Security leaders know the drill: vulnerability scanners run their course, reports stack up, and yet attackers still slip through. What’s going wrong?
We sat down with Yosef Yekutiel, CISO & Data Privacy Officer at MaccabiDent, at GlobalDots’ recent “Red Team Reality Check” event to unpack this gap, and how modern offensive security can fill it.
Book a demo today to see GlobalDots is action.
Optimize cloud costs, control spend, and automate for deeper insights and efficiency.
MaccabiDent is a major dental healthcare provider, operating on a national scale and handling sensitive patient data across dozens of systems and services. In such a high-stakes environment, security isn’t just important, it’s mission-critical.
Yosef, who built the company’s security program from the ground up, shared why traditional scanners fail to detect critical business logic flaws, like data exposure through subtle app behaviors, and how his team uses continuous attack simulations and real-time risk prioritization to uncover what scanners miss. By combining automation with attacker-style thinking, Yosef has transformed MaccabiDent’s security practice into a proactive, business-aligned engine built to withstand modern cloud-scale threats.
What scanners miss and real attackers catch
Where do traditional vulnerability scanners fall short?
“Traditional scanners do a good job of finding known vulnerabilities, CVEs, and misconfigurations. But they often miss issues rooted in business logic: the way the app behaves, the flows users follow, and what kind of data gets exposed unintentionally. An attacker doesn’t need an exploit if they can harvest sensitive data from an error message or misuse a workflow. That’s where the real risk lies, and scanners don’t catch it.”
The case for continuous offensive testing
What do you think about testing frequency and the shift away from one-off assessments?
“In modern environments, especially with cloud-native architectures, we’re pushing new versions constantly. Traditional point-in-time testing just doesn’t match that pace. If your test is monthly or quarterly, you miss everything introduced in between. That’s why we rely on continuous, autonomous testing. It helps us identify vulnerabilities as they appear, without delaying releases. Security has to move at the speed of the business.”
The End of Isolation: Security Must Keep Up with the Business
What mindset shift is needed today in cloud-era security?
“The traditional mindset of limiting internet exposure and locking everything down doesn’t work anymore. Business stakeholders expect everything to be accessible, via mobile, via web, from anywhere. The old client-server model is dead. Today, security must be designed to enable access while staying resilient. We’re not the department of ‘no.’ We’re here to support agility and make sure that as the business moves fast, we don’t fall behind.”
How do you prioritize when there’s too much to fix and too little time?
“You can’t protect what you don’t know about. So the first step is constant discovery, finding every exposed asset, every cloud workload, every endpoint. Then we simulate attacks to understand which vulnerabilities are actually exploitable. Not every CVE is urgent; what matters is attacker impact. If someone exploited this, what could they gain? That’s how we prioritize. It’s about risk context, not just raw numbers.”
With so many vendors and new innovations, how do you choose the right security tools?
“There are two core factors when choosing a security tool. First, it must match the specific way your organization operates, like a glove. Not every good tool is right for every environment. Second, it must integrate smoothly with your existing systems. While ‘best of breed’ sounds great in theory, having too many disconnected tools can actually make incident investigation harder.
That’s why I prefer ‘best of class’ ecosystems, solutions that work together natively and allow for unified visibility and faster response.”
It’s time for our Rapid-fire questionnaire
- First thing you check in the morning?
“My XDR dashboard.” - One tool you can’t live without?
“Not a tool, a person! My employees are the real X factor.” - Biggest thing that keeps you up at night?
“Shadow IT. Well-meaning staff using under-the-radar tools that could expose the organization to risk.” - Most overrated security concept today?
“Air-gapped systems. They sound secure, but no system is truly isolated; everything eventually needs updates or interfaces (ERP, etc.), so the ‘air gap’ can be a false sense of security.” - What do people misunderstand about the CISO role?
“That it’s just technical. A good CISO is a business partner, sitting in on strategy talks—not just during a cyber crisis.” - If budget weren’t an issue?
“I’d hire a full-time internal red team, someone trying to break us every day. That’s how we understand how we appear to attackers and defend ourselves more effectively.”
Yosef, thank you for your time and insights. Your view offers a clear, practical path forward for teams operating at cloud pace. Your emphasis on attacker simulation and strategic alignment mirrors broader trends in offensive security. As attack surfaces grow faster than teams, the ability to prioritize based on attacker value, not just vulnerability count, is what sets leading security programs apart.
Before you go, if you could go back in time, what advice would you give yourself early in your career?
“Early in my career, I explored everything—networking, infrastructure, application security. It gave me breadth, but not depth. If I could go back, I’d focus first: pick one area, master it, and build my foundation there.”
But maybe that exploration gave you an edge? You gained a broad perspective that helps in your role today.”
“You’re right, it definitely helped me see the bigger picture, especially as a CISO who needs to oversee the entire security stack. But still, when you’re trying to go deep or lead a technical domain, that initial focus helps you build confidence and authority. You can always expand outward later, but it’s hard to build depth once you’re stretched thin.”
Yosef, thanks again!
“Thanks. Stay safe, personally and digitally.”
Want to see how autonomous red teaming can help you stay ahead of attackers?
Talk to a GlobalDots Expert
