#432 The Next Big Thing in Cybersecurity: Insights from Sentra’s CTO Ron Reiter

[00:00:00]

Mehmet: Hello and welcome back to a new episode of the CTO Show with Mehmet. Today I'm very pleased joining me, CTO and co founder of Sentra, Ron Reiter. Ron, the way I love to do it, I keep it to my guests to introduce themselves. So tell us a bit about you, your journey, and of course what [00:01:00] you're currently up to, and then we can start taking the discussions from there.

Ron: Sure. Um, So yeah, my name is Ron Ryder. I'm a co founder and CTO of Sentra. Um, I am 39, um, started coding since basically when I was nine years old. Um, and you know, just like fell in love with technology. Um, yeah. And I, uh, I first, uh, profe first professional experience I had with, uh, um, my, you know, computer, uh, uh, journey is, is in the unit 80 to a hundred of the military intelligence, uh, where I was a cybersecurity specialist.

Ron: Um, so that's where I kind of learned, you know, professional, uh, um, uh, coding and security and anything related to, to security basically. Um. So I was that doing that for four and a half years. [00:02:00] Um, and later on, I, um, started a company called Crosswise. Crosswise built a cross device, um, technology to, uh, basically understand if devices belong to the same person.

Ron: Um, it was a need, uh, that a friend of mine has, uh, kind of understood that exists in the ad tech world. Um, And, you know, I believe that with my experience, um, I couldn't basically solve the problem, so I joined hands with him and then we, uh, we joined forces and we started the crosswise. Uh, we had very quick success.

Ron: We sold the company for about 50 million in two years. Um, and that's kind of when I realized that I'm, uh, I'm an entrepreneur. Uh, I was very young, I was 30 back then. And, uh, so I joined Oracle, uh, Oracle, a part of the company. Um, um, then we ended up kind of being there for about four years. [00:03:00] managing a, uh, an R& D center here in Israel.

Ron: Um, and, um, kind of, you know, made this, this can, this experience really taught me a lot about entrepreneurship, management, um, you know, cloud, data, big data, um, machine learning, data science, AI, all the buzzwords. Um, and After, after the four long years in Oracle, I, uh, kind of thought about, you know, what's next for me and, um, figured out that, you know, aside from being an angel investor, which, which I started kind of like right after I sold my company, um, I started basically, um, thinking, you know, I should probably start another company because this is what makes, this is what I enjoy doing.

Ron: Uh, so that's what I did. you know, great opportunity to start the company with my co founders, Saf and [00:04:00] Yeri Cohen. All of them are X 8200 X military intelligence. Um, and uh, their, you know, their, their background and mine kind of came. together to, you know, uh, this, uh, almost a necessity to start a data security company because because the year and I were, you know, experts in cloud and data and and you have in the south for experts in cyber security.

Ron: And we, uh, and of course, also year and I also are cybersecurity specialists. And Thanks. And we kind of joined forces together and we just thought, you know, data security seems to be the next big thing because when you start moving to the cloud, you realize that first you need to, uh, secure, uh, the, the infrastructure, but, but then you can start creating the data and you realize that data kind of has a life of its own and data is only growing and data is becoming, you know, more, uh, uh, basically sprawls [00:05:00] around and, and, and, you know, it's, it's, I can tell you about, about how, like an experience I had with data security later on.

Ron: But, uh, but, you know, this is, this is kind of what, uh, what I've realized, um, that, you know, data security kind of, we've all kind of realized it together, that data security is the next big thing in the security, in the, in, in the security world. Uh, that was three and a half years ago. Central today is, uh, 70 employees.

Ron: Um, You know, we raised, uh, uh, tens of millions of dollars already. Um, yeah, that's, that's me basically.

Mehmet: Cool. Uh, thank you Ron for, you know, sharing also, you know, the, the whole, the journey with us and, you know, to your point, I'm, I'm curious a little bit, like, like I know, like you come from this background and, you know, but, uh, cybersecurity isn't easy, right.

Mehmet: And it's, it's challenging and, uh, It's crowded also at the same time, but still, you know When you [00:06:00] decided now to to co found another company yet, you know Although like you said like you were in the big data cloud all this but again you choose Cyber security. So what's the story here?

Ron: Yeah, so I think um You know, I, I love cybersecurity.

Ron: I mean, I've always loved it. I, I wasn't doing it much when I was a child. Um, I did it, you know, as part of like, just being curious, right. That was one of those, uh, you know, kids that, uh, we would, uh, you know, do things that you weren't really allowed to do a lot of times. But, but that wasn't like the trigger.

Ron: The trigger was, uh, unit 800, right? Because basically what happened is, you know, the army needs, uh, uh, to use, um, the, uh, the brains of, of, of the, um, of, of the Israelis to, to, you know, to do many things. One of [00:07:00] them is to ensure that we have the best intelligence Um, and, uh, and to do that, you can, you can use many, many methods, and one of the most successful methods.

Ron: is to use cyber. Um, and so basically I, I got recruited to be, you know, a professional cybersecurity expert, um, to do that. Right. Um, I wasn't a cybersecurity expert before, but they trained me to do it. So, so that's kind of how I, I, how the, the, the world of cybersecurity came, uh, really in a professional way.

Ron: And, and once the army, you know, the army really gets you to the highest level possible. And, and. And, and since then, it's kind of natural on you, right? Because you learned that when you were an 18, 18 years old, and, and all of your friends, uh, are in the same ecosystem. So they kind of like, you know, kind of, you know, teach you whatever you, you're, uh, you need that you don't know yet.

Ron: And like [00:08:00] everyone kind of helps each other. And, and, and then, uh, uh, there's this trend that all the people, all, all the, uh, uh, um, uh, the, the military intelligence alumni start companies. They start to build companies in, in cybersecurity because, you know, because their friends also did that the same, right?

Ron: And then suddenly, like all of your friends who you met in the army are the exact same people that can help you start the companies, right? So naturally from a cybersecurity, uh, expert, um, you become a person that if you want to start a company, it's very easy for you, right? And the other thing I've noticed is that, um, you know, I have a relatively good interpersonal skills compared to other, you know, you know, Other geeks in my, in my world.

Ron: Right. Um, which kind of also, you know, makes me want even more [00:09:00] to, to, to use the opportunity to the opportunity to start a company using my, my social skills. Right. So using my social skills and my management skills combined with my expertise in cyber kind of like, uh, uh, you know, made it really easy for me, uh, with my networks and connections.

Ron: And the thing is that, uh, you know, ever since I was a young, um, uh, developer coder, I would, I always loved creating, I always loved creating code. I love creating products. And then I was building websites since I was 17, you know, and ASP3 and PHP, things like that. But, and I kind of like really liked that.

Ron: Um, and I really liked creating in general. And, and what's. The biggest creation in the world right is is a company right and creating a company was really like the biggest challenge for me And that's why I did it the first time. That's why i'm doing it the second time. Um, it's uh, just The challenge is [00:10:00] is is very fun.

Ron: It's very stressful sometimes, but it's very fun, right?

Mehmet: Right? There's nothing easy, of course Um, so i've got that wrong now if I want to talk about centra and about you know the the The gaps that you and your co founders you have seen in the market. So like what you saw missing and you felt like okay guys, let's sit down I'm sure like you maybe as they say, you know the startup board you started to throw something on the napkin And you said okay, we need we need we need to figure out this So so what like where the challenges that you figured out that you need to solve?

Ron: So I think, you know, it wasn't obviously trivial that, uh, we went, we would directly go to data security. I think it was, it took us some time and we, we thought about like the different, uh, challenges in cybersecurity. Um, it, from, from my perspective and from my, my co founder's perspective, data security was one of the candidates because for me, [00:11:00] First of all, I had a lot of knowledge in the cloud and data.

Ron: That's what I did in Crosswise and my first company. And I realized just how hard it is to track data, uh, that, you know, the developers are creating and how sensitive it might be. And I actually had this experience where. I, I kind of inherited some servers that had very, uh, uh, sensitive personal information.

Ron: Um, and that, uh, that PII. Was apparently exposed to the internet, uh, and someone not from Oracle found it. And, and then the kind of, you know, the, the person in charge of cybersecurity and at Oracle kind of let me know and, and told me about it. And, and, you know, I, I, I immediately realized how dangerous that could be.

Ron: You know, if you could be, be easily find, you know, A-G-D-P-R because of GDPR, you know, by, I think, [00:12:00] uh. Up to 4% of the total revenue of, of a company, right? So for Oracle, if you think about it, company that makes, uh, you know, I dunno, 20, 30, $40 billion, um, uh, um, a year. Um, you know, it's, it's, it's a, uh, making, uh, uh, making so much money and being, and needing to, uh, you know.

Ron: A billion, a billion dollar fine just because he didn't, uh, store personal data correctly. That's not something that I wanted to be part of, right? And then I realized how big the problem is, right? It's not only the regulation, it's the fact that you don't, you want to protect your infrastructure, um, in, in, in relative to the, the sensitivity of the data.

Ron: That resides within the infrastructure, or, you know, you know, or the infrastructure allows you to access. So [00:13:00] and that realization came really just, you know, from a bad experience, right? So that's one of the things that I realized. And I think, you know, for, for, uh, almost like kind of at the same time, you know, you had kind of a similar experience.

Ron: Asaf had a similar experience when we all found out that we all had similar experiences. Yeah. Yeah. Yeah. with protecting, uh, uh, data, critical data, sometimes, you know, looking at it from an attack perspective, sometimes looking at it from a defense perspective. But, but the point is that we kind of all realize that, you know, the world doesn't understand it now.

Ron: And when I say now, I mean, 2021. And, um, but this is for from our perspective, the next big thing in cyber security, and I actually still think it's the next big thing in cyber security. And to be honest, I think that data security is going to be, you know, 5 to 10 times bigger or a bigger problem in 2035 compared to [00:14:00] 2025, right?

Mehmet: This is thought provoking, Ron, and I think, you know, but I, I can guess where you're coming from because when we are talking data today, right, so we're talking about, uh, you know, everything AI and large language models and. You know, but you need to train on, on some data. So, um, from security aspect, what do you think are like the most overlooked security risks, you know, for people who rush also, because at some stage to your point, people were rushing to go to the cloud and now people are rushing to adopt AI.

Mehmet: So what's your take on the cyber security and data security aspect of this?

Ron: So, um, I think two things, right? Well, first thing is that people don't think about, uh, what type of data they're training on, right? Maybe they're training on data that has passwords that they're not, it's not supposed to go into the model.

Ron: Maybe they're [00:15:00] training their models on data that other people aren't supposed to see. And they're not thinking about the differentiation, right? They're not thinking about the authorization layer. Uh, they're not thinking about, uh, the need to, uh, to segment the data and the users from accessing that data, right?

Ron: They just think about, let's take all this corporate information, you know, put it in and, uh, um, You know, train on it and then, uh, let people, um, just, you know, use the model, right? And that's, that's obviously a big problem. Uh, and the same problem, I think, happens with RAG, right? So you, if, when you want to implement RAG, Uh, on the model.

Ron: Why do you also kind of a lot of people? What we've seen is they forget the authorization layer, right? They forget that, you know, to to properly activate a model. You just you have to make sure that the person who is using the model, [00:16:00] um, is kind of reflecting the same credentials and authorization as what the rag request is actually saying.

Ron: managing to do. So I think that's, um, the two problems. And I think the first problem is, is, is much more acute because it's much harder to solve, right? The one, the moment you fine tune a model, it's done, right? You're, you have to like start over again. If you want to remove data, uh, it could be a process that costs, you know, a lot of money.

Ron: Um, and what's even more, uh, um, dangerous about it is that AI models, specifically in LLMs, generative AI models, uh, the prompt based ones, so they, they would, uh, they're actually very easy to, um, Uh, they're very good at summarizing data, right? So let's say you would, you know, take a lot of documents and some of them would have sensitive information, you know, maybe passwords, right?

Ron: And so you'd [00:17:00] simply, you can simply ask the model, you know, just tell me like all of, All about the different, all the sensitive passwords that you know about, right? That you've been, um, you know, taught, uh, and it would just immediately spit it out. So I think that answers your question.

Mehmet: Yeah, absolutely. So now, you know, talking, staying within the data landscape and regarding the AI.

Mehmet: So, uh, traditionally, You know, the company, let's say sensitive data used to sit in some limited spaces and places if I, if I want to use the term. So, but now, you know, things change. So, so first thing is like the data is so much fragmented drawn. Uh, so we have still few data in the databases, but the is unstructured.

Mehmet: So sitting on, you know, different Places here and there in the cloud also as well. So from your experience and you know I'm curious to understand also how [00:18:00] you know with centra you help organizations so first to understand where their data is Right and do this kind of profiling the data so they can first think You know, understand what is the landscape that is dangerous for them?

Mehmet: And then, you know, maybe start to apply, you know, the measure. So looking at, you know, your thoughts on on on, you know, the unstructured data, which is, I think personally is kind of underrated when when we when we talk to to to enterprises today.

Ron: Right. So I think, you know, the, uh, um, the way that you're, uh, the enterprise is supposed to, uh, um, handle the unstructured data.

Ron: First of all, it needs the proper tools to handle it, right? So you would need to understand what type of sensitive entities you have in inside unstructured data, which is a very hard problem, by the way. Um, a problem that, you know, you can only use, uh, you have to use large language models to solve. You would also need to [00:19:00] understand what, what the document is about, right?

Ron: Uh, who, and you know, like, for example, is it an HR document? Is it an invoice? What type of document is it? And then you have to understand who, uh, owns the document, right? Uh, and to think about, you know, if it's owned by a person from, from an HR division, so maybe the data is, you know, belongs to HR and so forth.

Ron: So. First of all, you have to understand the context. Uh, and to do that, you have to basically have full visibility on your data. Uh, the data that might eventually go into your, uh, to training the model, right? So, and once you have this information, uh, which is of course not trivial to, to achieve, then, uh, you have to understand, uh, what goes into the model, what should go into the model, and also eventually what.

Ron: went into the model. If you want to look, you know, on on the, uh, if you want to analyze what would [00:20:00] actually happen. So, for example, understanding, analyzing Sage maker or, you know, the data sets that are being used to train models. Retrospectively, that's also something you, you just want to make sure, uh, that you do, because then you, you can, um, understand if, if the data, if, if by accident, sensitive data went into the model, uh, or, or things like that.

Ron: So, so just to summarize, understanding, like, what type of sensitive data is, uh, is in these documents, what type of documents are they, what and who has access to them, build a context around and understand, uh, which model should be, uh, trained by what data. And then, you know, retroactively verify that you've done a good job using, you know, by scanning, uh, the, the, you know, things like SageMaker.

Ron: Uh, that's basically the concepts of what we call AI SPM, right? AI Security Posture Management.

Mehmet: Okay. So this [00:21:00] triggered in my mind, another question, which is, you know, why Ron, do you think the current, um, security infrastructure is not enough? Um, you know, to, to be able to protect, you know, the data in the current use, especially, you know, with the AI use cases and yeah.

Ron: Great question. I think, you know, this has been very coincidental, right? Because, uh, up to now data security. Was more like a just a data discovering classification tools for for, um, just to make sure that, you know, your data security posture is correct that there's no sensitive data, um, moving around places that you don't want to be.

Ron: But it wasn't really a security tool in the sense that. it needs to be applied in order for you to protect something from happening. And now, because the, of large language models, uh, now, now that there, they exist, and now the training [00:22:00] is something that's so, uh, common. Uh, for the first time, this is, you know, becoming something that's not just a, uh, a recommendation, but actually a requirement, because if you want to protect information in your company, you necessarily you have to understand exactly what goes into these models, because everything that goes into these models.

Ron: Automatically gets, uh, um, you could assume that it's, uh, um, immediately accessible to everyone in the most, uh, um, you know, um, in, in the easiest manner, right? This is, there's no, it's almost as if you would put information in, goes into the model. Out in their internet instantly, right? It's not if you if you send just one document with a password into a model for training it, you know, some malicious actor would immediately query, you know, some aggregate, [00:23:00] you know, some, some query that would aggregate all the passwords.

Ron: without even letting you, uh, you know, a chance to, to, uh, take it back. There's no possibility to take it back. Right. It's kind of, kind of maybe it's a good analogy would be, uh, you know, today you, you shouldn't, um, commit an AWS access and secret key to GitHub, right? Like the moment you would do that. You would have 100, uh, you know, EC2, uh, instances running and, you know, uh, doing crypto mining in, in a second, right?

Ron: Because everyone is kind of like, you know, on, uh, waiting to, for that, uh, for that moment, right? So it's the same with AI models, right? The moment you put sensitive data in it, That's it.

Mehmet: Right. You mentioned something, you know, previously about also, you know, the use of AI in cybersecurity, what I'm curious about.

Mehmet: So now, of course, like this has been a, I like to call it the game, like all of my guests, [00:24:00] like, uh, I had them, you know, from cybersecurity perspective, they call like it's the Tom and Jerry game, right? So that's like the, the cat and mouse game. Um, yeah. So now we started to see also the bad actors leveraging these large language models for their benefits Um, so have you seen something which really like I would say Surprised you the way they have have done this and how Organizations should you know be prepared really for these types of attacks because it's not like anymore, you know back in the days when We knew, for example, they use the phishing so they get access through, you know, a malicious link, they get access inside, or for example, you know, the traditional DDoS attacks and all this.

Mehmet: But now we're talking about something completely different, like, and they can be very creative thanks to the LLM. And thankfully, but I mean, like, yeah, they are, they [00:25:00] are lucky. So, Well, what's your point of view on this one?

Ron: Yeah, so I think what I kind of saw and expected is the sophistication of phishing attacks, right?

Ron: Because, um, up to now, a lot of people, um, you know, they weren't really good at phishing attacks because they just didn't have good, proper English and they couldn't kind of like, um, Maybe, uh, say, for example, business email compromise attacks, right? You would kind of like learn about the patterns of how a CEO speaks, but it would be very hard for you to maybe like, you know, use, use that and to craft an email that makes sense.

Ron: Right. So, so that I've seen that, uh, quite a lot now, and that happens more often. What I didn't expect. Which is crazy. And that's, that's something that, um, is actually one of the most dangerous, uh, uh, attacks is an AI agent doing phishing [00:26:00] attacks, right? So once you have an AI agent talk to you, he could manipulate you emotionally into doing something that you would definitely think like a computer won't do.

Ron: And you can automate that in scale, right? You can start. really like, you know, basically, uh, um, just getting extracting sense of information out of people, uh, in ways that are, you would never imagine, right? So the creativity is just, you know, the more, the more creative you are, the easiest it is for you to, uh, to do it.

Ron: Because I think, you know, that's something that will always be inherent, um, in, in security, right? The humans are always the weakest link. So that's something. Pretty crazy. What I've also seen, uh, that's really the scary is, is the autonomous malware. So now you can build malware [00:27:00] that actually can basically based on an agent that can act on its and using these LLMs, they can actually, um, uh, operate and make decisions.

Ron: Uh, once once they've attacked a computer, for example, because up to now it was very, uh, expensive to attack a personal computer because you'd have to have a hacker, you know, think about, like, what's what what's inside the computer, maybe write very, very, uh, smart software that would extract sensitive information out of a computer while it's there.

Ron: But using large language models, you can, you know, suddenly do these things without, like, much sophistication. You would just, you know, have those AI models just do malicious, any type of malicious activity. It would, for example, you could instruct it to steal any password possible [00:28:00] in any way that he can think of.

Ron: And he would do that, right? So that's kind of like very, very scary because again, you can do this at scale, right? You don't need to be like, uh, a professional hacker from a hacking team or, or, you know, a government, right? You can just write a malware that just automatically starts, you know, scraping your computer intelligently without you even noticing it.

Ron: Right. Um, it's, it's, it's, it's a very scary world now, and I have to admit.

Mehmet: Right and I can imagine of course because uh, I I I used to have I have a friend that He worked for cyber security companies and you know in always in his, you know, when talking to clients He was saying like hackers are like us, right?

Mehmet: So there are people They have commitments they need to pay the bills. So they need to be creative, right? So and I can imagine them I can imagine them now So based on all the data that they have also and all you know The successful and unsuccessful attempt that they had I'm [00:29:00] sure that they have built their own LLM models that are helping them for sure now, but this brings me back to what enterprises is and what companies should be doing wrong.

Mehmet: And, uh, you know, because there is this even before the eye. So there's always, you know, this, uh, I'm not call it compromise, but the You know, the attempt to balance, you know, between, you know, we okay, we need to innovate, we need to launch this project, we need to like, let's say, push this application to the cloud, and between the cyber security.

Mehmet: So from your experience, you know, what are some of the mistakes that organizations can avoid, I would say, to keep this balance?

Ron: So, um, I think first of all, yeah, you're talking the, the innovation, uh, dilemma, right, is how much, uh, how, how much, uh, uh, freedom do you give a team with access to data and to [00:30:00] resources, the company to experiment with it and copy data and create new data, right.

Ron: And, and versus like holding the data in a very, very secure manner. I think that's kind of, you know, very, uh, very obvious one. And I think, you know, I'm actually going to say something positive. I think that organizations today, uh, actually realize how, how, uh, dangerous it is to, uh, give access to, to data.

Ron: And I think what happens is that they block innovation. Right. They don't let other, uh, the, the, the second, there's like a lot of, uh, segmentation and there's a lot of, uh, uh, um, you know, uh, basically, uh, permissions, um, that are enforced in the company and processes that, you know, you have to go through to get permissions.

Ron: And this is, this is the current situation. I think what, what my recommendation in general is. Uh, kind [00:31:00] of also, um, you could, you could say it's the reason that we started Sentra actually, because, because from our vision is we want to enable the organizations to run fast and secure at the same time. And the only way to do this, uh, is to, um, enable this magical technology that guarantees you that you would know exactly where your sensitive data is at all times, right?

Ron: So you would define a policy that says, okay, this is the type of, you know, sensitive data that I don't want, or, you know, um, even let, let, uh, um, the, uh, central do, do this on its own, uh, um, in a way that basically guarantees that. no sensitive data would would be copied or would be placed in places that it shouldn't be.

Ron: And once you have, you know, you, you know, that you're basically guaranteeing that, uh, you know, where your sensitive data is at all times, um, then you [00:32:00] wouldn't be afraid of giving access to, um, you know, the innovation teams and whatever to, to basically experiment with, with, uh, sensitive information. So just to summarize, you know, If you have the proper security mechanisms of discovering classification, of knowing about data that you don't know that exists, right?

Ron: then you can let innovation teams, uh, iterate quickly and have more freedom about what type of data they have access to.

Mehmet: Yeah. I've seen something on, on, on the website and I need your correction here Ron. So, because I've seen, of course, like other than what is known as the DSPM, you know, the data security posture management.

Mehmet: So you do also response. And this is to your point, like when we talk about responses, doing like corrective actions. So do you think also. Part of the thing that you could be able to help organizations with. So if someone is doing, let's say, um, I mistakenly, you know, opened [00:33:00] access to someone, which I shouldn't do.

Mehmet: So an agent would come in and say, Hey, Mehmet, like, I think you should, you know, change, you know, what, what you have done because Right. So is this something that, that you can help organizations with today, Ron, or is it like something possible in the future?

Ron: Yes, definitely. So, so the data security centers, data security platform basically, uh, helps organizations using three, uh, uh, three products, DSPM.

Ron: DDR and DLP. DSPM being Data Security Posture Management is, you know, the risk analysis product that understands the data security posture, understands if data is misplaced or shadow or Um, overly excessive or, you know, uh, publicly accessible. Uh, so that's kind of one thing. DDR is, um, you know, kind of the, the detection and response [00:34:00] module, right.

Ron: The, to just, if you need to make sure that there's no, uh, uh, malware encryption being, uh, uh, done, um, in real time or data exfiltration. Things that might, you know, attackers might do right now that would put your business at risk. And then of course, send an alert to a SOC team that will be able to solve it.

Ron: And the last thing, which is the prevention, right, piece, the DLP. So today we already, uh, support, uh, a DLP use cases by tagging. We could actually integrate into DLP systems that can, um, you know, basically integrate with M365 or Endpoint, uh, to block sensitive data from leaving the corporate environment.

Ron: Uh, another thing that, uh, we're able to do is to automate. Things like, uh, um, removing, uh, [00:35:00] the sharing configuration out of sensitive assets, right? Let's say an organization would say, I don't think that confidential, um, uh, documents should ever be externally shared, right? So we would be able to also automate the, uh, uh, the, the removal of that, of that, uh, share.

Ron: So we do have an automation module that allows to either push tags out to systems like Microsoft Purview Information Protection. Uh, or other other utilities as well as to, uh, you know, action on the data to prevent potential data leaks, such as, you know, removing public file shares file file sharing.

Mehmet: It's good. It's good to know that, Ron. And, you know, I asked this specifically so you can share that with us. Um, So, like, let's have, like, I know no one has crystal balls. I know, like, all my guests are telling me, like, we don't know what's happening. The future things are evolving very fast. But if I want to take your opinion about, you know, the future of the [00:36:00] relationship between, you know, the AI transparency and data privacy in the coming years, how do you envision that?

Ron: Well, actually they kind of negate each other because I mean, they're, they're both some, you know, uh, things that the public cares about deeply. Regulations are, we're seeing regulations pop up with both. Uh, and, but, but, but they kind of go against each other, right? The more AI transparency you have, the more you disclose, Uh, information that might hurt the privacy of people because eventually the data that, uh, is used to train models belongs to someone, right?

Ron: And that's kind of, I think, the fine line. And it's, it's a, it's a tough question, like, how do you achieve both AI transparency and data security at the same time? It's something that, uh, you have to balance.

Mehmet: Right. [00:37:00] And if we want to talk about like emerging threats, of course, like you mentioned, you know, the use of AI and, you know, the sophistication of AI other than this, like what else, you know, maybe you're expecting, or you started to see signs of, of, uh, some emerging, uh, threats that are upcoming.

Mehmet: And, you know, how do you think, you know, the customers who would be leveraging your platform, uh, would be able to defend from these threats.

Ron: So I think what we've seen is there's more attacks related to data, both ransomware and data exfiltration. We're seeing that more and more people understand the sensitivity of data and the way to uh, act on sensitive data, right?

Ron: Um, it's, it's easier for companies nowadays to find sensitive data, exfiltrate it [00:38:00] and, uh, uh, sell it online for Bitcoin or, you know, whatnot. And, and that's kind of, that's being, that's apparent that, you know, more and more attacks are focused around stealing sensitive data. That's something we're seeing more and more and, and, you know, to be, to be honest, I really hope that, uh, you know, we can, uh, develop, uh, a great product that can help, you know, as many companies as possible to really defend against this, uh, threat, because it's a, it's a very hard threat to, um, to, uh, defend against knowing that you have good data security posture, Being able to protect all your boundaries, all, all the, um, all the corporate environment, wherever data is being able to track all data moving in and out, uh, it's, it's, you know, it's a huge problem.

Ron: It's a problem that we're, you know, aiming at solving and it will take us more, more time, uh, to, uh, to [00:39:00] develop the ultimate, uh, data security prof platform that can look at data wherever it is and protect data wherever it is. just because data is just something so hard, right? It's hard to understand that it's sensitive.

Ron: It's hard to understand who has access and who should have access. And, uh, and it's also hard to protect and avoid data leaking because you can't a lot of times, you know, the, the amount of processing that you would need to do. To understand if data is even sensitive is not something that the organization, an organization would even want to consider running in terms of cost.

Ron: So it's a really hard problem to solve. Uh, but it's a problem that needs to be solved.

Mehmet: Absolutely. Now, like as a final, uh, You know, uh, part of, of, uh, today's podcast, you kind of touch on it at the beginning, you know, when you were discussing your career, Ron, but being a, [00:40:00] you know, an entrepreneur and, you know, a CTO in cybersecurity and, you know, you've seen like other sides of it also as well.

Mehmet: Like if, if we want to, you know, talk to founders or like to be founders or, uh, to be entrepreneurs in that space, like what kind of advice you can. Give them if they want to be in the cyber security space.

Ron: Um, so I meet, you know, I think dozens of founders that, uh, or want to be founders that, uh, are starting or want to start companies in cyber security.

Ron: And, and, uh, they all ask me that question, especially, you know, I also help them, I, uh, look for ideas and, and my, from what I've learned, you know, both about my experience and in general. Is that the VC trends are actually, uh, not, not, not indicative of, of, of anything. [00:41:00] Um, the real problems that become categories.

Ron: Are the problems that a, uh, a CISO would say that, um, they're real and B, you would pay a lot of money on. And I think that's the combination is what people are missing. I think a lot of times in cybersecurity in general, in specifically in cybersecurity, people often try to solve a small problem, even though it exists.

Ron: Solving a small problem doesn't mean that, uh, someone would, uh, make the effort of buying it. or paying a significant amount of money that would justify building a company around it, especially because of the way that cybersecurity companies work. They, they basically, uh, try to build A suite of, uh, security products and, and sell them to their existing customer base.

Ron: And those customers would always [00:42:00] prefer to get, you know, just one cloud security product, just one data security product or one endpoint security product. Right. And not, you know, 20 others. I think what, what we, what is apparent and I think it's, you know, maybe goes against that point is in cybersecurity, there's so many emerging threats.

Ron: that, uh, you often do need, uh, innovative solutions that the traditional companies can't provide. And that's why there's always room for for innovation, always room for for startups. But You have to solve a big problem, right? If you solve a small problem and you see all the VCs go and, you know, think that they know what they're doing because they invested in one company and, uh, and then they saw that one VC invested in one company.

Ron: And then, uh, that that's the reason that they invest in another company. That doesn't mean anything. You have to be confident in yourself, knowing [00:43:00] that it's a big problem. Knowing that the person that you're going to build, uh, that solution, um, will actually buy the product and pay a lot for it. And I think also what's very important is to think about the future and seeing five years or 10 years from now, will it grow, right?

Ron: You don't want to build an on prem detection, uh, Product probably because it's not not a market that will grow but you can probably assume that cloud will grow right?

Mehmet: right, absolutely and To your point ron and I think this is i'm not saying it's easy to start a company and especially in cyber security The good thing is their persona is known right?

Mehmet: So they know at least it's going to be the CISO right, so They have to focus now on As you said can they in my opinion humble opinion Can they quantify the problem in a way that [00:44:00] it's seen big enough, which it should be to your point. So me as a decision maker on the other side of the table would say, Hey, yeah, I can justify spending, I don't know, X thousands or millions of dollars on this solution.

Mehmet: So thank you for bringing this. Ron, like finally, how people can get in touch with you and the Sentra team.

Ron: Uh, so please feel free to send me an email. Ron at Central dot IO. Um, looking me up on LinkedIn is harder because I'm, uh, I locked my profile, but, uh, just, uh, you know, send me an email. Um, happy to, uh, happy to answer any any questions.

Mehmet: Great around, you know, I really enjoyed the discussion and you know, like, uh, you, you, you have the blend of all the deep technical knowledge and of course, also the business and entrepreneurial knowledge. So thank you for sharing that with the, with the audience here today. I really appreciate [00:45:00] this. And, um, yeah, again, I put the central website on, on the show notes.

Mehmet: So if someone is interested, so they, you can reach out to the team over there and this is for the audience. This is how usually I add my episodes. So. You know if you just discovered this podcast by luck. Thank you for passing by. I hope you enjoyed it If you did so give us a thumb up share it with your friends and colleagues And if you are one of the people who keeps coming, thank you for you know, sending me your support and your messages I really appreciate all the you know, nice words you sent to me all the time And thank you for tuning in today.

Mehmet: We'll meet again very soon. Thank you. Bye.

Bye