster, but we need to ensure every AI-driven decision is based on verified, appropriate data – that hasn’t been altered. This means maintaining continuous visibility into firstly what data AI systems can access, how they’re using it, and whether that usage aligns with your security policies, and secondly what other users are doing with that data. It’s about bringing together speed and trust – enabling rapid responses while maintaining the confidence that your AI systems aren’t accessing or exposing sensitive data inappropriately.
Organizations are facing greater difficulties in safeguarding their sensitive data. What are some of the major challenges you’re assisting companies with?
The primary challenge we’re helping companies address is visibility into their data, its importance, and its usage. This allows organizations to govern and manage:
- Data sprawl across multiple cloud providers and environments
- Shadow IT and unauthorized data access
- Compliance with evolving regulations like GDPR and CCPA
- AI/ML initiatives
How are DevOps and SecOps teams coping with the modern compliance management systems? Any advice you would like to provide to these teams and security leaders?
All DevOps and SecOps teams are trying to shift left already, by building security into their development processes earlier. Compliance is usually driven by the sensitivity of the data in use. As a result, they should Integrate data security controls into your CI/CD pipelines early, and make data visibility a priority. Use automation wherever possible to maintain compliance without sacrificing agility. At Symmetry, we’ve seen the most successful teams are those that treat data security as a shared responsibility between development and security teams, rather than viewing it as a bottleneck.
How can any company effectively balance the need for innovation with the requirements of security compliance and data control?
Our slogan “Innovate with Confidence” highlights this balancing act. Organizations lack the confidence to innovate because they don’t have a clear understanding of the data that could be exposed. As a result, they struggle to build security and compliance commensurate with the sensitivity of this data into their innovation processes. We help organizations innovate by putting the guardrails, seatbelts, and paved roads they need to innovate by:
- Implementing automated data discovery and classification
- Creating clear data governance policies that enable rather than restrict
- Using tools that provide real-time visibility into data usage
- Fostering collaboration between security and development teams
- Adopting a risk-based approach to data protection
Recommended CyberTech Interview: CyberTech Top Voice: Interview with Jose Seara, Founder and CEO, DeNexus
What are the biggest cybersecurity threats in today’s digital world?
There are so many ways to interpret what “biggest” means in cybersecurity, whether it’s the most common, biggest impact, or the most sophisticated and impossible to protect against. Using these as a guideline, I would say :
- Most Advanced: Nation-state actors combining AI automation with zero-day exploits. They’re patient and sophisticated, and their ability to persist undetected in networks for months makes them particularly dangerous.
- Most Common: Still the basics – compromised credentials, misconfigured clouds, and business email compromise. AI is making these attacks more convincing, but the fundamental vectors haven’t changed.
- Biggest Impact: Supply chain compromises. When a trusted vendor or software provider is compromised, it can paralyze thousands of organizations downstream. What makes these especially dangerous is the limited visibility most companies have into their third-party data access.
What can we expect from Symmetry Systems in the coming months?
While I can’t share specific details, our focus remains on delighting our customers. At a minimum, this means enhancing our data security platform with advanced AI capabilities, improving cloud-native integrations, and expanding our ability to protect data across hybrid environments.
Can you give us a fresh cybersecurity tip for the current Cybertech and SecOps communities?
I would encourage your readers to stop thinking in technical terms and start thinking in plain English security outcomes. Ask simple questions like: “Which third-party vendors can access our customer data?” or “Who viewed our financial records in the last month?” If you can’t answer these basic questions quickly, you have a problem. Too often, we hide behind technical jargon and sophisticated tools while missing the fundamental need to know who’s accessing our sensitive information and why. Start with these straightforward questions, and you’ll quickly identify where you need to focus your security efforts.
What are your top predictions for 2025 in the cybersecurity domain?
I predict that we’ll see the first privacy-related fines targeting companies for mishandling metadata, not just primary data. Organizations will realize that metadata can be just as revealing as the data itself.
I also expect that the fallout from revelations about the Cyberstarts program will reshape how organizations think about security vendors, leading to stricter due diligence requirements for early-stage companies.
Lastly, AI will rapidly become both a target and a tool for attackers, leading to an arms race in AI security.
Please tag a cybersecurity leader or researcher you would like to get featured on the Cybertech Top Voice interview series:
Cecil Pineda – CISO at R1 RCM
John Sapp – Vice President, Information Security & CISO at Texas Mutual Insurance Company
Recommended CyberTech Interview: CyberTech Top Voice: Interview with Model N’s Chirag Shah
To participate in our interviews, please write to our CyberTech Media Room at news@intentamplify.com
About Mohit Tiwari
Mohit Tiwari is the CEO and co-founder of Symmetry Systems. Before Symmetry, Tiwari was a cybersecurity professor at the University of Texas, Austin where his lab was funded by DARPA and National Science Foundation, collaborating with teams at General Dynamics, Lockheed Martin, Intel, ARM, Google, and others. His work on high-assurance systems has received multiple industry and scientific awards for applied cybersecurity research, was transitioned to production by a startup (TortugaLogic) and large companies, and ultimately led to Symmetry Systems via pilots with cloud providers and hospitals.
About Symmetry Systems
Symmetry Systems is the Data+AI Security company. Our platform is engineered specifically to address modern data security and privacy challenges at scale from the data out, providing organizations the ability to innovate with confidence. With total visibility into what data you have, where it lives, who can access it, and how it’s being used, Symmetry safeguards your organization’s data from misuse, insider threats, and cybercriminals, as well as unintended exposure of sensitive IP and personal information through use of generative AI technologies.
Symmetry works with structured and unstructured data in all major clouds (AWS, GCP, Azure), SaaS storage services (e.g. OneDrive), and on-premise databases and data lakes. It is deployable in the most strictly regulated environments; as a read-only service, it inherits all your security and compliance controls (e.g. FedRamp). That’s why the most innovative Fortune 50 financial service providers, manufacturers, pharmaceutical companies, and federal agencies rely on Symmetry to protect their crown jewel data.
Powered by best-in-class AI, Symmetry provides organizations with the necessary toolkit to minimize data posture risks, demonstrate compliance, and react to threats and policy violations in real-time. Symmetry solves challenging problems for customers with ease, ranging from classifying custom data types, reducing data blast radius and attack surface, detecting ransomware attacks, enforcing least-privilege access, and more.
Born from the award-winning and DARPA-funded Spark Research Lab at UT Austin, Symmetry is backed by leading security investors like ForgePoint, Prefix Capital, and others. Symmetry is proud to be the only vendor of its kind to be both recognized as a “Cool Vendor in Data Security” by Gartner and achieve AWS Security Competency in Data Protection.