The Challenge
Product

Platform

Non-Human Identity Security

Agentic AI Security

Secrets Security

Capabilities

Discovery & Inventory

Discover AI agents, NHIs, and secrets across your environment

Classification

Add context to all identities with ownership, permissions, and lineage

Posture Management

Identify and prioritize risks & exposures, and right-size excessive access

NHIDR™

Detect and fix real-time threats and abuse of AI agents and NHIs

Zero Trust, PAM & JIT

Enforce least-privilege access across clouds, agents, and vaults

Lifecycle Management

Manage your identities from creation to rotation and retirement

Integrations
Verticals

Financial Services

Healthcare

Travel

SaaS and Technology

Retail

Entertainment
Use cases

Governance and Administration

SOC Automation

Compliance, Posture, and Reporting

Securing Public Cloud and SaaS

Secure the Private Cloud

Mergers & Acquisitions
Customers
Company

About us

Partners

Careers

Contact
Knowledge center

Blog

Videos

Resources

News

Events

Home » Knowledge center » Videos

CEO Wisdom Podcast

January 22, 2024

Transcript

00:00:01
welcome to another CEO wisdom pod with EK alvas he’s co-founder and Co at Andro security this pod is brought to by my podcasting company if you want to start and monetize a podcast the company is called ppar.com we use unconventional strategies such as cold Outreach to fill your calendar with podcast interviews that you can convert into leads and clients so ppar.com for now ISAC welcome to the Pod tell me a bit more about yourself and about anro yeah he CH thank thanks um thanks for having me I’m I’m alvas I’m the

00:00:34
co-founder and CEO of Cal security um I’ve been in the Cyber industry for the past um 18 years now I’ve started as the IDF the Israel Defense Force um I was on the offensive side of cyber security over there but then after the Army I’ve been working on several positions mainly in the defensive side uh so prior of security I was in charge for the internal security of Microsoft Defender for aure um and then power of that I was a ciso a chief information security officer of an Healthcare Company um so

00:01:15
yeah that’s that’s me and security is a Secrets a security company so we protect programmatic renals for security teams very cool uh tell us about the offensive side of things and while not entering the details but yet like telling us a bit more about that part of your life sure yeah so when I joined the Israeli Defense Force I joined one of the intelligence units over there um and we used to leverage um among other stuff we used to leverage Secrets which are again programmatic access keys that

00:01:57
applications are using um to authenticate access resources uh and basically we would prepared back doors and uh zero um nation state attacks for the dday when the government would decide to operate them how um what skills did you developed um when doing that and how did that change your worldview to have access to so much information and the knowledge that you know States would literally attack one another not physically as much nowadays but more um cyber attacking one another yeah that’s uh that was actually

00:02:49
an eyeopener um for me I I always liked computers you know back when I was a child but uh I was never really introduced into the Cyber or cyber security uh side of it until until the Army and I think the main lesson is that you can’t really protect anything um what you can do is Monitor stuff uh so you need to monitor your environment for abnormally behaviors um because that’s the only way I’m not saying you can really protect yourself 100% because you probably can’t but the way at least to

00:03:36
be familiar or to understand what is going on within your environment is to monitor everything for abnormal behavior so if you are monitoring your human users for abnormal behaviors and you’re monitoring your programmatic users or secrets for abnormal behaviors at least you will be able to understand if someone is exploiting um anything and how did that led to your startup and was it night and day to just work for the government vs working for yourself how did you adapt to that yeah so you know I really I really

00:04:15
haven’t quite adapted to to that um I’m I’m working a lot you probably are familiar with that as a owner of a business yourself uh but um but yeah so again we used to leverage Secrets all of the time because the main current problem with secrets are that secrets are being created by developers and they are you know the one that are responsible to creating them handling them and developers are not you know responsible to secure them so we used to leverage those those Secrets those programmatic access Keys all of the time

00:04:56
um so I knew that’s a problem again 18 years ago and then when I was a ciso I was breached using a secret and then at Microsoft we were brid twice using a secret it’s all it’s all public knowledge um so the secret security problem haven’t really you know mature a lot developers are still creating those programmatic access keys they are still scattering them around they’re not protecting them uh soever after you know exploiting secrets and using secrets to exploit other organizations and Nations

00:05:32
and after being breached few times using a secret I figured uh we should probably do something in order to protect those secrets so I joined forces with a friend of mine back from the Army Adam shrii is the co-founder and CTO and we started ental security Secrets can you define Secrets a bit more because yeah the audience might not know what you’re referring to sure so essentially secrets are programmatic access keys and by saying that I mean that every application API key for example exactly API key

00:06:07
connection strings Cloud access tokens and so forth uh certificates um and basically every application that is being developed within any organization uh needs to use other resources such as other applications or maybe databases storage accounts and so for and for those applications to access and authenticate against the infrastructure or other application since they need keys and those keys are secrets as as you mentioned connection correctly API Keys um is one example of of a secet so who do you target as your

00:06:43
target market and how does your solution help people uh protect their secrets yeah um so our target audience actually every organization with internal development as Secrets especially if they’re using the cloud because the cloud have lots of different services and each one of them requires a set of Secrets a set of credentials um so every organization with internal development especially those um that are using the cloud which is pretty much everyone right now um there are potential customers of ours we

00:07:19
mainly Target um Enterprise maybe msze Enterprises um and we usually work with the ciso or the security department within those organization how is our how our solution helps those organization so as I mentioned the main problem today is that those secrets are being created and ended by teams that are not responsible to secure them such as developers devop accessories and so forth and they scatter those Secrets around um so they can place them within VTS and vaults are basically secret storages a place in

00:07:57
which you can store your secrets the application will fetch that from that Vault and use it in order to authenticate to the uh resource they need uh but today organization have lots of different vaults they have you know AWS Secrets manager ashco Vault if you’re using GitHub you’re probably using GitHub um Secrets if you’re using kubernetes you’re using the Vault offering of kubernetes kubernetes Secrets and so forth uh so secrets are scattered within vaults and then they are being committed into to code they

00:08:25
are being sent over s or teams they’re being within Wikipedia and so forth so trying to understand as a security professional how many secrets we have and where are they that’s a big challenge today um and then if you ever seen a secret it’s a it’s a long string so even if you find one trying to get any information about it trying to understand who created that secret who’s the owner what it can access with what privileges was it replaced and rotated I mean any information about the secet is

00:08:57
a big challenge to to get get or to understand and those are the main reasons why security teams are struggling to add protection over those Secrets because they have no idea how many Secrets they have where are they and then what they can do um so what we’re doing we actually are able to scan your entire organization every solution and create a secret inventory that answers the question of how many secrets you have within your environment and where are they how many secrets are within vaults and how many secrets are exposed

00:09:29
or outside of the Vault how many secrets are committed into your code or within um config files or Cloud assets and so forth so creating a secret inventory that’s the first pillar and then for every discovered secret we are able to classify and en reach it and basically visualize the M outdate of which application is using what secret to access what service and other vital data around that secret such as who’s the owner what privileges that secret have was that ever rotated and so forth so

00:10:01
basically everything a security professional will need to know in order to understand the bless ruse of that secret or the severity um and then we also continuously monitoring those secrets for any abnormal behavior so going back to keep monitoring stuff for abnormal behaviors we’re doing that for secrets so if your secrets are being accessed from bangaladesh and you don’t have a business over there I assume you would like to be alerted about that if someone is Miss downloading secrets from your

00:10:29
vault again we will alert you for that and then we have other pillars such as Vol Smith configuration public leakage of Secrets dark web leage of Secrets over Prive secrets and and others we are anist solution for secret security for security teams interesting and how many clients do you have what do you charge yeah so um we have over a dozen customers mainly Enterprise um and then we have a few different packages and prices so we fit um according to the organization size and needs um so we have a few different uh packages

00:11:11
according again to the needs and the the organization size so a smaller company with um you know few Solutions and maybe only hundreds of Secrets uh will probably pay less but we will go with them um and and they can change the packages accordingly what are your growth goals for this year so we will uh double our size in terms of employees and R&D and also the goto marketing um so that’s for 2024 at least internally and then in terms of customer acquisition um so we’re targeting uh to

00:11:55
Triple the size of our current customer base how will you do that come again how will you do that how will we do that um so yeah we have a specific plan for that uh again of course the increase of Manpower uh in sales and marketing team uh but you know events and then other Legion uh such as um sdrs um also um inbounds and digital which we are doing a nice job over there uh so increasing the goto Market efforts basically what uh personal goal do you have as a human being to increase um your mental capacity for stronger goals

00:12:48
as a CEO and how do you manage your stress as the CEO of a cyber security company yeah that’s that’s actually a great question so so I’ve been a manager for a long time uh been a manager for the past I think 15 years maybe something like that and I think the I’m I’m a doer I’m a guy that likes to do stuff myself um and delegating is the most powerful thing you can do as a manager right uh so delegating more um trusting my team which I which I trust because I have a rockstar team um and then you

00:13:30
know again delegating more and grow myself as a Persona and my team by basically delegation how do you trust these humans do you um wait for them to have a specific track record with you is it about connection because it’s been my experience that yeah people that you think you trust can one day to the next turn sour for what whatever motive they have yeah I’m I’m a relationship kind of guy uh I trust people from the get-go until they you know do something that maybe lose uh my trust but um I I trust people

00:14:16
and and again you know building a nice relationship and understanding their needs and my needs and trying to find the middle ground I think that’s the way to go forward because if if you have differences then yeah I mean maybe it will cause some friction yeah I don’t have like a a front defenses on my side you know like I trust quite easily but in terms of humans I just stopped um hiring I’ve let go of all my teams and I outsourced pretty much everything to AI I don’t I’m not bullish on the human uh employee

00:14:56
side of things I do think people are going to view this as slavery in 100 years from now the 925 model that is hiring someone for their time uh it might be a bit extreme but what is your view on AI and how it might uh take over the world or how it might benefit Humanity as a whole in the next decade from now yeah I believe I believe AI is a great step forward for Humanity um we currently leverage AI in our platform um helps us and our customers in several different functionalities and and again you know

00:15:37
AI will will only grow so I definitely expect AI to take a larger portion in the upcoming uh in the upcoming years um and and yeah it will probably replace some of the stuff that we’re currently uh doing and it’s for the best right the Hamas Israel uh conflict what’s happening nowadays and are you trying to take part of that as someone that worked in the mil military as someone that’s Israeli and as someone that cares about their country yeah first of all it’s a it’s a crazy times most definitely you know

00:16:22
there’s a lot going on in the world um and yeah you know in our small country Israel there’s a lot of going there’s a lot going on right now as well so you know going back to the start of it October 7th um we verified everybody is all right and some of us went to a reserved military duty um most of us are within intelligence units uh so yeah we have some employees that are um doing reserved uh at at the Army and time to basically make the world a better Place uh we do have one combat soldier

00:17:02
that is currently in a tank somewhere around Gaza Strip hopefully you know hopefully stuff will get will get better quieter times that’s pretty much all I can hope for uh but yeah you know I went back to Israel when it’s when it all started I’m currently based out of Boston I went back to walk under the same sky with my team um again hopefully stuff will get come soon and as a CEO I found that the best country presidents would be like CEOs or people that orchestrated teams and solved complex

00:17:43
problems right and I can’t see a better Outlet uh than that than than business you have so many challenges and gives you the resilience gives you the IQ but also in your case EQ right you’ve managed teams for 15 years if you were the the country’s president I don’t think that your current president has a business background or maybe you can enlighten me on that but how would you fix that problem how would you solve that complex problem yeah so in terms of bamin Nan or BB I have no idea if you have any

00:18:15
business background I zero idea so sorry for not helping over there uh if I was the president or the Prime Minister actually of of Israel I would have I of that again sorry for having no idea I’m not really in the details um again hopefully we can leave side by side one day that’s uh that’s the ultimate goal I don’t think you know there is any other solution uh then living peacefully side by side we all human beings and that’s how it should be but again I have no idea what are the current challenges

00:18:57
that prevent that from from for happening I’ll study uh Benjamin netan Yahoo or something like that great yeah yeah uh I asked Chad GPT and apparently let’s see here uh he does have a background in business he graduated from MIT which is a pretty nice background um also in the Boston yeah and he moved back to Israel and founded Jonathan uh Netanyahu anti-terror uh Institute interesting so I’m going to study the man um I mean you’re also like a human being on on your side so this year what

00:19:42
are your your personal goals um what do you want what what change uh do you want to create in izik itself uh that hasn’t manifested manifested itself in the last few years what are you trying to to create in that 2024 version of you yeah so first of all I Love Changes um I think you know all changes are great and they help you grow as a as a person um and as you mentioned correctly as an Israeli we’re going to the Army at the age of 18 and that has its own difficulties so we’re quite used to

00:20:25
changes and difficult times um we recently relocated into into the Boston area me and my wife and my dog um so I think you know 2024 maybe get custom into the American Life um having my wife you know accustomed to that and my dog and everything it’s a it’s a different climate over here than what we used to in in Israel different weather different a lot of stuff so I guess you know 2024 probably will be you know me getting used to me and my family getting used to uh the American the American

00:21:07
life right yeah I know the feeling as a digital Nomad that lived in many cities around the globe Boston’s a really nice place though I think you picked your your spot there uh economically speaking uh and lifestyle um speaking lots of things to do uh in that area and I’m 25% Irish there’s a lot of ir history in uh in Boston and so hope you’ll have a nice St Patrick there uh where can people find out more about you is yeah so just look me up is alvas at LinkedIn and if you are interesting

00:21:45
interested in learning more about secret security and how to uh fully secure Secrets just look us up entro security that’s ENT um security look us up at Google and I would love to have a more Deep dive conversation with you about that

Want full security oversight?

See the Entro platform in action