CyberWire Daily - Avi Shua: Try to do things by yourself. [CEO] [Career Notes]
Episode Date: June 20, 2021CEO and co-founder of Orca Security Avi Shua shares his thoughts on ways to succeed in cybersecurity. Avi's excitement about cybersecurity began when he was 13 as he tried to think of ways to get aro...und the school's network security. He joined the Israeli Army's Intelligence Unit 8200 and experienced some unique cybersecurity training programs that he would eventually come to teach. Learning to solve problems on your own is a skill Avi acquired and took into his professional career. In his current position, Avi works to advance Orca's mission. He loves that his company works to reduce friction and enables security people to do their jobs. Instead of becoming of plumbers connecting things, Avi says they can do their job and become real security practitioners. We thank Avi for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. and VPNs, yet breaches continue to rise by an 18% year-over-year increase in ransomware attacks
and a $75 million record payout in 2024. These traditional security tools expand your attack
surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security. Thank you. Learn more at zscaler.com slash security.
My name is Avishwa and I'm the CEO and co-founder of Orca Security.
In fact, I was excited about cybersecurity since I was 13 years old.
As a teenager, we had a network in my high school, and I was looking about a way that you can get around it. It was clear to me that I'm going to get into cybersecurity since then.
since then. When I became 18 years old to join the Israeli army, the intelligence to unit 8200 and go to a cyber training course which I also later on became the teacher of
one of the courts and it all started that way.
In fact we had in our high school a team that was both instructors and students that were excited about computers that could help set the network, help with maintaining the IT environment.
I was even hired for a few months during the summer break.
And it was, in fact, a really great opportunity to get students who are excited about something to
do something valuable with the time help setting things and I was always attracted to how you can
make it more secure I knew it's but to actively look into it it was a high school network it's
not secure by definition but it was still something that excited me to see what are the
different trade-offs what it means to set it in a certain way,
how it can be attacked via different means, etc.
I joined a cyber training course which is very unique compared to a lot of training experiences.
compared to a lot of training experiences.
The training is not all about what you know,
about learning stuff,
but about learning how to progress and improve and solve things.
It's very rare that we are told there is a problem.
You should simply solve it by yourself, not by looking at how other people do that,
but solve it by yourself. not by looking on how other people do that, but solve it by yourself.
And while you do that,
to make sure that your
progress without comparing
yourself to others, it really
challenges you to get the most
that you can.
So I started, moved to Checkpoint.
I've been there for more than a decade.
Started as a team leader.
Later on, I became a group manager.
Started the sandboxing solution of Checkpoint. The last four years, I was the chief technologist.
Security is all about choke points. And traditionally, when you look at computers, there's been two
choke points. The network, you know, it's not ideal, there's encryption, you can't see
everything. But if you put a device between your physical network and the internet, you'll
see it all. So it's a great choke point. There's a different choke your physical network and the internet, you'll see it all.
So it's a great shock point.
There is a different shock point, which is the cloud itself.
And they thought that it's needed to be looked at from a completely different view.
And the only way to do something which is so radically different is by starting a company and not trying to do it within companies that are many times more focused on the way that,
on the history and the capabilities that exist till that time.
As a manager, my job, it has two acts.
One is to lead, to make sure that we're executing to the vision.
But on the other hand, to do everything that there is no other owner in the organization.
At the same time, we need to build it to make sure that it will grow and execute the vision that we created for Orca.
The favorite part is to solve actual organization problems.
There is so much times in cybersecurity when companies build solutions that look good on paper,
but are not consumable, that requires tons of friction, requires tons of deployment.
And in lab, it's nice, but they are deployed on 30, 40 or 50 percent of the environment.
It's not really helpful because the attacker can always go to the areas that are not deployed.
And theoretically, the vendor is okay, but the customer is not secured and can be breached.
The one thing that I love about what we do is that we are reducing friction in the organization.
And it simply helps people to do their jobs.
Instead of becoming plumbers, connecting things, trying to install how to deploy tools,
they can do their job and become a security practitioner.
If you're just getting started, you need to be excited by that.
It's not something that, don't do it if you don't love it,
because you won't succeed.
I think it's true about every profession,
but you really need to love that.
But second, take the time and do things for yourself.
You must understand how things are actually working.
You must understand what is a vulnerability,
what are actually working. You must understand what is a vulnerability, what are the limitations.
You can't just go and jump over that without understanding the basics.
You always have limitations to your capabilities in that.
So try to do things by yourself and then everything will be clearer.
You'll understand what's important, what's less if you take this time.
clearer. You'll understand what's important, what's less
if you take this time.
This is the thing that makes me
wake up every morning to make sure that
we are creating products that are
valuable and fun for
people to use. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
and their families at home.
Black Cloak's award-winning digital executive protection platform
secures their personal devices,
home networks, and connected lives.
Because when executives are compromised at home,
your company is at risk.
In fact, over one-third of new members
discover they've already been breached.
Protect your executives and their families
24-7, 365 365 with Black Cloak.
Learn more at blackcloak.io.