← CyberWire Daily![Natali Tshuva: Impacting critical industries. [CEO] [Career Notes] — CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F6759de26-2212-11f0-86a6-079b2919143e%2Fimage%2F910aaf148c5fdf3b9f89208a91f19df4.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1920&q=75)
Loading summary
Transcript3 lines
- [00:02]
A
You're listening to the Cyberwire Network powered by N2K. Bad actors don't break in, they log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing, your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com.
- [00:50]
B
My name is Natalie Chuva and I'm Stenum CEO and co founder. I always knew I wanted to do something which is either related to science or medical. I wanted to become a doctor. But at 14 I started my undergraduate degree in computer science and this was the first time I got to understand how things work behind the scene. Whether it's the games I like to play or building software that can actually improve human lives. There was a special program for talented kids in my city and in my area in Israel. I figured this will probably be an interesting thing to do and to learn something new, which I always love doing. It was a new world for me, including advanced math and algorithms and software development. And from that point on it was very clear to me that I wanted to complete this challenge. So like many people in Israel, this was time for idf for the army. I was trained to go to unit 800, which is the Israeli Intelligence Unit. A lot of cybersecurity experts in Israel go through this training which involves vulnerability research and exploitation. Also not a lot of girls attending this training course. Unfortunately. Following that I joined different companies in the Israeli cybersecurity space like Cellebrite, an expert in extracting encrypted and deleted information to help law enforcement units put pedophiles in jail, stop human trafficking. For me it was how cybersecurity could actually create impact in the real world environment. At the age of 25 I finished my Master's in computer science and if you remember, I mentioned wanting to become a doctor at age 25. That was the last point in time where I could make that decision. So I actually took some time for self searching. I went to operating rooms, discussed with professors about a combination of math and medical research. This is where I found out about therapeutic medical devices, remote care devices that improves patients lives and even can give better treatments that could save lives is where I realized how those devices are lacking the proper cybersecurity controls to enable this connectivity, to enable these smart solutions. And this was the first initial passion to combine my cybersecurity expertise with the passion to impact Critical industries like the medical industry and following that, also critical infrastructures, smart cities, railways, power grids, which are the industries that Sternum is focused at the moment. There are a few key aspects in the way we do things. First is transparency and truthfulness. The second one is in unit 8200 there is a saying that nothing is impossible. I think that the understanding of that meaning and the fact that we approach the most impossible challenges with the idea that we can actually make a solution possible is also what motivates us to get out of the box and create innovative solutions. I think the challenges I'm facing, obviously some of them relates to my gender, but honestly most of them probably relates to my job as a CEO. Coming from a technological background, I needed to get a grasp of my business understandings. If you're just getting started, my best advice would be to actually get hands on the fact that I went through the path of actually reverse engineering. Reading binary code, actually finding vulnerabilities myself, building exploitations myself, got me a real understanding of how cybersecurity exploitations look like. Don't stay high level. Give yourself the time to dive deep. Give yourself the time to be truly hands on, to understand the things from bottom up and then you'll have the understanding also for product innovation and for new technologies. For me, when I get up in the morning, I understand the tremendous and countless opportunities that we have as a company to make sure that this entire connected environment is safe from threat actors. I think each and every one of us can make the world a better place. The key here is to try to think what are the unique characteristics that you have as an individual that you can do even better than others through understanding this unique strength that you have and where you can actually impact the world to be a better place? For me, this is the most satisfying thing we can do and aspire to.
- [07:12]
A
What's the common denominator in security incidents, escalations and lateral movement? When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by Spectrops. Head to Spectrops IO today to learn more. Spectorops. See your attack paths the way adversaries do.