One woman making a name for herself is Shimrit Tzur-David, co-founder and CTO of Secret Double Octopus, a cyber security company that uses secret sharing (what is used to protect nuclear codes) to enable companies to do away with passwords all together.
Being one of very few female founders in the cyber security world, Tzur-David is well positioned to address this extremely relevant topic. In an exclusive interview with Information Age, she discussed building a cyber company in today’s male driven climate, as well as providing us with information about password-free keyless authentication technology.
What was your experience of starting your own cyber security company?
My first experience in a male-dominated work environment dates back to my service in the Israel Defense Forces, where I served as a sabotage and mines instructor. Since then, due to my academic choices, I’ve always found myself in male-dominated environments.
My cyber security career began as part of my academic research as a PhD student at Hebrew University, where I focused on anomaly detection for zero-day attacks, fast pattern matching for deep packet inspection and hardware-based algorithms. My career continued as a postdoctoral researcher at Ben-Gurion University in Beer Sheba with Professor Shlomi Dolev. It was there that JVP, one of Israel’s leading venture capital firms, matched us with our CEO, Raz Rafaeli, to apply our research- this is where Secret Double Octopus was born.
Everything moved very quickly after that and I found myself interviewing potential CEOs and key position partners, something I was completely unprepared for. While I was very familiar with cyber security technology, I was not comfortable with the business aspect of running a startup. It has never been an easy process but it is one that still fascinantes me to this day.
How do your solutions differ from your competitors?
There are a lot of great solutions being offered now in the security landscape, from multi-factor authentication vendors, to key-based encryption and biometric solutions. Secret Double Octopus differentiates itself from the rest by offering multi-shield protection so the user’s identity and data are still protected even in the case of SMS hijacking, PKI manipulation, key theft or push notification cracking. Additionally, we provide the only solution in the market that applies keyless authentication and data-in-motion protection for cloud, mobile and IoT.
Is the password dead?
It definitely should be. For the past decade, many of the top people in computing have been claiming that the password is dead, and it’s more true now than ever before. With the steady increase of hacks and data breaches in the past 10 years, passwords have proven they’re no longer reliable. In fact, 4 out of 5 data breaches are due to stolen or weak passwords. Regardless of their securability (or lack thereof), passwords have remained as long as they have because it’s what people know, even though passwords are incredibly frustrating and hard to remember for many users. What needs to happen, and what is currently happening, is companies need to apply new security solutions that don’t compromise positive user experience.
Why are there such few women in the cyber security space?
While I may be an expert in cyber security, I do not consider myself an expert on gender bias in the tech space and can only speak from my own experiences. I would start off by saying that I am not a women’s rights activist by choice, but that being in an executive position within the IT industry automatically makes me one. I was extremely fortunate in that I knew I was interested in pursuing a career in tech since I was a little girl and nothing could deter me. The tech industry is indeed male dominated and although I have thankfully never encountered gender discrimination personally, I know it exists in our industry.
One reason I think women are discouraged from joining the cyber security industry is because of the working environments and conditions. There are women who don’t feel comfortable in a male-dominated environment due to sexism, which can begin prior to them starting high school. There have been many studies conducted on the low numbers of women in STEM fields, with a variety of different results. Some studies found that teachers of young women are at fault, other studies have pointed a finger at parents and one study even suggested tech’s “geeky environment” as a reason they aren’t interested in STEM fields. If society worked to positively influence young women in tech and STEM, I think there would be a turnaround in terms of numbers. The cyber security field needs a rebranding.
Speaking from personal experience, I believe another reason is lack of self-confidence. There were many times in my career, where I found myself in situations presented with attractive opportunities but unable to act on them as I didn’t see myself as an appropriate candidate, not because I wasn’t talented enough for the job, but because I didn’t have the courage to apply. Today, I have learned to believe in myself and my skills and I’m no longer lacking self confidence. In general, I think many women are perfectionists, most of the time this is a great advantage but in some cases it can stop them from grabbing opportunities.
How can the industry address this? Why is it necessary?
Thankfully, the industry has already begun to address these issues. There are a number of wonderful organizations and communities that were created in order to focus on the different aspects of the development of women as scientists. Some aim to foster interest in STEM amongst young girls, others are working to make the work climate more female friendly, and others are building networks and providing mentors on which women can rely.
Many women want a career they can be passionate about, so the industry should take steps to rebrand the cyber security sector and make it more attractive both to its employees and to the public.
There are also things we as a society can do. We can take it upon ourselves to educate and encourage female students to pursue a career in STEM and urge them on throughout the process. We can work to correct the negative perceptions girls develop at a young age and lead them to embrace these subjects.
The cyber security field is currently facing a worker shortage. There are only around 10% women in cyber security. Companies understand that a diverse workforce drives innovation and to get that diversity, they are looking for qualified women. To get more of these qualified women, we need to have female role models for the next generation, and to achieve this, we need to promote women currently in the cyber security and empower them to hold key positions in the industry.