SafetyDetectives recently interviewed Ken Zalevsky, CEO and MedTech cybersecurity expert at Vigilant Ops. With a career dedicated to addressing the complex challenges of medical device cybersecurity, Ken has been at the forefront of innovation, driving advancements in software supply chain security through automation and proactive threat management.
In this Q&A, he shares insights into his journey, the importance of Software Bills of Materials (SBOMs), and the growing risks in today’s cybersecurity landscape. Dive in to discover how Vigilant Ops is setting new standards for securing software ecosystems in heavily regulated industries.
Can you talk about your journey that led to you becoming the CEO at Vigilant Ops?
My journey to becoming the CEO of Vigilant Ops has been shaped by a lifelong passion for cybersecurity and a commitment to building solutions that not only address critical industry challenges but also deliver exceptional value to our customers. From the beginning of my career, I’ve been fascinated by the intersection of technology and security, and this passion has driven me to explore innovative ways to make a lasting impact on the field.
Before launching Vigilant Ops, I had the privilege of leading the medical device cybersecurity function at Bayer. In that role, I quickly came to understand the unique and complex challenges faced by the healthcare industry. Securing medical devices was often an uphill battle, hindered by a lack of automated tools and an over-reliance on manual processes. These limitations presented significant risks and inefficiencies, underscoring the urgent need for a better approach to managing cybersecurity in this critical domain.
As an experienced technologist, I couldn’t help but see an opportunity to solve this problem through automation. I realized that many of the repetitive, labor-intensive tasks involved in medical device cybersecurity, particularly those related to managing the software bill of materials (SBOM), could be streamlined and optimized with the right technology. Driven by this insight, I set out to build a platform that would revolutionize SBOM lifecycle management, making it more efficient, reliable, and scalable.
This vision led to the creation of Vigilant Ops—a company dedicated to automating the SBOM lifecycle and empowering organizations to proactively secure their software supply chains. At Vigilant Ops, we are committed to advancing the cybersecurity landscape and equipping our customers with the tools they need to stay ahead of emerging threats. It’s been an incredible journey so far, and I’m excited about the future as we continue to innovate and make a meaningful difference in the industry.
What are some of the flagship services that make Vigilant Ops standout in the industry?
What truly sets Vigilant Ops apart in the industry is our unique combination of deep technical expertise, an unwavering commitment to innovation, and a customer-first approach that drives everything we do. Our leadership team brings decades of experience in cybersecurity, with a particular focus on the most heavily regulated industry—healthcare. This specialized knowledge has allowed us to build a platform that not only meets the stringent demands of this sector but also sets the standard for others to follow.
One of our key differentiators is our passion for creating meaningful partnerships with our customers. We see ourselves as more than just a technology provider—we are a trusted partner dedicated to understanding our customers’ needs and helping them achieve their goals. Our team actively works to develop solutions that not only address immediate challenges but also anticipate future ones. This forward-thinking approach ensures that our customers are always ahead of the curve, equipped with tools that exceed their expectations and drive measurable value.
In regulated industries like healthcare, compliance is often a moving target, with shifting regulations and evolving standards creating a complex landscape to navigate. At Vigilant Ops, we don’t just react to these changes—we actively shape the conversation. Our team is deeply involved in key cybersecurity initiatives, including participation in working groups organized by CISA (Cybersecurity and Infrastructure Security Agency) and other global cybersecurity organizations. These collaborations ensure that we stay aligned with the latest developments in regulatory ecosystems, allowing us to provide our customers with solutions that are not only compliant but also proactive in addressing emerging threats.
At the end of the day, our goal is simple: give customers the tools, knowledge, and confidence they need to secure their environments and meet their compliance obligations. Vigilant Ops stands out not just for what we do, but for how we do it—with integrity, expertise, and a commitment to excellence that inspires confidence in our customers and partners alike.
SBOMs have become a buzzword in cybersecurity. For readers unfamiliar with the concept, how would you explain their importance in improving software security?
An SBOM, or Software Bill of Materials, is essentially a detailed list of all the software components—such as libraries, dependencies, and third-party code—that are included in a system, application, or device. Think of it as the equivalent of an ingredient label on food packaging. Just as you’d look at an ingredient label to understand what’s in your food—especially if you have dietary restrictions or allergies—an SBOM provides critical information about the components of a software product. It helps organizations understand what’s “under the hood” so they can better assess potential risks.
This transparency is critical because most modern software isn’t built from scratch. It often relies on open-source components, third-party libraries, and proprietary code, which can introduce vulnerabilities if they’re not properly tracked and managed. Without an SBOM, organizations are essentially flying blind, unaware of what software components they’re using and whether those components contain known vulnerabilities or licensing risks. This lack of visibility creates significant security blind spots, making it nearly impossible to protect against threats you don’t even know exist.
The importance of SBOMs becomes even clearer when you consider how quickly cyber threats are evolving. High-profile supply chain attacks, such as SolarWinds and Log4j, have demonstrated the devastating impact of vulnerabilities hidden deep within software. These incidents have underscored the need for organizations to not only understand the components of their software but also to quickly identify and address vulnerabilities before they can be exploited. An SBOM acts as a foundational tool for this process, enabling organizations to map out their software ecosystem and respond swiftly when new vulnerabilities are discovered.
Beyond improving security, SBOMs also play a vital role in compliance and risk management. Regulatory frameworks, such as the U.S. Executive Order on Improving the Nation’s Cybersecurity, now emphasize the importance of SBOMs for securing the software supply chain. For organizations operating in regulated industries—like healthcare, finance, or energy—providing an SBOM is quickly becoming a prerequisite for doing business. It demonstrates due diligence and a proactive approach to managing software security risks.
In short, SBOMs are much more than a buzzword—they are a critical tool for achieving transparency, improving software security, and mitigating risks in today’s increasingly complex software supply chains. By providing a clear understanding of the components that make up a software product, SBOMs empower organizations to take control of their cybersecurity posture and build trust with their customers and partners. The importance of SBOMs in safeguarding our digital infrastructure will only grow.
To read the full interview by Shauli Zacks, visit the SafetyDetectives blog here.
