Frequently Asked Questions

Event & Booth Information

Where can I find Cymulate at Black Hat USA 2025?

Cymulate will be exhibiting at Booth 1640 at Black Hat USA 2025, held at Mandalay Bay from August 2-7. Visit our booth to experience the new Cymulate Threat Resilience Platform, meet our experts, and participate in live sessions and competitions.

What activities are available at the Cymulate booth during Black Hat USA 2025?

At Booth 1640, you can demo the new Threat Resilience Platform, meet Cymulate's cybersecurity experts, attend live speaking sessions on AI, cloud security, exposure prioritization, red teaming, and detection engineering, and compete in the live "Capture the Flag" (CTF) challenge called MCPwned, which focuses on real AI attack paths and Model Context Protocol exploits.

How can I book a meeting with Cymulate at Black Hat USA 2025?

You can book a personalized meeting with Cymulate's team at Black Hat USA 2025 by visiting this link to schedule a time that works for you.

Who from Cymulate will be present at Black Hat USA 2025?

The Cymulate team at Black Hat USA 2025 includes leaders from Sales, Product, Research, Marketing, and Channel & Partners, such as Itzik Finkel (Deputy CEO), Brian Reed (Sr Director of Sales Engineering), Margo Kahnrose (CMO), Avihai Ben-Yossef (Co-Founder & CTO), and many more regional sales and customer success professionals.

What speaking sessions is Cymulate hosting at Black Hat USA 2025?

Cymulate is hosting multiple sessions, including topics like AI's role in offensive security, cloud security validation, exposure prioritization & CTEM, SentinelOne integration, LLM security validation, detection engineering, and automated red teaming. Speakers include Brian Moran, Nir Krumer, Roi Sharon, Sasha Gohman, Rotem Kama, Aris Bega, Jess Redd, Amanda Kegley, and Brian Reed.

What is the MCPwned CTF at Cymulate's booth?

MCPwned is Cymulate’s live Capture the Flag (CTF) competition at Booth 1640, where participants tackle real AI attack paths and exploit Model Context Protocol vulnerabilities, including those recently discovered by Cymulate Research Labs. Winners can earn prizes and demonstrate their offensive security skills.

How can I attend a Cymulate live speaking session at Black Hat USA 2025?

Simply visit Booth 1640 at the scheduled session times listed in the agenda on the event page. Topics and speakers are announced in advance, and all sessions are open to Black Hat attendees.

What is the focus of Cymulate's presentation on Zero Trust at Black Hat USA 2025?

The session "The Blind Spot in Zero Trust: Exposure Validation as the CISO’s Reality Check" discusses how automated exposure validation fills critical gaps in Zero Trust architectures by providing continuous, real-world evidence of control effectiveness, helping CISOs operationalize Zero Trust strategies.

How can I get more information about Cymulate's platform at the event?

You can request a personalized demo at the booth, attend live sessions, or access additional resources such as data sheets and whitepapers provided at the event. You can also schedule a follow-up meeting via the event page.

What resources are available for learning more about Cymulate's technology?

Attendees can access Cymulate's data sheets on the Exposure Management Platform, Exposure Validation, and Exposure Prioritization and Remediation, as well as whitepapers and solution briefs. These resources are available at the booth and online at the Resource Hub.

How do I contact Cymulate for follow-up after Black Hat USA 2025?

You can reach out via the Contact Us page on the Cymulate website or schedule a demo at this link.

What is Cymulate's Threat Resilience Platform?

The Cymulate Threat Resilience Platform is a unified solution for exposure management, threat validation, and security optimization. It enables organizations to test, validate, and improve their defenses against the threats that matter most, using automated attack simulations, exposure prioritization, and continuous validation.

What is the Cymulate Exposure Management Platform?

The Cymulate Exposure Management Platform provides continuous threat exposure management (CTEM) by automating attack simulations, validating security controls, and prioritizing exposures based on real-world exploitability and business context. Watch the Cymulate Exposure Management Platform video.

How does Cymulate support exposure validation?

Cymulate supports exposure validation through automated, real-world attack simulations that test and validate cyber defenses. The platform provides actionable insights, customizable reports, and user notifications to help organizations continuously improve their security posture. Watch Exposure Validation Made Easy video.

What integrations does Cymulate offer?

Cymulate integrates with a wide range of security technologies, including Akamai Guardicore (network security), AWS GuardDuty (cloud security), BlackBerry Cylance OPTICS, Carbon Black EDR, CrowdStrike Falcon, Cybereason (EDR and anti-malware), and Crowdstrike Falcon LogScale (SIEM). For a full list, visit the Partnerships and Integrations page.

What technical documentation is available for Cymulate?

Cymulate provides whitepapers, guides, solution briefs, data sheets, and e-books covering topics like exposure management, CTEM, threat detection, vulnerability management, and attack path discovery. Access these resources at the Resource Hub.

Features & Capabilities

What are the key features of Cymulate's platform?

Cymulate's platform offers continuous threat validation, unified exposure management, AI-powered optimization, complete kill chain coverage, attack path discovery, automated mitigation, cloud validation, and an intuitive user interface. Customers benefit from measurable outcomes like a 52% reduction in critical exposures and a 60% increase in team efficiency.

How does Cymulate help with exposure prioritization and remediation?

Cymulate prioritizes exposures based on exploitability, business context, and threat intelligence, enabling organizations to focus remediation efforts on the most critical vulnerabilities. The platform automates validation and provides actionable recommendations for remediation. See the Exposure Prioritization and Remediation data sheet for details.

Does Cymulate support cloud security validation?

Yes, Cymulate provides dedicated features for validating cloud security controls, including production-safe attack emulation for services like AWS GuardDuty, Microsoft Defender for Cloud, and Google Security Command Center. This helps organizations tune and optimize cloud-native controls before attacks occur.

How does Cymulate use AI in its platform?

Cymulate applies AI and machine learning to automate offensive testing, optimize exposure prioritization, and streamline detection engineering. AI-powered features include SIEM rule mapping, contextualization, and continuous validation to reduce alert fatigue and improve detection accuracy.

What is Cymulate's approach to detection engineering?

Cymulate's detection engineering uses automation, contextualization, and continuous validation to reduce alert fatigue, improve detection accuracy, and empower SOC teams to distinguish true threats from background noise. The platform supports building, tuning, and testing SIEM, EDR, and XDR rules.

How does Cymulate support automated red teaming?

Cymulate enables automated red teaming by providing production-safe attack simulations, a library of over 100,000 attack actions aligned to MITRE ATT&CK, and daily threat intelligence updates. This allows organizations to continuously test and improve their cyber resilience.

What customer feedback has Cymulate received about ease of use?

Customers consistently praise Cymulate for its intuitive, user-friendly dashboard and ease of implementation. Testimonials highlight the platform's simplicity, actionable insights, and excellent support, with users noting that deployment is fast and requires minimal resources.

How quickly can Cymulate be implemented?

Cymulate can be implemented rapidly, often in just a few clicks. Customers report that deployment is straightforward, with agentless mode and minimal infrastructure requirements, allowing organizations to start running simulations almost immediately.

What security and compliance certifications does Cymulate hold?

Cymulate is SOC2 Type II certified and complies with ISO 27001:2013, ISO 27701, ISO 27017, and CSA STAR Level 1. The platform is also GDPR-compliant and hosted in secure AWS data centers with strong encryption and high availability.

Use Cases & Benefits

Who can benefit from using Cymulate?

Cymulate is designed for CISOs, security leaders, SecOps teams, red teams, and vulnerability management teams across industries such as media, transportation, financial services, retail, and healthcare. Organizations of all sizes, from small businesses to large enterprises, can benefit from Cymulate's exposure management and validation capabilities.

What business impact can customers expect from Cymulate?

Customers typically see a 30% improvement in threat prevention, a 52% reduction in critical exposures, a 60% increase in operational efficiency, 40X faster threat validation, and an 81% reduction in cyber risk within four months. These outcomes are supported by customer case studies and industry reports.

What core problems does Cymulate solve?

Cymulate addresses overwhelming threat volumes, lack of visibility, unclear prioritization, operational inefficiencies, fragmented security tools, cloud complexity, and communication barriers for CISOs. The platform provides continuous threat validation, actionable insights, and unified exposure management to solve these challenges.

How does Cymulate address persona-specific pain points?

Cymulate tailors its solutions for CISOs (visibility, metrics, alignment), SecOps (efficiency, automation), Red Teams (scalability, adversarial simulation), and Vulnerability Management (prioritization, resource constraints). Each persona benefits from features and workflows designed for their unique challenges.

Can you share a customer story about Cymulate's impact?

In the sports media industry, a customer with 1,001-5,000 employees discovered that a partially deployed CrowdStrike policy left critical servers exposed. Using Cymulate endpoint assessments, they identified and remediated the issue in under 24 hours, preventing potential undetected attacks. See more customer stories.

What features of Cymulate's Exposure Management were highlighted by users?

Users from the Information Technology and Services sector highlighted Cymulate's user-friendly dashboard, extensive threat simulation, updated malware IOCs, customizable reports, and user notifications as standout features.

How does Cymulate help with Zero Trust implementation?

Cymulate provides automated exposure validation to continuously test the effectiveness of Zero Trust controls, offering real-world evidence and validation strategies that help CISOs operationalize Zero Trust and move from theoretical policies to proven threat resilience.

Competition & Comparison

How does Cymulate compare to AttackIQ?

Cymulate offers a larger threat scenario library, AI-powered capabilities, and greater innovation in exposure management compared to AttackIQ, which focuses on automated security validation but lacks Cymulate's breadth and ease of use. Read more.

How does Cymulate compare to Mandiant Security Validation?

Mandiant is one of the original BAS platforms but has seen less innovation in recent years. Cymulate continually innovates with AI, automation, and expanded exposure management, positioning itself as a grid leader. Read more.

How does Cymulate compare to Pentera?

Pentera focuses on attack path validation but lacks the depth of Cymulate in assessing and strengthening defenses. Cymulate optimizes defense, scales offensive testing, and increases exposure awareness. Read more.

How does Cymulate compare to Picus Security?

Picus Security may suit organizations seeking a BAS vendor with an on-premises option. Cymulate offers a more complete exposure validation platform, covering the full kill chain and cloud control validation. Read more.

How does Cymulate compare to SafeBreach?

Cymulate outpaces SafeBreach with unmatched innovation, the industry’s largest attack library, a full CTEM solution, and comprehensive exposure validation. Read more.

How does Cymulate compare to Scythe?

Scythe is suitable for advanced red teams building custom attack campaigns. Cymulate provides a more comprehensive exposure validation platform with actionable remediation and automated mitigation. Read more.

How does Cymulate compare to NetSPI?

NetSPI excels in penetration testing as a service (PTaaS), while Cymulate is designed for continuous, independent assessment and strengthening of defenses, recognized as a leader in exposure validation by Gartner and G2. Read more.

Pricing & Plans

What is Cymulate's pricing model?

Cymulate uses a subscription-based pricing model tailored to each organization's needs. Pricing depends on the chosen package, number of assets, and scenarios selected for simulation. For a custom quote, schedule a demo with Cymulate's team.

Does Cymulate offer a free trial?

Cymulate does not offer a free trial, but you can schedule a personalized demo to see the platform in action and understand how it can validate threats, improve detection, and strengthen your security posture.

How can I schedule a demo of the Cymulate platform?

You can schedule a demo and talk to an expert by filling out the form on the demo request page.

Support & Implementation

What support options does Cymulate provide?

Cymulate offers comprehensive support, including email and chat support, educational resources such as webinars, e-books, a knowledge base, and a dedicated customer success team to ensure a smooth onboarding and ongoing experience.

What is Cymulate's approach to product security and compliance?

Cymulate maintains a robust security program with SOC2 Type II, ISO 27001:2013, ISO 27701, ISO 27017, and CSA STAR Level 1 certifications. The platform is hosted in secure AWS data centers, uses strong encryption, and complies with GDPR. Employees receive ongoing security training and the company has a dedicated privacy and security team.

Company & Vision

What is Cymulate's mission and vision?

Cymulate's mission is to revolutionize cybersecurity by fostering a proactive approach to managing security threats. The company empowers organizations to manage their security posture effectively and improve resilience against threats through continuous validation and exposure management.

What is Cymulate's company background?

Founded in 2016, Cymulate has a global presence in 8 locations, serves customers in 50 countries, and is trusted by over 1,000 organizations. The company is recognized for continuous innovation and leadership in exposure management and security validation.

New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Research: The Security Tradeoffs Behind AI Tooling
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

2-7 AUGUST

Experience the NEW Cymulate Threat Resilience Platform. 

Black Hat
USA 2025

Booth
1640

Mandalay Bay

Book a Meeting

Why Visit Us?

Demo Our New Threat Resilience Platform

Wondering if your security stack works against threats that matter most? We can help you prove it. Try our NEW platform to understand and improve your overall threat resilience.

Schedule a personalized demo.

Meet the Experts

Come say “hi” and meet our team of cybersecurity experts. We’ll be ready to answer your questions, share prescriptive guidance and help you optimize your defences.

Book a meeting with us, now! 

Catch a Live Speaking Session

Come to our booth to learn about our latest technology offerings, expert insights from our product team, best practices and strategies that can work for your specific needs.  

Compete in Our Live "Capture the Flag"!

Join MCPwned — Cymulate’s live CTF at Booth 1640. Tackle real AI attack paths, win prizes, and prove your skills in the Model Context Protocol showdown!

BOOTH Presentations Agenda

Wednesday, August 6th

Topic: AI and threat Resilience
Title: Prove It Like a Pro: AI’s Role in Offensive Security & Exposure Management 
Speaker: Brian Moran, VP of Product Marketing  

Time: 10:30am

Abstract: Does your offensive testing need an assist? From scoping your first assessment to validating SIEM detections to building custom attack chains, learn how Cymulate applies AI to make exposure validation easy, so you can prove and optimize your threat resilience. 

Topic: Cloud Security Validation
Title: Cloud Security Validation Essentials   
Speaker: Nir Krumer, VP of Product   

Time: 11:30am

Abstract: Tune and optimize your cloud security controls before the next attack. Put your cloud-native security controls to the test to validate the effectiveness of GuardDuty, Defender for Cloud and Security Command Center. Learn how Cymulate uses production-safe attack emulation to prove detection and prevention – while providing the detection rules and mitigation for any security gaps. 

Topic: Exposure Prioritization & CTEM 
Title: Focus on the Exploitable:  Evidence-Based Exposure Prioritization 
Speaker: Roi Sharon, Director of Product Management 
Time: 12:30pm

Abstract: Apply proof and evidence of your threat resilience to prioritize the exposures that are actually exploitable. Stack-rank  thousands of CVEs and other exposures based on proof and evidence. Learn how Cymulate prioritizes your threat exposure with correlation: 

  • Proven threat prevention and/or threat detection 
  • Threat intelligence for known exploits, threat actors and active campaigns targeting your industry 
  • Business context and asset criticality 

Topic: SentinelOne   
Title: Continuous Security Optimization with SentinelOne and Cymulate 
Speakers: Brian Reed, Senior Director of Sales Engineering and Wesley Finch, SentinelOne Solutions Engineer 
Time: 1:30 PM

Abstract: You’ve invested in the market-leading endpoint security. Now, take the next step to continuously validate and optimize security. Take a proactive approach with real outcomes of reduced threat exposure to rapidly apply threat updates and optimize detection logic with this joint solution from SentinelOne and Cymulate.

Topic: MCP exploits and abuse
Title: LLM Security Validation & MCPWN’d CTF
Speakers: Sasha Gohman, VP of Research and Rotem Kama, Deputy VP Research 
Time: 2:30pm

Abstract: As large language models become integrated into core workflows, new assumptions about context, memory and model behavior introduce unseen risks. In this session, the Cymulate Research Labs will unveil two critical vulnerabilities in Anthropic’s Filesystem MCP Server (CVE-2025-53109 & CVE-2025-53110) that enable privilege escalation and prompt-state hijacking. They’ll walk through the technical details, explore the broader implications for AI security validation and demonstrate how these weaknesses challenge current trust models in LLM deployments. To bring these concepts to life, the team has built a live Capture the Flag competition where participants exploit the same vulnerabilities. Join us to rethink what it means to secure AI systems, starting with the protocols they rely on. 

Topic: Detection Engineering 
Title: Detection Engineering: Build, Test & Deploy with Automation and AI 
Speaker: Aris Bega, Security Architect 
Time: 3:30pm

Abstract: Security teams today are drowning in alerts, struggling to distinguish true threats from background noise. Explore how Cymulate detection engineering uses automation, contextualization and continuous validation to reduce alert fatigue, improve detection accuracy and empower SOC teams to stay ahead of adversaries, confidently.

Topic: Red Teaming 
Title: Steel Sharpens Steel: Optimize Your Cyber Resilience with Automated Red Teaming  
Speaker: Jess Redd, Security Architect
Time: 4:30pm

Abstract: Cyber resilience requires more than building strong defenses. We must test those defenses to continuously improve cyber security. Learn how to automate your next red teaming exercise with intelligence of adversarial exposure validation. 

Thursday, August 7th

Topic: Findings from Cymulate research report 
Title: The True State of Exposure Management … according to 1,000 CISOs 
Speaker: Brian Reed, Senior Director of Sale Engineering 
Time: 10:30am

Abstract: How do you spell proactive security? Many spell it CTEM for continuous threat exposure management. Learn what 1,000 CISOs had to say about exposure management and how they apply continuous validation to build threat resilience. 

Topic: Exposure Prioritization & CTEM 
Title: Focus on the Exploitable:  Evidence-Based Exposure Prioritization 
Speaker: Roi Sharon, Director of Product Management 
Time: 11:30am

Abstract: Apply proof and evidence of your threat resilience to prioritize the exposures that are actually exploitable. Stack-rank  thousands of CVEs and other exposures based on proof and evidence. Learn how Cymulate prioritizes your threat exposure with correlation: 

  • Proven threat prevention and/or threat detection 
  • Threat intelligence for known exploits, threat actors and active campaigns targeting your industry 
  • Business context and asset criticality 

Topic: Exposure Validation for Zero Trust    
Title: The Blind Spot in Zero Trust: Exposure Validation as the CISO’s Reality Check 
Speakers: Amanda Kegley, Product Marketing Manager 
Time: 12:30pm

Abstract: Zero Trust has become the gold standard for modern cybersecurity architecture, but implementation alone doesn't guarantee security. Most organizations rely on static controls and theoretical policies without validating whether they truly prevent breach impact, lateral movement, or privilege escalation. This session reveals how the Cymulate Threat Resilience Platform fills this critical gap with automated exposure validation, providing CISOs with continuous, real-world evidence of control effectiveness. Discover how to operationalize your zero trust technologies and policies with threat-informed validation strategies that turn Zero Trust from concept to threat resilience. 

Topic: Red Teaming 
Title: Steel Sharpens Steel: Optimize Your Cyber Resilience with Automated Red Teaming  
Speaker: Jess Redd, Security Architect
Time: 1:30pm

Abstract: Cyber resilience requires more than building strong defenses. We must test those defenses to continuously improve cyber security. Learn how to automate your next red teaming exercise with intelligence of adversarial exposure validation. 

Topic: Detection Engineering 
Title: Detection Engineering: Build, Test & Deploy with Automation and AI 
Speaker: Aris Bega, Security Architect 
Time: 2:30pm

Abstract: Security teams today are drowning in alerts, struggling to distinguish true threats from background noise. Explore how Cymulate detection engineering uses automation, contextualization and continuous validation to reduce alert fatigue, improve detection accuracy and empower SOC teams to stay ahead of adversaries, confidently.

MEET THE TEAM AT BLACK HAT

And many more of our regional sales leaders and customer success teams

image
Itzik Finkel
Deputy CEO 
image
Brian Reed
Sr Director of Sales Engineering
image
Michael Goldberg
VP of Sales, North America 
image
Daniel Gomes
Director of Sales LATAM
image
Colin Keating
Account Executive
image
Joanna Hufhand
Senior Account Executive
image
Rafael Gonçalves
Account Executive, Brazil & SOLA
image
Jessica Redd
Lead Sales Engineer
image
Whitney Coleman
Account Executive
image
Mariana Jaymes
Renewal Manager
image
Aris Bega
Sales Engineer
image
Andrew Early
Customer Success Manager
image
Ryan Gille
Account Executive
image
Kevin Claussen
Account Executive
image
Margo Kahnrose
CMO
image
Brian Moran
VP Product Marketing
image
Ana Rodriguez
Sr Director of Demand Generation
image
Hayley Brook
VP of Global Sales Development
image
Chelsea Holland
Global ABM Manager
image
Amanda Kegley
Product Marketing Manager
image
Avihai Ben-Yossef
Co-Founder & CTO
image
Sasha Gohman
VP Research
image
Nir Krumer
VP Product
image
Rotem Kama
Deputy VP Research
image
Roi Sharon
Director of Product Management
image
Miri Adjiashvili Shedma
Security Research Team Lead
image
Meir Abergel
VP Biz Dev and Alliances
image
Rudi Ehrlich
Regional VP of Channels & Cloud Alliances
image
Gary Benveniste
Channel Account Manager
image
Eric Verhave
Channel Account Manager

ADDITIONAL RESOURCES

View More Resources
Cymulate Exposure Management Platform 
Data Sheet

Cymulate Exposure Management Platform 

Add automated remediation to the Cymulate platform to push control updates.

Read More
image
Data Sheet

Cymulate Exposure Validation

Learn more about automated attack simulation to test and validate your cyber defenses.

Read More
image
Data Sheet

Exposure Prioritization and Remediation 

Without validation, exposure management is just vulnerability management by another name.

Read More

BOOK A MEETING WITH US

New threats emerge every day, each capable of breaching your defenses in a unique and sophisticated way. Are you confident that your business can withstand an attack – or recover from one? Cymulate can help.


Book a meeting with us to understand and improve your overall threat resilience. We can help you streamline key areas of your security operations so you’re ready to withstand an attack, and have a plan in place to recover, fast. Schedule your personalized meeting today to learn how to improve your threat resilience – and your business resilience.

Book a Meeting