Cloud security has been the talk of the town in the last year, and conversations are unlikely to cease. The current pandemic has forced almost every organisation to work remotely, digitally transform, and notably, migrate to the cloud. This move, of course, has its noteworthy pros: cloud applications and infrastructure enable employees to access their previously office-based working environment from anywhere, at any time, and on various devices. However, as Bitglass’s 2020 Cloud Security Report points out, this transition also requires robust cloud security, which many organisations were simply not prepared for at the time.
Nonetheless, cloud security solutions came (and continue to come) to the rescue, with heroes like Solvo even promising to manage organisations’ cloud security automatically. Focused on ‘bringing shift-left to cloud security’ and auto-piloting manual work, the startup aims to help organisations improve their security posture.
Much praise has understandably been given to these saviour services, but what about the brains behind them? ‘Behind every cloud is a silver lining’, or in the case of Solvo, an awe-inspiring CEO and Co-Founder, Shira Shamban. Shira has worked in cybersecurity and cloud computing for over 17 years, with her first interaction being at the Israel Defence Force. With so much industry experience and an intriguing entry point, we spoke with Shira to find out more about her current role, her career journey, and how Solvo came about.
First off, thanks so much for joining us Shira! Could you tell us a little bit about Solvo and how it has come to be the company it is today, especially in regards to your primary objective of ‘bringing shift-left to cloud security’?
First of all, thank you so much for having me here. My co-founder David and I worked together in another cloud security company called Dome9. Our interactions with cloud users taught us a lot about the market and the needs of the cloud users. We spent a lot of time talking to them, listening to their pains and learned that many of them share the same challenge in the cloud. The developers were given a cloud account, they can provision any cloud asset they want, but don’t have the right knowledge or enough time to create the adequate security configuration. Most existing solutions in the market focus on detecting issues in production, where you are already in a status where you need to respond. This approach feels like a watchful eye, and it creates a distinction between the dev team and the security team, whereas ideally, we would like them to work together.
There is a structured tension between developers who need velocity and security teams that need to govern. We knew that in order to help the security team to succeed, we need the support of the R&D team. So we shift left and automate a process no one likes to do - give least-privileged security configuration. We empower developers and free them to do what they do best. The security team gets visibility and governance to the cloud account and more importantly, turns the tension into a friendship.
Now, moving the spotlight onto yourself. How on earth did you go from being a military officer in the elite intelligence unit 8200 of the Israel Defence Force to the CEO of a cloud security startup?
I think I always had entrepreneurial instincts. During high school, I opened a tutoring program for underprivileged kids, because I wanted to help many of them and knew I had to scale up and make the most out of my time. It made more sense that I bring along another 20 high school students and help 20 other kids than just helping 1-2 kids by myself. In the military, you’re kind of a little entrepreneur yourself. It might sound contradicting because you are a part of a very large and strict system, but for me, it was a time when I had to find creative ways to use my limited resources and make exceptional achievements, all under uncertainty and time constraints. It was a great school for determination and creativity and I think that these are two very characteristics for entrepreneurs.
Once I started working in tech, I immediately knew that it’s not that I deserved a seat at the table; I’m the right person to sit at the head of the table. Sometimes people wait for the right opportunity, but let me tell you something, you shouldn’t want, you must create your own opportunities. And this is how I got to where I am today. I created myself the opportunity to sit at the table, while doing what I love, tech innovation.
You refer to yourself a ‘Cloud Entrepreneur’ on LinkedIn. What does that title mean to you?
Cloud technology encapsulates so many domains in it. There almost isn’t a single technology that is not running on, or through or with the cloud. It’s no longer just “someone else’s computer” as people like to say. In the micro perspective, the cloud is built out of many tiny apps (services) that needs to be configured, connected and orchestrated, and in the macro, well, the cloud is a part of every technology that surrounds our life. The trivial things are every application, website and online service that we use (call a taxi, order food or pay your bills). But your smart car is connected to the cloud and sending telemetry, the new SCADA systems that operate electricity stations are running in the cloud, etc. This is enabling us scale, availability and access to technologies we once had to develop in-house or go through a long procurement process. Now all you have to do is get the DevOps to connect you and voilà! Being a cloud entrepreneur means taking these good things and making them accessible, useful and secured for everyone.
At EM360, we’re all for elevating underrepresented voices in tech, and it’s clear from your own volunteer mentor work with SheCodes, Leading Cyber Ladies, and Security Diva, that you support this movement too. What is it that inspires you to empower women particularly in the field of cybersecurity and what’s the one piece of advice you always give to your mentees?
I remember the first time I was asked to give a talk. First, I thought maybe I’m not the right person to give it. I wasn’t sure I was professional enough, and I was absolutely sure there were other people who were more talented, experienced and qualified to give that talk. My plan was to turn down that opportunity, but I somehow ran into an article in Financial Times about why there aren’t more women in cybersecurity. The answer was lack of role models. This is why I decided to accept the opportunity, and moreover, to look for more opportunities to deliver talks about cybersecurity, cloud and entrepreneurship. My goal was to show other women that I’m just like them and that there’s room for them in the industry. I remember one time accepting an invitation that was a little far for me, I had a long drive back and forth, but I still did it. A couple of years later I was attending a networking event and this lady came to me and said: “You’re Shira, right?” I was a little surprised as I didn’t know who she was, and she said she remembers my talk about networking and security from two years back, and that this is what inspired her to study computer science. Such things make it all worth a while. You never know whose life you are going to change.
One advice I always give is don’t wait for anyone to tell you what you can or can’t do. If you want to get into cybersecurity, there’s plenty of content for you to learn from. Start with YouTube, Udemy or OWASP materials. Don’t stop learning, evolving and trying out new things. Read about a cool idea in a blog? Try implementing it yourself! Don’t know how to code? Find a nice beginner tutorial. Lots of practice will help you gain confidence.
Just before you go, what’s your favourite thing about working in the cloud security space and where do you see Solvo heading in the next few years? Congratulations on the recent $3 million seed funding round by the way!
Thank you! Our vision at Solvo is to create a success platform for everything cloud security. We understand the challenges and difficulties of the developers and the security team, and want to give each of them what they need in order to accelerate their success. Developers mainly wish not to be disturbed, while the security team wants to make sure they are compliant, safe, and have handled any risky event that may have occurred. That’s why the future is supporting safe R&D processes, in an easy and seamless way, that integrates with the current workflows instead of trying to change them. It’s exciting to be able to think about what the future should look like and then just go ahead and make it.
In the next few years, you will probably meet us leading the developer-centric cloud security approach. Remember where you first heard about it. I think that the InfoSec community is very inclusive and very susceptive, and this is why I love being a part of it. The community is a safe place to ask technical questions, career advice and mentorship.