See Yourself in Cyber – 7 Industry Leaders Share Their Journey and Learnings
Who are the cybersecurity insiders? What motivates them to build companies in this ever-evolving landscape? What’s keeping them up at night?
October is Cybersecurity Awareness Month. This year’s theme is “See Yourself in Cyber”, highlighting the human element in an industry that might seem complex and daunting to many. To mark the occasion, we spoke to seven founders of up-and-coming cybersecurity companies about their journey in cyber:
Read their answers below to get to know the people behind the tech.
What led you to build a cyber company?
Ofer, Illusive: “I was passionate about creating something meaningful from nothing – and equally passionate about cyber and solving big problems. With those two things in mind, it was pretty clear building a cyber company was the way to go.”
Ofer , Talon: “I have always had an entrepreneurial mindset. I enjoy empowering others, building things, and being part of and leading world-class teams. My core passion is the journey of entrepreneurship. The ability to bring change and value to millions of people around the world through my work is what motivates me to work hard every single day. Following my time with IDF Cyber Intelligence Unit 8200, I knew the next step in my life was to build teams and technologies that could redefine what cybersecurity looks like. To me, there is nothing more rewarding than helping customers solve massive challenges and with the team we have at Talon, we have a ton of fun doing so.”
Yaniv, Claroty: “I joined Claroty after many years of leading industrial solution providers. In those roles, I gained a deep understanding of how unique the cybersecurity challenges are in the industrial sector. This is due to the relatively long lifecycle of OT compared to IT, uptime and physical safety being much higher priorities than data privacy, and the rapid proliferation of greenfield IoT devices that often come riddled with vulnerabilities. Claroty is perfectly poised to be the market leader in cyber-physical systems protection and I’m thrilled to lead our very talented and unique team on this exciting journey.”
Rina, Duality Technologies: “We founded Duality because we realized that data collaboration and data sharing are key to deriving valuable insights from data. It also became apparent that there are many obstacles to sharing sensitive data among enterprises – data privacy regulations, business secrets and contractual obligations. Trust was coming under scrutiny: trust in the cloud, and trust in collaborators. At the same time, new advanced technologies that can resolve the conflict between data privacy and data utility were becoming available. But all of this would not have been possible without the extraordinary founding team – a group of world-renowned experts who set out to tackle this hugely important problem.”
As a CEO of a cyber company, what is top of mind?
Ofer, Talon: “I like to look at the trends that are driving decision making and will drive decision making in the future. The most prominent from my perspective? The largest organizations and the world in general are moving to the web, thanks to the boom of SaaS and web-based applications. It’s estimated that there are nearly 5,000 app-to-person connections for an average company (even more for large enterprises), and SaaS spending is up by 50% – both of these figures are likely to grow in the coming years. These points, combined with the sharp move to more distributed workforces, get me excited as a CEO as it paves a natural path for new innovative technologies to disrupt the status quo.”
Neatsun, OX Security: “Our customers, the adversaries, and our team that works hard to deliver quick responses that protect our customers from the adversaries.”
Dan, Dig Security: “Avoiding a data breach is super important to me as a cyber CEO, especially as the number of breaches has reached an all time high. Today, the average cost of a breach for financial organizations can go up to $5.72M, according to a recent report by IBM. What this means is that organizations need to do a better job at securing their data, especially data used in the cloud. Securing cloud data starts with gaining visibility into all the data, understanding its context and how it flows inside and outside the organization. But that is not enough, because protecting data also requires real time data detection and response – so when a bad actor removes an existing control, it will be immediately handled without further risk. This is what Dig does best.”
Yaniv, Claroty: “I believe we’re at a pivotal point in history for cybersecurity as it pertains to critical infrastructure and national security. Much of the cybersecurity industry is focused on creating highly advanced solutions that are fantastic for multi-billion dollar enterprises but unfortunately out of reach for the smaller, under-resourced organizations, many of which support some of our most basic human needs. Securing critical infrastructure is ultimately about saving lives, and in order to truly succeed at this we need to meet organizations where they are, no matter their cyber maturity level. Organizations in the public, private, and nonprofit sector alike must work together to address this challenge. This is no small feat but I am encouraged by those who are rising to the challenge and the opportunity we have to make the world a safer place by leveraging the power of cybersecurity.”
What in cyber makes you smile?
Neatsun, OX Security: “It’s always fun to see that threat actors create the same bugs as regular developers. An example I really liked was a threat actor that accidentally infected himself with his own malware, exfiltrating the password to his backend.”
Rina, Duality Technologies: “Seeing customers realize for the first time that something they have always dreamt of doing but thought was impossible, is possible, now that is a very special moment. Sometimes people who experience this for the first time, describe this as magic! Anyone who is struggling to stay in control of how their data is used while collaborating on it – be it cybersecurity or other fields like banking, government or biotech – everyone is frustrated that they can’t securely pursue more data sharing and collaboration. So, when they realize that the data they thought was off limits can now be accessed and shared in a secure way using the Duality platform, they are happily surprised and it is a very satisfying moment for me.”
Nethanel, Cyberpion: “I usually do more than smile when I see a notification about our solution preventing a critical breach. The satisfaction of seeing the impact of a long journey, from idea to working technological solution, is worth all the challenges we face.”
Dan, Dig Security: “Occasionally, when we speak with a customers who think they know what they have in the cloud, it makes me smile. The way data proliferates in the modern enterprise is mind blowing – ask any IT risk and security professional. Different teams adopt different data services and create “shadow data” assets that are often not discovered by security teams. Also, the use of microservices creates many copies of the data and the result is that sensitive data keeps traveling. When we onboard new customers to Dig Security, we start with an automated discovery and classification as the first step, and only then add controls such as real time data detection and response (DDR).”
Ofer, Talon: “The people. Working in cyber, I have had the pleasure of meeting and working with some of the brightest minds in the world that are constantly pushing boundaries and driving innovation. It is incredibly motivating and exciting to be surrounded by so many talented individuals.”
What worries you most about cyber?
Ofer, Talon: “From an industry perspective, the thing that worries me the most is organizations that deploy technologies which negatively impact the user experience of their workforces. In today’s environment, security should not slow down the business – it should be delivered in a way that doesn’t change how people work. CISOs should be prioritizing technologies that enable the business and foster productivity. Security does not need to be a roadblock.”
Nethanel, Cyberpion: “Lack of knowledge. For me, this is the number one risk. Organizations don’t know all the risks they face, and security vendors don’t know the new methods that attackers are already using. In Cyberpion, we help organizations to know their hyper external attack surface. Knowing how critical this component is in their security strategy, ensuring that we don’t miss anything the hackers can find, is at the top of my mind.”
Ofer, Illusive: I am very concerned with the awful events that I believe will come due to cyber attacks. We’ve seen the tip of the iceberg of what a cyber attack could mean to the security and welfare of the population and as we know from many other walks of life, things tend to escalate. It is a matter of time before we see an attack that will entail very significant and painful losses.
What fact should every CISO know?
Yaniv, Claroty: “In an XIoT world, the thing that will separate the winners from the losers is their embrace of the full breadth and depth of the CPS/XIoT security journey. They understand that having comprehensive visibility into all manner of XIoT assets within their environment is absolutely foundational above all else. They will also recognize that this journey isn’t a sunk cost, technicality, or barrier to business productivity — but rather, it’s something that, when executed effectively and holistically, is a business enabler. At the end of the day, there isn’t a business or infrastructure organization out there that doesn’t aim to boost productivity and efficiency while reducing risk (all of which support the bottom line). The winners in this XIoT world will be the ones who recognize and embrace security as that which enables them to harness the power of CPS/XIoT connectivity with confidence, not risk.”
Dan, Dig Security: “Every CISO should know when a bad actor, internal or external, intends to get into their environment, because chances are they’ll be able to find a blind spot. But that does not mean that their efforts to secure the data are for naught. There are things they can do today to ensure that when a bad actor already has access to their cloud data.”
Nethanel, Cyberpion: “We don’t know everything about our organization and the different ways through which it could be compromised, but we can be proactive about it and significantly decrease this knowledge gap. By actively reducing the attack surface, it is possible to remediate the most critical vulnerabilities even without discovering them.”
Neatsun, OX Security: “In my humble opinion, the role of the CISO of the future is to influence the business side, and to advocate for innovative security thinking that can protect the organization with minimal friction.”
Rina, Duality Technologies: “CISOs in data-driven organizations are becoming business-enablers in addition to being business-protectors. Enterprise data, one of the very valuable assets which the enterprise collects and curates, is being increasingly used to enable business while collaborating with the enterprise’s business ecosystem: customers, partners and suppliers. CISOs have to support this while keeping the data protected at all phases, including when it is used. CISOs should know that privacy-enhancing technologies are now practical and enterprise-ready to help them in this new expanded role.”
How do market changes affect security spending?
Nethanel, Cyberpion: “Nice to have’ projects are delayed or canceled, but nobody wants to chance it when it comes to tangible threats. Hence, I think that compared to other sectors, the security sector is less affected by the recent market changes.”
Ofer, Talon: “In a down economy in particular, security leaders are looking to invest in technologies that offer a trifecta of better security, cost effectiveness and great user experiences. While these core qualities should be key areas of focus for any security vendor, they become especially important in times like the ones we are in now.”
Neatsun, OX Security: “In recent years we’ve seen a big emphasis on security that enables people to understand and prevent threats in new domains which were previously neglected. To enable this, companies are spending less on domains that are no longer innovative.”
Ofer, Illusive: “Market changes affect overall budgets which in turn affects security spending. With that said, we’ve seen in the past, and we’re seeing even more now, security tends to be more resilient and less affected by budget cuts as it’s a necessity. As a CIO of a mid-size enterprise going through layoffs told me ‘I’m not touching my security budget at all. Would I really say that in rough times we don’t need to be secure?’”
If you had to use three words to describe qualities every cyber CEO must have, what would they be?
Nethanel, Cyberpion: “Leader, learner, determined”
Ofer, Talon: “Adaptability, vision, patience”
Dan, Dig Security:“Focused, leadership, perseverance”
Neatsun, OX Security: “Innovative, optimistic and risk taker”
Rina, Duality Technologies: “Vision, differentiation, resilience”
Yaniv, Claroty: “People-first, customer obsessed, strive for excellence and high integrity”
Ofer, Illusive: “One thing: Ability to think differently”