Exploring the Evolution of Application Security with Moti Gindi From Apiiro

1 00:00:00
Speaker 1: How's it going, everyone?

00:00:01
This is another security unfiltered podcast episode.

00:00:05
So, real quick, before we dive into the episode, I have to give

00:00:10
a big shout out to 10kMedia.

00:00:12
This episode would not be possible without 10kMedia, so

00:00:17
big shout out to Adam over there for putting this episode

00:00:21
together and with that we will go ahead and dive into the

00:00:25
episode.

00:00:25
Thanks everyone.

00:00:27
Good to finally have you on Moti.

00:00:29
I'm very excited for our conversation.

00:00:31
I think it's going to be really interesting to see where it

00:00:34
goes and hear about your journey .

00:00:37
Speaker 2: Great, hi guys.

00:00:38
Thank you, joe, for inviting me .

00:00:41
Speaker 1: Yeah, absolutely so, moti.

00:00:43
Why don't we hear about how you got into IT, how you kind of

00:00:48
got started with security?

00:00:50
And the reason why I started everyone off there is because

00:00:54
there's a section of my audience that are looking to get into

00:00:58
security or looking to get into IT.

00:01:00
Maybe they're doing a career change right, and I feel hearing

00:01:05
everyone's backgrounds really helps them to know, like, hey,

00:01:09
if they did it, maybe I can do it right.

00:01:11
Or if they came from a similar background, maybe I can also do

00:01:14
something like this.

00:01:15
So what's your?

00:01:16
What's your background?

00:01:17
How did you get into?

00:01:18
Speaker 2: it.

00:01:18
I'm smiling because, you know, I have on one hand a very

00:01:22
typical background, that is relevant to people that are

00:01:25
doing security and cyber in Israel.

00:01:28
On the other end, it's rather unique from the point of view of

00:01:30
general audience.

00:01:31
So actually I got into security from my army.

00:01:37
Like my army time I was a member of the Israeli cyber

00:01:43
units Like the.

00:01:46
It's a known number in the in the in the cyberspace, like 8200

00:01:50
.

00:01:50
So actually as a really young guy around the age of 18, I was

00:01:54
recruited and went through a seven years of serving around

00:02:02
security, cybersecurity, signal security, and I found out there

00:02:08
during my time three very important things.

00:02:11
One is that I really like the domain, I really care about it.

00:02:16
I think.

00:02:17
I really think that thinking as a defender or as an attacker

00:02:21
from the point of view of cyber is really until intellectual

00:02:25
problem.

00:02:25
I really liked the seven can figure, learn that I really like

00:02:30
and it's really natural for me to be in a position that they

00:02:34
remember.

00:02:34
It's an intelligence unit, so combined, on one hand, technical

00:02:37
capabilities and in the other hand, the big picture of

00:02:40
intelligence and in the industry it's called the product manager

00:02:43
.

00:02:43
There are found out that really what I want to do when I leave

00:02:47
the army is actually product management, which is in the

00:02:50
connection between technology and need and the role is the

00:02:54
combination between the two.

00:02:56
And the third thing I really like and learn is the important

00:03:01
that the huge opportunity that cyber brings around innovation.

00:03:07
Basically, again, as an attacker as and as a defender, there is

00:03:11
endless amount of things.

00:03:12
Imagination is only like.

00:03:14
What you do is really limited to your imagination.

00:03:17
Because of the end of the day, it's a combination of not only

00:03:21
technology but technology and people.

00:03:23
When there is either when you are trying to find

00:03:26
vulnerabilities in code or we are trying to attack an

00:03:29
infrastructure, in both cases you are handling as much as

00:03:33
you're handling the technology, you're handling actually the

00:03:36
people that built it, and there is also an element there of

00:03:40
psychology and processes and the combination between security

00:03:45
and people is really like what.

00:03:49
It sounds a little bit philosophical, so I understand

00:03:52
that, but this is the thing that I really learned during my time

00:03:55
in 8200 that I really like and, of course, doing good things

00:03:59
for my country.

00:04:00
But put that aside.

00:04:01
So I spent there seven years.

00:04:03
During them, I went also to university and learned computer

00:04:08
science and linguistics and then started my career as a product

00:04:14
manager in various companies and in the last 10 or 12 years I

00:04:20
came back to cybersecurity greater bit more than that

00:04:23
actually and served and in roles that are, and built products

00:04:29
and created business which are in the cybersecurity space,

00:04:32
first in Microsoft and then in now in the last half year in the

00:04:38
field.

00:04:41
Speaker 1: Wow, so there's a lot to unpack there.

00:04:47
Talk to me a bit about how you decided to go down the computer

00:04:55
science and linguistics path, right, or what made you want to

00:05:00
do that work.

00:05:01
I can understand the computer science part of it.

00:05:03
The linguistics part is like, I mean, it's not even out of left

00:05:09
field, it's like out of the park, you know, trying to get

00:05:13
into the play field, right.

00:05:15
Speaker 2: I mean in my again, it was around 20 years ago but,

00:05:20
like consistently across the years in the university

00:05:23
television university where I learned there were always

00:05:26
exactly two people that did exactly two that did this

00:05:30
combination of linguistics and computer science, and I think

00:05:34
the root to why I chose that was really related to the things I

00:05:42
talked about earlier Parts of the part of the problem that

00:05:47
existed in the intelligence work like 20 years ago and is really

00:05:51
relevant today to every person is the fact that you have so

00:05:55
much information.

00:05:56
Usually, you know the problem you're saying is that, in terms

00:05:59
of my problem is to get to the information.

00:06:01
You can get to a lot of information with many ways, via

00:06:08
multiple types of information.

00:06:10
Then the problem came out of the vast amount of data that I

00:06:13
have applicable to my, at my hands, at my table, how quickly

00:06:21
do I choose the ones?

00:06:22
That is actually helping me to answer the question that I'm

00:06:25
investigating now and, as a result, not only in like in

00:06:30
every intelligence organization, a big, big problem is around

00:06:36
automatically and using before it was called AI, but using

00:06:40
machines to help you to unpack what is the content that you are

00:06:45
looking at, either if it's text or voice or code, whatever it

00:06:51
means, like how you can scale yourself only by having machines

00:06:57
that understand what you are looking for and help you to do

00:07:02
the first level of filtering and consolidation and correlation

00:07:06
of what you are looking to for into something that you as a

00:07:10
human being can digest as an analyst or as an intelligence

00:07:14
officer.

00:07:14
And, as a result, I had the luxury of and the way to do that

00:07:21
is again before GPT and before language models.

00:07:25
The way to do that was by understanding natural language

00:07:30
and I had, as part of my army, I had around two years in which

00:07:35
that's something I did.

00:07:36
That was in the technology part technology and intelligence,

00:07:39
part of understanding human language automatically.

00:07:43
And, as I said earlier, that was part of the thing that

00:07:48
fascinated me the combination around intelligence, but also

00:07:51
people and understanding.

00:07:52
Trying to understand what the document is talking about, to

00:07:56
understand it and trying to programmatically understand what

00:08:01
is the thing that you're actually looking after, like

00:08:03
what is the reader, the intelligence reader that you're

00:08:05
looking after, program it, translate it to something which

00:08:10
is programmatic and then allowing a machine to understand

00:08:13
this program and provide you valuable information.

00:08:16
These were like the me and many other people watch, like the

00:08:22
edge of technology that we handled in back day in the

00:08:26
intelligence cop sense.

00:08:27
Then came Google and came to GPT and came all of these

00:08:32
technologies that are trying basically to do the same, like

00:08:34
code a question and then bring you the relevant information and

00:08:39
for that you need to understand really well the question and

00:08:41
you need to understand really well the answers that you are

00:08:44
providing.

00:08:44
And I was really interested in in I did it practically in the

00:08:52
army and then decided it's really interesting for me to

00:08:57
understand, like to try and learn about that and then not

00:09:01
only go through usual computer science and not program but also

00:09:04
understand kind of our languages program.

00:09:09
And if we went into that, like I went to a university, tel Aviv

00:09:13
University that is one of the only universities in the world

00:09:16
that when they teach linguistics they don't ask you to know any

00:09:20
language.

00:09:20
Usually when you go to a linguist with courses you need

00:09:24
to learn either advance or learn through the three years you

00:09:30
need to learn like seven languages.

00:09:32
Tel Aviv University the philosophy is called generative

00:09:38
linguistics, interestingly, and the idea was that really there

00:09:44
is a common framework, really an algorithm that is the basis to

00:09:48
all languages and when we are born and we are learning English

00:09:51
or Hebrew or Yiddish or German.

00:09:55
Actually we are taking the generic algorithm and setting it

00:09:59
to a specific language, and understanding linguistics is

00:10:03
really understanding the basic algorithm of how you know

00:10:07
language, and so it is a kind of a natural combination, if you

00:10:11
think about that, between that logical mathematics and computer

00:10:16
science.

00:10:16
So these type of motivations brought me to learn.

00:10:20
It's so funny that 20 years after, with everything that is

00:10:25
happening now with LLM and things that we did around newer

00:10:31
networks, used to natural language, to text understanding,

00:10:34
etc.

00:10:34
Like as a hobby, like in the army 20 years ago, or now 1

00:10:39
times more sophisticated, but there is a comeback.

00:10:42
But that's what I learned and of course, after that I didn't

00:10:48
exercise it at all at my work.

00:10:50
It was more of like coming from the army learning.

00:10:53
I had a lot of time during my two years of doing this in the

00:10:58
university and then moved to a more traditional product, high

00:11:04
tech and then engineering management roles in the industry

00:11:09
until I came back to security around, as I said, 12 years ago

00:11:15
when I joined Microsoft.

00:11:18
Speaker 1: Yeah, that's really interesting.

00:11:20
I guess I never thought about it that way.

00:11:24
The best way to work with a language model or determine,

00:11:32
create something that could review a document and give you

00:11:36
the pertinent information.

00:11:37
A couple bullet points you would need to know linguistics,

00:11:42
you would need to be an expert at linguistics.

00:11:44
Really, that's very interesting and it kind of takes me down

00:11:49
the rabbit hole, right.

00:11:50
Well, if this kind of existed 20 years ago and the public is

00:11:57
just now seeing chat GPT for the first time this year basically,

00:12:03
for the most part, what do they have now that we're going to

00:12:09
see in the public in 20 years?

00:12:10
That's always the fascinating part for me.

00:12:15
I was watching another podcast and this former Navy SEAL was

00:12:21
talking about the night vision that was used on the raid to

00:12:26
kill Osama bin Laden.

00:12:27
In the movie Zero Dark Thirty.

00:12:29
You see them as these four tube things and everyone that is

00:12:35
into that kind of thing.

00:12:36
That was brand new for them.

00:12:37
They never saw it before.

00:12:40
He said yeah, when I got into the Navy SEALs early 2000s,

00:12:48
those were 10 years old.

00:12:49
That was old tech.

00:12:51
They're literally using hand-me-downs for that mission.

00:12:55
I'm sitting here like what?

00:12:58
Because to me that was like cutting edge, like, oh my God,

00:13:03
this is amazing For him.

00:13:06
It was just another day.

00:13:07
It was just another day at the office like, yeah, I'm going to

00:13:10
use this old tech.

00:13:11
Hopefully it works, that sort of thing.

00:13:14
Speaker 2: I'll give you another example which rhymes with what

00:13:17
you said, I think, in the last, coming back, for example, to

00:13:21
cyber in the last 10 years.

00:13:23
Plus, there is the common understanding of nation-state

00:13:26
attacks and attacks which are sophisticated, which are not

00:13:30
only based on a random malware to your computer and try to get

00:13:35
Bitcoin out of you or do a simple phishing, but I will

00:13:39
collect intelligence and understand who you are.

00:13:42
I have a really specific price.

00:13:47
I am going after.

00:13:48
I'm going after intellectual property and then I will go low

00:13:51
and slow and nation-state attacks.

00:13:54
Currently, all of the security products in this space are

00:13:56
aiming to protect you from nation-state attacks.

00:13:59
There was an aha moment 10 years ago with, I think, the

00:14:05
so-called Chinese attack on RSA in Google.

00:14:06
That brought that into the attention and created completely

00:14:11
new defense technologies like CIME and XDR and EDR part of the

00:14:18
thing that I built.

00:14:19
But again, 20 years ago, it was all news.

00:14:23
That's the funny part of that.

00:14:26
There are places in which I think intelligence bodies has

00:14:32
the luxury of being really front-cutting edge technologies.

00:14:36
So I totally agree.

00:14:42
Speaker 1: Yeah, it's really interesting to see what's out

00:14:44
there, but you have to go through so much to see what's

00:14:48
out there that it may not be worth it.

00:14:50
So that kind of takes us to your time at Microsoft.

00:14:56
Can we talk a little bit about what it was like to be at

00:15:01
Microsoft, being such a large company, probably one of the

00:15:05
largest in the world, for sure One of the biggest tech names of

00:15:10
all time?

00:15:10
What did you do there?

00:15:12
What did you specialize in?

00:15:14
We talked about your I guess it was product management

00:15:22
experience within your 8200 group.

00:15:24
Did that experience translate over to Microsoft very well or

00:15:29
was there a learning curve behind it?

00:15:32
Speaker 2: So I had two distinct periods in Microsoft.

00:15:37
The first one, I think the first three or four years I

00:15:41
joined Microsoft.

00:15:42
Back then I was the director of product management.

00:15:45
Already I worked in multiple companies before joining

00:15:49
Microsoft.

00:15:50
I also established my own startup and I had a vast

00:15:53
experience and then joined Microsoft as the director of

00:15:56
product management and then as an engineering and product

00:15:59
manager and it was, I think, in kind of standard type of product

00:16:06
for Microsoft.

00:16:07
I joined originally and was part of the telecom mobile group on

00:16:12
Microsoft developing mobile applications and mobile

00:16:15
solutions, and then started to work on the advertising products

00:16:22
of Microsoft back then had a very big advertising product

00:16:25
when, by the way, tons of what I know later and implemented

00:16:29
later in security, which we talk about it, was around.

00:16:32
Security is data and AI and data science.

00:16:36
I actually learned during my days around leading a team in

00:16:41
Microsoft that was responsible for targeting like understanding

00:16:44
you, understanding the retailer and matching the best we can as

00:16:49
quickly as we can between the Ed and the person.

00:16:53
So the chance for you to click will be the biggest, the highest

00:16:57
possible.

00:16:58
Not a novel cause.

00:16:59
I think I'm too proud from the point of view of impact that we

00:17:02
made on the world, but really, again, cutting edge technology.

00:17:05
That had, later on, a lot of similarities when we actually

00:17:09
incubated the security business in Microsoft, which I'm happy to

00:17:12
talk about later but that's where I spent three or four

00:17:15
years and then I left Microsoft.

00:17:18
I felt that I need something.

00:17:24
Again, it sounds like a little bit of cliché, but I felt that I

00:17:28
need something that is bigger, more impactful and that I am

00:17:34
handling.

00:17:35
I am building products and good products and delivering in

00:17:39
quality and creating more money and sophisticated algorithms and

00:17:43
really edge, cutting edge technology, but I'm not making

00:17:48
enough impact.

00:17:49
I'm not the first one, probably that said that, but this is

00:17:52
what I felt back then.

00:17:53
And then I left and actually did a pause in my high tech

00:17:58
career and went to do something completely different and worked

00:18:04
for three years to work for the Israeli prime officer, the

00:18:08
Israeli government, where I spent three years doing some of

00:18:15
the most interesting things I did in my life and the feeling

00:18:19
that I'm creating an impact and value.

00:18:22
And then, when I left there, I got an offer to rejoin Microsoft

00:18:27
and I did, mainly because of my life.

00:18:29
It's a great company and great people and I really wanted to go

00:18:32
back there, but I rebooted my career over there.

00:18:38
I didn't join an existing business, I actually incubated

00:18:44
together with two good friends, and I incubated a startup within

00:18:49
Microsoft which is around security, which I led as the

00:18:57
leader for seven years, and these three persons.

00:19:02
The startup grew to 600 teams, people that I managed from zero

00:19:08
revenue to a business of more than $2 billion revenue and tens

00:19:13
of thousands of customers we protected.

00:19:15
And I think this was probably the most influential part of my

00:19:21
career and an amazing seven years seven, eight years that I

00:19:24
spent in Microsoft.

00:19:29
Speaker 1: Wow, there's, there's a lot there again.

00:19:32
You know what you discussed.

00:19:43
You know the work with the government, right, that it was

00:19:47
the most rewarding work that you've ever done.

00:19:49
And you know, honestly, when I think of working for the

00:19:54
government myself, right, that's absolutely at the front of my

00:19:59
mind, right is, you know, helping change and direct things

00:20:04
in the right way with the government that's impacting your

00:20:07
nation.

00:20:08
You know, and I mean that's a that's a huge honor.

00:20:13
Can you talk a little bit about what you were doing for them?

00:20:17
Were you, you know, potentially , you know looking at, you know,

00:20:22
let's say, digital threats or whatever it might be right, and

00:20:26
then kind of translating that to people that are not as aware or

00:20:30
not as fluent in the area as you were, like, what was that

00:20:34
work like?

00:20:37
Speaker 2: I can't talk too much about that.

00:20:39
I would only say that it's like the usual.

00:20:46
Like the usual.

00:20:47
It's like we use technology to help people and make sure that

00:20:53
you know the country is safe, etc.

00:20:54
And amazing, three years.

00:20:57
But it's hard for me to go into more details.

00:20:59
I would say that like really it's coming back to the core of

00:21:05
the things I liked in every role that I did.

00:21:09
Maybe that's like a more meta statement.

00:21:13
It was an amazing opportunity in which innovation was the thing,

00:21:18
innovation and being focused on a mission and using technology

00:21:26
to achieve this mission, and the imagination was the only thing

00:21:30
that stopped us.

00:21:30
And that's one.

00:21:33
And I think what I tried to reestablish and to find to

00:21:37
myself later when I went to Microsoft and now when I'm in a

00:21:40
bureau, is exactly this type of culture assets of the fact that

00:21:47
we are doing new stuff.

00:21:48
New stuff is really interesting but also really really

00:21:51
important.

00:21:52
It's not enough.

00:21:52
It will be really interesting.

00:21:53
It should be really important, and when I?

00:21:57
That's the main reason that when and I'm thankful for Microsoft

00:22:01
for giving me the opportunity and the manager's back that

00:22:04
believed in that is that when we try to establish security

00:22:07
business in Microsoft, it was one because we thought we can do

00:22:12
a really good job.

00:22:12
We can make a lot of money for the company, but also we can

00:22:17
really take a broken market and help customers to be more safe

00:22:20
Really.

00:22:20
And the thing of that of doing good on how impactful it is on

00:22:28
me and also on the people that worked with me, is something

00:22:31
that one of the things that I took really deeply from, from

00:22:39
how like the work that I did in these three years and for my

00:22:43
career moving forward.

00:22:44
There is nothing that is more creating motivation than the

00:22:48
impact that you are making on on actual stuff and on doing.

00:22:54
Speaker 1: Right.

00:22:54
So at Microsoft.

00:22:56
When you went back to Microsoft , you mentioned that you were

00:23:01
kind of in charge of, you know, creating a product that would,

00:23:06
you know, make some significant changes right within the

00:23:09
security ecosystem, potentially at Microsoft, right, yeah?

00:23:13
So when I look at your LinkedIn , right, it says that you are in

00:23:18
charge of end point security, so to me that sounds like

00:23:21
Microsoft Defender.

00:23:22
Is that a correct assumption, or yeah, I was part of the.

00:23:28
Speaker 2: I led the innovation team that started Microsoft

00:23:31
Defender.

00:23:31
Speaker 1: Yes, Okay, yeah, I mean, you know, as someone that

00:23:38
is typically, you know, just naturally against using Azure,

00:23:43
right, Well, let's assume that we have to use Azure.

00:23:46
It's hard, it's very difficult, you know, nowadays to not

00:23:53
recommend using Defender, right, I mean, it is such an all

00:23:58
encompassing security solution, it's really more of a security

00:24:03
platform within Microsoft Azure.

00:24:06
Right, that's the point that it is at right now.

00:24:10
You know, of being so expansive , of touching basically every

00:24:15
facet that you can use and deploy in Azure.

00:24:18
It touches it.

00:24:21
Were you instrumental in kind of changing the perception of

00:24:24
Microsoft Defender?

00:24:25
And the reason why I say that is because you know, previously,

00:24:29
right, microsoft Defender was that thing on your desktop or

00:24:34
laptop.

00:24:34
That was antivirus, that was kind of made fun of.

00:24:38
Right, that that was lacking in some areas compared to the rest

00:24:42
of the market.

00:24:42
And then, when they introduced that into Azure, right, it was

00:24:47
almost thought of the same way.

00:24:49
Right, we, as everyone in the technology space, kind of

00:24:53
assumed like, oh, it's going to be the same thing.

00:24:55
Very rapidly that changed.

00:24:58
When people were, you know, seeing the different features

00:25:01
and functionality and what it was able to do and what it was

00:25:03
catching and how it was actually operating, people quickly

00:25:07
started to shift their perspective.

00:25:09
You know, and that was an interesting time in the industry

00:25:12
.

00:25:12
Were you instrumental in that as well?

00:25:16
Speaker 2: I hope so because when I like I believe so when we

00:25:20
started Microsoft, when we started the Defender, like at

00:25:25
the beginning, it was called Windows Defender and then we

00:25:27
evolved to Microsoft Defender and the name change also came

00:25:31
with the strategy change.

00:25:33
We can talk about it later.

00:25:34
But when we started, exactly Defender was and consumer

00:25:39
antivirus there was zero that was given for free as part of

00:25:43
the operating system.

00:25:44
There was tons of people that work on Microsoft, on security,

00:25:48
but their approach was security in the platform, so making

00:25:52
Windows more secure in general, and there was no two things

00:25:57
where non existing in Microsoft A security wasn't the business,

00:26:01
it wasn't something we were selling.

00:26:03
B, it wasn't something that was focused on businesses and

00:26:06
enterprises.

00:26:06
And basically our incubation and pitch back then to the head

00:26:11
of Microsoft to the end of Windows like when I pitched the

00:26:14
incubation and got the initial funding to actually start the

00:26:20
work was that we think we can change these two things First,

00:26:24
we need to focus in Microsoft on supplying security for

00:26:28
enterprises, which brings a much higher bar than just an AV on

00:26:34
the antivirus on the consumer machine.

00:26:35
Secondly, that we need to think about that as a business.

00:26:39
And then came all the technology and why we think

00:26:45
we'll do it much better because of the cloud, because of AI,

00:26:48
because of like.

00:26:49
Basically, we said that we think that we can.

00:26:51
Not only us, by the way, in parallel, other vendors, like

00:26:57
cloud strike and some very recent and sent in one, said

00:27:00
similar things.

00:27:01
But the understand, common understanding was back then that

00:27:04
, like, in order to make security works, we need endpoint

00:27:08
security works.

00:27:08
We need to change the game from a security and not a game, so

00:27:12
that the way to catch sophisticated nation state

00:27:16
attackers is not by being a policeman that says, hey, here

00:27:20
is a like.

00:27:21
This is what the AV did, the antivirus, this is a bad thing.

00:27:23
Stop it.

00:27:24
Really, they should set the car .

00:27:26
Attackers are much more sophisticated.

00:27:28
They are usually not doing bad things.

00:27:29
They are doing usual things with a bad intent.

00:27:33
So that you need to evolve from being that was our pitch from

00:27:37
being a policeman to being a detective or from being a

00:27:43
doorman to being like a like a DVR system that actually has a

00:27:49
CSI type of like that records everything and search for

00:27:52
anomalies and search for the sophisticated, for the mistakes

00:27:56
that the attackers are doing, and then understanding the

00:27:58
entire scope of the bridge.

00:27:59
And the way to do that is, data and data in the cloud and where

00:28:09
and on the.

00:28:10
And this back in the days in Microsoft we have.

00:28:12
We thought we had a unique advantage and that was really

00:28:16
the pitch.

00:28:16
Really, the 32nd pitch of why we got funded at the beginning

00:28:22
and that was the first one or two years was to prove that this

00:28:26
technology is actually working and create the go to market

00:28:30
motion that allow Microsoft to talk with security people in the

00:28:33
enterprises, because we sold windows or they sold windows to

00:28:37
IT and we went and say, no, we want to be a security player and

00:28:42
the and the respective security player with product, and for

00:28:46
that we needed to find the right persona, which was the sock

00:28:49
persona and the CISO persona, which was a persona that

00:28:52
Microsoft didn't approach.

00:28:53
And so the first two of the years were all about building

00:28:57
the technology, showing that it's actually working, that we

00:29:00
can catch sophisticated attacks.

00:29:03
This technology was later coming in the air, like endpoint

00:29:06
detection, response and and, secondly, building the

00:29:11
go-to-market motion of being able to deliver this value to

00:29:14
SecOps and CISO and actually also AskMoney for that.

00:29:19
So after three years, like we were, I'm using now Gartner,

00:29:27
like everyone knows Gartner, so I'm using Gartner as a reference

00:29:29
.

00:29:29
Then, when we started like we were, I think, a niche player in

00:29:33
the defender, in the endpoint protection, a magic water which

00:29:37
compares between different vendors and give them grades,

00:29:40
and we did all of the voyage from merch to contender to,

00:29:44
after three or four years, to a market leader, together with

00:29:46
others, like crowds to like another, and since then I

00:29:51
managed the team till year and a half ago, two years ago, so it

00:29:55
was the first seven years.

00:29:56
We grew, as always a combination of good luck and

00:30:00
good execution.

00:30:01
We grew significantly in the size of the business, in the

00:30:05
credibility of the market leadership.

00:30:07
I think today it's really common that it's Microsoft and

00:30:12
CrowdStrike and possibly Sentinel-1 are the three leaders

00:30:15
in the endpoint security space.

00:30:16
And we grew the team and we grew the input.

00:30:20
Think after the last census, I would say after a few years, we

00:30:24
changed the name from Windows Defender to Microsoft Defender

00:30:27
and it was part of another aha moment that we had not revealed

00:30:31
one in Microsoft but the fact that not all endpoints in the

00:30:36
world are Windows.

00:30:37
80% of them are, but there is also, or 80% in the PC space,

00:30:42
okay, but there is Mac and of course there is Linux and in the

00:30:46
data center Linux is the most prevalent and of course there is

00:30:49
mobile iOS and Android.

00:30:50
So really, if you want to be a credible endpoint security

00:30:54
player that actually brings value to a customer not only

00:30:57
sell but actually bring value and we need to evolve to meet

00:31:01
customer where we are and not protect only Windows because we

00:31:06
are Microsoft, but actually protect and we develop Linux

00:31:09
capabilities and Mac capability and iOS and Android and again

00:31:13
slowly gain.

00:31:14
You can imagine CISOs where are rather suspicious of really

00:31:18
Microsoft.

00:31:19
You are going to be best of written protecting Mac or Linux.

00:31:22
I don't believe that and I think part of the game general

00:31:25
gaming Microsoft back in the days under satia leadership and

00:31:28
its security was kind of the forefront was, yes, we are not a

00:31:32
Microsoft player, we are a security player and that part of

00:31:36
the product that will help us to change step by step the

00:31:41
perception of what is defender and the value of defender and

00:31:43
create also a sizeable business.

00:31:45
And I led during this time.

00:31:47
I was the product leader so I managed the product management,

00:31:51
engineering teams, research, dev works, et cetera.

00:31:55
All of the operations that actually brought the product was

00:31:57
under my responsibility.

00:31:59
Amazing seven years of scale.

00:32:02
Each year is really different than the others, from nothing to

00:32:05
a huge business.

00:32:06
Tons of impact, not only business, but also really

00:32:11
helping customers, which is the most important thing, as you

00:32:15
understand, and also growing as a manager from a really small

00:32:20
team to a huge operation of multiple hundreds of people.

00:32:27
Speaker 1: That's really interesting.

00:32:28
That's fascinating how you explained it right is, you know,

00:32:34
you essentially created the security component in the cloud,

00:32:38
really redefined it and re-engineered the solution from

00:32:41
the ground up, it sounds like, and in doing that, you even had

00:32:49
to, you know, create a new perception of how this business

00:32:54
should be viewed internally at Microsoft, which is really

00:32:59
fascinating to me.

00:33:00
So is this kind of viewed as a almost like a separate entity

00:33:07
within Microsoft that has its own bottom line, its own cost

00:33:11
and things like that?

00:33:12
Is that kind of how that's viewed within there because it's

00:33:16
so large?

00:33:16
I can understand why Microsoft would do that, you know.

00:33:21
Speaker 2: So I'll say two things.

00:33:22
First of all, I think, like you said it really nicely before I

00:33:27
answered the issue around the PNL, our pitch was there like

00:33:30
when we tried to pitch of like.

00:33:33
So one analogy we used was from a policeman to a detective.

00:33:37
The second one was that the previous framework of how you

00:33:41
protect endpoints was from within the endpoint itself.

00:33:45
You installed an AV that or a code that protected the devices

00:33:50
that it ran on.

00:33:50
And our technological approach or innovative approach was we

00:33:57
call it the brain in the cloud, like the cloud is actually

00:33:59
protecting your endpoint.

00:34:00
The endpoint is only sending data to the cloud and getting

00:34:03
commands for the cloud, but now you get infinite scale.

00:34:05
You get the capability to look across not only when I protect

00:34:10
your endpoint, it's not only your endpoint, I actually

00:34:13
compare it to all of the history of this endpoint and the other

00:34:16
endpoints near it in the same organization and all of the

00:34:19
organization in the world and all of the windows in the world

00:34:23
and all of the devices in the world.

00:34:24
So really, the brain in the cloud was kind of the tag name

00:34:28
that we used under the internal code name of Defender.

00:34:32
We started from day one or day two as a separate PNL, but not

00:34:38
as a separate OPE.

00:34:39
We were part of the Windows OPE and for a long time, until, I

00:34:44
think, two years ago, and that's really kind of the evolution

00:34:50
and story of security in Microsoft.

00:34:52
We were not only the only security business, there were

00:34:55
other security teams, but each team set in the platform they

00:34:58
protected.

00:34:58
So we protected endpoints, we were part of the endpoint team

00:35:03
that built the windows and et cetera, but there was an email

00:35:06
protection team that was part of the office team and there was a

00:35:10
cloud protection team that was part of the cloud team, the

00:35:14
Azure team, et cetera, and around it was publicly announced

00:35:19
.

00:35:19
I think around two years ago, maybe a little bit more than

00:35:23
that, it was a big decision in Microsoft to actually combine

00:35:27
all of the security teams into one security, all of the

00:35:30
distributed security teams to one security business, and one

00:35:36
of the founders of AWS, charlie Bell, joined Microsoft and

00:35:41
actually established this reporting to Satya and took all

00:35:45
of the three or four, five different security product teams

00:35:48
in each of the line of business .

00:35:49
That created the security line of business.

00:35:51
It was a very important step in Microsoft's voyage of becoming

00:35:57
a security player At this point of time.

00:36:01
Coming back to me.

00:36:02
Actually, I changed role and moved from leading one of the

00:36:08
security lines, the defender line, and took a more holistic,

00:36:11
horizontal role, reporting to Charlie, of a chief strategy

00:36:18
officer for the security business.

00:36:22
My role was to look on product strategy across all of the

00:36:25
product lines that Microsoft security now had in one team, so

00:36:27
endpoint was one I meant that but there was also identity and

00:36:32
compliance and data protection, et cetera, and cloud protection,

00:36:35
and my role was to look across all of these different markets,

00:36:40
different products, and lead product strategy, which is the

00:36:43
horizontal one, and also try innovation and understand what

00:36:47
is the growth framework of Microsoft, what are the new

00:36:50
markets we think are interesting , what are the things in which

00:36:55
we have gaps and we need to complete.

00:36:57
And that was kind of moving from the trenches to the

00:37:03
headquarter and looking and bird's eye view across

00:37:08
everything that Microsoft did in security, which is almost

00:37:11
everything that exists in security.

00:37:13
So that was again another unique experience.

00:37:17
That was my last role in Microsoft and actually brought

00:37:22
me back into the trenches, into a new domain in application

00:37:26
security, which is what I'm doing now in the period.

00:37:31
Speaker 1: Yeah, it's fascinating how Microsoft has

00:37:35
turned themselves into a one-stop shop for almost

00:37:40
everything tech, everything that you could imagine with tech,

00:37:44
everything that you'd want to do .

00:37:45
They're basically a one-stop shop and it's just.

00:37:50
It's challenging, right, it has its own native challenges, but

00:37:56
it's extremely beneficial for a lot of companies out there and

00:37:59
that's why a lot of companies go all in on Microsoft.

00:38:02
So can we talk a bit about what you're doing at Appuro, what

00:38:09
the company specializes in and what you're specialized in

00:38:13
within the company?

00:38:14
Speaker 2: Yeah, gladly so I'll actually connect it really

00:38:18
naturally to my last hearing in Microsoft.

00:38:23
As I said.

00:38:24
So, first of all, I am in the peer-a-peer is in domain of

00:38:28
application security.

00:38:28
We are building a cloud application security platform

00:38:33
that help customers to build and deliver secure code, and I

00:38:41
joined the company in.

00:38:42
It's a three-year-old company, so I joined it not at the

00:38:46
beginning, but it's really relatively a young company as a

00:38:50
chief product officer and, as you can see, it's like now

00:38:57
understanding the story of my life.

00:39:00
I really from walking in a big company building a Cubation, and

00:39:04
now I be modest, but also succeeding in building a very,

00:39:08
very huge business and then having an overarching look

00:39:11
across even wider business of around like $20 billion business

00:39:15
, which is the security business of Microsoft, like they

00:39:18
publicly said that.

00:39:19
Coming back to the trenches, to a small team, to doing stuff

00:39:25
with hands and from the beginning, and I couldn't be

00:39:29
more happier on that and the reason I joined, though there

00:39:33
are two different kind of forces that brought me into the role,

00:39:41
so I'll share them and then talk a little bit about what we are

00:39:45
doing.

00:39:45
So one thing is the domain in which a bureau is walking, and I

00:39:51
think it has an opportunity to be really impactful, which is

00:39:58
the problem statement, which is helping customers, helping

00:40:01
businesses that are writing code which is basically every

00:40:04
business in the world today to deliver, to build and deliver

00:40:11
code that is secure from the beginning.

00:40:14
I have, as I said, multiple years of experience in, from

00:40:19
both sides, defend their attacker in security and for

00:40:26
eight years, like my role in Microsoft, we ran after

00:40:30
attackers that actually manipulated vulnerabilities and

00:40:33
bugs and issues that existed in software.

00:40:36
If you think about that, it's kind of like we were the doctor

00:40:41
that when there was a disease, we tried to identify the disease

00:40:45
and make you healthier.

00:40:46
But we fixed it okay, we evacuated the attacker and

00:40:51
everything was safe.

00:40:52
And then a week, after a month, after a year, after the

00:40:54
attacker came back in a different way.

00:40:56
So you are again going to the doctor and again you are going

00:40:59
to the doctor and you can ask yourself if, if you're a doctor

00:41:03
that every time fixes a disease and then the disease comes back,

00:41:06
are you a good doctor?

00:41:07
And that was kind of a philosophy.

00:41:10
That's really the philosophical problem with detection and

00:41:12
response.

00:41:13
You're always reacting to the attacker and you can be very

00:41:16
good, but then the attacker will come back and continue this

00:41:22
analogy if you do your exercise and eat well and don't eat a lot

00:41:29
of carbs, etc.

00:41:30
The chances you will go to the doctor are actually reducing,

00:41:35
and application security is all about that.

00:41:37
It's being able to creating code from the day one that is

00:41:45
harder for a attacker to manipulate.

00:41:47
And if you do that, the job of the detection and response,

00:41:50
which is reactive after the effect, is actually becoming

00:41:54
much more redundant.

00:41:54
So really the important thing is living good health and not

00:42:00
finding diseases quickly, and that's actually again, I'm a

00:42:04
little bit philosophical, but one of the things that was

00:42:06
really important for me.

00:42:07
When I had the opportunity to look over the overarching thing

00:42:12
that are happening in security, I said I want to go back to the

00:42:15
root problem, shift left, but really shift left to solving the

00:42:21
problem that hopefully are, if are, most cost-effective to be

00:42:26
solved and if they are solved, all the rest of the problems of

00:42:29
detection and response of attackers are being much easier.

00:42:32
So in application security I saw exactly this opportunity.

00:42:37
But also I saw a big problem that is getting bigger because

00:42:46
every company is writing code, but also getting deeper because

00:42:51
the way that we write code is also different.

00:42:53
It's not now again the sequential let's plan

00:42:57
application, develop it, test it , deliver one year after.

00:43:01
But actually some of our customers today are delivering

00:43:06
code to production hundreds of times or thousands of time a day

00:43:10
and they are doing that by tens of thousands of engineers.

00:43:13
That's what they are doing.

00:43:14
So actually understanding your code because it's changing so

00:43:20
much and so often in so many ways.

00:43:22
And now comes co-pilot or an LLM like ChagGPT type of

00:43:28
technology that are writing code autonomously.

00:43:30
So actually the surface area is changing so much and going and

00:43:34
becoming so complicated that the problem so it's coming back,

00:43:39
it's a big problem and it's important problem and it's

00:43:42
changing and getting bigger every time.

00:43:45
And I thought that I have both passion to help solve this

00:43:50
problem and also have good ideas on how to approach it, similar

00:43:54
to the pitch that I had when we started the defender as an EDR.

00:43:59
I thought that we can do things as an industry fundamentally

00:44:03
different and that if we do that , we'll be the really big

00:44:07
company and really impactful business.

00:44:10
And this is why I decided that I want to dive in again from the

00:44:14
headquarters to the trenches and try to do something big

00:44:18
again in the area of application security.

00:44:21
So that was motivation number one.

00:44:23
Motivation number two I wanted to do that in the real world,

00:44:28
like Microsoft is an amazing place only good things.

00:44:31
Maybe I'll come back in the future, but it is a big company

00:44:37
and the big company moves slower and also a more vaccine to

00:44:42
mistakes.

00:44:43
If you do mistakes, you have more chances to fix them, by

00:44:46
definition, because the company has more resources and more time

00:44:51
and more trust with customers.

00:44:52
And something that I wanted, a personal experience that I

00:44:58
wanted to have in my life, is building a big business,

00:45:02
hopefully successful, but from the beginning, in a smaller team

00:45:09
, much more, with less moving faster but also with less places

00:45:14
to do mistakes.

00:45:15
And this is why I said that I actually want to join a younger

00:45:21
company in the domain of application security.

00:45:23
And then it came up here A peer I know for a long time.

00:45:29
I know the he done, the co-founder and the CEO, dan

00:45:33
Plotnik, was actually a peer of mine in Microsoft, where he

00:45:37
managed the identity team security team and I managed the

00:45:40
endpoint security team.

00:45:42
So we had a lot of time together .

00:45:44
We built trust and love.

00:45:46
So I knew a peer and what they did and the approach that they

00:45:51
are taking to application security and I thought it is an

00:45:56
amazing combination for me to join a great team with a vision

00:46:00
that was very much aligned to how I think application security

00:46:03
should look radically different and with a team that I trust

00:46:07
and a team and the company and a set of investors that think big

00:46:15
, that think that, then that we need to build a huge and can

00:46:19
build a huge business, not only solve a small problem and this

00:46:22
is the type of thing that was really very important for me in

00:46:25
Microsoft and now that we are replicating, solve something

00:46:28
that is significant.

00:46:29
So the combination of the domain, my passion, personal

00:46:34
passion and my appreciation to the specific company to appeal,

00:46:38
made me join around six months ago as a chief product officer

00:46:45
to a done and you know, done and the other people in the peer,

00:46:53
and since then I'm in heaven.

00:46:58
Speaker 1: So, you know, I think one of the common

00:47:05
misconceptions within cloud security, right, it's probably

00:47:10
that a CSPM, a cloud security posture management solution,

00:47:17
covers your applications in the cloud, that it provides, you

00:47:22
know, the expected level of insight into the application,

00:47:26
into the code base, into the pipeline, right.

00:47:28
But that's not the case.

00:47:30
You know, I'll tell you right now, right, I have a CSPM, I

00:47:37
have one CSPM that looks at the cloud, and then I have like five

00:47:40
different technologies that look at applications.

00:47:42
It is, it's, you know, it's frustrating for me as a security

00:47:49
person because I want as few places to go as possible to

00:47:53
manage the security of my environment, not even from a,

00:47:57
you know, single pane of glass.

00:47:58
That was kind of, you know, that terminology has kind of

00:48:01
been burnt down and buried, right, because it was just so

00:48:05
overused.

00:48:05
But you want as few places to go as possible so that you can

00:48:10
make an intelligent decision about your environment, of what

00:48:13
you should be doing to better secure it.

00:48:16
And I'm wondering, you know, a part of application security, as

00:48:20
we've seen with SolarWinds, is the supply chain security.

00:48:24
And that is a huge, gigantic headache that everyone in

00:48:31
application security and cloud security overall has, because

00:48:36
now it kind of reshaped how everyone is thinking about.

00:48:39
You know security overall, right, it's like, oh well, we

00:48:44
need to start looking at everything that makes up this

00:48:48
application, everything that makes up this environment.

00:48:51
Because what if you know, this random vendor is breached that

00:48:55
we use for this one thing, and now they're manipulating it in a

00:48:59
different way that we didn't expect right, and so does your

00:49:04
application.

00:49:04
Security posture management solution also cover supply chain

00:49:09
attacks and supply chain security.

00:49:13
Speaker 2: Yes.

00:49:13
The short answer is yes.

00:49:15
I think there is, like the you said, multiple things.

00:49:19
I'll start with the CSPM and the SPM per minute, like cloud

00:49:23
security, posture management and application security, post

00:49:26
management Thanks for gardeners for inventing these acronyms,

00:49:29
but really they are capturing being and young, I think of

00:49:32
protecting modern applications.

00:49:34
Like you need to protect the house and how it is being built.

00:49:38
That's the analogy of the cloud infrastructure.

00:49:41
You need to make sure that you have protected VMs and protected

00:49:46
the buckets and connected the right way and there is a network

00:49:50
that is connected the right way and configured the right way.

00:49:55
And but also you need to protect the people with that are

00:49:58
in the house, which is in this analogy.

00:50:01
That application itself and the application itself, as I said,

00:50:03
is built from thousands of different modules that are

00:50:07
changing thousands of time a day by thousands of people, which

00:50:11
are the engineers, and then you can't protect only the envelope

00:50:17
and being agnostic to the content that is running there.

00:50:19
And therefore I'm not inventing anything in the sense that

00:50:25
there is investment that you need to make in cloud security,

00:50:29
infrastructure security, and there are investment that you

00:50:32
need to make in actually the content of your application,

00:50:36
application security, testing and now a SPM.

00:50:40
So first of all they are as I said, they are kind of you can't

00:50:43
do the one or the one is complementary to the others.

00:50:47
And also you see that in the personas that we are serving in,

00:50:50
big organizations are sometimes that CSPM is usually going into

00:50:56
the cloud infrastructure type of teams and the SPM is going

00:51:00
into the application security that they're working closer

00:51:03
she's left closer with engineering and trying to

00:51:05
identify.

00:51:06
I would say that's another important thing about the SPM.

00:51:09
The key thing there is not only identify risks after the fact

00:51:14
that, making everything that you can do in order to stop them

00:51:18
from ever happening again oh, some filter for happening at the

00:51:21
beginning.

00:51:21
So actually putting gardeners and SPM is a lot about, in my

00:51:25
view, prevention and not only about detection, prioritization

00:51:30
and remediation, and that's a really.

00:51:32
I think that's part of what a lot of our SPM competitors or

00:51:37
friends are missing.

00:51:38
It's not only yet another system to collect logs and

00:51:41
collect alerts and show them in one queue, but it's actually to

00:51:44
manage the technology and the process that stops them from

00:51:48
ever happening again, and that's that's the tough thing.

00:51:52
Another thing I would say when you say protecting the

00:51:54
application 10 years ago, five years ago, three years ago, it

00:52:00
meant protecting the application code.

00:52:02
You had tools like SAST that search for SQL injection in the

00:52:06
code and you had tools like SCA that search for vulnerable open

00:52:11
source dependencies, and you had the tools that you have still

00:52:15
tools that are looking for secrets in code, et cetera, et

00:52:17
cetera.

00:52:18
But modern application, as we said earlier, is much more than

00:52:22
the code that is being developed .

00:52:25
It's actually all of the supply chain of how it was developed,

00:52:28
so to your point of solar range and open source dependencies,

00:52:33
but also it's also the way that it was deployed to the built and

00:52:38
deployed into production.

00:52:40
So even if you have a code without SQL injection at all and

00:52:47
no vulnerabilities but this was code, was built via a pipeline

00:52:51
that had the vulnerable Jenkins plugin the code is as vulnerable

00:52:55
as a code that has SQL injection.

00:52:58
And even if your code, like delivery to the cloud, is a

00:53:02
cloud, is a code element, so it's based on infrastructure of

00:53:05
SQL.

00:53:06
So even if your application code has no vulnerabilities but

00:53:10
your deployment to the cloud, terraform et cetera,

00:53:14
infrastructure as code actually is doing that in the right, like

00:53:17
deploying it to a public server , then you still, then your

00:53:20
application is as vulnerable as you had SQL injection and even

00:53:25
if the code that you wrote is actually amazing and has no

00:53:28
vulnerability, but you used a vulnerable, not even a

00:53:31
vulnerable package, use a malware, like a package that has

00:53:34
no CVE but is doing really bad things, then your application is

00:53:38
still not secure.

00:53:40
So, really modern application security must, must, must.

00:53:45
Look from, I would say, even design, like, even the, I'd say

00:53:49
like the even your application has no vulnerabilities, no SQL

00:53:52
injection and not open source, but it is designed in the way

00:53:55
that there is an API that is open to the internet, as in, not

00:53:58
authenticated and give access to API information, then it's

00:54:02
not secure.

00:54:02
So the only way to actually secure modern application is

00:54:07
understand what the application needs to do in the design phase,

00:54:11
how it is being developed and changed hundreds of times,

00:54:14
thousands of times daily during the development phase, how it is

00:54:18
being built and how it is being deployed and executed.

00:54:22
And in a peer that's part of what they said like hey appear

00:54:26
is a big company in the company with a big vision.

00:54:28
That's the core to what we're saying.

00:54:30
We're saying application security is from design, threat

00:54:36
modeling, design, software architecture to code scanning of

00:54:42
code understanding, understanding vulnerabilities in

00:54:45
code, understanding code reviews, understanding changes,

00:54:48
which are code, understanding the software components that are

00:54:52
coming outside into the code through deployment, through

00:54:56
build.

00:54:56
So understanding the build pipeline and the deployment

00:55:00
pipeline, and that's kind of the core to what we are doing.

00:55:03
We call it risk graph, but the idea is that all of these things

00:55:07
are interconnected.

00:55:08
The way that your application is being built is a combination of

00:55:11
APIs and data models and the service functions and Kubernetes

00:55:15
, cluster and configurations, and only by combining all of

00:55:21
that together you can have the foundation, on top of which you

00:55:25
can say here is a vulnerability and this vulnerability is more

00:55:28
important than this vulnerability, and answer really

00:55:30
the question that all of the answers customers want us to

00:55:33
answer, which is I have one hour out of the 100

00:55:38
vulnerabilities that appearing in my Qs.

00:55:40
From the five tools that I have , what are the three that I

00:55:44
really need to solve?

00:55:46
That has the biggest likelihood to happen, or the highest

00:55:50
impact, if they happen, or the most cost effective for me to

00:55:53
fix, if I actually now put one hour into that.

00:55:56
And that's the core intellectual property of what we

00:56:00
do and manage a process on top of that, allow you to understand

00:56:05
it.

00:56:05
You are progressing, understand , communicate with your

00:56:07
developers and manage an improvement process that shows

00:56:13
that my one hour today is more effective than my one hour

00:56:18
yesterday, for example.

00:56:22
Speaker 1: Yeah, it's really fascinating.

00:56:23
It's an area of security that is growing rapidly that more and

00:56:27
more people have to pay attention to.

00:56:29
So you know, motea, you know, unfortunately we're coming to

00:56:35
the end of our time here.

00:56:36
I feel like we almost need a part two to this episode to have

00:56:40
you back on and talk about Appiero a bit more.

00:56:43
But before I let you go, how about you tell my audience you

00:56:46
know where they can find you, where they can find Appiero, and

00:56:50
what the best way to reach out would be?

00:56:59
Speaker 2: So we are in appirocom.

00:57:02
I am available, even directly through my email, and I think we

00:57:11
are.

00:57:11
I'll say like two last, maybe sentences.

00:57:16
I think application security is a market like like endpoint

00:57:20
security 10 years ago is a market that is completely being

00:57:24
changed.

00:57:25
In the coming two or three years from now it will look

00:57:27
completely different than how it is today.

00:57:29
We didn't even have the time to talk about generative and how it

00:57:33
actually affect code understanding and

00:57:35
vulnerabilities in code, but there is so much innovation that

00:57:38
is happening there and the second thing that the companies

00:57:42
that will win and succeed to create worldwide impact are the

00:57:46
ones that think about this problem holistically, and I

00:57:49
think we are one of the few companies that are actually

00:57:53
doing that, looking from design till production, and I'm happy

00:57:58
for everyone everyone, either LinkedIn or direct email to to

00:58:04
if they are sharing the passion we have a question to to reach

00:58:08
out.

00:58:08
I hope through the podcast you see the lightening in my eyes

00:58:13
and the energy of really it's an important, huge problem that,

00:58:17
like we have now a unique opportunity to solve in the

00:58:19
coming years.

00:58:20
So totally, yeah, absolutely.

00:58:25
Speaker 1: I'm really excited to see where this space goes and

00:58:27
I'm looking forward to you know bringing you back on and talk

00:58:30
about it a bit more.

00:58:31
Well, thanks everyone.

00:58:33
I really appreciate you listening and I hope you enjoyed

00:58:36
this episode.