Yuval Sinay is Head of Active Cyber Defense (ACD) Department in Israel National Cyber Directorate (INCD), specifically the areas of vulnerability research, secure development lifecycle (SDL), cloud security, supply chain, risk management, data protection and cyber regulation as well as emerging technologies. In his previous role, Yuval was the Head of Cyber Security Governance Risk and Assurance (GRA). As part of his past role, Yuval was responsible for developing and publishing a series of professional documents, such as guidelines, best practices and Israel Cyber Defense Doctrine 2.0. The doctrine was recognized as a success story by NIST. Before joining to INCD, Yuval was the Director of Cybersecurity & Research in a special Science and Technology Directorate (S&T) unit, founder of two startups and held a various cybersecurity role in a major-banks.

Yuval has a MA in Armed Forces and Security Studies, Cyber and Strategy track from the Bar-Ilan University, Practical Chemistry Engineering and well-known certifications such as CISSP, CISM, CRISC, CCSK, ISO 27001 Lead Auditor, CAIDP AI Policy Clinic and C|CISO.

Due to Yuval contribution to the professional community, Microsoft recognized him as a Most Valuable Professional (MVP), when the last area of recognition was enterprise security.

Why I chose Cybersecurity as my field: In the early ‘90’s when Yuval was a student, he first became aware of the high impact of Information Technology (IT) on our life. In 2003 Yuval was a team member handling an outage incident caused by the spread of the SQL Slammer worm in the infrastructure of an international enterprise. The high negative impact of the incident on the business activity made him realize that it is necessary to promote the issue of information security (IS). However, the field was in its infancy, the decision makers had partial or non-existent awareness to risks, there was no common regulation and the accessible professional knowledge was quite limited. Yuval understood that we were facing a challenging journey, and with the help of a number of professional colleagues, we began to promote the implementation of information security principles in various organizations. Over time, the attack surface and the activity of attackers increased, who took advantage of vulnerabilities in software components, and the negative impact visible to all. This situation made Yuval realize that the key to success lies in the activity with the development teams, when on the one hand it is important to preserve their elasticity and work methods, but on the other hand there is a need to integrate processes, people and technology (PPT) aimed at reducing the risk to the enterprises and customers.

The professional field has been evolved over time, and is now known as cybersecurity. Although the awareness of the decision makers has increased, and the regulation has begun to incorporate different security requirements, we are still in the middle of a challenging journey. Yuval look forward to the day when “secure by design and by default” principles will be the basis for any new product and service, and that the use of cyberspace will be safe for all of us. From Yuval point of view, Cybersecurity is not a technological challenge, but a strategic one. To us as individuals, enterprises and at the cross-national level.