Encourage and proactively strive to increase the funnel of female entrepreneurs in the cybersecurity industry. As a venture capital investor, I proactively strive to look for, and ultimately invest in, female-led ventures. Increasing the number of women in leadership roles will ultimately have a trickle-down effect which will create more opportunities for other women and offer different perspective in the industry.
The cybersecurity industry has become so essential and exciting. What is coming around the corner? What are the concerns we should keep an eye out for? How does one succeed in the cybersecurity industry? As a part of this interview series called “Wisdom From The Women Leading The Cybersecurity Industry”, we had the pleasure of interviewing Naama Ben-Dov.
Naama Ben-Dov is an Investor at YL Ventures, which focuses on investing in seed-stage Israeli cybersecurity teams. Naama spends her time seeking and analyzing new investment opportunities, as well as working with portfolio companies on opening up marketing opportunities. Naama enjoys exploring cutting-edge technologies and aligning them with existing industry demands.
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit. Can you tell us a bit about your backstory and how you grew up?
I grew up internationally, having spent the first 18 years of my life across Israel, Singapore, Germany and Austria. This international upbringing definitely shaped who I am today, and exposed me to experiences, opportunities and challenges which normally people don’t get experience in a lifetime. Some of the greatest gifts this kind of life bears with it is the ability to understand people of different perspectives, cultures and mindsets. Growing up with people with completely different, and sometimes completely conflicting, narratives has enabled me to put myself into other people’s shoes to ultimately better read and respond to people I communicate with.
Is there a particular book, film, or podcast that made a significant impact on you? Can you share a story or explain why it resonated with you so much?
“Born a Crime” by Trevor Noah has definitely had an impact on me, as Noah describes his multi-faceted identity growing up as a mixed-race child in apartheid-era South Africa. Noah describes his fascinating path towards reconciling between his multiple identities, stemming from the variety of ethnicities, languages, social strata that he has grown up with, in the backdrop of a society where complex identities were not acknowledged. The ability to at once describe extremely complex situations with humor and an optimistic zest for life is brilliant.
Is there a particular story that inspired you to pursue a career in cybersecurity? We’d love to hear it.
Once I realized how many opportunities there were to make a difference in the cybersecurity industry, I knew that the cybersecurity industry was a great place to grow and develop in. The security world is continuously growing and evolving with new technologies, as cybersecurity technologists are continuously looking for ways to secure emerging new technologies, or leverage new technologies to continue to enhance security.
Ok super. Thank you for all that. Let’s now shift to the main focus of our interview. The Cybersecurity industry seems so exciting right now. What are the 3 things in particular that most excite you about the industry? Can you explain or give an example?
I love that the cybersecurity industry is continuously addressing emerging technologies. As new technologies rise, one cannot avoid the question of how to address their security perspectives. Whether it’s through thinking about how quantum computing will affect cryptography 30 years from now, or how connected medical devices need to contend with vulnerabilities, you have to continuously stay up to date with emerging technologies to understand their cybersecurity implications.
The cybersecurity world is undergoing a change in the people engaging with its technologies. To date, most of the users and buyers of cybersecurity are the security teams themselves. However, there is a fascinating trend in which people from other teams within organizations are adopting security tools and methods. R&D teams are increasingly caring about and being measured on implementing security controls for the applications they develop. Data teams are increasingly looking into technologies which enhance the security of sensitive and private data within the organizations. As such, security companies are increasingly re-thinking who are their target users and buyer and how to shape their products and services accordingly.
As the acceleration in remote work takes place, the need to swiftly and precisely address the need to secure organizations has increased. People and applications had an increasing need to connect to organizations from different devices, networks, locations and sometimes even users. How do we contend with so many moving parts, with increasingly transitive identities? That is a pertinent question which many cybersecurity technologists are trying to explain.
What are the 3 things that concern you about the Cybersecurity industry? Can you explain? What can be done to address those concerns?
Many cybersecurity companies use messaging which aims at creating fear, uncertainty and doubt (or in short, “FUD”). They ultimately think that this will encourage more people to adopt certain products and technologies. I think this approach misleads certain customers and has the potential to generate feelings of contempt with others.
The cybersecurity industry is in great shortage of talent, as not enough people are entering this field. This might be a result of a lack of awareness for the career opportunities in the cybersecurity industry, and definitely for certain groups, so the messaging for entrants in this field should be more efficient.
There are several security companies creating an illusion that the industry is too populated, yet at the same time there are a lot of unrealized opportunities. Certain cybersecurity domains have multiple companies heavily competing for the same customers, while other domains which are in high demand are left unaddressed.
Looking ahead to the near future, are there critical threats on the horizon that you think companies need to start preparing for? Can you explain?
High powered computing, and eventually, quantum computing, have the power to break our existing cryptography, and ultimately expose our data to an extent unheard of before. While the threat of the latter could take decades, the former is already starting to bud. Companies could start re-strategizing their cryptographic infrastructure to address these future challenges.
As companies are increasingly holding sensitive data, and in the backdrop of increasing data privacy regulation, companies should consider the use of enhanced data privacy and security technologies to contend with these challenges. Whether it’s through operationalizing privacy functions, to adopting new technological tools to secure sensitive data from being exposed to unwanted entities, companies are increasingly needing to adopt new technologies and methodologies to enhance data privacy.
As you know, breaches or hacks can occur even for those who are best prepared, and no one will be aware of it for a while. Are there 3 or 4 signs that a layperson can see or look for that might indicate that something might be amiss?
When there is no technology or method in place to validate that security policies have actually been implemented. When you don’t have logs or other empirical evidence of the execution of a certain control — whether it’s the successful running of application security tests, or the completion of a vulnerability patch — it is difficult to control your security posture. This is why implementing security policy as code is vital.
An increase in emails with odd requests that appear to be from colleagues, vendors or customers, pertaining to financial transactions or permissions to corporate assets. This may indicate an influx of phishing attempts, behind which there might be a larger scale attack.
When you suddenly lack access to corporate assets which you historically had, or are missing access to certain files and folders.
After a company is made aware of a data or security breach, what are the most important things they should do to protect themselves further, as well as protect their customers?
Companies should immediately disclose their vulnerabilities not only to employees, but to vendors, suppliers and customers, even before obtaining a fix or patch to said security breach. It is critical not to keep this information away from customers, and immediately address the breach rather than brushing it off, as some companies have in the past.
Companies should immediately prioritize finding a fix to the breach, either through the entire security team for this task or other technological talent within the organization. Further, companies should encourage the help and use of external technologists to consult with and build the necessary frameworks and approaches for the patch.
To the extent possible, companies should strive to restore and recover corrupted or breached and affected data.
What are the most common data security and cybersecurity mistakes you have seen companies make? What are the essential steps that companies should take to avoid or correct those errors?
Companies tend to misalign permissions and the appropriate users. Many organizations have lost control or given too many users admin-level access to an extensive amount of corporate assets. As admin accounts are already a prime target for attackers, giving more users said amount of controls makes organizations even more susceptible to attacks. Even for users that are not given admin-level controls, many are given over-extensive permissions to corporate assets they don’t even need, making them too a more lucrative target for attackers. Further, many companies fail to control permissions of service accounts, or applications. The need for applications to have certain controls over their permissions is increasing, and many have not addressed this need yet.
Let’s zoom out a bit and talk in broader terms. Are you currently satisfied with the status quo regarding women in STEM? If not, what specific changes do you think are needed to change the status quo?
I highly doubt that any person to date would be satisfied with the amount of gender diversity in STEM. Changes need to be systemic, but also a result of a change of mindset for females relating to STEM. Women need to be encouraged to enter the world of STEM, and organizations encouraging women should in turn deploy resources into this, whether it be including mentorship programs or tutoring. Organizations could also analyze women looking into entering professions which traditionally require a STEM background differently. One must focus on the potential a certain person brings to the table, rather than whether one has the exact experience and background required in STEM. Women should understand that these days, there are plenty of opportunities within professions requiring a STEM background.
Thank you for all of this. Here is the main question of our discussion. What are your “5 Leadership Lessons I Learned From My Experience as a Woman in Tech” and why? (Please share a story or example for each.)
- Engage with other people outside of your organization, who are working in similar roles. I have oftentimes proactively reached out to people with similar roles within the cybersecurity industry, and sometimes outside of it, to attain more perspectives and advice on a variety of things on my mind. I have taken this one step further by engaging in the mentorship program Woman2Woman, which pairs female executives and leaders, and I had an amazing mentor who provided advice and ideas from decades-long industry experience. I cannot emphasize more how enriching and helpful it is to communicate with and get advice from people from outside of your organization, as it provides knowledge, perspective and inspiration of new ideas and thoughts.
- Reflect on and measure your goals and achievements. As you work in a role which inspires you and which you strive to make the most out of, explicitly listing out my goals, and periodically measuring my achievements against them, keeps me honest about where I’m spending my time, versus what is actually constructive to reaching my goals within this role specifically, and in the context of my career as a whole. This is true to both professional as well as personal goals. Once achievements have been set against such goals, it is important to reflect them and enhance cross-company communication.
- Encourage and proactively strive to increase the funnel of female entrepreneurs in the cybersecurity industry. As a venture capital investor, I proactively strive to look for, and ultimately invest in, female-led ventures. Increasing the number of women in leadership roles will ultimately have a trickle-down effect which will create more opportunities for other women and offer different perspective in the industry. While YL Ventures will not invest in a venture solely because it is led by a woman, we actively call out for women to pursue entrepreneurship. We have recently led a panel for International Women’s Day, including leading female security executives from Twitter, CISCO, Palo Alto Networks and Jfrog, in which we openly addressed and discussed the opportunities for female entrepreneurs, while also addressing challenges.
- Encourage organizational discussions and actions about gender diversity. Whether it’s through taking action to create more opportunities for women in hiring practices, or within portfolio companies, it is key to proactively use your voice to generate more opportunities for women in the cybersecurity industry. Whether it’s through encouraging young female undergraduates to enter the cybersecurity industry, or placing efforts to hire female executives, we have an opportunity to make this industry more gender-diverse.
- Share your perspectives and experiences with other women in the industry. Ultimately, your perspective could almost always be helpful for other people in the industry as a whole, and women in particular. Sharing your experience, knowledge and ideas with others helps build up not only a network of the next generation of cybersecurity leadership, but encourage bright minds to enter cybersecurity.
We are very blessed that very prominent leaders read this column. Is there a person in the world, or in the US with whom you would like to have a private breakfast or lunch, and why? He or she might just see this if we tag them :-)
Lisa Skeete Tatum, CEO & Co-Founder of Landit, who helps women and diverse groups succeed in the workplace!
Thank you so much for these excellent stories and insights. We wish you continued success in your great work!