Amer Deeba, CEO and co-founder of Normalyze chats about the important role of a data-centric security approach, and key learnings from bringing Normalyze to the cybersecurity market:
—————-
What inspired you to co-found Normalyze, and what key learnings have shaped your journey?
My co-founder, Ravi Ithal, and I, both seasoned entrepreneurs with extensive experience in cybersecurity, recognized a significant gap in traditional data security approaches, particularly in hybrid and multi-cloud environments. Our conversations with security leaders highlighted the urgent need for a data-centric security strategy.
Also Read: CIO Influence Interview with Bryan Litchford, Vice President of Private Cloud at Rackspace Technology
Despite the heavy investments in traditional security methods that focus on networks and infrastructure, data breaches remain prevalent because these methods often overlook the data itself. Motivated by this insight, we saw data security as the critical frontier to address next.
In 2021, we built the Normalyze Data Security Posture Management platform – working with Gartner to find the right terminology that captured the category correctly.
Our mission: provide real-time context around an organization’s data security posture by discovering, classifying and managing access to their most valuable and sensitive data.
Key learnings along the way? Simplicity, scale and automation are paramount. Security teams are stretched thin, so providing a solution that delivers immediate value with minimal configuration is crucial.
Additionally, understanding that every business has unique data flows and security needs has shaped how we built Normalyze to be adaptable yet powerful. Finally, anticipating what the market needs next…we are leading the way when it comes to DSPM for AI – and that’s partly because our platform was designed to suit many use cases.
Normalyze offers real-time visibility into security posture. Can you share some innovative features of the platform that enable companies to not only detect risks in real-time but also act on them efficiently to prevent potential threats?
One of the standout features of Normalyze is our agentless, in-place scanning that discovers sensitive data across all cloud environments without disrupting operations. This is coupled with our Data Risk Navigatorâ„¢, which maps risk across data stores and automatically prioritizes remediation steps.
We also introduced AI-driven remediation workflows that simplify decision-making for security teams. When we identify a risk, the platform recommends actionable steps, whether that’s adjusting permissions or flagging anomalies in data behavior.
Another feature we’re particularly proud of is our anomaly detection engine, which helps teams stay ahead of potential breaches by spotting suspicious access patterns in real-time.
Talk about the key lessons you have learned in bringing Normalyze to market, especially in scaling within the crowded cybersecurity space.
Launching in the cybersecurity space means you’re competing with a lot of noise. In fact, there are currently over 30 vendors claiming to have some element of DSPM snapped onto their existing security tools.
One of the key lessons we’ve learned is that focusing on clear, measurable outcomes—like time to value and ease of deployment—sets us apart. Customers don’t just want another dashboard; they want insights that lead to action. They also don’t want small bits of DSPM capabilities in a dozen different tools – it goes against the very point of the solution.
Scaling Normalyze has taught us that listening to the customer is everything. We’ve built in early access programs that allow our customers to test and provide feedback on new features, ensuring we’re continuously evolving to meet their needs.
Additionally, positioning ourselves not just as a security solution, but as a business enabler, has been key in gaining trust within the market. We are 100% channel-driven and being able to tie our value to making other data security products work more effectively helps our partners too.
Also Read:Â CIO Influence Interview with Mark Whitehead, CEO and co-founder, NDay Security
In today’s hybrid cloud environments, data is constantly moving across applications and infrastructure. What role does a data-centric security approach play in safeguarding critical assets.
In hybrid cloud environments, data no longer sits in one place; it’s dynamic and distributed across multiple platforms. This creates numerous blind spots if you’re only focused on securing the perimeter. A data-centric approach ensures that security travels with the data, no matter where it is created, how it moves or where it lives.
Data discovery and classification are foundational in this approach. By understanding where your sensitive data is located and who has access to it, you’re better equipped to manage risks.
Normalyze helps by giving real-time visibility into these data flows and enabling proactive, automated remediation when necessary. It’s about shifting the focus from infrastructure to the data itself, making sure it’s protected from end to end.
Can you share five thoughts on the future of cloud data security?
I took a broader approach to these thoughts because, honestly, it’s not just about protecting data in the cloud.
AI Projects Will Demand More Granular Data Security Posture Context/Awareness: As AI-driven projects, especially large language models (LLMs), become more prevalent, determining which data they can access and use for outputs based on individual access rights will become critical. Successful AI initiatives will need to implement security measures that ensure LLMs only have access to data they are authorized to use, respecting both privacy and compliance requirements. This will involve training AI models to understand data classification and user permissions at a granular level, ensuring that sensitive data isn’t inadvertently exposed in AI outputs. The ability to embed data governance directly into AI workflows will be foundational to harnessing the full potential of AI while maintaining security and compliance.
 Convergence of Data and Security Teams: As the roles of Chief Data Officers (CDOs) and Chief Information Security Officers (CISOs) converge, we’ll see more streamlined processes and roles for managing data and its security—resulting in fewer gaps for attackers to exploit.
Zero Trust Becomes Standard: As cloud data continues to grow, we’ll see Zero Trust frameworks adopted widely, where no entity is trusted by default, and every access request is verified before being granted.
Automated, AI-Driven Security: With the increasing complexity of cloud environments, manual security management won’t scale. Automation and AI will take center stage, making real-time risk detection and remediation the norm.
Data Privacy Regulations Will Intensify: With the rise of AI and cloud computing, expect to see more stringent data privacy regulations. This will force companies to invest heavily in solutions that ensure compliance across multiple jurisdictions.
[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]
Amer Deeba is the CEO and cofounder of Normalyze. A senior executive with over two decades of experience in Silicon Valley, tech, and startups, Deeba’s areas of expertise include product, marketing, and driving company growth in fast-moving industries. Originally from Marjeyoun, Lebanon, Deeba earned a B.S. degree in Electrical Engineering from American University Beirut before moving to the United States to pursue a Master’s degree in Computer Science at Santa Clara University.
Originally looking to pursue a Ph.D. in Computer Science, Amer Deeba pivoted when he was offered a role as a software engineer at Verity. Following his time at Verity, he joined Adobe Systems, where he played a vital role in developing the Acrobat Reader. During his time at Adobe Systems, Deeba assumed multiple technical and management roles, and it was here that he shifted his focus to the business side of IT. Following his time there, Deeba served as a GM for Payment Services at VeriSign before moving on to Qualys, where he worked for 17 years. At Qualys, he held various positions, including Chief Marketing Officer and Vice President of Corporate Development and Strategic Alliances, and Chief Commercial Officer. At Qualys, Deeba played a key role in taking the company public. In 2018, Amer Deeba left Qualys to serve as the COO at Moogsoft, where he was responsible for all go-to-market functions, including global sales, marketing, customer success, and strategic alliances. During his time there, Deeba led the company to adopt a SaaS platform and positioned Moogsoft as a leader in the AIOps space.
Today, Amer Deeba is one of the most sought-after executives in Silicon Valley, celebrated for his unique problem-solving skills and creativity. In addition to his role at Normalyze, Deeba is an advisor for both CyCognito and Monad, Inc. He is also the Middle East Liaison and a board member for the Eduarte Courtot Foundation, an organization founded by Deeba’s mentor Phillippe Courtot and his partner Freya Eduarte that aims to provide impoverished children with access to competitive education.
Normalyze is the pioneer in Data Security Posture Management (DSPM), enabling organizations to effectively secure data at scale across SaaS, PaaS, public or multi-cloud, on-prem and hybrid environments. Normalyze fills the security gaps created by complex data landscapes, data lakes, shadow data and Generative AI by accurately and quickly discovering, classifying and visualizing the total data attack surface. With Normalyze, data and security teams can quantify risks and prioritize remediation plans to prevent data breaches, enforce least privilege access to sensitive data, optimize data storage and leverage AI for business.
Founded by industry veterans Ravi Ithal and Amer Deeba, and backed by Lightspeed Venture Partners and Battery Ventures, Normalyze holds 14 patents in data security and is used by global organizations including Albertsons, Snowflake, Informatica and many others.