Balancing Growth and Scalability Alongside Identity Security Solutions Focusing on Non-Human Identity Management (NHIM)

TechNadu interacted with Danny Brickman, Co-Founder and CEO of Oasis Security to learn all about Non-Human Identity Management (NHIM), threat posed, security mechanisms and automation to remediate and standardize security policies across assets.

Brickman answered questions pertaining to identity security and compliance, and generating an inventory of NHIs across the cloud, on-premises, and SaaS.

As organizations aim to scale their use of cloud services, the risk of unmanaged NHIs increases, creating unique security needs. This requires specific solutions covering everything from service accounts to IAM roles.

Read the complete interview to learn about Brickman’s experience with building and breaking systems as a holistic learning approach to security, leveraging AI/ML to map identity usage and human owners for better lifecycle management operations and more.

Vishwa: Please tell us about yourself, and your journey to founding Oasis.

Danny: I’m Danny Brickman, CEO of Oasis Security. From a young age, I’ve had a deep fascination for technology, ethical hacking, and understanding how systems could be both built and broken. That passion led me to serve in the cyber operations unit of the Israeli Defense Force (IDF), where I spent 11 years honing my expertise in advanced cyber operations. Over time, I became increasingly focused on one critical challenge: securing the gaps that cybercriminals continuously exploit.

In 2022, I co-founded Oasis Security with Amit Zimerman to tackle a growing but often overlooked cybersecurity risk: unmanaged Non-Human Identities (NHIs). As organizations scale their use of cloud services, IoT, and automation, NHIs have exploded in number. Yet traditional identity security solutions, designed for human users, fail to address them. We saw a significant gap and an opportunity to redefine how enterprises approach identity security.

Since launching Oasis, we have raised $75 million in funding, built a strong customer base that includes Fortune 500 companies, and pioneered the first enterprise platform purpose-built to secure the entire lifecycle of NHIs from discovery to governance and compliance. It has been an incredible journey, bringing together my experience in cyber operations with a mission to solve one of today’s most pressing security challenges.

Vishwa: Being a Co-Founder and CEO, what specific challenges did you face while starting and promoting Oasis? How did you handle them? Do certain personal and emotional strengths help in dealing with problems in the hyper-focused cybersecurity industry? 

Danny: Starting and growing Oasis Security has been an incredible journey, but like any startup, it came with its fair share of challenges. When Amit and I set out to build Oasis, we weren’t just launching another cybersecurity company. We were tackling a massive but often overlooked problem: securing Non-Human Identities, which now outnumber human identities by 20 to 1 in enterprise environments.

Convincing people of the urgency of this issue was one of the biggest hurdles. Many organizations didn’t even realize they had a blind spot, so the first challenge was education. To overcome that, we went straight to the source. We had countless conversations with CISOs, security teams, and industry leaders to validate the problem and fine-tune our approach.

It wasn’t just about pitching an idea. It was about listening, understanding their pain points, and making sure we were solving real-world security challenges, not just theoretical ones. That level of engagement was crucial in building credibility and shaping a solution that would actually work in practice. 

Another major challenge was bridging the gap between security and engineering teams. Traditional identity management tools were never built for NHIs, and they often force security teams to impose rigid controls that developers find frustrating. We knew from the start that if our solution slowed developers down, it wouldn’t get adopted. So we designed Oasis to be infrastructure agnostic, easy to integrate, and frictionless to use. That balance between security and usability is something we focused on relentlessly.

On a personal level, resilience and adaptability have been key. Cybersecurity is a fast-moving industry where threats evolve daily, and you have to be ready to pivot and refine your approach constantly. At the same time, being hyper-focused on our mission of securing NHIs without disrupting innovation has kept us grounded. Founding a company is never easy, but when you’re solving a problem that truly matters, the challenges become part of the excitement.

Vishwa: How does having a Co-founder or a partner help in shouldering responsibilities of a startup?

Danny: Having a co-founder is one of the most valuable assets you can have when building a startup. Amit and I complement each other’s strengths, allowing us to tackle challenges faster and make better decisions. The sheer volume of daily choices can be overwhelming, and having a trusted partner to share that responsibility is invaluable.

Beyond dividing tasks, a co-founder serves as a critical sounding board. Tough calls need to be challenged and refined, not made in isolation. Amit and I push each other to think strategically, pressure-test ideas, and avoid reactive decision-making.

Startups are intense. The highs are exhilarating, but the lows can be trying. However, having someone equally invested in the vision keeps me focused and resilient. When setbacks happen, you regroup, adjust, and push forward together.

Vishwa: Could you share some of the key milestones that Oasis has reached since its inception in 2022? What are the future goals for the company? 

Danny: Since founding Oasis Security in 2022, we’ve reached several key milestones that demonstrate our leadership in the NHI management space. To date, we’ve raised a total of $75 million in funding, which reflects both strong investor confidence and the growing demand for NHI solutions across industries. 

Our platform’s adoption by several Fortune 500 companies further validates our position at the forefront of this critical market. Additionally, we were honored to be included in the Fortune Cyber60 list.

On the product front, we’ve introduced several innovative technologies that are reshaping the NHI landscape. Our NHI Discovery Engine automatically generates a comprehensive inventory of NHIs across the cloud, on-premises, and SaaS, covering everything from service accounts to IAM roles. The patent-pending Context Reconstruction Engine (CRE) leverages AI/ML to map identity usage, consumers, resources, and entitlements, enhancing risk posture and policy compliance analysis. Additionally, our Ownership Discovery Engine applies machine learning to identify NHI human owners, ensuring clear accountability in lifecycle management operations.

To further strengthen security and automation, our Policy-Driven BYOI Orchestration Engine automates remediation and standardizes security policies across assets, reducing third-party risks. Our ILM Workflows for Secure NHI Management streamline critical processes such as safe rotation, offboarding, and recertification.

Most recently, Oasis expanded its security capabilities by introducing the industry's first threat and anomaly detection system for NHIs. Powered by AuthPrint™ technology, this unique intelligent profiling capability leverages our extensive threat intelligence to accurately match anomalies with known threat actor fingerprints, setting a new standard in proactive security.

Vishwa: Please outline some of the threats posed by Non-Human Identities (NHIs). How is Oasis positioned to help enterprises tackle these threats?

Danny: Identity is the new perimeter, and Non-Human Identities (NHIs) are its biggest vulnerability. These identities (Service Accounts, Service Principals, IAM Roles, Secrets, Tokens, Keys, etc.) outnumber human identities by up to 50 times, yet they remain largely unmanaged, creating a massive attack surface.

The real challenge isn’t just visibility; it’s the uncertainty around which identities exist, who’s using them, and whether they have the right permissions. Legacy security tools weren’t built to handle the scale and complexity of NHIs, leaving enterprises exposed to risks like overprivileged access, and outdated credentials.

Oasis was purpose-built to solve this problem. Oasis NHI Security Cloud is the first enterprise platform specifically designed to tackle the unique challenges of managing NHIs across hybrid cloud environments. The platform solves three critical issues: visibility, security, and governance of NHIs, offering a comprehensive solution to a critical and unresolved issue.

What makes Oasis unique is its use of advanced AI-based analytics engines for visibility and security use cases, combined with an integrated policy-based orchestration engine for remediation and governance ones. This approach moves organizations beyond reactive security, allowing them to proactively manage NHIs, reduce risk, and lighten the operational load.

With a fully automated and integrated approach to NHI management, Oasis is redefining how enterprises secure their non-human identities, filling the critical gaps left by traditional security tools.

By seamlessly integrating into existing workflows, Oasis creates collaboration between security, identity, and engineering teams, breaking down silos and driving efficiency. Our platform not only enhances security and compliance but also simplifies operations, empowering teams to stay ahead of threats without adding complexity.

Vishwa: What are your observations about the intersection of identity security and compliance, particularly how organizations can prepare for upcoming regulations?

Danny: PCI DSS (Payment Card Industry Data Security Standard) is a critical set of security requirements designed to protect cardholder data and ensure that organizations handling payment information maintain robust security measures. PCI DSS mandates strict controls to protect sensitive data from breaches, focusing on secure authentication, access controls, and continuous monitoring.

The intersection of identity security and compliance has never been more urgent, especially with PCI DSS 4.0.1 coming into effect on March 31, 2025. The new requirements emphasize the need for NHIs to be strictly managed. Cybercriminals know that mismanaged NHIs are prime targets. We’ve seen high-profile breaches involving companies like Dropbox and Okta, where exposed service accounts were exploited.

Organizations can get ahead of these regulations mapping their NHIs, assigning ownership, and integrating solutions that help manage permissions and rotate credentials. Taking these steps will not only ensure compliance but also enhance overall security posture by reducing the attack surface associated with under-managed system accounts

Vishwa: Based on the current threat landscape which is rapidly evolving with Artificial Intelligence, what are the areas that need more focus to stay one step ahead of threat actors? Is it funding, aggressive defense strategies, enhanced workforce, better technology or something?

Danny: Organizations need to adopt a more integrated and forward-thinking approach. Traditional security solutions, like PAM and IAM, are no longer sufficient. The scale and complexity of NHIs require a more dynamic approach. Identities have become the primary access points for machines and applications and their protection must be a foundational part of any security strategy.

The shift must focus on robust governance frameworks that prioritize lifecycle management and visibility into NHI usage. This ensures that access controls are continuously updated and that vulnerabilities are quickly identified and addressed. Attackers are increasingly targeting NHIs, as seen in high-profile breaches involving companies like Dropbox, Okta, and Microsoft. With AI technologies driving further growth in NHIs, organizations cannot afford to ignore the risks posed by improper governance.

Additionally, it is not just about funding or tools. Skilled talent is critical. As AI and machine-to-machine communication expand, the need for experts in identity management and security automation grows. Organizations must equip their workforce to understand AI and NHI security, not just to respond to threats but to anticipate and prevent them. Focusing on combining advanced technology, agile defense strategies, and skilled teams will be best positioned to navigate the industry’s current complexities.