Avi Shua: Try to do things by yourself. [CEO] [Career Notes] - CyberWire Daily

Summary

CyberWire Daily – Episode Summary: Avi Shua: Try to Do Things by Yourself

Release Date: February 9, 2025

Introduction

In this episode of CyberWire Daily, hosted by N2K Networks, the spotlight is on Avi Shua, CEO and Co-founder of Orca Security. Avi delves into his personal journey in cybersecurity, the evolution of security solutions, and the philosophy driving Orca Security's innovative approaches in the industry.

Avi Shua’s Journey into Cybersecurity

Avi Shua begins by sharing his early fascination with cybersecurity, ignited at the age of 13. He recounts his high school experience, where he actively sought ways to navigate and potentially breach the school’s network. This early intrigue set the foundation for his career trajectory.

Avi Shua [01:31]: "Excited about cybersecurity since I was 13 years old... it was clear to me that I'm going to get into cybersecurity since then."

His commitment deepened when he joined the Israeli army's elite intelligence Unit 8200 at 18, where he not only received advanced cyber training but also transitioned into a teaching role, mentoring the next generation of cybersecurity experts.

Avi Shua [01:45]: "I became the teacher of one of the courses... it all started that way."

Building Expertise at Check Point

After his military service, Avi spent over a decade at Check Point, a leading cybersecurity company. He progressed from a team leader to a group manager, eventually spearheading the development of Check Point's sandboxing solutions. His tenure culminated in a role as Chief Technologist, where he focused on identifying and fortifying choke points in cybersecurity.

Avi Shua [03:30]: "Security is all about choke points... the only way to do something which is so radically different is by starting a company."

Avi emphasizes the traditional choke points in cybersecurity: the network and the cloud. While network security often relies on physical devices to monitor traffic, cloud security requires a fundamentally different approach due to its dynamic and scalable nature.

Founding Orca Security

Recognizing the limitations of existing solutions, Avi founded Orca Security to address cloud security from a novel perspective. He critiques conventional security products for being theoretically sound but practically cumbersome, often resulting in low deployment rates and inadequate protection.

Avi Shua [05:20]: "There is so much time in cybersecurity when companies build solutions that look good on paper but are not consumable... attackers can always go to the areas that are not deployed."

Orca Security's mission is to simplify security management and reduce friction within organizations. By making security tools more user-friendly and easier to deploy, Orca ensures comprehensive coverage, thereby minimizing potential attack vectors.

Leadership Philosophy and Organizational Growth

As a leader, Avi outlines his dual focus: executing the company's vision and ensuring that all operational aspects are uniquely managed within Orca. He believes in fostering an environment where employees are empowered to solve problems independently, fostering innovation and personal growth.

Avi Shua [06:45]: "If you're just getting started, you need to be excited by that. It's not something you do if you don't love it... Take the time and do things for yourself."

Avi advocates for a hands-on approach, encouraging team members to understand the intricacies of vulnerabilities and limitations. This philosophy not only enhances individual expertise but also contributes to the creation of robust and effective security solutions.

Addressing Real-World Security Challenges

A central theme in Avi's discussion is the importance of practicality in cybersecurity solutions. He critiques the industry's tendency to prioritize theoretical robustness over real-world applicability, leading to security products that are underutilized in actual deployment scenarios.

Avi Shua [06:10]: "We are reducing friction in the organization... they can do their job and become real security practitioners."

Orca Security focuses on developing tools that integrate seamlessly into existing infrastructures, ensuring high adoption rates and effective threat mitigation. By eliminating unnecessary complexities, Orca empowers security teams to concentrate on proactive defense measures rather than grappling with cumbersome technologies.

Conclusion

Avi Shua's insights provide a compelling look into the evolution of cybersecurity from both a technical and leadership perspective. His emphasis on self-reliance, practical solutions, and reducing operational friction underscores Orca Security's commitment to advancing the cybersecurity landscape. For professionals and enthusiasts alike, Avi's journey and philosophies offer valuable lessons in innovation and effective security management.

Notable Quotes:

Avi Shua [01:31]: "I knew it's retroactively looking at it. It was a high school network, it's not secure by definition, but it was still something that excited me..."
Avi Shua [03:30]: "Security is all about choke points... the only way to do something which is so radically different is by starting a company."
Avi Shua [06:10]: "We are reducing friction in the organization... they can do their job and become real security practitioners."
Avi Shua [06:45]: "If you're just getting started, you need to be excited by that. It's not something you do if you don't love it..."

This summary encapsulates Avi Shua's comprehensive discussion on cybersecurity, his professional journey, and the innovative strategies employed by Orca Security to address contemporary security challenges.

Transcript

A (0:02)

You're listening to the Cyberwire network, powered by N2K.

B (0:11)

And now a message from our sponsor. Zscaler, the leader in cloud security enterprises have spent billions of dollars on firewalls and VPNs. Yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Zscaler Zero Trust plus AI stops attackers by hiding your attack surface making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network. Continuously verifying every request based on identity and context. Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@zscaler.com Security.

C (1:31)

My name is Avishua and I'm the CEO and co founder of Orca Security Infectos. Excited about cyber security since I was 13 years old. As a teenager we had a network in my high school and I was looking about way that you can get around it. It was clear to me that I'm going to get into cybersecurity since then when I became 18 years old to join the Israeli army, the intelligence to Unit 8200 and go to a cyber training course which I also later on became the teacher of one of the course and it all started that way. In fact we had in our high school a team that was both instructors and students that were excited about computers that could help set the network, help with maintaining the IT environment. I was even hired for a few months during the summer break and it was in fact a really great opportunity to get students who are excited about something to do something valuable with the time help setting things. And I was always attracted to how you can make it more secure. I knew it's retroactively looking at it. It was a high school network, it's not secure by definition, but it was still something that excited me to see what are the different trade offs, what it means to set it in a certain way, how it can be attacked via different means, etc. I joined a cyber training course which is very unique compared to a lot of training experiences that the training is not all about what you know about learning stuff, but about learning how to Progress and improve and solve things. It's very rare that we are told there is a problem, you should simply solve it by yourself. Not by looking on how other people do that, but solve it by yourself. And while you do that to make sure that your progress without comparing yourself to others, it really challenges you to get the most that you can. So I started and moved to Checkpoint. I've been there for more than a decade. Started as a team leader, later on became a group manager. Started the sandboxing solution of check point. The last four years I was the chief technologist. Security is all about choke points. And traditionally when you look at computers, there's been two choke points. The network, you know, it's not the ideal. There's encryption, you can't see everything, but if you put a device between your physical network and the Internet, you'll see it all. So it's a great choke point. There is a different choke point which is the cloud itself. And they thought that it's needed to be looked at from a completely different view. And the only way to do something which is so radically indifferent is by starting a company and not trying to do it within companies that are many times more focused on the way that on the history and the capabilities that exist till that time. As a manager, my job it have two acts. One is to lead to make sure that we're executing to the vision, but on the other end to do everything that there is no other owner in the organization. And at the same time we need to build it to make sure that it will grow and execute the vision that we created for orca. The favorite part is to solve actual organization problems. There is so much times in cybersecurity when companies build solutions that looks good on paper but are not consumable, that requires tons of friction, require tons of deployment and in lab it's nice. But they are deployed on 30, 40 or 50% of the environment. It's not really helpful because the attacker can always go to the areas that are not deployed. And theoretically the vendor is okay, but the customer is not secured and can be breached. The one thing that I love about what we do is that we are reducing friction in the organization. And it simply helps people to do their jobs instead of becoming of being plumbers, connecting things, trying to install how to deploy tools. They can do their job and become real security into a security practitioner. If you're just getting started, you need to be excited by that. It's not something that don't do it if you don't love it. Because you won't succeed. I think it's true about every profession, but you really need to love that. But second, take the time and do things for yourself. You must understand how things are actually working. You must understand what is a vulnerability, what are the limitations. You can't just go and jump over that without understanding the basic you'll be always have limitation to capabilities in that. So try to do things by yourself and then everything will be clearer. You'll understand what's important, what's less if you take this time. This is the thing that makes me wake up every morning to make sure that we are creating products that are valuable and fun for people to use. Foreign.