BLACK HAT USA 2022 -- Las Vegas — At an intimate stage area in the Innovation City section located at the back of the Business Hall, Phylum beat out three other cybersecurity startups to take the title at the inaugural Innovation Spotlight competition, held on Wednesday evening at the 25th Black Hat USA.

The four finalists were Phylum, a software supply chain security company; KeyCaliber, a company that uses asset behavior analytics to help clients prioritize protective measures; Normalyze, which identifies sensitive data and vulnerable access paths ripe for exploitation; and Tromzo, with a product security operating platform (PSOP) for building applications more securely.

Dark Reading's editor-in-chief, Kelly Jackson Higgins, hosted the awards. Judges picked finalists back in July after viewing video submissions from candidates -- companies that were 2 years old or less and had fewer than 50 employees.

The Final Four

The finalists presented in alphabetical order, starting with KeyCaliber. Roselle Safran, cofounder and CEO, explained how her company's analytics engine helps continuously identify and protect an organization's most valuable data, aka "crown jewels" — indeed, the company's brand representatives were men dressed in royal robes and costume crowns. Safran said KeyCaliber's software can run on her company's network, on the customer's network, or on premises, a flexibility that meets prospective clients' need to balance resources and security.

KeyCaliber's two kings. (Photo by Karen Spiegelman for Dark Reading)

Next up was Normalyze cofounder and CEO Amer Deeba. His company is in a similar risk management space as KeyCaliber, but emphasizes "holistic data security" rather than crown jewels. The company offers "data-first cloud security" that scans for sensitive data on Google Cloud, AWS, and Microsoft Azure. His co-founder, CTO Ravi Ithal, was standing to the side recording his partner's presentation, in a perfect example of the supportive atmosphere of the event.

The specter of Log4j hung over the presentations, none more so than Phylum's. Cofounder and president Peter Morgan said his company focuses on the security of open source packages, using deductive analysis of risk indicators to create what he likened to a "credit score for packages." The company offers a community edition that has "feature parity" with the paid edition, limiting it to one user and five projects at a time. He said the automated analysis takes 12-15 minutes to complete. "We're walking really well, and the system is learning to run as we speak," Morgan said.

The last to present was Harshil Parikh, CEO and cofounder of Tromzo, a product security operating platform designed to make the entire software development pipeline more secure. In response to a question from the judges, Parikh explained that the company wrote its own no-code platform for automating security processes and remediation.

The Winners

First, all four finalists were winners in that they got booth space at Black Hat USA, as well as a receptive audience for their presentations and a consultation with an Omdia analyst. There were decision-makers in the audience Wednesday, with a few CEOs filling the seats and a standing-room crowd watching the competition.

Tromzo definitely had the flashiest presentation. Parikh opened by using a DVD as a prop to illustrate the outdated former cutting-edge technology. He closed by tossing the DVD over his shoulder, warning, "Don't get left behind." That jazz might be why Tromzo took first place in the audience poll.

Ultimately, however, the opinions that mattered most in the contest were those of the judges, and they favored the open source-emphasizing Phylum. The seven judges were Ketaki Borade, senior analyst in Omdia’s Infrastructure Security research practice; Trey Ford, deputy CISO at Vista Consulting Group; Hollie Hennessy, senior analyst in Omdia's IoT cybersecurity practice; Maria Markstedter, founder and CEO of Azeria Labs; Lucas Nelson, founding partner at Lytical Ventures; Robert J. Stratton III, principal & strategist at Polymathics and venture partner at Nextgen Venture Partners; and Rik Turner, principal analyst in Omdia's IT security and technology team.