Skip to content

Mike Cioffi Joins Vorlon as VP of Customers

Throughout my career in cybersecurity, I've had the unique privilege of being at the forefront of technological innovation. This journey has not only allowed me to witness the birth of groundbreaking technologies but also to participate in shaping new industry sectors.

Nearly two decades ago, I joined Solidcore, a small but ambitious startup, with a vision to redefine the antivirus (AV) and host intrusion prevention systems (HIPS) landscapes through application whitelisting. Our pioneering work did not go unnoticed, leading to an acquisition by McAfee. This pivotal moment marked the beginning of a decade of success, integrating this technology into critical infrastructures like ATMs and point-of-sale systems.

Following my tenure at McAfee, I continued my adventure at Palo Alto Networks, where I was involved in the development and expansion of Security Orchestration, Automation, and Response (SOAR). The acquisition of Demisto by Palo Alto was a game-changer, solidifying our leadership in the SOAR domain. During this period, I also explored the nascent field of Extended Detection and Response (XDR), which has since evolved into a cornerstone of modern cybersecurity strategies.

As I embark on my latest role as VP of Sales Engineering and Customer Success at Vorlon Security, I am thrilled to join forces with renowned industry veterans, Amir Khayat and Amichay Spivak. Our mission is clear: to revolutionize third-party API security for Security Operations Centers (SOCs) globally.

Today, a staggering 83% of internet traffic is attributed to API calls, as highlighted in recent findings by Akamai. These interactions, predominantly automated and transpiring between SaaS applications, often occur with minimal oversight and excessive privileges, posing significant security risks. With enterprises deploying an average of 200 self-published APIs, and consuming over 25,000 third-party APIs, the challenge of securing these interactions is monumental. Implementing a zero-trust security model, which advocates for "trust nothing and verify everything," becomes exceedingly challenging within any enterprise environment. The management of secrets and tokens, typically handled by application owners in various business units or IT administrators, leaves security teams in the dark, with no visibility over the business’s data flowing between multiple third-parties. 

At Vorlon Security, we empower security teams by providing them with tools to regain much needed visibility and remediation controls. Our solution enables continuous monitoring of data exchanges between third-party applications, enhances API lifecycle management, and detects anomalous API behaviors. 

As we gear up to tackle the ever-evolving cyber threat landscape, it is clear that the issue of third-party API security demands urgent and proactive attention. The misuse of APIs and secrets has led to significant security breaches, highlighting the need for proactive defensive strategies. At Vorlon, we are dedicated to equipping SOC teams with the necessary tools to strengthen their defenses and provide peace of mind for users worldwide.

The journey through the realms of cybersecurity continues, and I am excited to contribute to this critical fight alongside a talented team at Vorlon Security.