Please tell us a bit about yourself, your background, and how you got into the cybersecurity industry.
I was raised in the Kfar Saba area and spent much of my youth there. Happily married to my beautiful wife Miri, and blessed to be the father of 3 amazing children.
My journey in the field began after my military service, where I was recruited into the Israeli Security Agency and held several positions, including Chief Security Officer of Israeli embassies abroad. This experience sparked my interest in Information Security and protecting sensitive assets globally, leading me to pursue a career in the field.
Currently, I serve as the Chief Information Security Officer at CHEQ, with previous experience at Syte AI and CyTech Consulting. My focus is on building and managing effective security teams, providing guidance and oversight in the areas of cybersecurity and privacy, and leading the implementation of security and compliance processes. My ultimate goal is to continuously improve the security posture of the organizations I work for and help protect against potential threats.
Tell us more about CHEQ. What are your organization’s vision and goals and what are some unique challenges you face as a fast-growing tech startup?
CHEQ is a company that offers a solution to bridge the security gap in Go-to-Market (GTM) operations. The GTM is a vulnerable and exposed attack surface at risk of various cyberattacks, including fraud, bot abuse, privacy violations, and data exfiltration.
This platform is trusted by CISOs and loved by marketers as it provides a layer of security that is native to the marketing stack, minimizing friction and disruption to the customer experience. The platform also speaks the language of marketers and reports their metrics, allowing marketers to operate freely.
CHEQ faces several challenges as a fast-growing tech startup in the GTM cyber security landscape, including keeping up with the constantly evolving technology, scaling while maintaining quality, and balancing brand safety with user privacy. Additionally, the threat landscape in the digital advertising industry is constantly increasing, making it even more important for CHEQ to stay ahead of the curve and provide effective solutions to protect against potential cyber threats.
What are the most significant challenges organizations should expect to see as a result of Invalid Traffic (IVT)?
I would say that the most significant challenges organizations should expect to see are in three main factors:
First, Financial loss: IVT can cause significant financial losses for organizations through the misallocation of advertising budgets and decreased revenue from legitimate advertising campaigns.
Second, Reputation damage: IVT can damage an organization’s reputation by associating it with fraudulent or low-quality content, leading to a decrease in trust from customers and partners.
Third, Compliance issues: IVT can also result in compliance issues, particularly in industries with strict regulations, such as finance or healthcare. Therefore, It’s crucial for organizations to be proactive in preventing and detecting IVT and maintain the integrity of their advertising campaigns to minimize the negative impact it can have on their business.
How do you as a CISO measure success today? What are your core metrics?
Measuring success as a CISO can be tricky as it covers many different aspects of an organization’s security posture. But, I have a few key metrics that I use to assess my success. Firstly, I believe in the involvement of top management in security measures. It’s essential to maintain a secure culture and the tone has to come from the top.
Another metric I track is Risk Reduction. I aim to reduce the overall risk profile of the organization and I can measure this through various risk assessments, vulnerability scans, and penetration testing. I also keep an eye on Compliance, ensuring that we are meeting industry regulations and standards such as GDPR, CCPA, SOC2, and ISO.
Employee Awareness is also crucial for me. I measure the level of security awareness among employees through their involvement in security questions they asked and security incidents, among other things such as regular training and phishing simulations. This helps me understand how well employees understand and follow security best practices.
Threat Intelligence is also an important metric for me. By gathering and analyzing threat intelligence data, I can identify and prioritize potential threats and proactively work towards keeping the organization secure.
Lastly, I measure the amount of communication and collaboration between all the departments in the organization and the security team. These are just a few of the metrics that I use to measure my success. Of course, the specific metrics will vary based on the organization’s goals, risk profile, and security needs.
What inspires you within your work?
I am inspired by the fact that my work directly impacts the security and well-being of an organization and its customers. Protecting sensitive information and ensuring the availability of critical systems is a challenging but rewarding task. I find it incredibly fulfilling to be able to help organizations mitigate risk and prevent security breaches.
Additionally, the fast-paced and constantly evolving nature of the cybersecurity industry is both a challenge and a source of inspiration. Staying ahead of emerging threats and implementing new technologies and processes to improve security is a continuous learning process that keeps me engaged and motivated.
Lastly, I find inspiration in working with talented security professionals who are dedicated to the same goal of making the digital world a safer place. Collaborating with them to develop innovative solutions and sharing knowledge and best practices is a rewarding experience that keeps me inspired and driven in my work.