Carnegie Mellon University

Rohyt Belani

October 29, 2020

Reeling in Cyber Attacks, One Phish at a Time

By Deana Lorenzo

Jessica Shirley
  • Director of Strategic Communications

During National Cybersecurity Awareness Month, INI alum Rohyt Belani shares how his human-oriented approach to stopping phishing attacks turned his startup into a leading provider of workplace cybersecurity.

No one understands phishing better than Rohyt Belani. While working on the frontlines of information security for Fortune 500 companies, he noticed a troubling phenomenon: more than 90 percent of these attacks started with an employee acting on an email.

“Hackers do a lot of online research [on their human targets],” Belani explained during a segment on CNBC. “So that when they do draft an email, it’s quite contextually appropriate, and makes it really hard to decipher good from bad.”

As a security consultant in the early 2000s, Belani realized that something needed to be done to better address phishing attacks targeting personnel. “While the catalysis of these attacks was human susceptibility, no one was, at the time, doing anything to better condition humans to be more resilient—at least not in a way that was measurable,” he said.

This lack of human-focused solutions was what drove Belani and co-founder Aaron Higbee to launch PhishMe in 2008, focused on arming employees with training and tools to avoid falling victim to hackers and scammers.

PhishMe expanded its product portfolio to provide a more holistic approach to workplace cybersecurity. In 2018, PhishMe was bought by private equity giant BlackRock for $400 million and has since rebranded itself as Cofense. Belani stayed on as CEO of the company, which now serves nearly half of the Fortune 100 and close to 400 Fortune 1000 companies.

As a leader in information security, Belani has since appeared on CNBC, CNN, BBC, and in Forbes magazine, as well as received numerous honors, including 2017 EY Entrepreneur of the Year and Washington Business Journal’s “40 Under 40” list.  

“I would be lying if I said I anticipated where I am today, professionally, 15 years ago,” he said. “I feel very fortunate to have, in some ways, surpassed my own expectations.”

“My experience at INI was life-changing. It taught me the meaning of hard work."

Belani received a bachelor’s degree in computer engineering from Thadomal Shahani Engineering College (University of Mumbai) and attended the INI at Carnegie Mellon University, where he earned his M.S. in Information Networking (MSIN). “My experience at INI was life-changing,” he said. “It taught me the meaning of hard work. If there’s one thing I learned at Carnegie Mellon University, it was the fact that sleep is not necessary for survival!”

In 2002, with just eight weeks shy of graduation and the US economy in recession, Belani was looking for a job when he ran into one—literally—in the halls of Heinz College. “I met this gentleman who was the founder of a security company and an adjunct professor at Carnegie Mellon,” Belani told Sramana Mitra’s One Million Blog. Belani described himself at the time as being “unshaven, in flip-flops, with bloodshot eyes, having spent the previous night coding”—in other words, he was not prepared to be interviewed. But after talking for 45 minutes, the man made him an offer he couldn’t refuse: “he actually offered me a job at his company.”

He worked at that company—Foundstone—for two and a half years as a consultant and “ethical hacker,” tasked with breaking into enterprise networks in order to assess security weak points. The experience gave him the credentials to teach the Hacking Exposed class at Carnegie Mellon from 2006 to 2010.

Foundstone was acquired by McAfee in 2004. By that time, Belani was receiving lucrative offers from major tech firms, but he decided to join Mandiant, a fledgling startup based in Virginia that specialized in cyber forensics. As Managing Director, he took on the role of setting up their New York City office. Although Belani left Mandiant in 2007 to start his own company, he celebrated Mandiant’s $1 billion acquisition by FireEye in 2013.

Despite his many career highlights, he is still humbled by the experience. “Most people only see the highs of successful entrepreneurs, but there are a lot of scars that go unnoticed. From having the door slammed shut on you in early sales situations or by investors, to protecting your company’s intellectual property–there is no dearth of challenges,” he said.

“At the same time,” he added, “the adrenaline rush of starting a company and being fortunate enough to see it be successful is an unparalleled feeling in one’s professional life.”

Now, as the CEO of Cofense—the company he co-founded a decade ago as PhishMe—Belani looks forward to continue working with the world’s leading companies to “stop phishing attacks in their tracks.”

“To experience these organizations’ faith in us, especially in a domain as crucial as cybersecurity, is unique and most fulfilling, and something I am most proud of,” he said. “I feel honored that we are able to serve this mission globally every day.”

His advice for current INI students is that there is no single path to becoming an entrepreneur. “One can be entrepreneurial in many ways—working at a large company, a startup, or starting a company.” What’s most important, he emphasized, is “the spirit to challenge the norm, and the grit to get up repeatedly after being knocked down in an effort to solve unique challenges.”

Image credit: Cofense