As heard on the Leaders of B2B Podcast with Noah Tetzner.
Giora Engel, Co-Founder and CEO at Neosec joins the Leaders of B2B Podcast and shares his startup journey centered on cybersecurity. The discussion provides insight on the following:
- How to adjust activities that involve face-to-face relationship building to remote work
- How digital transformation has evolved into a “digital first” initiative and how that affects the global economy
- How the value of communication becomes more important when working across remote teams
- The 3 key elements to growing your company
- How a focus on culture and ownership can help draw committed talent
- Why it is essential to check your cybersecurity infrastructure
- Understanding the mindset of the attacker
- Advice for those looking to start a new company
Read below for the full transcript.
Giora: If you really believe in something, and you know that you're doing the right thing, then people will follow you, right? I mean, it's still a lot of hard work, but I think you need to have a very clear mission to get it done eventually. And also, I mean, at the end of the day, it's really all about the people and all about the team.
Announcer: Welcome to the "Leaders of B2B" podcast. A weekly show where we bring you interviews, and in the leads expertise with today's B2B experts and thought-leaders. You can see more about today's episode and guest by visiting our website at leadersofb2b.com.
Noah: Hey, leaders, welcome back. I'm Noah Tetzner, and I'm joined today by the Co-founder and CEO of Neosec, a cybersecurity company built for organizations that expose APIs to partners, suppliers, and users. Neosec is an intelligent way to protect your APIs from business abuse, fraud and theft, reinventing applications security. I'm joined today by Giora Engel. And, Giora, welcome to Leaders of B2B.
Giora: Thanks, happy to be here.
Noah: It's a pleasure to have you on the show, Giora, and I'm so excited to delve into our topic of conversation today, which is your journey as an entrepreneur, and also the journey of Neosec. So, first of all, let's introduce listeners to Neosec. I understand this is your second cybersecurity company, which I believe was founded during basically the height of the pandemic, is that right?
Giora: Yeah, we founded the company in February 2020 just before everything got shut down. So, it was an interesting ride for sure.
Noah: Wow. And so, this is your second cybersecurity company. Now, tell listeners...just very basic question, but just to cover our bases, you know, who does Neosec serve, and who is the company for?
Giora: So, we're basically helping any company that develops applications and APIs to secure what they expose to the outside, as well as some internal East-West APIs. These days if you think about it, everybody is writing applications and APIs, that's the new way of writing software and delivering products of any kind, whether you're a bank or a digital company. So, that's what we saw in the market is that everybody is moving to digital no matter what industry you are from.
Noah: And, as I mentioned before, this is your second cybersecurity company, which, as you mentioned, was founded a month before the infamous March of 2020. That great peak in, unfortunately, a global pandemic. How was this experience different? How has it been different so far, your two years in, from the previous company you started?
Giora: Maybe I'll start from the beginning. I think the weirdest thing was that in the beginning we were about to raise money, and we couldn't actually meet anybody physically. And when as an entrepreneur, as a founder, raising money is a very personal thing. You speak to people, you shake their hands, a lot of that is getting to know each other. So, that was completely not possible all of sudden. But, of course, the industry adapted to that, and everything was through Zoom in the end, and it ended up in the right place, but it was just weird, being at home and pitching through Zoom, and it just felt different.
Noah: Yeah, no doubt. I mean, that is definitely an interesting sort of shift from no doubt the experiences that you had with...
Giora: And, of course, hiring people was super different at the time. I mean, today, we're kinda at the end of the pandemic, hopefully, nothing goes back. But, today, people learn to live with it. At the time, it was not even allowed to meet people, I mean, depending on where you are located there was a shutdown in place everywhere. So, yeah, we had to build a fully remote team. And, I think, there are a lot of benefits to it. I think, today, when things are coming back, in-person relationships are super important, I still believe in that. But the ability to work well when you're remote is very, very valuable too because you're not with the other people 100% of the time, even if you work in the office. So, being able to communicate well while you're not with the other people I think is actually a super important skill.
Noah: Most definitely. And, no doubt, cybersecurity itself experienced, I'm assuming, an unprecedented demand right as the company started, you know? I mean, of course, we've been sort of in this digital era for well over a decade now, but nothing like what we're living through now. I mean, I remember talking to colleagues who were in the process of applying for various roles at companies, you know, around the time the pandemic started. And, this concept of working full-time remote was not being offered by many companies, and it's very hard to think that literally three years ago or so. But tell us, what was it like, what's the market's appetite in those initial months of COVID when you got started?
Giora: So, I think, it changed a lot of things for a lot of people. You started to see it changed a lot of things for employees, and the ability to work remotely, and work maybe in places that they couldn't work before, or maybe moved to a different place that they couldn't do before. So, one change is that for every company, they had to support fully remote operation, which means that everybody connects remotely, there's much more that happens that way. But, I think, there's also the other side, on the business side of all these companies, they had to adapt to a world where they have to be digital-first, regardless of what industry they are in. If you're not digital-first, they won't have business, right? So, I mean, even if they're brick-and-mortar banks or whatever, they have to be very, very good at selling digitally, right? So, that I think is maybe the biggest change. The digital transformation, we spoke about it before, but I think in recent years, it accelerated significantly because of the simple need.
Noah: Most definitely, most definitely. Tell us about the process then of scaling a company, receiving funding, so forth, during the pandemic, doing it totally remotely. You know, and I guess a company as Neosec continues to grow and grow from strength to strength. From your perspective, is that sort of hiring and company culture piece something that you guys are still navigating, or do you have a plan?
Giora: I think maybe now I'll start from the end. So, I think what you just said about building the company culture is super important because that's really what stays in people's minds every day when they work, and every day when they open their computer. So, building the right culture and finding the right people is the most important, regardless if they're either in-person or remote. Because it shows. It shows regardless. I mean, if it's in-person, it's obvious, but if it's remote, it still shows the same way.
Now, after two rounds of funding, we raised over $20 million, and we are over 50 employees, growing pretty fast. We decided that...one of the decisions we made in the very beginning was to hire our engineering team and product team in Israel. It wasn't obvious for us because both of us co-founders we're locally here in the U.S., but we decided that it will create a more cohesive team in that crazy pandemic time where everybody is sheltering in place, and I think it was an amazing decision for us. I mean, there's really nothing like the Israeli talent when it comes to R&D. Like, the added benefit was the ability to create a cohesive team that meets sometimes. Today it's meeting twice a week in the office. But in the very beginning, I mean, it was not obvious that people could actually meet, and it made all the difference.
Noah: Well, of course, there's so many statistics, which I won't quote here today on the podcast, simply because listeners are already well aware of them and they're ever-changing. You know, record numbers of folks leaving their jobs, even more so, people shifting around within different roles, within companies, and other companies, folks are hopping from opportunity to opportunity and so forth, a lot of movement there. I guess, in terms of building a company culture during this unique time that we find ourselves living in, what insights or advice from your experiences, Giora, would you offer to our listeners?
Giora: I think what worked for us is to first create a culture that empowers each and every person, you know, not only the managers or the VPs, but actually each and every person in the company. And the way to do that for us, I mean, it sounds simple, but it's actually not that simple, right? The way to do it is to make sure that everybody is aligned with the mission and understands why we're doing what we're doing, and what it means, and what they're doing impacts the customers, and so on. And also, giving people responsibility and ownership of what they're building and the function that they're owning. Doesn't matter what level you are in the company, always have something that you own, and something that you really need to deliver, and it will depend on how you do it. So, I think when you do it that way, it creates a much more scalable organization, regardless of where people are. Sometimes when you have an office, you can use it as a crutch to micromanage people and see what's going on, and who's doing what, and so on. And I think when you don't have an office, we were forced to do it, right? And it definitely worked well for us. I mean, I think one of the things that I'm most proud of, in what we've built so far, I mean, there's much more to do for sure, is really the culture because, you know, that's something that you can't really change. After a certain amount of people, sometimes it's fixed. I would argue that you actually can't change even after five people unless you fire everybody. It's something that is really part of the company, you can't change that. And now, when we have a significant base, you know, both in Israel and here, I think it's easier to continue to build the culture in the right way. Because it's not only on us. It's everybody that influences the rest of the people.
Noah: Yeah. Yeah, and you found that, like, autonomy, giving people ownership of their unique tasks, that's really worked very well for Neosec.
Giora: Yeah. I mean, having the experience before building another company, LightCyber, and worked for a bigger company after we got acquired. And, yeah, I think that's always the tricky part, how to make sure that people understand the mission and have that sense of ownership because, without that, people have tried and maybe you can micromanage five people, but when it's more than that, it just explodes. It's very hard to do it right when people are not aligned, and not operating according to these basic values.
Noah: Well, and, you know, Giora, I suppose a good follow-up question, and I know this is something that's on everybody listening, all of our listeners have this, to some degree, on their minds today, is it's one thing to curate a great company culture, which, of course, you've done, but it's another to attract high-quality talent, you know? So, again, what has worked for you in terms of attracting, or hunting, whatever you wanna call it, sourcing good talent for Neosec?
Giora: I mean, it's a very, very competitive market today, and I think, as you said, people move quite fast, and sometimes people accept offers and then don't show up. We've seen that too. I think at the end of the day, a start-up company cannot compete on the salaries, cannot compete against public companies, and big companies like Google and others on the salary. We give equity, which is super valuable, but it's also really the difference at the end of the day, the right people make the decision based on the team, and based on the ownership that they're gonna get. I think that makes the difference. If somebody is only optimizing for cash, they'll go to work for a big company, and they know exactly how much they make, and so on. But if they want the ownership, if they want to go to the next step, if they want to do something different, and really shape their future, I think they'll find a good place with us. And I think when you have the right culture, I think it shows in every discussion that you have with anybody in the company. It shows with every person that you talk to. And I heard it already from quite a few employees that joined, after they joined, they said, "We sense that there's something special here, and we're really happy to discover that it's for real. After we joined, just from the first day, all the interactions that they had were very much aligned with what they expected, so I think that means a lot to people. At the end of the day, we're all social creatures. We don't want to just work on our own. I mean, we want to make a difference, we want to interact with other people, and, yeah, we want to win together. So, if we can create that culture, I think that's what can attract people. I mean, of course, some people. There are some people that have other objectives, which is fine. They'll find other places that are suited for them.
Noah: Yeah. Well, most definitely. And I guess, just one other question, Giora, before we move on from perhaps this topic is, besides the obvious, of course, what are some red flags that you would just ask our listeners to bear in mind when talking to potential candidates for their companies? What are some things that you found that maybe a lot of people aren't thinking about that they should be, in terms of, like, vetting good talent?
Giora: Oh, wow. Where to start? I mean, I think it's important to look for people that really fit the culture that you're building, and the stage that you're at. And, of course, not only to look at the dry details in their experience, right? Because if you understand what they're looking for, and it matches what you can offer, I think that can be a really great connection. If it doesn't align, then there's probably nothing that you can do. I mean, even if you raised another offer, or... there's really nothing that you can do to make it right. They won't join in the end, or if they join, maybe it's not right for them. So, I think looking for the right people that have the right objectives, and want to make the next move... One thing that worked really well for us is we don't only look for people that have years of experience in what we're looking for, I mean, we're completely open to people that are just up and coming, and just starting to do it. Have some proven experience, but not as much as others, sometimes even for the same role by the way. It's best to have a mix in the end of the day. I mean, some people with more years, and some people with less. But there are actually a lot of benefits of hiring people with less proven experience if they're the right people because they will learn fast, and maybe they'll bring new ideas that others didn't even think about.
So, I think we did it quite a few times, and, overall, I think it was great for the company because it really brought more diversity of thought, in a sense. And so, yeah, I mean, of course, there's some people that have so many years' of experience that they already did it maybe for the tenth time, and some people that it's really their first gig of this kind. And, in both cases, it's very, very valuable when you do it right.
Noah: One hundred percent. And it's such a weird employment market we are currently living in. You know, there was a time, in recent history, where 20 years of experience at one company would have been seen as this badge of honor, but now, to some, it could look weird. Twenty years of experience, why didn't you move on? Why didn't you progress to different opportunities? Is that truly 20 years of experience, or is that one year repeated 20 times? And I think that the right candidates for jobs are people who love to learn, they love to learn, they love to progress. So, those are great insights, Giora. One other thing I wanted to hit on is, well, first of all, remind us of the year if you recall, that you started your first cybersecurity company.
Giora: It was 2011.
Noah: 2011. And, of course, we're recording this in Q2 of 2022, broad question, but I'd love to unpack this a little bit. I mean, at a high level, what has changed about cybersecurity since you started your first company back in 2011?
Giora: So, I think, when we started our first company, LightCyber, it wasn't even called cybersecurity. I don't think the name cybersecurity was even that common. I mean, it was considered security, or computer security, but I think they just started to use that name. I think a lot has changed. Back then we realized that more and more of the assets and sensitive information is somewhere in the corporation's network, right? It's somewhere in the enterprise network. And therefore, what we've seen for the first time in these years, is that attackers are actually targeting that information, and hacking into compromising devices, getting into the network, and looking for that sensitive information to steal it, and make use of it, or sell it, or use it in other ways. I think back then, it was the first time when it was actually valuable for attackers to do that, as opposed to just spreading malware, which is just a generic way to attack. Originally, malware was a big thing, but it didn't really actually make a lot of specific gains for attackers. Then they kind of moved to these targeted attacks, where they could actually steal this information.
Now, the biggest difference between then and now is that these days, enterprise networks and data centers are not the thing anymore. They're actually shrinking, and less and less important in every company's asset list. What is actually more important is these applications that are externally facing. So, instead of building these business applications that are gated and are accessible only to a handful of people internally, you're actually building systems that are serving some external parties, like your customers and partners, to deliver your actual service. Like, you know, think about a bank, they offer their services in a digital manner to web and mobile applications. That's the actual service, the actual product that they provide to their customers. And they have many different partnerships that allow fintech to integrate, and additional products, and so on. So, that's the partner connection.
Now, we've seen a shift where the enterprise network doesn't matter anymore. Again, I'm being a little bit extreme here because of course, you still need to protect your enterprise network, but I think the trend that we're seeing is that the enterprise network is shrinking in value. You still have your employees and their devices, that's fine, you need to protect that. But the most important thing today that you're building, and is going to be already in most of your infrastructure today, but it's going to be the only in the future, is your application environment and APIs that you expose to the outside, and everything that supports it internally. And, typically, these environments are based in the cloud. They're not in data centers typically because it's just much easier to build since they need to serve some external parties, it makes total sense to build them in cloud environments, it's just easier and better, in many senses. So, that's really the big difference. I mean, it's from an enterprise security-focused environment, that really focuses on the I.T environment in a sense, to an application-centric that focuses more on the product. So now, the security team instead of just worrying about the network and the infrastructure, they need to really worry about the core business of the company, and what's exposed to the outside. That's the biggest difference that we've seen in the recent first time in the USA.
Noah: Well, and I'd love to sort of dive into the man behind the company as it were. How did you get into what is today called cybersecurity? I mean, you started your first company back in 2011, you had a lot of experience before then. You know, how and why cybersecurity, I'm curious?
Giora: That's an interesting story. I mean, I actually started in the army, and I was more in the cyber warfare side. I never thought that it's gonna become, like, an industry topic. It was definitely more a nation-state type of thing. But then, after some years, I noticed that the same thing that happens between nations can also happen between attackers and any type of enterprise company. You know, if they want to...and it's also very asymmetrical, meaning that an attacker can try a hundred thousand times to compromise the organization, and it's enough for them to just succeed once, then they can move laterally and steal the data. So, I basically noticed that it's the same concept, and nobody else understood it in the industry back in 2011. Everybody was thinking about malware, and about the technical artifacts of this compromised software and so on. But it was really about the attackers that are behind it. And understanding the attacker is really understanding their motivation, and understanding the whole process. So, that was our story back then. Today, our story is understanding the new attacker who is less interested in the enterprise network because there's nothing interesting there, more interested in the application environment. And attackers, like water, the attackers got to where it's easiest to penetrate, and where they can get the value, right?
Giora: That's kind of how it is.
Noah: That's fascinating. So, Giora, this has been a fascinating conversation. We've uncovered a lot of great value for our listeners today, from company culture, and hiring strategies, attracting top talent, to really a thorough review of the cybersecurity landscape. And, of course, I encourage listeners to check out the great work that you're doing at Neosec, a link to that in the description of this episode. Giora, before we wrap up our conversation here today, from the entrepreneurial journey, to cybersecurity, to hiring, and retaining top talent, what final thought would you leave our listeners with today?
Giora: Yeah. I think it's really all about building something that you believe in. If you really believe in something, and you know that you're doing the right thing, then people will follow you, right? I mean, it's still a lot of hard work, but I think you need to have a very clear mission to get it done eventually. And also, I mean, at the end of the day, it's really all about the people, and all about the team. You know, if you build the right culture and the right team, it's so fun. Like, every day is so fun and so exciting because we just love to work as a team, and we love to create what we're creating. We love to succeed. Interestingly, we got some nice recognition recently with our say RSA Innovation Sandbox, and Gartner Cool Vendor, and so on, but it all folds. If you have the passion, and you're doing the right things, it will kind of come... Yeah, you still need to do the hard work, but it will come by itself in a sense. So, yeah, I mean, just have passion in what you're doing, and work with the right people. Definitely, choose the right people to work with because that's the most important thing.
Noah: I love that. Well, Giora Engel, thanks so much for coming onto "Leaders of B2B," today. My friend, it's been a real delight having you on the show.
Giora: Thank you.
API Security: Debunking the Myths
Learn the fundamentals of API security. Made for security leaders and practitioners to increase their foundational knowledge about API security and best practices.DOWNLOAD NOW