With Drata Acquisition, oak9 Founder and INI Alum Aakash Shah Welcomes a New Era of Security Automation

Information Networking Institute (INI) alum Aakash Shah is on a mission to make security engineering easier. With the recent acquisition of his startup oak9 by Drata, a compliance automation platform, that mission just got bigger.

“At oak9, our mission was to make security easy for developers in our cloud-native world, and we built an amazing product,” said Shah, who graduated in 2008 with a Master of Science in Information Security (MSIS), the INI’s flagship cybersecurity degree program. “We were looking at this problem from a security lens. With this acquisition, we have a partner that is looking at the same issue from a compliance lens.

“Now that we’ve joined Drata, we want to solve the complete problem for the customer: help address business risks and make sure businesses can communicate their security and compliance practices effectively to their customers.”

A New Era of Compliance and Security Automation

Shah co-founded oak9 in 2018 to build security into the software development lifecycle, ensuring that security is never an afterthought. With the Drata acquisition, he is now working to integrate oak9’s automated security capabilities with Drata’s automated compliance platform. The beta version of this new integrated capability, Compliance as Code, debuted at the 2024 RSA Conference.

Through Compliance as Code, Drata has become the only governance, risk management and compliance (GRC) platform on the market that “monitors compliance before and after code is deployed to production,” according to Drata’s announcement of the acquisition.

For Shah, one of the key pain points this new platform will address is the issue of security teams being asked to do more with less.

“In most organizations, what you’ll find is that the ratio of security engineers to developers is not great — usually one for every 100 developers,” he said. “This makes it impossible for small teams to scale. The only way they can achieve their objectives is by making security part of the development lifecycle, focusing on the strategic needs of the business and using automation to bake security in.”

Shah will continue to lead the integration of the oak9 platform by heading up the Compliance as Code engineering team, building single cohesive product set from the ground up.

“An acquisition is a signal from the market that you built something that’s amazing — it’s a point of validation,” he said. “Startups are a rollercoaster. It’s pretty exciting to see something that you built and grew get acquired for a bigger purpose.”

From Security Student to Tech Leader

Shah joined the INI to pursue his graduate degree in information security just three years after the program launched, still in the early days of cybersecurity education at Carnegie Mellon University (CMU). The same year the MSIS launched, CMU’s privacy and security institute, CyLab, was founded to focus the university’s research in these areas. INI Director Dena Haritos Tsamitis is a founding director of CyLab, which continues to advance research in cybersecurity and its cross-cutting issues.

“My experience at the INI was incredible,” said Shah. “I met brilliant security-minded folks that were part of the program, and we are still the number one cybersecurity program probably in the world. A lot of my success I can attribute to the INI.”

Some of the research Shah pursued at CMU would eventually lead to the development of oak9. Shah was always interested in entrepreneurship and kept seeking opportunities to commercialize his research in partnership with oak9 cofounder Om Vyas.

For students and young professionals interested in following his entrepreneurship path, he has one piece of advice: “I can’t say enough about the dedication and work ethic it requires. You have to keep falling and getting up, over and over.”

For aspiring security engineers, Shah advises to “always be learning, stay current with the technology and threat landscape, and focus on building solutions that meet the objectives of the business. It’s the one profession where there is constant change — you will never stay still.”