We ‘Go Phishing’ with Avishai Wool, CTO and Co-Founder of AlgoSec, about life inside and outside the office.
What would you describe as your most memorable achievement in the cybersecurity industry?
A long time ago, I was confronted with the realisation that InfoSec professionals were overwhelmed with the configuration of the equipment they needed to manage and maintain. The tools weren’t there to help them. It was a defining moment for me when I spoke to a network administrator at a telco.
I held him out to be an expert. I showed him a prototype of the network management and security product I was working on, looking for him to suggest to me what he needed from the product that it wasn’t delivering. He surprised me when he said that he loved my software because he didn’t have any tools such as this.
That was a game-changing moment for me and I have dedicated my professional life to delivering such tools and education ever since.
What first made you think of a career in cybersecurity?
When I realised that there are serious gaps in what people knew concerning management of enterprise network and what they could do themselves and how computers and software could make their lives so much easier and full of accomplishment.
What style of management philosophy do you employ in your current position?
I see my position as an advisory/review type of role. I try to challenge my team (and company) by asking them pointed questions and forcing them to think about the answers.
What do you think is the current hot cybersecurity talking point?
Challenges of cloud computing are the big thing that the industry is coming to terms with now. It brings back many of the old questions in a new incarnation. Things that we took for granted for years are once again open for review.
For example, not too long ago, securing storage was mostly a non-issue since storage was connected to computers in the data centre. Now, storage stands alone in the cloud and needs its own protection against hacking and misuse.
The cloud itself causes us to re-think.
Not owning the network infrastructure means that some of the old filtering capabilities are no longer available. We have new filtering capabilities from the cloud fabric and they necessitate re-thinking how we manage in cloud estates.
How do you deal with stress and unwind outside the office?
I am a family man. I read a lot of books like crime novels but not necessarily cybercrime.
If you could go back and change one career decision what would it be?
I like my career choices. I love this field. I love my company. Everything has been and continues to be a learning experience. Once, I was too young to realise that a start-up I was involved in had no commercial viability. I stayed on too long. However, I met my wife there, so no regrets.
What do you currently identify as the major areas of investment in the cybersecurity industry?
Migrating into the cloud, for sure, is major. And incident response – what Gartner calls react and respond. The industry has come to the realisation that cyber-events are not entirely preventable – they are going to continue to happen, so we are moving investment toward how to deal with them.
Are there any differences in the way cybersecurity challenges need to be tackled in the different regions? Middle East, Africa, Europe, Americas.)
Cyberthreats and cybercrime are a global phenomenon and they transcend regional approaches. Last year, there were some major events on the international SWIFT network that resulted in the theft of money from bank accounts in Bangladesh. But SWIFT is virtually everywhere and affects millions upon millions of people around the world. Cyberattackers do not seem to care much about national or regional borders and all regions suffer from a shortage of trained personnel.
However, I would say that in some regions, cybersecurity is not at the same level of focus as in the G20 countries. In some areas of the world, the law hasn’t caught up with cybercrime and data security requirements. For example, in the US you have HIPAA and SOX and, in Europe, the new GDPR regulation. These types of security laws and regulations do not have equivalents in less developed areas.
What changes to your job role have you seen in the last year and how do you see these developing in the next 12 months?
I constantly must deal with changes in technologies that our customers use. Other challenges emanate from the fact that our customers are growing larger and have bigger demands and higher expectations. I see this trend continuing.
What advice would you offer somebody aspiring to obtain a C-level position in the security industry?
You are in an excellent business segment with great growth opportunities. You must like learning new technologies very rapidly because things are changing so fast now – faster, in fact, than we have ever seen.
If you want to be a c-level exec in the security industry, you must enjoy change replete with challenging – sometimes pressure-packed – situations. You certainly aren’t seeking a relaxed career.