Many cybersecurity startups in Israel share a similar vision: To become so successful and promising that a bigger entity would acquire it.
This was not what Adi Dar had in mind in 2015 when he established Cyberbit.
“We did not want to be bought by anybody,” he says. “My goal was to establish a cyber industry, have a global presence, grow the company, and basically be in for the long haul.”
It was during his 15 years with the Israeli defense industry that he was able to see the technology that was available, and which could be harnessed. Dar led one of the major subsidiaries of Elbit Systems, Israel’s largest defense contractor. Here, he met like-minded people who would become mentors, colleagues and allies later in his career, as he sought to address the huge shortage of cybersecurity professionals to enable organizations to respond to an overwhelming volume of threats.
“We did a lot of command and control operations, developed cyber technologies for the government and the military. I came up with the idea of carving out all of the technology and establish a new cyber company which will leverage these high end innovative portfolio for the benefit of the commercial market,” he says. With this vision Dar established Cyberbit as a spin-off, which offers products for cybersecurity training, simulation, detection and response.
“The cybersecurity world is divided into two types of networks: IT networks and OT – Operational Technology (ICS) networks, which are basically running all of the critical infrastructures like electricity, water supply or airport operations. To this day, a great majority of these networks are not secured, so if the critical infrastructure is targeted, it could be catastrophic,” he says. “We have to find a way to protect networks from these kinds of attack.”
Tackling the bottleneck
To deal with these potential attacks, Dar wanted to take the cyber simulation technology that Elbit had developed for the Israeli government and use it for the benefit of the entire globe. But there was – there is still – a huge gap in cyber professionals. This was in 2015, and nearly four years hence, the gap has grown even bigger.
“This is the bottleneck of the industry,” Dar says, “You have huge amount of technology, you have hundreds of vendors and tools. Companies can continue to buy more and more tools but at the end of the day, who will operate them?”
Such a pain point is why Cyberbit offers simulations of various complicated scenarios in a cyber range – so that anyone, from students to experienced SOC operators, can train and build themselves as professionals. “After all, you would not fly with a pilot who has never flown before and who only has read the theory. Why would a CISO entrust the keys of the SOC to somebody who has just been sitting there without any practice whatsoever, waiting for the attack to happen?”
And just as Dar wishes to see the numbers of cyber professionals increasing through hands-on education, so does he aim to improve their efficiency and capability.
This one is best achieved through automation. “Ninety percent of the efforts done in a SOC is cyber hygiene – it’s a lot of smoke and noise, but that’s what most professionals do instead of focusing on the real stuff.”
No matter how hardworking the team, there is no way human beings can master all the information being guarded. “We use a lot of machine learning capabilities to help them prioritize, let technology solve the simpler problems, and be able to say what is more important or less important.”
Dreaming big, starting big
Dar acknowledges that because of his company’s defense background he had the advantage of mature technology, something that other entrepreneurs have to struggle with and still develop.
“The more complicated part was how I should turn the technology into a product,” he says.
The second challenge was a conscious choice: Not content with starting in one or two countries, Dar chose a global organization approach up front, “We set up teams in the United States, Israel, Germany, India, Singapore, Sweden, Russia, the Netherlands and China.”
It was a daunting task, but Dar says he worked his way into these markets through domestic companies that people can relate to. “I showed partners and customers that we do provide global support. I mean business. we are there for the long run establishing a real local presence and believe in their domestic markets.”
He realized, more than ever, how finding the right people determines success or failure. “Strategy is important, commitment is important, infrastructure is important,” Dar says. “But first and foremost, it’s all about people.”
Different contexts
A global operation means Dar must deal with various contexts and environments. Different regions have their own focus and priorities – for example, in Asia Pacific, the maturity of the OT security is greater as people are afraid their critical infrastructure would be attacked. In the US, people tend to focus on the financial sector. “In the US as well, people are willing to invest a lot in building cyber simulation centers and giving hands-on experience to the younger generation.”
Different countries also have different cultures, and the same approach applied to two different places will have different results, “You have to be flexible and willing to adjust. You can’t operate from your own assumptions or be strict about the policy you want to have,” he says.
No substitute for hard work
“My wife will tell you that I am not the best person to talk about balance,” Dar says. He admits to working very hard and putting in long hours to his venture. “I give a huge amount of effort, energy and time in making this journey successful,” he says. “When your team is global, there is always somebody awake, some customer who needs you someplace where it is not a holiday. You cannot cover the entire world if you are not working too many hours!”
Dar takes a run a few times a week, but it is his relationship with his colleagues that powers him. “I have a very good supporting team with whom I have worked before Cyberbit,” he says. “Even if we are working too much, I feel like there is some logic in what I am doing. We are so much more than a team of employees. It’s friends and family working together.”
In the end, Dar acknowledges that the gap in cybersecurity can never be closed, only narrowed. There are now 2 million to 3 million unfilled positions in the industry. Nonetheless he wants to do his bit in addressing the shortage – as well as enabling others to have a good place to work in, and see the company as a global, grounded cybersecurity entity.