Relationship Goals For The Enterprise & Cyber Security Startup

On Episode 95 of the Task Force 7 Radio podcast, host George Rettas spoke with enterprise cyber security veteran David Raviv who currently serves as director of sales threat intelligence for LookingGlass Cyber Solutions and is the founder of the New York Enterprise Information Security Meetup group. David started his career in the Israeli Air Force as an unmanned vehicle pilot and was an early employee of the Herjavec Group. He has also held cyber roles at Proofpoint, Code Green Networks, and Fishnet Security.

In part two of this Task Force 7 Radio podcast recap, this week’s guest David Raviv shared a few cyber security career lessons, discussed the challenges of cyber security startups, and offered insight into the changing enterprise cyber landscape.

Host George Rettas wondered if David Raviv had some career lessons to share with the audience. David offered three areas from his personal experience in cyber security:

• Cutting through the noise: Cyber security is a very noisy market. There are thousands of vendors in the space. What do you bring that is unique and valuable to it?
• Personal credibility is everything in the cyber security space. You're going to manage your personal brand, but also your credibility brand, which includes who you are and what you contribute to the space.
• Reaching the decision makers: Build that personal network of cyber security professionals and advisors that you can reach out to, get some advice, and potentially a referral to different companies.

“It's all about tenacity,” said Raviv. “What drives you to continue getting up every morning and be rejected over and over again? The cyber security space, especially for the startup community, is just not that easy.”

Beating The Odds

Early in the program, David said that the odds of success for a startup in cyber security are against them. Rettas asked his guest to describe these challenges knowing that the competition is huge. “The reason why a lot of companies don't succeed is they're not serious about it. A company that receives $15-20 million and first thing buys a massage chair and ping-pong table for the office isn’t serious about being successful.”

A lot of startups also get stretched out in terms of what they are trying to deliver, said Raviv. “You must focus on one area or gap in the cyber security space and then under-promise and over-deliver. If you're passionate about it, you have to be like Valdez and burn the ships down. This is the point of the book Startup Nation about failing fast and having to pivot.” If you can't get to a minimal viable product (MVP) and get a couple of customers to pay for a pilot program within the first six to nine months, drop it and move on to something else, recommends David Raviv.

See Related: Investments Grow As Cyber Security Demands Spike

The discovery and pursuit of a relationship between enterprise organizations and startups has not always been a straightforward engagement, noted Rettas. Large enterprise has traditionally been quite cumbersome for startups to navigate, especially involving sourcing, purchasing, and supply chain management. Raviv highlighted a couple of different ways that enterprises are embracing innovation from startups:

• Innovation Center Development: Some budget is set aside to invest in companies through incubators that they sponsor or through sponsor competitions by providing some seed money and funding for these entrepreneurs.
• Startup Partnership: They potentially can partner with these companies, but that approach has always been a challenge. The enterprise must make sure that when engaging a startup it doesn’t crush them with demands or a contract that cannot be fulfilled.

Building A Successful Cyber Security Startup Team

Beyond technical innovation, selling into a crowded enterprise marketplace requires some unique skills. Rettas queried Raviv about the biggest sales hurdles in cyber security and advice for increasing one’s chances of thriving. “Sales is all about reputation. Make sure that your reputation goes beyond your existing role. Robert Herjavec used to say that the closest you can get to a person without sleeping with them is to sell them something.”

You have to continuously learn and continuously improve your skillset, said Raviv. “Cyber security professionals can detect a fake from inception. Building trust takes a long time and breaking it is almost instant.”

See Related: Keeping The Line Of Trust Between Humans And Tech

Broadening the topic to discovering and retaining the right team for a cyber security startup, Rettas asked about the process that Raviv has observed work best. “Every stage of a startup requires a different skill set and types of individuals. For me, it's all about passion, having the skillset to know what to do in the unstructured environment of a startup in cyber security. You have to be self driven.”

We have all heard the saying that there is no “I” in team. Raviv noted the importance of team fit, “to make sure that these folks are a good fit for you. If you get stuck at the airport with that person for a long layover, are you going to enjoy it?”

Three Cyber Security Market Insights

Moving on to the evolution of security in the last few years, Rettas wondered how this has affected the industry and the decisions that people are making relative to cyber security investments and the startup community. David Raviv offered three insights about change in the cyber security market:

• Cyber security automation and the ability to do more with less. Automation removes the requirement to have high-skilled individuals dealing with the security issues. Automation adds value in several areas of cyber security from endpoint protection, network security, Internet of Things (IoT), etc. If you can solve the problems with little pains or allow a small number of individuals to deal with a large number of incidents, you will continuously mature and continue to rise.
• Changes in data privacy regulations. GDPR is starting to be enforced in Europe. Stateside, California’s data privacy act is coming to fruition. Navigating and complying with data privacy regulations will bode well for these startups tailored to this market.
• Invisible invaders and other stealth-like enterprise tactics. The phrase “Invisible Invaders” refers to the threat actors being stealthy and global in nature. Enterprises will gradually adopt stealth tactics of their own, including deception, invisible threat mitigation, and applications such as real-time packet manipulation. For example, you're going to ping a firewall from the outside and the server will respond that everything’s been patched, even though the server is using packet manipulation as part of the defense mechanism.

If you didn’t get a chance to read Part 1 of the Task Force 7 Radio podcast Episode 95 recap, you missed the discussion about the success of the NY Enterprise InfoSec Meetup group and what value it provides the local New York InfoSec community. In addition, the guest provided recommendations to those looking to get into the cyber security arena and discussed the challenges for operational cyber security jobs in the metropolitan New York area.