The Co-founder and CEO of Tinfoil Security, Inc., Ainsley Braun has a demonstrated history of success in the computer and network security industry. She is a strong executive skilled in UX, business development, entrepreneurship, and culture building. Having more than seven years of experience in the cybersecurity industry, Ainsley holds four patents and one more is currently pending.
Ainsley is a member of the Silicon Valley Leadership Group (SVLG). This group represents more than 400 of Silicon Valley’s most respected employers on issues, programs, and campaigns. Ainsley is also a Board Member on the council for Women in Cybersecurity at California Technology Council (CTC).
Ainsley’s Journey from Identifying Cyber Risks to Fighting Them with Tinfoil Security
As a member of the Strategic Technology and Innovation division, Ainsley worked largely with US Department of Defense (DoD) clients. At DoD, she quickly realized the deluge of vulnerabilities facing almost the entire SMB market. She also discovered how many of the same security risks extended to larger enterprise companies. This led her to team up with a fellow MIT alumnus, Michael Borohovski, and build Tinfoil Security, Inc. Since its launch in 2011, Tinfoil Security has provided security for tens of thousands of clients, ranging from SMBs to the Fortune 100. Today, Ainsley is responsible for overall company strategy, marketing, and business development of the company. She also makes sure to instill a company culture that prides itself on community and collaboration.
Protecting Clients with Tinfoil’s Intelligent Solutions
Ainsley and her team have developed simple and developer-friendly services that enable users to scan their website for vulnerabilities and fix them quickly and easily. Tinfoil Security’s Web App Scanning service checks for the OWASP Top 10 web application security risks, as well as thousands of other known and zero-day vulnerabilities. Whenever a new version of a client’s site is deployed, the Web App Scanner checks it for proper security. It gets constantly updated in real-time, which ensures protection against the latest threats. Ainsley and her team regularly incorporate new tests and consistently score higher than any other scanner on open-source benchmarks.
The Tinfoil Security API Scanner is able to detect vulnerabilities in any API, including web-connected devices such as mobile backend servers, IoT devices, and RESTful APIs. The security concerns for an API are fundamentally different from those for web applications. The Tinfoil Security API Scanner has been built from the ground up to focus specifically on those API security concerns.
Security for Clients’ DevOps Workflow
Tinfoil focuses on building products that are thorough, easy to use, and effortless to integrate. It also allows the customer to empower their developers, regardless of their prior security training. Security teams’ efforts become more invested in strategic initiatives, rather than becoming distracted by constantly fighting common cyber-threats.
Tinfoil integrates with clients’ existing toolsets like JIRA, for issue tracking, or Jenkins, for their build pipeline and CI process. Ainsley and her team make it trivial to replay attacks, by providing a cURL command, which simply replays the precise request that exploited the vulnerability, including any signatures or required authentication.
Providing Seamless and Faster Security with Patented Technology
At Tinfoil, Ainsley and her team are continuously working to innovate on their newly released API Scanner, as well as continuing to ensure their Web App Scanner is the best on the market. They have developed unique features to offer a secure client experience. The following are some of the exclusive benefits of using Tinfoil’s services:
- Proven Record: Tinfoil’s dynamic heuristic testing allows the company to find more vulnerabilities than anyone else with fewer false positives. With her team, Ainsley has found nearly 4 million vulnerabilities on customer sites with fewer than 0.05% of them being false positives.
- Seamless Integration: The remediation instructions created by the Tinfoil team come with code snippets and are tailored to the application language the customer’s application is written in. Using these instructions, any engineer can effortlessly find and fix the root cause of vulnerability. The Tinfoil integration API enables clients to quickly integrate Tinfoil’s products into their DevOps lifecycle, along with continuous integration and issue tracker integrations. These integrations help Tinfoil fit right into the developer’s workflow.
- Faster Security: Tinfoil’s solutions make it easy for clients to push security priorities up the stack and empower developers to fix vulnerabilities nearly in real-time as they build. This significantly reduces exposure to cyber-threats.
- Digestible Data: Tinfoil provides clean technical information about website security health and vulnerabilities. One can replay attacks and rescan vulnerabilities with a single click. Moreover, immediate feedback shows the effect of a vulnerability on the application.
- Unique Patented Technology: Tinfoil scans the application every time a new version is deployed. Its patent-pending Login Recorder, which is available as a simple Google Chrome extension allows clients to teach the Tinfoil Security scanner how to authenticate into their application. Currently, Tinfoil Security holds four patents that fuel its products and make it stand out from everyone else in the security space, and has three patents pending, including one for its API Scanner.
Ainsley’s Thoughts About Current Cybersecurity Industry
Following her passion to safeguard enterprises from complex cyber-threats, Ainsley believes that enterprise companies prefer the “hear, speak, and see no evil” strategy while considering cyber vulnerabilities. She believes this cannot continue, however, as cyber-threats are becoming advanced and complex to solve. Enterprise companies need to take a more proactive approach to their cybersecurity needs and integrate or create tools that prioritize the safety of their own data, as well as their customers’ data.
Future of Business World
“Businesses need to be much more proactive in their approach to securing their websites and APIs. Hackers are continuously evolving, so we need to be innovating just as fast to prevent attacks and future breaches.” – Ainsley Braun