Jeremy Weisz 22:32
When do you get a call? Because I mean, I look at the spectrum of being super proactive, and being super reactive. And I don’t know, my thoughts skew to people are calling because they’re attacked. But when do people actually call you?
Yair Attar 22:53
Yeah, so definitely, today still the best driver for companies to start moving the needle is either being attacked, or their direct competition or someone they know from close has been attacked. This is work is unfortunately, there’s the saying, it works. So don’t do anything. And people tend to it’s like sometimes like insurance, right? You sometimes you need to pay you need to do the minimum just to comply or whatever. And you get things when something happens. So people think about it that way sometimes, but this is changing. So let’s say we of course definitely will always get a more alarming call when something happens. But our goal is to educate and work with our customers not to get there right, to hopefully get to the point because let me give an analogy. Cybersecurity in general, it’s like a rotating wheel, everything is changing all the time both from defender perspective and attacker perspective. They get better tools, they get their age out, they’re changing things in defense needs to be changed as well. And I think I usually use this analogy of thinking about two men that are in the field. And they see danger, let’s say a lion. One goes down to tie his shoes. The other one tells him what are you doing like he’s gonna chase us anyway. But then he tells him that’s okay. I only need to outrun you. So basically, the whole thing about it is that I don’t think anyone needs to be perfect. I don’t think anyone needs to do everything everywhere. It doesn’t make sense. But you need to start doing some things and you need to start protecting your environment a bit better than others, because attackers are also human beings. Like everyone else they like to work less, but still do more. So if it will be one company that you’re trying to attack, it will just be too hard, they will go to the next one.
Jeremy Weisz 25:14
Yeah, yeah, I can see that it’s probably similar to, let’s just say someone’s going to rob houses, right, and they see one with a big sign, we have an alarm system, and we have a dog and we all the stuff, and they can go to another house that doesn’t have all that stuff. It’s obviously going to be easier, easier task. And that’s kind of what you’re saying, in this case.
Yair Attar 25:40
Yeah. And also that those danger signs or whatever is definitely something that helps. But then you have the more sophisticated, that will still try to get in, right. But you need to make sure that you’re doing the I would say, some hygiene, right, making sure that your door is locked and making sure that windows are locked and things like that. Because at the end of the day, sometimes we also see a lot of organizations that puts and let’s use this analogy on the door, like cameras and everything and making sure et cetera. But then there’s a window behind that is widely open. So it’s also really knowing the whole terrain of your house in this analogy, and understanding where it might come from, and based on that doing what we call risk management, right prioritizing and things like that. But yes, if you do those, let’s say even basic things, definitely, makes more sense that someone will just go to the next target.
Jeremy Weisz 26:41
What are some you mentioned, looking at everything holistically, what are some mistakes that you’ve seen companies, they were making them maybe seemed obvious to you but weren’t to them?
Yair Attar 26:57
I think in this space, unfortunately, almost everything. Because it we’re really getting to basics sometimes.
Jeremy Weisz 27:05
Like what would you consider basics.
Yair Attar 27:07
So thinking just from proper segmentation, so segregating between different networks, or things related to user management, or authentication, or etc, because think about it, and it’s nobody to blame, because those environments were built with the mindset that they are arrogant, that they are separated. But what happened with digitalization, everything became connected. Because if you’re not digitalized, you will go back home, see from just costs, revenues, etc, right against your competition. So those environments, to some extent, were built insecure by design. But they were not built to be connected. And sometimes you have people that have been responsible for those for many years. And they are great at what they do. Great operational teams, automation engineers, but again, they didn’t always have the full understanding of what does it mean to do it also securely. And this is what we’re seeing today within the market. And again, also what we’re seeing is, as I mentioned before, CSOs the cybersecurity officers are taking responsibility, because at the end as a board, I want someone who wakes up and go to sleep thinking about cybersecurity. But the thing is that up until yesterday, he’s been told this is not your domain, don’t touch. And all of a sudden, he has been tasked with this responsibility. But when he goes to the operational teams, it’s not always that smooth and easy. There’s really a need for and by the way, it’s not to blame them because I think what we signed the past that IT folks came with their own solutions and approaches and what they did, they ran things in operational environments, and they caused things to break. Because what we see today what I think there’s already an understanding today that IT security as it is, doesn’t fit OT security, because again, you have very sensitive assets, they will not build with the mechanisms like in IT to protect them. So they just break and collapse and stop working. And at the end of the day, if this effects operations and cause production stop, nobody wants that then that’s a significant impact.
Jeremy Weisz 29:42
Talk about from a leadership perspective, what you’ve learned from your co-founder.
Yair Attar 29:50
Yeah, so I think he is definitely one of the most strategic people I’ve ever seen, he gets to a room, he really reads everyone understand what’s happening, and how to, used to say to me, sometimes he plays multi-dimensional chess. So it’s not just what you see on the board and all the entities that are on the board itself, but also who’s looking, what’s their thinking, and what’s their going to play? What’s it going to be in the next move. So I think really, from a strategic perspective, he’s one of the best leaders I’ve ever met. Of course, also what I always liked, even when he was a general in the military, that he didn’t care about getting his hands dirty. And when something needs to be done, just go up to the last person, get the details, understand what’s happening, and go and fix it. And not just asking other managers other officers that are within his unit to go and fix it, etc. But really some things that are critical, just make them happen. So those are things that I’ve seen, and I’ve learned, and I think it’s something amazing that I’ve learned a lot from.
Jeremy Weisz 31:27
We talked about some of the attacks that can cause chaos. And I understand, you help a lot of people in automotive manufacturing. There’s pulp and paper, there’s food and beverage pharmaceuticals, can you walk through a little bit, take, for example, like a medical manufacturer, and what do you do for someone like that?
Yair Attar 31:53
Yeah. So think about it, like when the solution is deployed, the first thing you basically get to do get to see is the whole, like visibility of what’s happening in the environments, like what assets, how they are connected, where they are located, to what business units they serve, because at the end of the day in, I would say operational environments, right. Not all assets were born equal, I might have same digital assets same let’s say, controller, a sensor that have the same vulnerabilities the same gaps and exposures, but they serve different purposes. One is for a critical process. And the other one is for less. So adding this context is contextualized visibility. This is the first step of our customers, they understand what they have, they understand where it is they understand their gaps and exposures. And this is the first step that our platform takes them. Now the second step is by integrating with their compensation controls, we assess how much they are effective. So think about it, that I’m as a company, I invested in firewalls, and endpoint protection, and etc. But it could be that they’re not configured to the maximum, especially what we’ve seen those types of environments, it’s not always managed properly, because again, people processes things like that. So we find those, what we call evidence-based gaps, from a segmentation from assets that are not covered by different controls from a policy gaps perspective. And then one of our solution is doing is take all the findings, all the network connectivity, how everything connects to one another, creates this what we call a cyber digital twin or sandbox environment, where it then simulates attacks in a non-intrusive ways to understanding what an attacker can do in order to prioritize and this is why, by the way, something we have patterns in the states on and understand what is actually exploitable, what attacker can actually do, which identifying the easiest vectors. And based on that prioritize for the company, what’s the best call to action, what action items they can actually do like it really shows you the actual steps you need to do to start reducing the risk. So once everything like this is going in an ongoing process, I would say the company can start implementing processes of they’re starting to take actions, mitigation actions, in maintenance routines, or different types of aspects how it basically fit the company. And they’re starting proactively to manage and reduce the risk. So this is usually the journey that our platform takes them. We’re then again, we accompany that with helping them build the right workflows, the right processes, and who needs to do what? Because again, sometimes those are new people, new technologies, new environments, new responsibilities, they need help.
Jeremy Weisz 35:11
Talk about growing through partnerships. And what have you done with the company that has helped you grow through partnerships?
Yair Attar 35:24
So I think at the end of the day in order for a company to scale, it cannot do it by himself. And this is where partners plays a key strategy. Because today, I mean, who knows about OTORIO right, we’re small, we’re starting from Israel, when someone in the States or in Europe or in any other place, do not always aware of who we are the solutions that are out there and things like that. So yes, there is this direct approach when we’re targeting and paid marketing and everything else. But this is just in a too small scale. In order to grow a company and scale it, you need to start multiply that much faster. And the reason and the way to do it is to partners, especially by the way, cybersecurity is considered a trust topic. So a lot of companies out there already have those trusted advisors, those companies that they work with that established relationship with, that helped them with this journey in their IT space, or whatever, whether those are large managed security service providers, whether those are global system integrators, whether those are resellers, whether those are individual contributors, so different types of entities that exist, that basically, once I am establishing a good relationship with those types of entities, they help me to scale because they have 10, 15, 100, few hundreds of customers that are my target customers, and they have the reach out. So this is a key strategy of I think any cybersecurity company but of course, ours as well, in order to scale our business, we work a lot with partners. And I think what we also saw, which is interesting, I think this is something more specifically for the OT space is that the whole service organizations out there are also learning and adjusting and evolving. Because again, this whole market is still growing. And we’re seeing different types of providers, some that come like Andritz comes from the industrial or engineering background. And they have the trust of the operational teams on site, where sometimes you have cybersecurity providers, that they are the trusted advisors for the CSO teams. So I think everyone finds this market glowing. So everyone wants a bite. What we saw that really make things successful, is that, especially at our stage, I think that also there’s a difference, what we call stage appropriate to which partners you want to go because the big ones are too small fish for them. They don’t want to work hard, they want someone it’s very repetitive, like, it’s easy to scale. And without a lot of heavy lifting. At the beginning, when you’re a disruptive solution, like we are in still evolving and changing market, that there’s still a lot of unknowns and uncertainty. We’re mainly looking for those early adopters or types of the ones that really drive through innovation, or are smaller, sometimes even regional partners that are more eager for success that are more hungry for success. And also, we understood that we are limited from the resources that we can invest. And this is an investment from our side as well, to educate, to train to enable to work with them, to shadow them until they are enabled. And that’s a heavy lift. So at the end of the day, as I think partners is a key strategy for scaling a business. But in our area, first we need to really choose wisely. Because just having a big list of partners, that’s easy. You need to have a few that are actually successful and for them to be successful. You need to invest and make them successful so everyone gets successful.
Jeremy Weisz 39:56
Yair I want to talk about surrounding ourselves with groups of people that help us uplevel. And what entrepreneur organization, which I know you’re a part of how is entrepreneurs, organization EO helped you?
Yair Attar 40:16
So, first of all, I’m still kind of new, joined a few months ago. So I’m still learning. But our perspective, my learning curve, so far has been great. And what I’ve learned has been amazing. First of all, it’s an amazing group of people. That’s one of the things that I really like is that they’re really there for each other. And whatever you need, in any subject, whether it’s personal or professional, or etc. And so, at the end of the day, something that is not always easy for people to understand who are not intrapreneurs themselves who haven’t, like they didn’t found something is that it’s not exactly the same role as I think working as a CEO in a company or something like that, because I think there is a feeling that it’s on you, as the founding member, that this is why you do whatever it takes to make it successful, even sometimes with the price of your personal I will say things. And first of all, it’s a group of people that has the same mindshare and you can talk about things that not everyone will understand. So this is amazing, it’s like sometimes, like going sometimes to treatment, and you have the pleasure of talking about things and whatever you have people who you can echo things, and they understand you. But can also echo things back that you learned from an adjusting give you more perspectives and things like that. So I think it’s a community that really helps to build one another from this relationships and connections. And I’ve learned a lot just from hearing different people, and sometimes very tactical and pragmatic questions like, I don’t know, I had a question about a specific topic regarding a vendor related to marketing, should I use it? Or should I not? What’s the benefits and what’s not? I send a question out there, immediately, I get a response. Yes, I have experience, let’s talk. One day later, I have insights that I just couldn’t have elsewhere. Or it would have taken me so much time to get those insights.
Jeremy Weisz 42:38
What’s it like Yair, first of all, I have one last question. Before I ask it, I just want to thank you. Thanks for sharing your journey, your experience lessons everyone can check out otorio.com to learn more. My last question is, you have a young family. Kids talk about what it’s like, because we aren’t operating companies in a vacuum. Right? You have other responsibilities and roles as a dad, husband, what’s it like managing a company, running a company with young kids and family?
Yair Attar 43:23
First of all, I think I’m still figuring it out. Because I just have a newborn, like few weeks ago. It’s my first child. But I think that first of all, I truly believe that in order to be successful in any aspect of life, first of all, you need to be whole and full with yourself in the sense of that you have a happy life that you live them to the maximum that you would live in. And that allows you to thrive in other aspects. And you also need to have this significant and it’s a significant it’s a John ride in the roller coaster ride, it’s a significant support from home to allow you to do that. Because definitely we’re investing a lot of our time, effort, resources in building a company. It’s like having another baby, right? I mean, you build it, you grow it, there are ups and downs and cries and excitement and headaches and everything. So you definitely need to have I think the supports that’s going to help you do that is going to help you be strong. Because I also believe that you know, especially these days, I think building companies, it’s a marathon, it’s not a sprint. And so you need to have good support to allow you to continue because you can break it at anytime, and there are so many milestones that you really think to yourself, what the hell am I doing here. But I think that’s what really helps you to continue is that you have your support. So definitely, this is a key thing. And also things that we need to balance, I also don’t believe that there’s a saying, like, everything is critical. So nothing is critical, right? You really need to be able to focus, you need to be able to differentiate, what are the things that are most impactful? Because I think again, as I said, it’s a marathon, you cannot just continue to run 200% all the time, you will exhaust yourself and it will be just I think it will impact everyone, the company, the success, grow everything you need to be in a happy place to be able to move forward strongly. So I think those are the things and maybe one critical aspects. Communication. I think what one of the things I’ve learned is, you need to be able to talk about things openly, transparently, freely, in order to start addressing them. And as a team, within relationship as a group of people, especially if you want to work and be together with someone closely for the long run, you need to be able to feel like you can say everything and solve everything together.
Jeremy Weisz 46:36
Love it. First of all, I want to be the first one to thank you Yair thanks for sharing your journey lessons everyone check out otorio.com more episodes of the podcast, and we’ll see everyone next time. Thanks Yair.
Yair Attar 46:48
Thank you.
