In this episode of The Defender’s Log, host David Redekop sits down with elite cybersecurity strategist Dr. Amit Elazari, co-founder and CEO of Openpolicy and co-founder of Disclose.io. The conversation dives deep into the critical intersection where digital defense, global regulation, and corporate compliance meet.
Key takeaways from the episode include:
- The Power of Coalitions: Meaningful policy relies heavily on public-private partnerships. Dr. Elazari highlights the critical role of industry collaboration in guiding government frameworks and supporting initiatives like the reauthorization of CISA 2015.
- Policy as Strategic Intelligence: Rather than just lagging behind tech, tracking future policy acts as a “crystal ball” for upcoming market requirements. Forward-thinking organizations utilize policy-as-code to proactively streamline compliance and manage exposure.
- The Cyber Incident Reporting Wake-up Call: With aggressive frameworks like Europe’s NIS2 and new US federal reporting regulations rolling out, practitioners must adapt to machine-speed compliance to counter sophisticated, AI-driven adversaries.
- Unleashing Innovation: Dr. Elazari encourages defenders and leaders to embrace AI to democratize access to policy intelligence and unlock fresh creative problem-solving across their organizations.
Ultimately, Dr. Elazari leaves defenders with a definitive piece of advice: “Make policy your power move.” Listen to the full episode to learn how to integrate policy risk into your predictive defense posture.
Full episode of The Defender’s Log here:
TL;DR
- Policy as a Roadmap: Upcoming regulations predict future security tech requirements and market demands.
- Policy-as-Code: Teams must automate compliance to match the machine speed of AI-driven attackers.
- Strict Reporting Laws: Global mandates (like NIS2 and US infrastructure laws) make rapid incident reporting urgent.
- Strength in Coalitions: Governments listen to industry groups; collaboration is key to shaping fair tech regulations.
- Direct Tech Feedback: Agencies like NIST want input; even small startups can influence global policy frameworks.
- The Power Move: Don’t just chase compliance—leverage policy defensively and use AI to accelerate innovation.
Links
View it on YouTube: https://www.youtube.com/watch?v=kXcligt4oB4
Listen to the episode on your favourite podcast platform:
Spotify
https://open.spotify.com/episode/2EwvnKBr6Z19rvk3MtuzTN
ADAMnetworks
https://adamnet.works
The Defender’s Log Full Transcript - Episode 25
Introduction
Host: David Redekop | Guest: Dr. Amit Elazari
Narrator: Deep in the digital shadows, where threats hide behind any random byte, a fearless crew of cybersecurity warriors guards the line between chaos and order. Their epic battles? Rarely spoken of until today. Welcome to the Defender’s Log, where we crack open the secrets of top security chiefs, CISOs, and architects who’ve faced the abyss and won.
Narrator: Here’s your host, David Redekop.
David Redekop: Welcome, everybody to episode number 25 of “The Defender’s Log.” Now, in the theater of modern digital warfare, the lines between code, corporate defense, and global policy have been completely blurred. And we aren’t just fighting adversaries and software, we’re navigating a massive web of international regulation, of compliance, and legal frameworks that dictate how the world fights back.
David Redekop: And to win this fight, you don’t just need world-class technical operators, but you need architects who write the rules of engagement. And our guest today is an elite strategist sitting precisely at that intersection. She’s the co-founder and CEO of Openpolicy, a pioneering platform democratizing access to policy intelligence.
David Redekop: And before that, she was the head of global cybersecurity policy at Intel, where she shaped security policy across the globe. And she’s a co-founder of Disclose.io, an initiative critical to protecting the good faith security researchers and ethical hackers who keep our infrastructure safe. Holding a doctorate in law from UC Berkeley and teaching the next generation of defenders at the UC Berkeley School of Information, she’s a world-renowned authority on anti-hacking laws, AI regulation, and cyber advocacy.
David Redekop: Defenders, welcome to the command, Dr. Amit Elazari. Good to have you.
The Role of Coalitions in Policy
Dr. Amit Elazari: Thank you. It’s wonderful to be here.
David Redekop: Wow. We’ve met, I think for the first time, I still remember, at Black Hat, or was it RSA? It was one of those conferences.
Dr. Amit Elazari: Black Hat.
David Redekop: Yes, Black Hat. You remember too? You meet a ton of people, and I remember from the very first time, you were immediately boxing every technology company into one of your boxes, and I figure that is a paradigm that you designed yourself. Is that—
Dr. Amit Elazari: I’ll say, obviously, AI has really shifted those paradigms, and we created new categories. But, one of the things we’re really proud about at Openpolicy is really working with the leaders in many of these categories like Wiz, like Armis, like Sierra, like Snowflake, and obviously really excited about our partnership with ADAM networks.
David Redekop: Yes, and it is a very congested space in some ways, and yet, in another way that we think about the whole space is that it leaves a lot of gaping holes, right? And it’s like there’s this rush to fill all of these vacant holes, but any one organization tends to only fill in some aspect of it, and it really requires the cooperation of everybody working together.
David Redekop: And that’s how I saw you immediately in a masterful way, bringing different companies and organizations together that had complementary strengths. How did you ever get to that place where you saw that was the role that you would be playing?
Policy vs. Innovation Speed
Dr. Amit Elazari: Yeah. Thank you for that. I think, it all starts with the world of policy, and I think, it is a very unique world.
Dr. Amit Elazari: I did my PhD in law. What we call a JSD, a third degree in law, UC Berkeley… way too many degrees in law. And, when you start working on trying to shape policy, you understand that it’s always about coalitions. So with Disclose.io, we were really bringing together coalitions of hackers, and one of the things I’m most proud about is my first actual conference ever in cybersecurity was BSides at DEF CON.
Dr. Amit Elazari: That was the first conference I spoke at, and then year after, I already was honored to participate in a panel in Black Hat. But, I started from working with the hacker community where we needed to build together a coalition in order to advance frameworks for collaborations between government and large organizations like Tesla, et cetera, with the friendly hacking community, with the security research community.
Dr. Amit Elazari: But this is the same for anything in policy. You really have to pull folks together. The reason is in order to create a change in policy and a meaningful change, the reality is that the government prefers to work with coalitions, with groups that work together. And one of the things that inspired me to do, to co-found Openpolicy was seeing how it’s being done in large companies.
Dr. Amit Elazari: And, the largest companies in the world when they wanna participate in policy, they have a lot of different groups, trade associations that they collaborate with in order to pursue their agenda to file comments. And we did it something similar for our companies in all sizes, and we also needed the platform to be empowering those organizations, some of them very big organizations, to monitor policy and understand what matters.
Dr. Amit Elazari: But some of them may be, you know, smaller organizations, still unicorns, still exciting companies with exciting technologies, but just not all of these organizations have large government affairs teams. So from there, came the vision to pull organizations together, and I think what brings all these organizations together, some of them are competitors, but they have to work collaboratively in order to really impact the policy landscape, which is impacting everyone in cybersecurity.
Dr. Amit Elazari: If you’re listening to us, if you’re a defender, you might be working in a large organization. Now, you’re impacted by policy. The reason why you have to address compliance and risk is obviously the attack surface, but it’s also bridging policy requirements. So policy is impacting everyone, and our goal is to pull together folks in order to best address it.
David Redekop: Something that we’ve all known in technology for some time is that the pace of innovation at policy happens at a different pace, and it’s a lagging signal to technology innovation, right? And, we saw this, for example, when music first went digital and the way the copyright law was written, and there was a lot of questions around whether any kind of digital form would even be acceptable, right?
David Redekop: And it wasn’t until the onset of MP3s that were circulating through peer-to-peer networks that finally the law said, “We gotta do something here.” Yeah, and so what I found super fascinating, all of us did, I think, at the time, figuring out a way that eventually it was actually the private sector that solved it.
David Redekop: It was Steve Jobs saying $0.99 a song solves the piracy problem, right? And do we have a 99-cent-a-song piracy problem solution today in the advent of AI that has a running-away innovation cycle that public policy needs to catch up on? Or what’s your take?
Dr. Amit Elazari: Yeah. Well, I think two comments on that. Backing up and looking at the common conception is that policy is behind technology.
Dr. Amit Elazari: I like to say it can be often the case, but also often the other way around, where the best signal to know what are the technologies required for the future are actually requirements that the buyers must address. And, one of the most prominent set of requirements is cybersecurity and compliance regulations.
Dr. Amit Elazari: So I often speak with venture capitalists or folks that wanna understand how the future of the market looks. Well, listen, the attack surface, especially now with AI, is shifting every day. However, what’s pretty clear is what’s gonna be required for all large organizations that are trying to enter the European market or for all public companies or large critical infrastructure providers in the US.
Dr. Amit Elazari: We have a picture of what is, what are the foundational based on requirements across those verticals. And we also know what is being proposed or being developed, things like the EU Cyber Resilience Act in Europe or things like the critical infrastructure cyber incident reporting federal law that is being implemented here in the United States.
Dr. Amit Elazari: So policy can actually be a great source of intelligence for future market requirements. And what we have actually seen is that policy-as-code disciplines, all these type of technologies that are embodying policy or streamlining compliance or allowing folks to look at policy not just in a static way, but rather as a one-time technology-enabled discipline. Those are really on the rise because we need to acknowledge that with the attackers using AI, with the attackers really marching ahead with compliance requirements being fragmented. The only way honestly to catch up is also with policy-as-code So I’m really excited about that.
David Redekop: We are too. We noticed that you have been very proficient at bringing high-caliber representatives of any administration together to say, “Here is the right audience in this room at this event. Why don’t you give us an update?” And, you’re good at probing.
Public-Private Partnerships
David Redekop: And one of the things that Francois on our team said I should ask you about is that the conversations that take place are usually about public and private needing to collaborate. And the question that we have is: what is the progress like with that being the consistent comment that we hear? Are we making progress in that collaboration, or is there still anything holding us back?
Dr. Amit Elazari: Yeah. It’s a great question, especially for cybersecurity, and I think, the kind of foundation for any type of technology-related policy development or policy development generally in democratic regimes is having that partnership. In cybersecurity, the reason why that partnership is so foundational is because threat research is critical, right?
Dr. Amit Elazari: It’s critical to make sure the government is prepared, the industry prepared. Something that is impactful for one organization can quickly become critical to many. And of course, with AI, the network effects and the stakes are even higher. The asymmetric advantage of the attacker in an AI enabled, kind of situation is profound.
Dr. Amit Elazari: And so, never before we’ve seen such an emphasis on the importance of not just public-private partnership at the highest level, but also at the most practical level, right? Having that trust in order to enable a secure environment and a trusted environment where industry is empowered to share information.
Dr. Amit Elazari: Now, I think that has been long recognized here in the US, but we are in a very critical year because we are looking to reauthorize one of the key pieces of regimes that is allowing the sharing of that information. It’s called CISA 2015. It’s a law that created some safe harbor liability protections for sharing of information, and it was renewed for a year, but now we are looking into a broader reauthorization.
Dr. Amit Elazari: And, we have consistently at Openpolicy, shared comments with Congress and provided letters of support for that initiative just by way of example. So I think it’s a critical year for cybersecurity collaboration. Obviously, a lot of great work with JCDC and CISA looking into facilitating relationships. A lot of great work with inter-country collaboration, which is also very important.
Dr. Amit Elazari: Our audiences, one of the things I recommend looking is honestly like a piece that was published, I feel, I think, by a phenomenal reporter called David from GovExec, where he shared an article with the National Cyber Director of Israel talking about how the collaboration was critical when it came to the war.
Dr. Amit Elazari: And so critical times for collaboration, both between nations, both between the private sector and the government. And I think with one of the biggest things you’re gonna hear this year if you’re coming to Black Hat, if you’re following the policy conversations, is a big push from industry to facilitate, to support the continued regime of CISA 2015, which is that liability protection for information sharing, because industry needs to feel empowered that if you’re sharing information with the government, that you’re gonna get back, and that’s gonna be a key conversation.
David Redekop: I’m really glad to hear that because one of the follow-up comments that I wanted to ask you is, are we aware of what the consequences if we don’t move at machine speed, considering that is what the adversaries are doing by leveraging agentic AI for themselves? If we don’t move at the same speed from a defender’s point of view, what are the consequences?
The Urgency of Cyber Incident Reporting
David Redekop: Because being aware of those consequences, I’m sure, from your perspective as from ours, allows everybody to move more quickly. And sometimes, the industry likes, not our industry, but those that need to enroll in a defensive posture, if they’re not aware of those consequences, then they might just delay.
David Redekop: Are there any particular consequences that you’d like to share that everyone should be aware of if we don’t move fast enough?
Dr. Amit Elazari: Yeah. I think for our audience, and this is something we are happy to help with, but, there is a wake-up call when it comes to cyber incident reporting.
Dr. Amit Elazari: The world was used to data breach notifications. That has been the prominent regime with many laws, especially sectorial, with GDPR and things along that line. However, we are facing this really critical moment of implementation of the most policies around the world for cyber incident reporting.
Dr. Amit Elazari: They got rolled out in different jurisdictions like India, and there are many examples. But, the two big ones coming in for Europe is NIS2, which is getting implemented. It’s a directive across all of Europe now, and obviously in the US when we’re working on the rule and implementation of the cyber incident reporting law, federal law here.
Dr. Amit Elazari: Originally, CISA defined about 300,000 entities potentially that could be impacted as critical infrastructure operators that will need to report cyber incidents. There’s a lot of nuance when it comes to those policies.
Dr. Amit Elazari: So first, a wake-up call to our audience. If you are a practitioner in an organization, it doesn’t have to be a large organization. If you’re a federal contractor, you might be obviously in the fold already with Department of War requirements, with this new law coming in.
Dr. Amit Elazari: And, A, policies are coming. B, I think, for the defenders at large, again, with that, we always talk about that asymmetric advantage that the attacker has. Now with AI, stakes are much higher. AI is also bringing data and bringing information and making it much easier for the attacker to laterally move within the organization.
Dr. Amit Elazari: And so folks should definitely look into what available solutions they have in order to defend themselves.
David Redekop: Right. Thank you for helping with the messaging around the urgency because there’s definitely a sense of urgency that we feel every day, especially when we see stuff like, here’s a whole bunch of check marks that everybody checked off, and yet the aim of a given policy is still not met.
David Redekop: So why are we still getting breached? Why are we still experiencing the amount of breaches that we are experiencing? And it seems to me that a higher level of urgency needs to be continue to be expressed. And so Steven on our team wanted to ask, what would people be surprised about if they knew how public policy is being crafted today?
How Public Policy is Crafted
Dr. Amit Elazari: Oh, wow. Great question. So a couple things. I think that there is a perception that you can’t be influential in all policy unless you are of a certain size, of a certain, I don’t know, you are connected or whatever the term. The reality is that the government wants feedback.
Dr. Amit Elazari: And there are many agencies or government bodies, and the best example is NIST, where, you know, even though NIST does not create laws like congress, NIST is a very important body to engage with because if you look at cybersecurity, I can say with confidence, that the NIST cybersecurity framework, the NIST AI framework, documents like NIST Special Publication 800-53 or 800-171, 172, these are very critical documents.
Dr. Amit Elazari: They shape the behavior of many organizations. And I think often there is this perception that it’s hard to engage and, obviously, it depends on what you’re trying to achieve. You may need a coalition. You may need to understand how to talk with those stakeholders and how to create comments that are actually beneficial or can translate into policy action.
Dr. Amit Elazari: I think that’s actually the harder thing to do, and we definitely can help there. But the general sense is that if you have deep technical expertise in a particular area, you might be an innovative company that is on the leading edge of working on these issues, then government wants to hear from you.
Dr. Amit Elazari: And so I think that’s one thing that folks are often surprised that they can actually interact. They can, if they put in the work that, there will be someone that will read the comment and would benefit deeply from the expertise. And it’s always extremely empowering to see when we do those conversations, when we produce those comments, how open is the government.
Dr. Amit Elazari: And it’s always fantastic to see how the private sectors and even the smaller, innovative companies that we work with are encouraged by the desire of government to hear from them. I think it’s very unique to, you can say it in many cases, but it’s extremely unique for emerging technologies and cybersecurity, quantum and AI.
Dr. Amit Elazari: And the reason is a lot of the cutting-edge innovation, if you look even at cybersecurity, it is done at the edge. It’s not just the large companies. Those are fantastic, and they have a great point of view. And they, by the way, invest in policy, and they carry the community with them because they put the time, they have the experts to educate government, so they have a very critical role.
Dr. Amit Elazari: But also those leading-edge innovators that might be the best in the world in PQC, in some form of, for example, AI SOC or whatever that is capability, they’re also well-positioned if they’re willing to put in the work to contribute to policy.
David Redekop: I agree, and we followed your advice on reaching out to CISA when we shared with you what we were uncovering with the UNDERMINR method, and our interaction with them and with them asking for additional information right down to the technical packet captures and so forth is what we shared.
David Redekop: And, they’ve been a really good group to work with. On the flip side, so that’s great for organizations that are on the leading edge that understand that they may have some strategic advantage of information that informs government for better future policies. How else is policy information useful to defenders even if they don’t have information to share with them?
Policy as Strategic Intelligence
Dr. Amit Elazari: Yeah. Well, that’s a great question because it’s not just about sharing cyber or findings or research. I think tapping into future policy, especially by the way, for large companies that operate in many jurisdictions that are on the radar for the regulators that are impacted by market access requirements. Tapping into policy earlier in the development life cycle, earlier in the budget cycle, earlier as you’re putting together your architecture and software stack and cybersecurity choices, posture choices in general, is critical because you can already learn months ahead of something being implemented or required what is gonna be the need, and you can make a better case internally for resource, and you can consolidate tools that can help you reach to that posture.
Dr. Amit Elazari: And this is also something that we see with our platform, is not only are we used with large companies like Armis or Sierra or others that wanna make sure they’re aware of policy because they wanna be informing policy, but also because they wanna understand the buyer requirements because obviously they’re selling to buyers that are impacted by policy and they wanna connect it to go to market.
Dr. Amit Elazari: We are also used by Fortune 500 organizations that are looking at us in order to do horizon planning and get ahead of policy, and the reason is, ultimately, we like to say that if you’re operating in a regulated industry, if you’re a public sector entity, it’s between 50% to 80% of your stack is highly impacted by risk that is originating from policy legal compliance.
Dr. Amit Elazari: Tapping into future policy as a source of information makes a lot of sense, not less sense, frankly, than tapping into feeds that you have around the attack surface because it’s highly impactful for your risk posture. And so I think that is, regardless of whether you are a strong partner to government in terms of information sharing, you should be aware of policy.
Dr. Amit Elazari: And ideally you wanna be looking at policies as they’re being produced, as they’re being proposed, because that’s a very strategic way to get ahead of the curve, to get ahead of the needs, and plan better.
David Redekop: And there is obviously a very strong tie-in to a cybersecurity posture, right?
David Redekop: It’s seems to me like an extremely direct relationship to how current you are with policy and implementation of it is a pretty good reflection to where your security posture is. In some cases, do you find that we can get ahead of policy, as it ties back to cybersecurity posture instead of it being a lagging indicator?
Policy Exposure Management
Dr. Amit Elazari: Absolutely. I think we are gonna see a lot of shifts in how organizations look at remediation. That’s a really critical space where with all these cyber incident reporting requirements getting implemented, with new requirements around remediation timeline and AI basically causing a situation where CVEs are accessible to all, chains are accessible to all, MYTHOS, right?
Dr. Amit Elazari: And so in that kind of reality, I think the notion of remediation is gonna be very much informed by policy risk. I think organization are gonna be looking into remediating a combination of not just what’s most impactful to the business, and what the attacks surface entails from a perspective of validating the pathway, but also taking into account a lot more of that policy risk, legal risk, and all of that is coming from an ever-changing policy landscape.
Dr. Amit Elazari: And I think it’s gonna be very meaningful, and this is why we’re working with our partners to really integrate the policy information into the cybersecurity posture to create, if you will, something that we call a policy exposure management view. So it’s not enough anymore to just look at kind of static compliance and the cyber exposure landscape.
Dr. Amit Elazari: You really have to be tapping into policies and priorities that are shifting, and you might make different cybersecurity choices that are ultimately defined by the concept of risk. And my point is that in the age of emerging fragmented requirements, in the age of AI, policy and legal, I believe, is gonna take a bigger chunk of that risk landscape than in the past, where I think we had some consideration of policy and legal, a lot of consideration of attack surface.
Dr. Amit Elazari: I think that’s gonna grow. Remember that the policymakers and the regulators are also better equipped to understand what’s going on, where are the violations in the age of AI, and they’re using more policy-as-code and enforcement tools that are AI-powered on their end, and that’s another piece of the puzzle.
Dr. Amit Elazari: And of course, that’s also true for your supply chain and big companies that are buying your products or vendors that you have that are also setting the stage on what’s gonna be required from an organization perspective.
David Redekop: Thank you for that. And speaking of pieces of the puzzle, where does preemptive security fit into the shaping of not just policies, but technology posture and future direction?
Preemptive Security
Dr. Amit Elazari: Yeah. Great question. So I do feel like the whole concept of governance and getting ahead of issues, having programs that allow you to get ahead of issues, having that posture in place is getting embraced more and more by regulators in soft policy. I think, especially, in the age of AI, the expectations from the defenders are gonna be evolving to also adopt AI.
Dr. Amit Elazari: They must. I mean, what is the best practice in the age of AI? We cannot be expecting organizations to continue static compliance or being in the fight with antiquated or non-innovative approaches. So I think a lot of this is still evolving because we had a body of policy that has been shaped before with FTC Section 5 decisions, with certain things that were created through both standards, regulations, but also just cases and decisions that were born in the age of pre-AI, and I think a lot of it is gonna get redefined.
Dr. Amit Elazari: And, I think we still have a lot of work. When I look at pen testing and requirements around pen testing, I think they should be evolved to support automated tools because this is the best practice in the market. We gotta be working collaboratively to adapt that. And I think this is what I’m excited about this community.
Dr. Amit Elazari: There is a call to action here, where if we allow just the technology and the attack landscape to continue to evolve, and we don’t invest in working with policymakers to adapt the policies, we shouldn’t be surprised if things are not getting updated. The government is trying to update and create new policies.
Dr. Amit Elazari: We’ve seen it with executive orders, including an executive order that was released last month from the Trump administrations. We’ve seen it with excellent work from CISA and from NIST. NIST really being on the cutting edge of policy developments of frameworks for agentic, agentic and creating their frameworks, but we need to show up on the other side with meaningful feedback, and this is what we are gonna be, we continue to focus on.
David Redekop: Thank you for advocating for people, for our industry going in that direction. We are definitely excited about the preemptive defense category that’s new on the scene with the likes of Gardner, Forrester, software reviews, and so forth, because there’s a few of us that have been focused in how do we preemptively predict the next attack method, not the exact tactic, technique, or procedure, but in this vein, in this direction, and since this is not being utilized for legitimate business purposes, why would we even facilitate that kind of a network transaction?
David Redekop: Why do we even allow that flow to operate when that’s not even part of the norm? So this whole approach of default deny all, we’re super excited about it, and the more you can help us with that becoming part of policy, the sooner we can protect the masses. I always look at the MITRE ATT&CK framework and repeatedly realize that from an actuarial perspective, just like in life and death decisions, we take a look at the beginning and we take a look at the end because those are the really important areas where you can make a difference.
David Redekop: And, so we wanna do the same thing with preemptive defense. thank you for all you do in that space. I don’t know how you ever sleep because you are just always active 24/7 it seems. Where, speaking personally, where do you get your energy from?
Entrepreneurship and the Impact of AI
Dr. Amit Elazari: I think as, first of all, I get it from our partners, from our customers, from partners like ADAM networks, from our ecosystem.
Dr. Amit Elazari: It’s just been phenomenal to build this company for the last few years. And for those who don’t know us, we are really the first policy intelligence platform bringing access to policy to companies of all sizes, but also audiences that are not necessarily experts in policy or lobbyists.
Dr. Amit Elazari: And we really allow any company to understand the connection between policy and their business. Part of it is working with very large companies and allowing them to understand where policy might be creating a risk or opportunity and translate it into a part of their organization. And part of it is working with companies that are actually in the cybersecurity space or a different space, and they are just selling into an audience that is highly impacted by policy.
Dr. Amit Elazari: So, obviously, cybersecurity is a domain where ultimately a lot of the decision-making to buy a product comes from policy, comes from compliance, and you have to understand your buyer requirements. You have to understand how policy is driving and if it’s driving a particular set of products, and this is exactly what we help you translate.
Dr. Amit Elazari: So I think that for me, my energy comes from just, honestly, doing this company with the team we have, with our partners, with our ecosystem, and really seeing the promise of AI being used to democratize access and power to this very niche profession of government affairs and policy.
Dr. Amit Elazari: Super critical profession, but also a profession that way too often been accessible to a very small part of the market. And so, honestly, it’s coming from there. I always joke, like I’m not sure I would do any startup or any company, but this was the company I was probably born to do and I love doing so.
Dr. Amit Elazari: And it’s also fun to do it in cyber. And, obviously, we work with companies in energy and AI and data in many spaces, but we were born for cyber and we are, as a community, we’re facing some real challenges and the ability to solve these challenges, the ability to address them, the ability to navigate them, we might not have all the answers, but what’s clear is that policy’s gonna be a key piece of it.
Dr. Amit Elazari: So we just have to hone in on supporting the bridges to allow us to do so.
David Redekop: And, I also noticed early days that, you had absolutely zero hesitation about adopting AI in every which way that it could be made useful, which I find is not only refreshing, but really a requirement because in the next number of years, I’m not a futurist, but it seems like you’re gonna have two kinds of companies.
David Redekop: You’re gonna have those that adopted AI in due time and wrangled it to their own advantage and their customers’ advantage, and those that said, “No, not yet,” and ended up falling behind. And so from that perspective, I think you’ve done a great job of even applying it to your own platform, where you’re, basically, expanding your team in an agentic form.
David Redekop: And, whoever uses that approach, I think has a better chance. So you’ve been a good example of that. So if anybody needs to have an endorsement or needs to hear one, I can certainly endorse your use of ingesting the masses amount of data that could potentially be conflicting and the de-conflicting and de-risking it and finding a way to address all of the gotchas in the AI world early on, because it is not an easy thing and it requires an iterative approach.
David Redekop: And that’s where your energy is needed. If you don’t have that energy and that nonstop dedication to make today better than yesterday, then you lose it. And people who lose the momentum are the ones that may not be around tomorrow. So I’m super excited to always see you being high energy and transferring that to those that engage with you.
David Redekop: Just know that it’s noticed. I don’t know if you have any advice or wisdom that you wish to share with, not only our clients and customers, but anybody else, we actually have a number of retirees, we have C-suite, we have high school students, we have university students that connect with me personally on this podcast.
Closing Wisdom and Advice
David Redekop: What is an overarching element of wisdom coming from Dr. Amit that you wish to impart?
Dr. Amit Elazari: Always wear sunscreen, and the answer is 42. No, I’m kidding. I had to tap into some kinda general wisdom there. I would say, if you’re not familiar with this wonderful world called policy, get familiarized with this.
Dr. Amit Elazari: No matter where you’re at in your life, whether you’re a startup and you’re selling a cybersecurity product, whether you are a student trying to understand what’s gonna happen next, it’s like this magical crystal ball. It’s gonna impact your life. And I think one of the things we’ve done is try to use AI to connect policy to people and organizations, from their perspective, from wherever they’re doing in their organizations, from sales teams, to product teams, to marketing, to government affairs professionals.
Dr. Amit Elazari: But I think understanding whatever you’re trying to achieve in life, whether you’re building a product, you’re building a new technology, whether you’re trying to defend your organization and get ahead of risk, tapping into policy is always a great move. How much you need to tap into policy, I think that could depend on what you’re doing.
Dr. Amit Elazari: But we like to say at Openpolicy that you should make policy your power move, and I really think that in places, in domains of technology like cybersecurity, like AI, it is a very impactful force. It’s shaping strategies, market requirements. It’s shaping risk.
Dr. Amit Elazari: It’s shaping decisions, and that would be my advice. And if folks are wondering where to start, they can always reach out to me, reach out to us. I’ll tell, also share that, probably it took me a long time to ultimately land on the concept of Openpolicy, and co-found a company and become a startup founder, and it was, like, later on in my life journey.
Dr. Amit Elazari: But I feel like if you’re listening and if you have a passion towards something and you think about creating innovation, creating a product, this has become way more accessible than before. This is at the reach of your palms. It’s something one can do, and I think, would like to inspire folks to think about it, to not say, “Oh,
Dr. Amit Elazari: I’m a lawyer, so I cannot do a company like a technology startup.” Your journey might be different, but you can, you should think about it. You should do it. And I think that’s an amazing power that AI has unleashed in terms of enabling innovation everywhere.
Dr. Amit Elazari: And, more than just thinking, “Hey, we gotta be using AI in order to stay relevant, to stay competitive, to get ahead of the workforce issue, to maintain our position in the market,” I would say use AI to really unleash your innovative or creative being, whatever that being is.
Dr. Amit Elazari: Whether you’re a creator, you can use, you asked me, David, 20 minutes ago about copyright. One of our most exciting customers is a responsible and copyright-oriented AI foundation models, and they allow anyone around the world to be able to create with AI in a way that is respecting the creator rights and also are positioning the economy in the same way, that the kind of streaming platform were able to do it years ago.
Dr. Amit Elazari: And I would say two pieces of advice to summarize. A, tap into policy as your power move, and B, don’t be afraid to use AI to not just get ahead of competition or stay relevant, but to unleash your own innovative and creative persona.
David Redekop: Love it. Love it. And that really rings true for me. And, I don’t know who to attribute this quote to.
Closing Thoughts
David Redekop: You would probably know, but “the best way to predict the future is to invent it.” And, you might say the best way to predict the future is to invent the policy or contribute to it. Yeah, that’s wonderful. Dr. Amit Elazari, thank you so much for spending the time with me today, and see you at, Black Hat RSA very soon.
Dr. Amit Elazari: Yes, looking forward to it. Thank you so much.
David Redekop: Take care. Bye-bye.
Narrator: The Defender’s Log requires more than a conversation. It takes action, research, and collective wisdom. If today’s episode resonated with you, we’d love to hear your insights. Join the conversation and help us shape the future together. We’ll be back with more stories, strategies, and real-world solutions that are making a difference for everyone.
Narrator: In the meantime, be sure to subscribe, rate, write a review, and share it with someone you think would benefit from it, too. Thanks for listening, and we’ll see you on the next episode.