The finalists for WashingtonExec’s 2024 Pinnacle Awards were announced Sept. 20, and we’ll be highlighting some of them until the event takes place live, in-person Nov. 21.
Next is Sumedh Thakar, president and CEO of Qualys, and finalist in the Cybersecurity Executive of the Year, Public Company, category. Here, he talks about recent achievements, shares career advice and more.
What key achievements did you have in 2024?
2024 marks Qualys’ 25th anniversary and we’re incredibly proud of how the company has continually evolved and innovated over the years. We just launched the Risk Operations Center (ROC), redefining cyber risk operations for organizations by unifying diverse security solutions for prioritization and actionable remediation. This isn’t just a new cybersecurity tooling; the ROC is a transformative way of thinking about risk to your business.
This year, as agencies have increasingly integrated artificial intelligence (AI) and large language models (LLMs) into their operations, it became apparent to us that we needed to secure this burgeoning new technology. As such, my team set out to create a solution for securing generative AI and LLM applications, which we call TotalAI. This new solution specifically addresses the Open Worldwide Application Security Project (OWASP) top 10 most critical risks for LLM applications. We are proud to have created a solution that allows agencies to securely leverage the benefits of AI while upholding stringent security standards and complying with mandates such as EO 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence.
In 2024, we’ve continued our work of helping companies and agency leaders measure, communicate, and eliminate their overall cyber risk. In the past 12 months, we have effectively deployed over 55 million patches, significantly reducing attackers’ access to critical digital assets. We’ve provided our customers with aggregated risk factors from 73,000 vulnerability signatures and over 25 sources of threat intel, achieving an 85%+ reduction in critical vulnerabilities.
What are your primary focus areas going forward, and why are those so important to the mission?
Our mission at Qualys is to make the world’s digital journey safer. As such, our focus is on continuing to find innovative ways to help companies and agencies comprehensively eliminate their cyber risk. A typical government agency may use 50 or more disparate tools to manage their cyber risk, each providing fragmented and often conflicting views of risk. This greatly hinders effective prioritization, reporting, and remediation of security threats. That is why Qualys created the ROC with Enterprise TruRisk Management, to provide our customers with one holistic view of their cyber risk, to enable them to better measure, communicate, and eliminate that risk. Securing our agencies and critical infrastructure means we’re helping to keep America safer from external threats.
While metrics like Common Vulnerability Scoring System scores are foundational for assessing the severity of risks, they do not tell the whole story. Moving beyond CVSS scores to integrate business criticality, personalization, and risk-based prioritization empowers customers to address the risks that matter most first.
What is your best career advice for those who want to follow in your footsteps?
My biggest piece of advice is not to let your current circumstances make you feel like you’re incapable of achieving your goals. In 1999, I came to the United States as an immigrant with only $100 in my pocket. I never would have imagined at that time that I would one day become the CEO of a $4B public company. With passion and tenacity, you can achieve anything.
Fun Fact: What is something about you that most people do not know?
I love experimenting with new technology and I’m also a photography enthusiast.