Have you ever pondered how the world of cybersecurity is transforming rapidly, with application security at the forefront? Join us as we dive deep into this intriguing realm with our esteemed guest, Moti Gindi from Apiiro, a military veteran and product management whiz with a fascinating journey from the Israeli Cyber Units to incubating a security business at Microsoft.
Beginning his tryst with technology during his 7-year military service, Moti's unique blend of computer science and linguistics armed him with an uncanny ability to filter vast amounts of data swiftly. His spell with the Israeli Defense Force and subsequent stint at Microsoft, leading the telecom mobile group and nurturing a security business from scratch, is a testament to his exceptional skill set.
With his current focus on the challenging terrain of application security, Moti deciphers the rapid changes in the market and underlines the critical need for a holistic approach. He sheds light on the importance of investing in cloud infrastructure security, application security, and security posture management to safeguard modern applications. A thought-provoking discussion that unravels the intricacies of code writing, AI, and generative technology, this episode promises to fuel your curiosity and leave you eager for more insights into the world of cybersecurity. Are you as excited as we are? Tune in and join the conversation as we navigate through this transformative landscape.
LinkedIn: https://www.linkedin.com/in/moti-gindi-7667b/
Apiiro: https://apiiro.com/
10k Media: https://www.10kmedia.co/
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
Speaker 1: How's it going, everyone?
00:00:01
This is another security unfiltered podcast episode.
00:00:05
So, real quick, before we dive into the episode, I have to give
00:00:10
a big shout out to 10kMedia.
00:00:12
This episode would not be possible without 10kMedia, so
00:00:17
big shout out to Adam over there for putting this episode
00:00:21
together and with that we will go ahead and dive into the
00:00:25
episode.
00:00:25
Thanks everyone.
00:00:27
Good to finally have you on Moti.
00:00:29
I'm very excited for our conversation.
00:00:31
I think it's going to be really interesting to see where it
00:00:34
goes and hear about your journey .
00:00:37
Speaker 2: Great, hi guys.
00:00:38
Thank you, joe, for inviting me .
00:00:41
Speaker 1: Yeah, absolutely so, moti.
00:00:43
Why don't we hear about how you got into IT, how you kind of
00:00:48
got started with security?
00:00:50
And the reason why I started everyone off there is because
00:00:54
there's a section of my audience that are looking to get into
00:00:58
security or looking to get into IT.
00:01:00
Maybe they're doing a career change right, and I feel hearing
00:01:05
everyone's backgrounds really helps them to know, like, hey,
00:01:09
if they did it, maybe I can do it right.
00:01:11
Or if they came from a similar background, maybe I can also do
00:01:14
something like this.
00:01:15
So what's your?
00:01:16
What's your background?
00:01:17
How did you get into?
00:01:18
Speaker 2: it.
00:01:18
I'm smiling because, you know, I have on one hand a very
00:01:22
typical background, that is relevant to people that are
00:01:25
doing security and cyber in Israel.
00:01:28
On the other end, it's rather unique from the point of view of
00:01:30
general audience.
00:01:31
So actually I got into security from my army.
00:01:37
Like my army time I was a member of the Israeli cyber
00:01:43
units Like the.
00:01:46
It's a known number in the in the in the cyberspace, like 8200
00:01:50
.
00:01:50
So actually as a really young guy around the age of 18, I was
00:01:54
recruited and went through a seven years of serving around
00:02:02
security, cybersecurity, signal security, and I found out there
00:02:08
during my time three very important things.
00:02:11
One is that I really like the domain, I really care about it.
00:02:16
I think.
00:02:17
I really think that thinking as a defender or as an attacker
00:02:21
from the point of view of cyber is really until intellectual
00:02:25
problem.
00:02:25
I really liked the seven can figure, learn that I really like
00:02:30
and it's really natural for me to be in a position that they
00:02:34
remember.
00:02:34
It's an intelligence unit, so combined, on one hand, technical
00:02:37
capabilities and in the other hand, the big picture of
00:02:40
intelligence and in the industry it's called the product manager
00:02:43
.
00:02:43
There are found out that really what I want to do when I leave
00:02:47
the army is actually product management, which is in the
00:02:50
connection between technology and need and the role is the
00:02:54
combination between the two.
00:02:56
And the third thing I really like and learn is the important
00:03:01
that the huge opportunity that cyber brings around innovation.
00:03:07
Basically, again, as an attacker as and as a defender, there is
00:03:11
endless amount of things.
00:03:12
Imagination is only like.
00:03:14
What you do is really limited to your imagination.
00:03:17
Because of the end of the day, it's a combination of not only
00:03:21
technology but technology and people.
00:03:23
When there is either when you are trying to find
00:03:26
vulnerabilities in code or we are trying to attack an
00:03:29
infrastructure, in both cases you are handling as much as
00:03:33
you're handling the technology, you're handling actually the
00:03:36
people that built it, and there is also an element there of
00:03:40
psychology and processes and the combination between security
00:03:45
and people is really like what.
00:03:49
It sounds a little bit philosophical, so I understand
00:03:52
that, but this is the thing that I really learned during my time
00:03:55
in 8200 that I really like and, of course, doing good things
00:03:59
for my country.
00:04:00
But put that aside.
00:04:01
So I spent there seven years.
00:04:03
During them, I went also to university and learned computer
00:04:08
science and linguistics and then started my career as a product
00:04:14
manager in various companies and in the last 10 or 12 years I
00:04:20
came back to cybersecurity greater bit more than that
00:04:23
actually and served and in roles that are, and built products
00:04:29
and created business which are in the cybersecurity space,
00:04:32
first in Microsoft and then in now in the last half year in the
00:04:38
field.
00:04:41
Speaker 1: Wow, so there's a lot to unpack there.
00:04:47
Talk to me a bit about how you decided to go down the computer
00:04:55
science and linguistics path, right, or what made you want to
00:05:00
do that work.
00:05:01
I can understand the computer science part of it.
00:05:03
The linguistics part is like, I mean, it's not even out of left
00:05:09
field, it's like out of the park, you know, trying to get
00:05:13
into the play field, right.
00:05:15
Speaker 2: I mean in my again, it was around 20 years ago but,
00:05:20
like consistently across the years in the university
00:05:23
television university where I learned there were always
00:05:26
exactly two people that did exactly two that did this
00:05:30
combination of linguistics and computer science, and I think
00:05:34
the root to why I chose that was really related to the things I
00:05:42
talked about earlier Parts of the part of the problem that
00:05:47
existed in the intelligence work like 20 years ago and is really
00:05:51
relevant today to every person is the fact that you have so
00:05:55
much information.
00:05:56
Usually, you know the problem you're saying is that, in terms
00:05:59
of my problem is to get to the information.
00:06:01
You can get to a lot of information with many ways, via
00:06:08
multiple types of information.
00:06:10
Then the problem came out of the vast amount of data that I
00:06:13
have applicable to my, at my hands, at my table, how quickly
00:06:21
do I choose the ones?
00:06:22
That is actually helping me to answer the question that I'm
00:06:25
investigating now and, as a result, not only in like in
00:06:30
every intelligence organization, a big, big problem is around
00:06:36
automatically and using before it was called AI, but using
00:06:40
machines to help you to unpack what is the content that you are
00:06:45
looking at, either if it's text or voice or code, whatever it
00:06:51
means, like how you can scale yourself only by having machines
00:06:57
that understand what you are looking for and help you to do
00:07:02
the first level of filtering and consolidation and correlation
00:07:06
of what you are looking to for into something that you as a
00:07:10
human being can digest as an analyst or as an intelligence
00:07:14
officer.
00:07:14
And, as a result, I had the luxury of and the way to do that
00:07:21
is again before GPT and before language models.
00:07:25
The way to do that was by understanding natural language
00:07:30
and I had, as part of my army, I had around two years in which
00:07:35
that's something I did.
00:07:36
That was in the technology part technology and intelligence,
00:07:39
part of understanding human language automatically.
00:07:43
And, as I said earlier, that was part of the thing that
00:07:48
fascinated me the combination around intelligence, but also
00:07:51
people and understanding.
00:07:52
Trying to understand what the document is talking about, to
00:07:56
understand it and trying to programmatically understand what
00:08:01
is the thing that you're actually looking after, like
00:08:03
what is the reader, the intelligence reader that you're
00:08:05
looking after, program it, translate it to something which
00:08:10
is programmatic and then allowing a machine to understand
00:08:13
this program and provide you valuable information.
00:08:16
These were like the me and many other people watch, like the
00:08:22
edge of technology that we handled in back day in the
00:08:26
intelligence cop sense.
00:08:27
Then came Google and came to GPT and came all of these
00:08:32
technologies that are trying basically to do the same, like
00:08:34
code a question and then bring you the relevant information and
00:08:39
for that you need to understand really well the question and
00:08:41
you need to understand really well the answers that you are
00:08:44
providing.
00:08:44
And I was really interested in in I did it practically in the
00:08:52
army and then decided it's really interesting for me to
00:08:57
understand, like to try and learn about that and then not
00:09:01
only go through usual computer science and not program but also
00:09:04
understand kind of our languages program.
00:09:09
And if we went into that, like I went to a university, tel Aviv
00:09:13
University that is one of the only universities in the world
00:09:16
that when they teach linguistics they don't ask you to know any
00:09:20
language.
00:09:20
Usually when you go to a linguist with courses you need
00:09:24
to learn either advance or learn through the three years you
00:09:30
need to learn like seven languages.
00:09:32
Tel Aviv University the philosophy is called generative
00:09:38
linguistics, interestingly, and the idea was that really there
00:09:44
is a common framework, really an algorithm that is the basis to
00:09:48
all languages and when we are born and we are learning English
00:09:51
or Hebrew or Yiddish or German.
00:09:55
Actually we are taking the generic algorithm and setting it
00:09:59
to a specific language, and understanding linguistics is
00:10:03
really understanding the basic algorithm of how you know
00:10:07
language, and so it is a kind of a natural combination, if you
00:10:11
think about that, between that logical mathematics and computer
00:10:16
science.
00:10:16
So these type of motivations brought me to learn.
00:10:20
It's so funny that 20 years after, with everything that is
00:10:25
happening now with LLM and things that we did around newer
00:10:31
networks, used to natural language, to text understanding,
00:10:34
etc.
00:10:34
Like as a hobby, like in the army 20 years ago, or now 1
00:10:39
times more sophisticated, but there is a comeback.
00:10:42
But that's what I learned and of course, after that I didn't
00:10:48
exercise it at all at my work.
00:10:50
It was more of like coming from the army learning.
00:10:53
I had a lot of time during my two years of doing this in the
00:10:58
university and then moved to a more traditional product, high
00:11:04
tech and then engineering management roles in the industry
00:11:09
until I came back to security around, as I said, 12 years ago
00:11:15
when I joined Microsoft.
00:11:18
Speaker 1: Yeah, that's really interesting.
00:11:20
I guess I never thought about it that way.
00:11:24
The best way to work with a language model or determine,
00:11:32
create something that could review a document and give you
00:11:36
the pertinent information.
00:11:37
A couple bullet points you would need to know linguistics,
00:11:42
you would need to be an expert at linguistics.
00:11:44
Really, that's very interesting and it kind of takes me down
00:11:49
the rabbit hole, right.
00:11:50
Well, if this kind of existed 20 years ago and the public is
00:11:57
just now seeing chat GPT for the first time this year basically,
00:12:03
for the most part, what do they have now that we're going to
00:12:09
see in the public in 20 years?
00:12:10
That's always the fascinating part for me.
00:12:15
I was watching another podcast and this former Navy SEAL was
00:12:21
talking about the night vision that was used on the raid to
00:12:26
kill Osama bin Laden.
00:12:27
In the movie Zero Dark Thirty.
00:12:29
You see them as these four tube things and everyone that is
00:12:35
into that kind of thing.
00:12:36
That was brand new for them.
00:12:37
They never saw it before.
00:12:40
He said yeah, when I got into the Navy SEALs early 2000s,
00:12:48
those were 10 years old.
00:12:49
That was old tech.
00:12:51
They're literally using hand-me-downs for that mission.
00:12:55
I'm sitting here like what?
00:12:58
Because to me that was like cutting edge, like, oh my God,
00:13:03
this is amazing For him.
00:13:06
It was just another day.
00:13:07
It was just another day at the office like, yeah, I'm going to
00:13:10
use this old tech.
00:13:11
Hopefully it works, that sort of thing.
00:13:14
Speaker 2: I'll give you another example which rhymes with what
00:13:17
you said, I think, in the last, coming back, for example, to
00:13:21
cyber in the last 10 years.
00:13:23
Plus, there is the common understanding of nation-state
00:13:26
attacks and attacks which are sophisticated, which are not
00:13:30
only based on a random malware to your computer and try to get
00:13:35
Bitcoin out of you or do a simple phishing, but I will
00:13:39
collect intelligence and understand who you are.
00:13:42
I have a really specific price.
00:13:47
I am going after.
00:13:48
I'm going after intellectual property and then I will go low
00:13:51
and slow and nation-state attacks.
00:13:54
Currently, all of the security products in this space are
00:13:56
aiming to protect you from nation-state attacks.
00:13:59
There was an aha moment 10 years ago with, I think, the
00:14:05
so-called Chinese attack on RSA in Google.
00:14:06
That brought that into the attention and created completely
00:14:11
new defense technologies like CIME and XDR and EDR part of the
00:14:18
thing that I built.
00:14:19
But again, 20 years ago, it was all news.
00:14:23
That's the funny part of that.
00:14:26
There are places in which I think intelligence bodies has
00:14:32
the luxury of being really front-cutting edge technologies.
00:14:36
So I totally agree.
00:14:42
Speaker 1: Yeah, it's really interesting to see what's out
00:14:44
there, but you have to go through so much to see what's
00:14:48
out there that it may not be worth it.
00:14:50
So that kind of takes us to your time at Microsoft.
00:14:56
Can we talk a little bit about what it was like to be at
00:15:01
Microsoft, being such a large company, probably one of the
00:15:05
largest in the world, for sure One of the biggest tech names of
00:15:10
all time?
00:15:10
What did you do there?
00:15:12
What did you specialize in?
00:15:14
We talked about your I guess it was product management
00:15:22
experience within your 8200 group.
00:15:24
Did that experience translate over to Microsoft very well or
00:15:29
was there a learning curve behind it?
00:15:32
Speaker 2: So I had two distinct periods in Microsoft.
00:15:37
The first one, I think the first three or four years I
00:15:41
joined Microsoft.
00:15:42
Back then I was the director of product management.
00:15:45
Already I worked in multiple companies before joining
00:15:49
Microsoft.
00:15:50
I also established my own startup and I had a vast
00:15:53
experience and then joined Microsoft as the director of
00:15:56
product management and then as an engineering and product
00:15:59
manager and it was, I think, in kind of standard type of product
00:16:06
for Microsoft.
00:16:07
I joined originally and was part of the telecom mobile group on
00:16:12
Microsoft developing mobile applications and mobile
00:16:15
solutions, and then started to work on the advertising products
00:16:22
of Microsoft back then had a very big advertising product
00:16:25
when, by the way, tons of what I know later and implemented
00:16:29
later in security, which we talk about it, was around.
00:16:32
Security is data and AI and data science.
00:16:36
I actually learned during my days around leading a team in
00:16:41
Microsoft that was responsible for targeting like understanding
00:16:44
you, understanding the retailer and matching the best we can as
00:16:49
quickly as we can between the Ed and the person.
00:16:53
So the chance for you to click will be the biggest, the highest
00:16:57
possible.
00:16:58
Not a novel cause.
00:16:59
I think I'm too proud from the point of view of impact that we
00:17:02
made on the world, but really, again, cutting edge technology.
00:17:05
That had, later on, a lot of similarities when we actually
00:17:09
incubated the security business in Microsoft, which I'm happy to
00:17:12
talk about later but that's where I spent three or four
00:17:15
years and then I left Microsoft.
00:17:18
I felt that I need something.
00:17:24
Again, it sounds like a little bit of cliché, but I felt that I
00:17:28
need something that is bigger, more impactful and that I am
00:17:34
handling.
00:17:35
I am building products and good products and delivering in
00:17:39
quality and creating more money and sophisticated algorithms and
00:17:43
really edge, cutting edge technology, but I'm not making
00:17:48
enough impact.
00:17:49
I'm not the first one, probably that said that, but this is
00:17:52
what I felt back then.
00:17:53
And then I left and actually did a pause in my high tech
00:17:58
career and went to do something completely different and worked
00:18:04
for three years to work for the Israeli prime officer, the
00:18:08
Israeli government, where I spent three years doing some of
00:18:15
the most interesting things I did in my life and the feeling
00:18:19
that I'm creating an impact and value.
00:18:22
And then, when I left there, I got an offer to rejoin Microsoft
00:18:27
and I did, mainly because of my life.
00:18:29
It's a great company and great people and I really wanted to go
00:18:32
back there, but I rebooted my career over there.
00:18:38
I didn't join an existing business, I actually incubated
00:18:44
together with two good friends, and I incubated a startup within
00:18:49
Microsoft which is around security, which I led as the
00:18:57
leader for seven years, and these three persons.
00:19:02
The startup grew to 600 teams, people that I managed from zero
00:19:08
revenue to a business of more than $2 billion revenue and tens
00:19:13
of thousands of customers we protected.
00:19:15
And I think this was probably the most influential part of my
00:19:21
career and an amazing seven years seven, eight years that I
00:19:24
spent in Microsoft.
00:19:29
Speaker 1: Wow, there's, there's a lot there again.
00:19:32
You know what you discussed.
00:19:43
You know the work with the government, right, that it was
00:19:47
the most rewarding work that you've ever done.
00:19:49
And you know, honestly, when I think of working for the
00:19:54
government myself, right, that's absolutely at the front of my
00:19:59
mind, right is, you know, helping change and direct things
00:20:04
in the right way with the government that's impacting your
00:20:07
nation.
00:20:08
You know, and I mean that's a that's a huge honor.
00:20:13
Can you talk a little bit about what you were doing for them?
00:20:17
Were you, you know, potentially , you know looking at, you know,
00:20:22
let's say, digital threats or whatever it might be right, and
00:20:26
then kind of translating that to people that are not as aware or
00:20:30
not as fluent in the area as you were, like, what was that
00:20:34
work like?
00:20:37
Speaker 2: I can't talk too much about that.
00:20:39
I would only say that it's like the usual.
00:20:46
Like the usual.
00:20:47
It's like we use technology to help people and make sure that
00:20:53
you know the country is safe, etc.
00:20:54
And amazing, three years.
00:20:57
But it's hard for me to go into more details.
00:20:59
I would say that like really it's coming back to the core of
00:21:05
the things I liked in every role that I did.
00:21:09
Maybe that's like a more meta statement.
00:21:13
It was an amazing opportunity in which innovation was the thing,
00:21:18
innovation and being focused on a mission and using technology
00:21:26
to achieve this mission, and the imagination was the only thing
00:21:30
that stopped us.
00:21:30
And that's one.
00:21:33
And I think what I tried to reestablish and to find to
00:21:37
myself later when I went to Microsoft and now when I'm in a
00:21:40
bureau, is exactly this type of culture assets of the fact that
00:21:47
we are doing new stuff.
00:21:48
New stuff is really interesting but also really really
00:21:51
important.
00:21:52
It's not enough.
00:21:52
It will be really interesting.
00:21:53
It should be really important, and when I?
00:21:57
That's the main reason that when and I'm thankful for Microsoft
00:22:01
for giving me the opportunity and the manager's back that
00:22:04
believed in that is that when we try to establish security
00:22:07
business in Microsoft, it was one because we thought we can do
00:22:12
a really good job.
00:22:12
We can make a lot of money for the company, but also we can
00:22:17
really take a broken market and help customers to be more safe
00:22:20
Really.
00:22:20
And the thing of that of doing good on how impactful it is on
00:22:28
me and also on the people that worked with me, is something
00:22:31
that one of the things that I took really deeply from, from
00:22:39
how like the work that I did in these three years and for my
00:22:43
career moving forward.
00:22:44
There is nothing that is more creating motivation than the
00:22:48
impact that you are making on on actual stuff and on doing.
00:22:54
Speaker 1: Right.
00:22:54
So at Microsoft.
00:22:56
When you went back to Microsoft , you mentioned that you were
00:23:01
kind of in charge of, you know, creating a product that would,
00:23:06
you know, make some significant changes right within the
00:23:09
security ecosystem, potentially at Microsoft, right, yeah?
00:23:13
So when I look at your LinkedIn , right, it says that you are in
00:23:18
charge of end point security, so to me that sounds like
00:23:21
Microsoft Defender.
00:23:22
Is that a correct assumption, or yeah, I was part of the.
00:23:28
Speaker 2: I led the innovation team that started Microsoft
00:23:31
Defender.
00:23:31
Speaker 1: Yes, Okay, yeah, I mean, you know, as someone that
00:23:38
is typically, you know, just naturally against using Azure,
00:23:43
right, Well, let's assume that we have to use Azure.
00:23:46
It's hard, it's very difficult, you know, nowadays to not
00:23:53
recommend using Defender, right, I mean, it is such an all
00:23:58
encompassing security solution, it's really more of a security
00:24:03
platform within Microsoft Azure.
00:24:06
Right, that's the point that it is at right now.
00:24:10
You know, of being so expansive , of touching basically every
00:24:15
facet that you can use and deploy in Azure.
00:24:18
It touches it.
00:24:21
Were you instrumental in kind of changing the perception of
00:24:24
Microsoft Defender?
00:24:25
And the reason why I say that is because you know, previously,
00:24:29
right, microsoft Defender was that thing on your desktop or
00:24:34
laptop.
00:24:34
That was antivirus, that was kind of made fun of.
00:24:38
Right, that that was lacking in some areas compared to the rest
00:24:42
of the market.
00:24:42
And then, when they introduced that into Azure, right, it was
00:24:47
almost thought of the same way.
00:24:49
Right, we, as everyone in the technology space, kind of
00:24:53
assumed like, oh, it's going to be the same thing.
00:24:55
Very rapidly that changed.
00:24:58
When people were, you know, seeing the different features
00:25:01
and functionality and what it was able to do and what it was
00:25:03
catching and how it was actually operating, people quickly
00:25:07
started to shift their perspective.
00:25:09
You know, and that was an interesting time in the industry
00:25:12
.
00:25:12
Were you instrumental in that as well?
00:25:16
Speaker 2: I hope so because when I like I believe so when we
00:25:20
started Microsoft, when we started the Defender, like at
00:25:25
the beginning, it was called Windows Defender and then we
00:25:27
evolved to Microsoft Defender and the name change also came
00:25:31
with the strategy change.
00:25:33
We can talk about it later.
00:25:34
But when we started, exactly Defender was and consumer
00:25:39
antivirus there was zero that was given for free as part of
00:25:43
the operating system.
00:25:44
There was tons of people that work on Microsoft, on security,
00:25:48
but their approach was security in the platform, so making
00:25:52
Windows more secure in general, and there was no two things
00:25:57
where non existing in Microsoft A security wasn't the business,
00:26:01
it wasn't something we were selling.
00:26:03
B, it wasn't something that was focused on businesses and
00:26:06
enterprises.
00:26:06
And basically our incubation and pitch back then to the head
00:26:11
of Microsoft to the end of Windows like when I pitched the
00:26:14
incubation and got the initial funding to actually start the
00:26:20
work was that we think we can change these two things First,
00:26:24
we need to focus in Microsoft on supplying security for
00:26:28
enterprises, which brings a much higher bar than just an AV on
00:26:34
the antivirus on the consumer machine.
00:26:35
Secondly, that we need to think about that as a business.
00:26:39
And then came all the technology and why we think
00:26:45
we'll do it much better because of the cloud, because of AI,
00:26:48
because of like.
00:26:49
Basically, we said that we think that we can.
00:26:51
Not only us, by the way, in parallel, other vendors, like
00:26:57
cloud strike and some very recent and sent in one, said
00:27:00
similar things.
00:27:01
But the understand, common understanding was back then that
00:27:04
, like, in order to make security works, we need endpoint
00:27:08
security works.
00:27:08
We need to change the game from a security and not a game, so
00:27:12
that the way to catch sophisticated nation state
00:27:16
attackers is not by being a policeman that says, hey, here
00:27:20
is a like.
00:27:21
This is what the AV did, the antivirus, this is a bad thing.
00:27:23
Stop it.
00:27:24
Really, they should set the car .
00:27:26
Attackers are much more sophisticated.
00:27:28
They are usually not doing bad things.
00:27:29
They are doing usual things with a bad intent.
00:27:33
So that you need to evolve from being that was our pitch from
00:27:37
being a policeman to being a detective or from being a
00:27:43
doorman to being like a like a DVR system that actually has a
00:27:49
CSI type of like that records everything and search for
00:27:52
anomalies and search for the sophisticated, for the mistakes
00:27:56
that the attackers are doing, and then understanding the
00:27:58
entire scope of the bridge.
00:27:59
And the way to do that is, data and data in the cloud and where
00:28:09
and on the.
00:28:10
And this back in the days in Microsoft we have.
00:28:12
We thought we had a unique advantage and that was really
00:28:16
the pitch.
00:28:16
Really, the 32nd pitch of why we got funded at the beginning
00:28:22
and that was the first one or two years was to prove that this
00:28:26
technology is actually working and create the go to market
00:28:30
motion that allow Microsoft to talk with security people in the
00:28:33
enterprises, because we sold windows or they sold windows to
00:28:37
IT and we went and say, no, we want to be a security player and
00:28:42
the and the respective security player with product, and for
00:28:46
that we needed to find the right persona, which was the sock
00:28:49
persona and the CISO persona, which was a persona that
00:28:52
Microsoft didn't approach.
00:28:53
And so the first two of the years were all about building
00:28:57
the technology, showing that it's actually working, that we
00:29:00
can catch sophisticated attacks.
00:29:03
This technology was later coming in the air, like endpoint
00:29:06
detection, response and and, secondly, building the
00:29:11
go-to-market motion of being able to deliver this value to
00:29:14
SecOps and CISO and actually also AskMoney for that.
00:29:19
So after three years, like we were, I'm using now Gartner,
00:29:27
like everyone knows Gartner, so I'm using Gartner as a reference
00:29:29
.
00:29:29
Then, when we started like we were, I think, a niche player in
00:29:33
the defender, in the endpoint protection, a magic water which
00:29:37
compares between different vendors and give them grades,
00:29:40
and we did all of the voyage from merch to contender to,
00:29:44
after three or four years, to a market leader, together with
00:29:46
others, like crowds to like another, and since then I
00:29:51
managed the team till year and a half ago, two years ago, so it
00:29:55
was the first seven years.
00:29:56
We grew, as always a combination of good luck and
00:30:00
good execution.
00:30:01
We grew significantly in the size of the business, in the
00:30:05
credibility of the market leadership.
00:30:07
I think today it's really common that it's Microsoft and
00:30:12
CrowdStrike and possibly Sentinel-1 are the three leaders
00:30:15
in the endpoint security space.
00:30:16
And we grew the team and we grew the input.
00:30:20
Think after the last census, I would say after a few years, we
00:30:24
changed the name from Windows Defender to Microsoft Defender
00:30:27
and it was part of another aha moment that we had not revealed
00:30:31
one in Microsoft but the fact that not all endpoints in the
00:30:36
world are Windows.
00:30:37
80% of them are, but there is also, or 80% in the PC space,
00:30:42
okay, but there is Mac and of course there is Linux and in the
00:30:46
data center Linux is the most prevalent and of course there is
00:30:49
mobile iOS and Android.
00:30:50
So really, if you want to be a credible endpoint security
00:30:54
player that actually brings value to a customer not only
00:30:57
sell but actually bring value and we need to evolve to meet
00:31:01
customer where we are and not protect only Windows because we
00:31:06
are Microsoft, but actually protect and we develop Linux
00:31:09
capabilities and Mac capability and iOS and Android and again
00:31:13
slowly gain.
00:31:14
You can imagine CISOs where are rather suspicious of really
00:31:18
Microsoft.
00:31:19
You are going to be best of written protecting Mac or Linux.
00:31:22
I don't believe that and I think part of the game general
00:31:25
gaming Microsoft back in the days under satia leadership and
00:31:28
its security was kind of the forefront was, yes, we are not a
00:31:32
Microsoft player, we are a security player and that part of
00:31:36
the product that will help us to change step by step the
00:31:41
perception of what is defender and the value of defender and
00:31:43
create also a sizeable business.
00:31:45
And I led during this time.
00:31:47
I was the product leader so I managed the product management,
00:31:51
engineering teams, research, dev works, et cetera.
00:31:55
All of the operations that actually brought the product was
00:31:57
under my responsibility.
00:31:59
Amazing seven years of scale.
00:32:02
Each year is really different than the others, from nothing to
00:32:05
a huge business.
00:32:06
Tons of impact, not only business, but also really
00:32:11
helping customers, which is the most important thing, as you
00:32:15
understand, and also growing as a manager from a really small
00:32:20
team to a huge operation of multiple hundreds of people.
00:32:27
Speaker 1: That's really interesting.
00:32:28
That's fascinating how you explained it right is, you know,
00:32:34
you essentially created the security component in the cloud,
00:32:38
really redefined it and re-engineered the solution from
00:32:41
the ground up, it sounds like, and in doing that, you even had
00:32:49
to, you know, create a new perception of how this business
00:32:54
should be viewed internally at Microsoft, which is really
00:32:59
fascinating to me.
00:33:00
So is this kind of viewed as a almost like a separate entity
00:33:07
within Microsoft that has its own bottom line, its own cost
00:33:11
and things like that?
00:33:12
Is that kind of how that's viewed within there because it's
00:33:16
so large?
00:33:16
I can understand why Microsoft would do that, you know.
00:33:21
Speaker 2: So I'll say two things.
00:33:22
First of all, I think, like you said it really nicely before I
00:33:27
answered the issue around the PNL, our pitch was there like
00:33:30
when we tried to pitch of like.
00:33:33
So one analogy we used was from a policeman to a detective.
00:33:37
The second one was that the previous framework of how you
00:33:41
protect endpoints was from within the endpoint itself.
00:33:45
You installed an AV that or a code that protected the devices
00:33:50
that it ran on.
00:33:50
And our technological approach or innovative approach was we
00:33:57
call it the brain in the cloud, like the cloud is actually
00:33:59
protecting your endpoint.
00:34:00
The endpoint is only sending data to the cloud and getting
00:34:03
commands for the cloud, but now you get infinite scale.
00:34:05
You get the capability to look across not only when I protect
00:34:10
your endpoint, it's not only your endpoint, I actually
00:34:13
compare it to all of the history of this endpoint and the other
00:34:16
endpoints near it in the same organization and all of the
00:34:19
organization in the world and all of the windows in the world
00:34:23
and all of the devices in the world.
00:34:24
So really, the brain in the cloud was kind of the tag name
00:34:28
that we used under the internal code name of Defender.
00:34:32
We started from day one or day two as a separate PNL, but not
00:34:38
as a separate OPE.
00:34:39
We were part of the Windows OPE and for a long time, until, I
00:34:44
think, two years ago, and that's really kind of the evolution
00:34:50
and story of security in Microsoft.
00:34:52
We were not only the only security business, there were
00:34:55
other security teams, but each team set in the platform they
00:34:58
protected.
00:34:58
So we protected endpoints, we were part of the endpoint team
00:35:03
that built the windows and et cetera, but there was an email
00:35:06
protection team that was part of the office team and there was a
00:35:10
cloud protection team that was part of the cloud team, the
00:35:14
Azure team, et cetera, and around it was publicly announced
00:35:19
.
00:35:19
I think around two years ago, maybe a little bit more than
00:35:23
that, it was a big decision in Microsoft to actually combine
00:35:27
all of the security teams into one security, all of the
00:35:30
distributed security teams to one security business, and one
00:35:36
of the founders of AWS, charlie Bell, joined Microsoft and
00:35:41
actually established this reporting to Satya and took all
00:35:45
of the three or four, five different security product teams
00:35:48
in each of the line of business .
00:35:49
That created the security line of business.
00:35:51
It was a very important step in Microsoft's voyage of becoming
00:35:57
a security player At this point of time.
00:36:01
Coming back to me.
00:36:02
Actually, I changed role and moved from leading one of the
00:36:08
security lines, the defender line, and took a more holistic,
00:36:11
horizontal role, reporting to Charlie, of a chief strategy
00:36:18
officer for the security business.
00:36:22
My role was to look on product strategy across all of the
00:36:25
product lines that Microsoft security now had in one team, so
00:36:27
endpoint was one I meant that but there was also identity and
00:36:32
compliance and data protection, et cetera, and cloud protection,
00:36:35
and my role was to look across all of these different markets,
00:36:40
different products, and lead product strategy, which is the
00:36:43
horizontal one, and also try innovation and understand what
00:36:47
is the growth framework of Microsoft, what are the new
00:36:50
markets we think are interesting , what are the things in which
00:36:55
we have gaps and we need to complete.
00:36:57
And that was kind of moving from the trenches to the
00:37:03
headquarter and looking and bird's eye view across
00:37:08
everything that Microsoft did in security, which is almost
00:37:11
everything that exists in security.
00:37:13
So that was again another unique experience.
00:37:17
That was my last role in Microsoft and actually brought
00:37:22
me back into the trenches, into a new domain in application
00:37:26
security, which is what I'm doing now in the period.
00:37:31
Speaker 1: Yeah, it's fascinating how Microsoft has
00:37:35
turned themselves into a one-stop shop for almost
00:37:40
everything tech, everything that you could imagine with tech,
00:37:44
everything that you'd want to do .
00:37:45
They're basically a one-stop shop and it's just.
00:37:50
It's challenging, right, it has its own native challenges, but
00:37:56
it's extremely beneficial for a lot of companies out there and
00:37:59
that's why a lot of companies go all in on Microsoft.
00:38:02
So can we talk a bit about what you're doing at Appuro, what
00:38:09
the company specializes in and what you're specialized in
00:38:13
within the company?
00:38:14
Speaker 2: Yeah, gladly so I'll actually connect it really
00:38:18
naturally to my last hearing in Microsoft.
00:38:23
As I said.
00:38:24
So, first of all, I am in the peer-a-peer is in domain of
00:38:28
application security.
00:38:28
We are building a cloud application security platform
00:38:33
that help customers to build and deliver secure code, and I
00:38:41
joined the company in.
00:38:42
It's a three-year-old company, so I joined it not at the
00:38:46
beginning, but it's really relatively a young company as a
00:38:50
chief product officer and, as you can see, it's like now
00:38:57
understanding the story of my life.
00:39:00
I really from walking in a big company building a Cubation, and
00:39:04
now I be modest, but also succeeding in building a very,
00:39:08
very huge business and then having an overarching look
00:39:11
across even wider business of around like $20 billion business
00:39:15
, which is the security business of Microsoft, like they
00:39:18
publicly said that.
00:39:19
Coming back to the trenches, to a small team, to doing stuff
00:39:25
with hands and from the beginning, and I couldn't be
00:39:29
more happier on that and the reason I joined, though there
00:39:33
are two different kind of forces that brought me into the role,
00:39:41
so I'll share them and then talk a little bit about what we are
00:39:45
doing.
00:39:45
So one thing is the domain in which a bureau is walking, and I
00:39:51
think it has an opportunity to be really impactful, which is
00:39:58
the problem statement, which is helping customers, helping
00:40:01
businesses that are writing code which is basically every
00:40:04
business in the world today to deliver, to build and deliver
00:40:11
code that is secure from the beginning.
00:40:14
I have, as I said, multiple years of experience in, from
00:40:19
both sides, defend their attacker in security and for
00:40:26
eight years, like my role in Microsoft, we ran after
00:40:30
attackers that actually manipulated vulnerabilities and
00:40:33
bugs and issues that existed in software.
00:40:36
If you think about that, it's kind of like we were the doctor
00:40:41
that when there was a disease, we tried to identify the disease
00:40:45
and make you healthier.
00:40:46
But we fixed it okay, we evacuated the attacker and
00:40:51
everything was safe.
00:40:52
And then a week, after a month, after a year, after the
00:40:54
attacker came back in a different way.
00:40:56
So you are again going to the doctor and again you are going
00:40:59
to the doctor and you can ask yourself if, if you're a doctor
00:41:03
that every time fixes a disease and then the disease comes back,
00:41:06
are you a good doctor?
00:41:07
And that was kind of a philosophy.
00:41:10
That's really the philosophical problem with detection and
00:41:12
response.
00:41:13
You're always reacting to the attacker and you can be very
00:41:16
good, but then the attacker will come back and continue this
00:41:22
analogy if you do your exercise and eat well and don't eat a lot
00:41:29
of carbs, etc.
00:41:30
The chances you will go to the doctor are actually reducing,
00:41:35
and application security is all about that.
00:41:37
It's being able to creating code from the day one that is
00:41:45
harder for a attacker to manipulate.
00:41:47
And if you do that, the job of the detection and response,
00:41:50
which is reactive after the effect, is actually becoming
00:41:54
much more redundant.
00:41:54
So really the important thing is living good health and not
00:42:00
finding diseases quickly, and that's actually again, I'm a
00:42:04
little bit philosophical, but one of the things that was
00:42:06
really important for me.
00:42:07
When I had the opportunity to look over the overarching thing
00:42:12
that are happening in security, I said I want to go back to the
00:42:15
root problem, shift left, but really shift left to solving the
00:42:21
problem that hopefully are, if are, most cost-effective to be
00:42:26
solved and if they are solved, all the rest of the problems of
00:42:29
detection and response of attackers are being much easier.
00:42:32
So in application security I saw exactly this opportunity.
00:42:37
But also I saw a big problem that is getting bigger because
00:42:46
every company is writing code, but also getting deeper because
00:42:51
the way that we write code is also different.
00:42:53
It's not now again the sequential let's plan
00:42:57
application, develop it, test it , deliver one year after.
00:43:01
But actually some of our customers today are delivering
00:43:06
code to production hundreds of times or thousands of time a day
00:43:10
and they are doing that by tens of thousands of engineers.
00:43:13
That's what they are doing.
00:43:14
So actually understanding your code because it's changing so
00:43:20
much and so often in so many ways.
00:43:22
And now comes co-pilot or an LLM like ChagGPT type of
00:43:28
technology that are writing code autonomously.
00:43:30
So actually the surface area is changing so much and going and
00:43:34
becoming so complicated that the problem so it's coming back,
00:43:39
it's a big problem and it's important problem and it's
00:43:42
changing and getting bigger every time.
00:43:45
And I thought that I have both passion to help solve this
00:43:50
problem and also have good ideas on how to approach it, similar
00:43:54
to the pitch that I had when we started the defender as an EDR.
00:43:59
I thought that we can do things as an industry fundamentally
00:44:03
different and that if we do that , we'll be the really big
00:44:07
company and really impactful business.
00:44:10
And this is why I decided that I want to dive in again from the
00:44:14
headquarters to the trenches and try to do something big
00:44:18
again in the area of application security.
00:44:21
So that was motivation number one.
00:44:23
Motivation number two I wanted to do that in the real world,
00:44:28
like Microsoft is an amazing place only good things.
00:44:31
Maybe I'll come back in the future, but it is a big company
00:44:37
and the big company moves slower and also a more vaccine to
00:44:42
mistakes.
00:44:43
If you do mistakes, you have more chances to fix them, by
00:44:46
definition, because the company has more resources and more time
00:44:51
and more trust with customers.
00:44:52
And something that I wanted, a personal experience that I
00:44:58
wanted to have in my life, is building a big business,
00:45:02
hopefully successful, but from the beginning, in a smaller team
00:45:09
, much more, with less moving faster but also with less places
00:45:14
to do mistakes.
00:45:15
And this is why I said that I actually want to join a younger
00:45:21
company in the domain of application security.
00:45:23
And then it came up here A peer I know for a long time.
00:45:29
I know the he done, the co-founder and the CEO, dan
00:45:33
Plotnik, was actually a peer of mine in Microsoft, where he
00:45:37
managed the identity team security team and I managed the
00:45:40
endpoint security team.
00:45:42
So we had a lot of time together .
00:45:44
We built trust and love.
00:45:46
So I knew a peer and what they did and the approach that they
00:45:51
are taking to application security and I thought it is an
00:45:56
amazing combination for me to join a great team with a vision
00:46:00
that was very much aligned to how I think application security
00:46:03
should look radically different and with a team that I trust
00:46:07
and a team and the company and a set of investors that think big
00:46:15
, that think that, then that we need to build a huge and can
00:46:19
build a huge business, not only solve a small problem and this
00:46:22
is the type of thing that was really very important for me in
00:46:25
Microsoft and now that we are replicating, solve something
00:46:28
that is significant.
00:46:29
So the combination of the domain, my passion, personal
00:46:34
passion and my appreciation to the specific company to appeal,
00:46:38
made me join around six months ago as a chief product officer
00:46:45
to a done and you know, done and the other people in the peer,
00:46:53
and since then I'm in heaven.
00:46:58
Speaker 1: So, you know, I think one of the common
00:47:05
misconceptions within cloud security, right, it's probably
00:47:10
that a CSPM, a cloud security posture management solution,
00:47:17
covers your applications in the cloud, that it provides, you
00:47:22
know, the expected level of insight into the application,
00:47:26
into the code base, into the pipeline, right.
00:47:28
But that's not the case.
00:47:30
You know, I'll tell you right now, right, I have a CSPM, I
00:47:37
have one CSPM that looks at the cloud, and then I have like five
00:47:40
different technologies that look at applications.
00:47:42
It is, it's, you know, it's frustrating for me as a security
00:47:49
person because I want as few places to go as possible to
00:47:53
manage the security of my environment, not even from a,
00:47:57
you know, single pane of glass.
00:47:58
That was kind of, you know, that terminology has kind of
00:48:01
been burnt down and buried, right, because it was just so
00:48:05
overused.
00:48:05
But you want as few places to go as possible so that you can
00:48:10
make an intelligent decision about your environment, of what
00:48:13
you should be doing to better secure it.
00:48:16
And I'm wondering, you know, a part of application security, as
00:48:20
we've seen with SolarWinds, is the supply chain security.
00:48:24
And that is a huge, gigantic headache that everyone in
00:48:31
application security and cloud security overall has, because
00:48:36
now it kind of reshaped how everyone is thinking about.
00:48:39
You know security overall, right, it's like, oh well, we
00:48:44
need to start looking at everything that makes up this
00:48:48
application, everything that makes up this environment.
00:48:51
Because what if you know, this random vendor is breached that
00:48:55
we use for this one thing, and now they're manipulating it in a
00:48:59
different way that we didn't expect right, and so does your
00:49:04
application.
00:49:04
Security posture management solution also cover supply chain
00:49:09
attacks and supply chain security.
00:49:13
Speaker 2: Yes.
00:49:13
The short answer is yes.
00:49:15
I think there is, like the you said, multiple things.
00:49:19
I'll start with the CSPM and the SPM per minute, like cloud
00:49:23
security, posture management and application security, post
00:49:26
management Thanks for gardeners for inventing these acronyms,
00:49:29
but really they are capturing being and young, I think of
00:49:32
protecting modern applications.
00:49:34
Like you need to protect the house and how it is being built.
00:49:38
That's the analogy of the cloud infrastructure.
00:49:41
You need to make sure that you have protected VMs and protected
00:49:46
the buckets and connected the right way and there is a network
00:49:50
that is connected the right way and configured the right way.
00:49:55
And but also you need to protect the people with that are
00:49:58
in the house, which is in this analogy.
00:50:01
That application itself and the application itself, as I said,
00:50:03
is built from thousands of different modules that are
00:50:07
changing thousands of time a day by thousands of people, which
00:50:11
are the engineers, and then you can't protect only the envelope
00:50:17
and being agnostic to the content that is running there.
00:50:19
And therefore I'm not inventing anything in the sense that
00:50:25
there is investment that you need to make in cloud security,
00:50:29
infrastructure security, and there are investment that you
00:50:32
need to make in actually the content of your application,
00:50:36
application security, testing and now a SPM.
00:50:40
So first of all they are as I said, they are kind of you can't
00:50:43
do the one or the one is complementary to the others.
00:50:47
And also you see that in the personas that we are serving in,
00:50:50
big organizations are sometimes that CSPM is usually going into
00:50:56
the cloud infrastructure type of teams and the SPM is going
00:51:00
into the application security that they're working closer
00:51:03
she's left closer with engineering and trying to
00:51:05
identify.
00:51:06
I would say that's another important thing about the SPM.
00:51:09
The key thing there is not only identify risks after the fact
00:51:14
that, making everything that you can do in order to stop them
00:51:18
from ever happening again oh, some filter for happening at the
00:51:21
beginning.
00:51:21
So actually putting gardeners and SPM is a lot about, in my
00:51:25
view, prevention and not only about detection, prioritization
00:51:30
and remediation, and that's a really.
00:51:32
I think that's part of what a lot of our SPM competitors or
00:51:37
friends are missing.
00:51:38
It's not only yet another system to collect logs and
00:51:41
collect alerts and show them in one queue, but it's actually to
00:51:44
manage the technology and the process that stops them from
00:51:48
ever happening again, and that's that's the tough thing.
00:51:52
Another thing I would say when you say protecting the
00:51:54
application 10 years ago, five years ago, three years ago, it
00:52:00
meant protecting the application code.
00:52:02
You had tools like SAST that search for SQL injection in the
00:52:06
code and you had tools like SCA that search for vulnerable open
00:52:11
source dependencies, and you had the tools that you have still
00:52:15
tools that are looking for secrets in code, et cetera, et
00:52:17
cetera.
00:52:18
But modern application, as we said earlier, is much more than
00:52:22
the code that is being developed .
00:52:25
It's actually all of the supply chain of how it was developed,
00:52:28
so to your point of solar range and open source dependencies,
00:52:33
but also it's also the way that it was deployed to the built and
00:52:38
deployed into production.
00:52:40
So even if you have a code without SQL injection at all and
00:52:47
no vulnerabilities but this was code, was built via a pipeline
00:52:51
that had the vulnerable Jenkins plugin the code is as vulnerable
00:52:55
as a code that has SQL injection.
00:52:58
And even if your code, like delivery to the cloud, is a
00:53:02
cloud, is a code element, so it's based on infrastructure of
00:53:05
SQL.
00:53:06
So even if your application code has no vulnerabilities but
00:53:10
your deployment to the cloud, terraform et cetera,
00:53:14
infrastructure as code actually is doing that in the right, like
00:53:17
deploying it to a public server , then you still, then your
00:53:20
application is as vulnerable as you had SQL injection and even
00:53:25
if the code that you wrote is actually amazing and has no
00:53:28
vulnerability, but you used a vulnerable, not even a
00:53:31
vulnerable package, use a malware, like a package that has
00:53:34
no CVE but is doing really bad things, then your application is
00:53:38
still not secure.
00:53:40
So, really modern application security must, must, must.
00:53:45
Look from, I would say, even design, like, even the, I'd say
00:53:49
like the even your application has no vulnerabilities, no SQL
00:53:52
injection and not open source, but it is designed in the way
00:53:55
that there is an API that is open to the internet, as in, not
00:53:58
authenticated and give access to API information, then it's
00:54:02
not secure.
00:54:02
So the only way to actually secure modern application is
00:54:07
understand what the application needs to do in the design phase,
00:54:11
how it is being developed and changed hundreds of times,
00:54:14
thousands of times daily during the development phase, how it is
00:54:18
being built and how it is being deployed and executed.
00:54:22
And in a peer that's part of what they said like hey appear
00:54:26
is a big company in the company with a big vision.
00:54:28
That's the core to what we're saying.
00:54:30
We're saying application security is from design, threat
00:54:36
modeling, design, software architecture to code scanning of
00:54:42
code understanding, understanding vulnerabilities in
00:54:45
code, understanding code reviews, understanding changes,
00:54:48
which are code, understanding the software components that are
00:54:52
coming outside into the code through deployment, through
00:54:56
build.
00:54:56
So understanding the build pipeline and the deployment
00:55:00
pipeline, and that's kind of the core to what we are doing.
00:55:03
We call it risk graph, but the idea is that all of these things
00:55:07
are interconnected.
00:55:08
The way that your application is being built is a combination of
00:55:11
APIs and data models and the service functions and Kubernetes
00:55:15
, cluster and configurations, and only by combining all of
00:55:21
that together you can have the foundation, on top of which you
00:55:25
can say here is a vulnerability and this vulnerability is more
00:55:28
important than this vulnerability, and answer really
00:55:30
the question that all of the answers customers want us to
00:55:33
answer, which is I have one hour out of the 100
00:55:38
vulnerabilities that appearing in my Qs.
00:55:40
From the five tools that I have , what are the three that I
00:55:44
really need to solve?
00:55:46
That has the biggest likelihood to happen, or the highest
00:55:50
impact, if they happen, or the most cost effective for me to
00:55:53
fix, if I actually now put one hour into that.
00:55:56
And that's the core intellectual property of what we
00:56:00
do and manage a process on top of that, allow you to understand
00:56:05
it.
00:56:05
You are progressing, understand , communicate with your
00:56:07
developers and manage an improvement process that shows
00:56:13
that my one hour today is more effective than my one hour
00:56:18
yesterday, for example.
00:56:22
Speaker 1: Yeah, it's really fascinating.
00:56:23
It's an area of security that is growing rapidly that more and
00:56:27
more people have to pay attention to.
00:56:29
So you know, motea, you know, unfortunately we're coming to
00:56:35
the end of our time here.
00:56:36
I feel like we almost need a part two to this episode to have
00:56:40
you back on and talk about Appiero a bit more.
00:56:43
But before I let you go, how about you tell my audience you
00:56:46
know where they can find you, where they can find Appiero, and
00:56:50
what the best way to reach out would be?
00:56:59
Speaker 2: So we are in appirocom.
00:57:02
I am available, even directly through my email, and I think we
00:57:11
are.
00:57:11
I'll say like two last, maybe sentences.
00:57:16
I think application security is a market like like endpoint
00:57:20
security 10 years ago is a market that is completely being
00:57:24
changed.
00:57:25
In the coming two or three years from now it will look
00:57:27
completely different than how it is today.
00:57:29
We didn't even have the time to talk about generative and how it
00:57:33
actually affect code understanding and
00:57:35
vulnerabilities in code, but there is so much innovation that
00:57:38
is happening there and the second thing that the companies
00:57:42
that will win and succeed to create worldwide impact are the
00:57:46
ones that think about this problem holistically, and I
00:57:49
think we are one of the few companies that are actually
00:57:53
doing that, looking from design till production, and I'm happy
00:57:58
for everyone everyone, either LinkedIn or direct email to to
00:58:04
if they are sharing the passion we have a question to to reach
00:58:08
out.
00:58:08
I hope through the podcast you see the lightening in my eyes
00:58:13
and the energy of really it's an important, huge problem that,
00:58:17
like we have now a unique opportunity to solve in the
00:58:19
coming years.
00:58:20
So totally, yeah, absolutely.
00:58:25
Speaker 1: I'm really excited to see where this space goes and
00:58:27
I'm looking forward to you know bringing you back on and talk
00:58:30
about it a bit more.
00:58:31
Well, thanks everyone.
00:58:33
I really appreciate you listening and I hope you enjoyed
00:58:36
this episode.