About AYIT

AYIT Cyber Security
Senior cyber risk management for growing Israeli businesses.

AYIT was founded to bring senior cyber risk thinking to companies that need it but cannot justify an in-house security function. Led by Avraham Barda — OSCP-certified, with 15+ years across government, financial and defense environments.

Book a call

Why AYIT exists.

Growing Israeli businesses need senior cyber risk thinking — but most of the market does not serve them well. Enterprise security products are priced and scoped for organizations they are not. Generic checklist consultancy produces documents that do not change real exposure.

AYIT was founded to close that gap. The work is built around what management actually needs: a clear view of the key risks, a prioritized plan, regulatory readiness, and someone who owns the cyber agenda end-to-end. The size of the client changes the scope and the pace — not the seniority of the work.

Unlike traditional outsourcing, at AYIT the personal guidance is the core of what we do — we embed in your business, and your business vision matters to us as much as managing the risks.

The founder behind AYIT — Avraham Barda.

AYIT is led by Avraham Barda, with 15+ years of cyber experience across both offensive and defensive disciplines. The work has covered regulated environments in the financial sector, central government and defense — settings where security errors carry real consequences and structured risk management is the baseline expectation.

  1. Feb 2022 – Present

    Head of Application Security, Red Teams & Researcher

    Israel National Digital Agency · Prime Minister's Office
    Jerusalem

    Application security policy and governance for Israeli government ministries and national systems, including the national identity service, the government personal area and the government payment service. Oversight of penetration testing and risk assessments for critical systems, and securing CI/CD and DevSecOps in complex development environments.

  2. Jun 2021 – Feb 2022

    Application Security, Red Team & Researcher

    Israel National Digital Agency
    Jerusalem
  3. Sep 2020 – Jul 2021

    Application Security Specialist & Researcher

    NeuraLegion, now Bright Security · AI-powered Application Security Testing
    Israel
  4. Feb 2020 – Sep 2020

    Head of Application Security

    Israel National Digital Agency
    Jerusalem
  5. Oct 2018 – Sep 2020

    Security Professional

    Israeli E-Government (gov.il, formerly Tehila)
    Israel
  6. 2017 – 2018

    Information Security Architect

    Financial sector — major Israeli organization
    Israel

    Security architecture for strategic, cross-organization projects. Threat modeling and oversight of third-party engagements. Security and regulatory input to legal and business stakeholders.

  7. 2015 – 2018

    Lead Tester & Consultant

    Information security consulting firm — financial sector clients
    Ramat Gan

    Penetration testing and CISO-as-a-Service for financial organizations under regulatory supervision. Reporting and compliance against sectoral directives. Senior technical authority for report quality and policy alignment.

Professional Recommendation

I have worked alongside Avraham Barda for an extended period and can confidently say that he is a top-tier cybersecurity professional.

In addition to his leadership as a security testing team manager, Avraham brings extensive knowledge and experience in application security, threat identification and cyber risk management. His broad, systemic perspective enables him to analyze complex security challenges and translate them into clear and practical action plans.

His greatest strength is his ability to combine deep technical expertise with strong business judgment, consistently finding the right balance between security requirements and organizational needs. He brings a rare combination of leadership, professional authority and business insight, and I recommend him without hesitation.

Chief Cyber Architect, public sector

Why this experience matters for businesses, manufacturers and service companies.

Work in financial and government environments taught us how to identify the risks that truly matter to an organization, set priorities and turn security requirements into practical action plans.

Today, we bring the same approach to businesses, manufacturers and service companies, adapting it to each organization's scale, systems and available resources.

In practice, management receives clear answers: which risks could disrupt operations, what should be addressed first, what customer and regulatory requirements actually require, and how to turn those decisions into a practical work plan that can progress alongside day-to-day operations.

How AYIT works.

Cyber risk management is treated as an ongoing process, not a one-off report. A document on its own does not reduce risk; what reduces risk is identifying findings, assigning ownership, tracking remediation and closing the loop.

AYIT OS is how the service runs. Every risk, task, owner and remediation lives in one place — so a boutique engagement delivers the tracking and board-level visibility you'd expect from a full in-house team.

Engagements remain in the hands of a senior practitioner throughout — from scope definition, through execution, to remediation tracking.

Where AYIT works day to day.

Governance & risk management

Cyber risk mapping, policy and procedure ownership, regulatory readiness (Amendment 13, ISO 27001, sectoral), reporting to management and the board.

Offensive testing

Penetration testing and Red Team exercises against applications, infrastructure and people. Findings translated into a prioritized work plan.

Methodologies

Work follows recognized frameworks (OWASP, NIST) and standard secure development practices, adapted to the size and pace of the organization.

Awareness & training

Role-specific training for executives, developers and operational teams, designed to change day-to-day behavior.

Certifications & community.

OSCP

Offensive Security Certified Professional

🎓

Cyber Security Intelligence

John Bryce (2014)

ISACA Member

Global IT governance & security association

Community

Cyber Committee Member, The Association for Israel's Soldiers — advising on cyber posture and risk management.

Working languages.

  • Hebrew — native
  • English — full professional proficiency

Want to work together?

The first call is on us. 30 minutes. No prep needed.

Book a discovery call