1Kosmos CEO Hemen Vimadalal Podcast Interview with Karla Reffold

Karla interviews Hemen Vimadalal, CEO at 1Kosmos and an investor in a number of cybersecurity businesses. Hemen talks about his experience with identity theft and how that has driven him to create a business that helps solve the problem. Karla and Hemen also discuss the state of cybersecurity as well as things that are important for any would-be entrepreneur.

Listen to the full podcast here.

Welcome to The Capital Tea Podcast where CEOs spill the secrets on issues that are important to them. The podcast is sponsored by Jenny from Decipher Cyber. Jenny provides you with on-demand access to 360 degree trusted research and focused market intelligence on cyber technology vendors and service providers. It’s also sponsored by Orpheus Cyber whose threat intelligence backed Cyber risk ratings and risk-based vulnerability management products are trusted by major organizations worldwide.

Today, I’m speaking to Hemen, who is the CEO of 1Kosmos, which helps secure online services from password-based attacks with a next gen approach to multi-factor authentication. Delivering a frictionless user experience. Hemen’s successful Cyber career is driven by his own experience of identity theft. We’re talking about the importance of purpose, how he built his business, and why entrepreneurs don’t quit.

Hemen, thank you for joining me. We’ve got a really great conversation planned for today.

Very, very happy to be here, Karla. Good morning.

One of the things I’m really excited to talk to you about is you shared with me the reason why you got into security and fighting fraud. So can you tell us a little bit about that?

Absolutely. I came to this country in the early 2000s. The best part about coming from India is you dream about coming to America and getting education out here and then hoping to get a job. That’s exactly what you would do and that’s the American dream for the people in the East. So I came here successfully, I went to my university but the first thing that I had to do was I had to go in and apply for my Social Security Number, then open a bank account and as soon as that process happened, which was very extremely tedious, I realized that I needed a credit card. I applied for a credit card. Was a student credit card and I realized that this credit card was going to be very, very important. We never had a credit card system in India at that time. And so I used to never carry a credit card but I learned how to carry one.

Very soon, started swiping away as a student at different locations. I realized that every day when I was swiping a transaction, 15, 20, 30 cents of transactions were being taken away from my account. And that was alarming for me because over time it accumulated to a few hundred dollars. I called up the bank and the bank said, “Yes, your card is compromised. Your identity is compromised,” then I called up my university to find out what is a process to file a claim for all of this. They helped me out.

And very soon I realized that my Social Security number was compromised because there was a bank account that was being opened in my name at my credit union in California. So my identity was not only compromised from a payment perspective, but my identity was also compromised from a financial perspective. And so that was extremely alarming in the first two years of coming to this country and trying to build a credit to rent a house, to do other things. Since then, I realized that this is one area if I as an individual can get compromised, anyone can get compromised. And that’s really started my thought process and love and passion to fight fraud and identity in the industry.

It’s one of the things I think we talk about insecurity as fighting criminals and stopping this happening from people. I think we really overlook and don’t talk about very much that human impact and that element where the fear that you are going through because you probably don’t really know what this is and how you fix it and then that impact. That impact on your credit score and the fact that it’s really hard to do anything in America without a credit score, getting a mobile phone, getting a cell phone, getting like you said, somewhere to rent and even ultimately I’m assuming you had aspirations to buy a house. It’s really hard to do those things and the emotional impact that takes on somebody. I think we really don’t talk about that much.

It’s surprising that so many people are left with identity fraud issues and it really, really affects you mentally. Psychology gets disturbed because like you said, your definition of a good standing citizen is defined in the world of financials is defined by a good credit. You can get a car, you can buy a house, you can rent a house, you can do so many things with a good credit. The first thing that happens if your identity is under compromise, is your credit is going to get affected because it’s so easy in today’s day and age to use someone’s Social Security number and compromise that person’s identity to do so many things even starting with the most basic thing. Getting in on any credit line in a bank.

And as soon as that happens, it takes a few years to actually get back to normal. You have to work your way back again in all paperwork. You have to work your way back again in all proofs that where all you’ve lived, what all you’ve done, where all you’ve worked, which you universities you’ve gone to. So your entire identity is checked all over again. And these are some serious issues that affect a person’s mentality. And so it is unfortunate that we as practitioners don’t talk about the emotional impact on an individual, but we all is related to the financial impact it causes an individual. In my point of view, it’s pretty much an equal financial impact.

Yes, but emotional impact when identity gets compromised. And for a common citizen earning a paycheck to paycheck, which is really the target for fraudsters. This is one of the big issues that the country is facing even today and the country will face in the next five years, especially with all the ransomware attacks that are happening. If your identity is compromised, imagine all the personal ransomware issues that you potentially could face in the future. And we are not talking about ransomware at the company level. We are talking about the ransomware at the individual level in the world today.

Well, absolutely. And one of the things you said that I thought was really interesting it was a few cents. It added up to a hundred dollars over a short period of time. Like that’s not a huge amount of money. That’s the amount of money where, unless you’re really going through your bill, you might not really notice. And it feels like that’s a tactic, right?

Absolutely. That’s exactly the tactic. The fraudsters are very, very smart. They follow a certain pattern. They follow a certain way of doing things and a few cents to a few dollars, which you really don’t notice. They become hundreds of dollars on your statement and as students, you don’t do too much of checking on a daily basis. But then when you realize, it adds up and accumulates to a few hundred dollars, that’s a big impact because you are really working for six and a half dollars an hour. And when someone steals a few hundred dollars from you, that is a big impact. But such an act by the fraudster to ensure it goes over a period of time so that you don’t actually notice it. Because if they do a one transaction for a large amount, you can easily claim that.

But if they do multiple transactions for smaller amounts, you might not be able to claim all of it. So it’s an amazing strategy has been going on for years. It still continues in different ways, shape, and form and there are so many things that the industry has done in terms of trying to put bandage on top of this problem. But no one has really addressed the core problem of digital identity compromise, and that’s what we are here today to do in my new organization. Is we are here to stop fraud for your online identity, essentially. That’s the premise with which… That’s the mission of our organization and ensure that citizens are always in control of their identity and they’re able to own and manage the credentials online whether it’s for authentication, whether it’s for transaction, whether it’s for anything else that they need to do on the internet.

I really love that’s the outcome from this. I always say, the hardest times in my life where things have really gone wrong, I look back and to me they are the best things now that happen because they set me on a different direction, a route that led to great things that probably wouldn’t have happened had those bad things not happened. And I really love for you that actually the business that you now have, it comes from a real personal mission. This isn’t just a corporation and a venture money making venture for you. There’s a real passion about the mission of the company.

Absolutely. And you can always hear it from my voice, and a lot of my customers, partners, advisors, call me super energy or high energy kind of an individual. But that’s only because of the passion that I have for the space. The passion that I have to solve this problem. Passion I have set to accomplish the mission associated with this issue that is out there. And as an individual, I’ve always been an optimist. So try to make the positive out of any situation whether it’s a negative situation or it’s an average situation, try to make the positive out of it and learn from all the negatives, but not get driven down by those negatives.

I think these experiences that I’ve had being an independent individual, coming from the shadow of your family back in India to being an independent individual out here, learning how to live life alone, learning how to overcome fraud, learning how to overcome the comfort that the family gives you and being independent starting with washing dishes in the university which we used to never do back home in India, all of this just makes you an extremely strong individual with a mindset that, “Wow,” there is always light at the end of the tunnel. The grass is always green on the other side. And here we are today solving problem after problem which is real life issues that affect individuals on a daily basis. And so yeah. Absolutely.

That’s an amazing mindset to have for anyone I think in any profession. One of the things that you said around that couple of dollars, I really feel like we have an economics problem in security because the couple of dollars is probably not worth the credit card companies and the organizations going back and refunding that or squabbling over that. All companies have a level at which they will just write something off because it’s not worth the effort. We have this same problem I think with ransomware where it’s actually cheaper to pay a ransom than it is to go do the backups since the problem’s going to persist because we’re going to keep funding it. So how do you think we’re going to solve that as part of that? Solving the identity problem and solving the issues that people have when they do get compromised? How do you see that tying into the economic is of it all and the issue we have there?

Look. One thing is very clear, right Karla? Is we as professionals in cybersecurity world today, are in the defensive mode. In the defensive mode because these nation state actors, these Cyber criminals and average Joe criminals on the internet, their job is to find loopholes. They get paid to actually break into someone’s system, they get paid actually to Cyberbully, they get paid to perform a ransomware attack. And we all know that there is no easy answer as cybersecurity professionals. We are always a couple of steps behind those fraudsters and nation state actors. And the reason behind this is purely because of the infrastructure, the computing and their business is to do this. And our business as individuals is to help organizations overcome some of these things or reduce the pain.

We cannot eliminate the pain, but we have to reduce the pain. And so the idea is ransomware attacks, especially with businesses who are focused on building innovative products, selling to their customers, increasing their top line, their focus cannot go in just building a highly secure organization because takes away the time and energy from building a strong business. But what they can do and we are helping organizations do is how do you respond in adversity? How do you ensure that if you are breached as an organization, or as an individual, how you react to that situation and how quickly you come back from that situation? So you’re right. Organizations are just setting up some dollars aside from a ransomware, from a breach standpoint, it affects a little bit of their profitability.

But the truth of the matter is we are always going to be catching up against these criminals because they have become very, very innovative, very sophisticated in how they approach things. And they’re going to continue with the advance of computing, with the advance of new edge encryption technologies, etc. These guys are always going to be a few steps ahead. So reducing the pain, reacting to the situation, and ensuring that you respond very quickly is currently the name of the game. Yes, we as a cybersecurity industry are also towards preventing these breaches or attacks. But that’s a very tough proposition because prevention has to have a lot of different strategic initiative that need to be taken in an organization especially with President Biden’s initiative around zero trust.

That’s not a technology that you’re deploying. That’s a business in itself that you are implementing in an organization and it takes several years to implement that strategy and realize that strategy because it’s a tough one because you are literally locking down your entire organization with things. So you have to take it step by step. While we work on prevention, how do you detect and respond is very critical. Now in terms of economics, look, organizations have definitely upped their cybersecurity spend. We can see in the industry, the growth of all the cybersecurity companies growing in leaps and bounds.

And there’s a reason behind this. It is because a lot of these innovative Companies solve real problems and they solve problems to help organizations but they are not solving all the problems. And no one can solve all the problems. So you reduce the impact and the spend in the cybersecurity has gone up, but organizations finally have said, “Yes, we know we are going to get breached. Yes, we know we are going to get compromised. How do I reduce that impact for my people, workers, employees, customers, consumers, and citizens?” That’s the idea out here. In today’s state, it’s going to be a journey to get to a state where we can be on the offensive rather than the defensive.

That mood has definitely shifted. I think to recovery and response and I think there’s a big gap there as well in the market. There’s not as many companies in the recovery response base as there is in the prevention. The prevention and the detecting space. It’s a really interesting shift I think for us as an industry. You have invested and been a part of many businesses in this space over the years, so what have you seen from those businesses around how things have changed and what’s been successful?

I think the industry has gone from solving point problems to providing a platform. And as an investor, as a board of director and advisor to so many organizations now along with running doing my daily job with my company and driving that. What I see is the passion in which a lot of entrepreneurs are addressing real life problems. And I think that’s the first thing that is needed is for people to come into cybersecurity. Is you really need to have the passion because that problem is a tough problem. That problem is a problem that you have to ways know that you’re going to be in their defensive, right?

So imagine going into a game where you’re going to lose, but how badly you’re going to lose, is the question, right? And so what we have seen is analytics, data science, advanced computing, AI and machine learning are the new ways in which you can really, really predict what is going to happen in an organization. So that trend of a prediction versus just experiencing things that are happening in the current state versus predicting what is going to happen in the future state has become a big, big trend and a need for organizations. And so I would say the biggest trend that I’m seeing in the industry is intelligence and also behavioral prediction about what and how the breach could happen and how could you reduce the impact in the organization with that.

And artificial intelligence has really, really helped. Big data systems have really, really helped in addressing these issues. That pivot point that change is one key theme in the cybersecurity industry that has happened. And secondly on the side of identity, I would say identity problem has been very siloed away from traditional security issues. And it’s funny that I said identity is like the stepchild of cybersecurity and all the last five years, you’ve realized that all the security issues that have happened, happened because of identity compromises. And so what we’ve seen is a huge number of advancements in the identity space itself where you have decentralization, you have the capability now to have seamless frictionless but highly secured identification of an individual on a digital property, on a service provider, and also use that same identity to authenticate into your banking sites, authenticate into your workplace environment and transact and pay dollars to either your friends or from your businesses as well.

So identity has made a ton of advancements which used to be… Identity used to be known as something like user ID, Karla and password being password one two three to now Karla being really a Karla, right? And you’re going to see a lot more work in this space but that’s the other advancements and the biggest news out here is cybersecurity professionals have realized that everything starts with identity. It’s the core. Hackers, fraudsters are all trying to get to your identity to perform any breach or any invasion in your environment because that’s the easiest route. That’s the least expensive route to get there.

And what do you think we’ll see from recovery for identity? Like you’ve explained. It’s a couple of years, it’s a lot of paperwork, and a lot of effort to get your identity back on track. Is that improving?

Yeah. I think the banks have done phenomenal. Of course, there’s so much work to be done in this space but banks have done phenomenal. Credit unions have worked together to fight fraud. So that process of reclaiming your identity, restarting your journeys, has gotten a little better, but it’s still very complex Karla. Because the fraudsters also at the same time have gotten more intelligent and they’ve got more money, more power, more computing to compromise you and without you knowing. Think about the number of identities that you have online today. On an average, an individual has close to 200 different identities online. And what I mean by identity is you have multiple different accounts that you have opened in the online world. And I’m telling you more than 65% to 70% of those accounts, you’ve actually not used in the last one year.

And so they are still active. Karla is still active as in those digital properties on the service providers, but Karla has actually not used it. And some of those low hanging fruits is what fraudsters go after and before even you find out that you’ve a compromised identity, you will realize it after a few months. The biggest challenge is not the recovery of the identity because the pain has reduced on that side but it’s identification that you’ve actually been compromised, is a bigger issue. You might have heard about the identity compromises especially with COVID vaccination cards. There are a couple of individuals that just got arrested.

They made 1.2 million just selling fake COVID identity cards in the last year or so. And in this trend, continues because they are motivated by money, they’re motivated by things that give access to citizens. And at the end of the day, you realize that you’re in a state where your identity has already been compromised, people like using your name, your Social Security number but it’s too late because the damage is already done and now you have to go in and rebuild all of it. You know?

I do. So if we go on to talk about you as an entrepreneur, what are the things that you’ve seen that really work in a business. For anyone that’s thinking about doing it, because there are a lot of security professionals that have ideas and aspirations of having their own security companies and solving some of their own issues. What have you seen that really works?

First of all, I’m a big proponent of entrepreneurship. I’m a big proponent of people trying to come up with their ideas and at the same time learning how to execute. So none of us in the space have always been 100% successful. As an entrepreneur you got to learn how to fail and learn from your mistakes. And I keep saying this in all my discussions with my teams, etc. It’s not how you succeed the next day, it’s actually how you really learn from your failures, and how you get back and actually use those failures as a motivation to be successful tomorrow.

So I think that’s a critical part of it. But as an entrepreneur from my perspective, solving real life problems with customer pain points. So customer comes at the heart of it and anytime you’re building a company, a product or a service, you got to keep the customer in mind and you got to have a certain customers who believe in the problem statement that you’re trying to solve. Because building something in a silo just because you think it’s a good idea is, it will not be a good outcome usually.

So customer centricity is extremely critical. Solving that real life problem in customer centricity mindset is very important. The second is the right team. And such a cliche is no matter how big an idea you have, no matter how big of a customer problem that you’re trying to solve for, if you don’t have the right team with the right mindset, who believe in the vision, mission of the company, it’s going to be extremely hard journey for you.

It’s going to be a hard journey as an entrepreneur anyways. Why don’t you make it a little less hard with the right team and the right individuals. So the right team with the right skill sets are very, very critical. As entrepreneur, you want people to challenge you. You want people to ensure that your team is open, honest in terms of making sure that you as an individual are not making mistakes and they call those out. And the third and the last is relationships. I think it’s very, very important to build great relationships in the industry. As advisors, mentors, customers, business partners, individuals, competition because they go a long way. That builds your network, that builds your are learning. You learn a lot more through relationships and you ensure that those relationships can help you out. You can help them out in the future as well. So relationships are very critical as an entrepreneur to get up the ground and ensure that you have people by your side at all points in time.

I love all of that. I’ve sold two businesses, I’ve done a third that’s profitable, but I’ve also failed too and I think I will definitely learn a lot from those failures. And learning a lot about how the people around you really make a difference because-

Karla, I think that’s the most important thing what you said is. When I invest in a business, the first thing that I try to look for is how many times have you failed? And if the entrepreneur tells me that I’ve not failed a single time, well, that means you need to do a little bit more before I can invest in your business. And I can partner with you. It’s not like I will not partner with you but I just need to wait until I hear some interesting stories from you.

So that’s important and the second is if you are starting out as an entrepreneur and you’ve always worked in a corporate life or you’ve just graduated from university, learning from the failures in those categories also is very critical because you always want to experience failure. That’s the most important thing and some of the largest and the biggest leaders in the space today, they always talk about this and it’s a real thing because I’ve experienced it myself at the capacity at which I am. And I’m fortunate enough to mentor a lot of people. But you got to experience a failure in order to be successful in the future.

I completely agree. And that thing about relationships as well. I think relationships is important whether you want to be an entrepreneur or whatever you want to do. And we see it a lot at the moment people trying to break into cybersecurity and the thing I always tell them, the one consistent thing is build your network. Actually you can learn most other things, but you can’t so of ever go back and build that network. And that network will help you whatever it is that you do. Whether that is sales, or feedback, or additional learning. It’s the most underestimated thing, I think it’s building that network.

Relationships and building that network is one of the top three items like I said.

And you’ve done it a lot of times. It’s hard to come back from a failure and… Actually there’s a point where if you’ve been successful, maybe you don’t need to keep doing it. You don’t need to keep putting yourself through the stress that comes with running a business. So what make you keep going and keep doing it?

Absolutely. And so at some point when you’ve gone through the journeys of being successful, you already know that you’ve failed a few times. So building a new business becomes a little bit easier, but I can assure you no matter how many times you’re successful, you will experience some setbacks even in your new venture. So you got to not leave those basic principles of life saying that, “Nothing comes easy,” no matter how successful you are. And that’s the mindset that you have to go with. So no matter where and when… People have ask me, “What are you doing? Why are you not retiring?” So I’m like now at the stage in my life where retiring is not an option. I still feel too young to retire.

But more importantly is now the drive is not just driving customer problems, solving customer problems and of course having a great financial outcome, the drive is actually truly just solving real life problems that affect individuals. That’s the drive. And making a difference in that space, its very different mindset than building an organization for a great outcome. Rather building an organization for a great cause. Those are the two different mindsets. And I’m in that second mindset right now.

And I think we’ve kind of come full circle to that mission really driving you to build your business and to make the world a better place, to make the problems that you’ve suffered not a problem that someone else suffers. Thank you so much for coming and sharing that story with us and those tips for entrepreneurs as well.

No. Thank you, Karla, for having me and it’s a great start to my morning. So this is my coffee.

That’s great. Thank you.

FIDO2 Authentication with 1Kosmos

Read More