Home Interviews “Attackers are looking to break into your organization either by a broken...

“Attackers are looking to break into your organization either by a broken VPN or RDP protocols”

It’s not every day that one gets to meet an influential person from the world of cybersecurity. CISO MAG caught up with Yotam Gutman, Marketing Director at SentinelOne. He once served as Lt. Commander in the Israel Navy. He was chosen as one of the top 5 Security Influencers to Follow on LinkedIn.

Lt. Commander (Ret.) Israel Navy, Gutman has filled several operational, technical, and business positions at defense, HLS, Intelligence, and cybersecurity companies, and provided consulting services for numerous others. He joined SentinelOne 8 months ago to oversee local marketing activities in Israel and contribute to the global content marketing team. Gutman founded and managed the Cybersecurity Marketing Professionals Community, which includes over 300 marketing professionals from more than 170 cyber companies.

In a Zoom call with Brian Pereira, Principal Editor, CISO MAG, Gutman tells us about his journey from the Israeli Navy to Homeland Security and then to a cybersecurity startup ecosystem in Israel, finally becoming the Marketing Director at SentinelOne. He also discusses how SentinelOne grew from a startup to a global organization in less than a decade.

Edited excerpts from the interview follow:

You served the Israeli Navy but how did you get into cybersecurity? What are your core interests in this field?

My route into cybersecurity was a peculiar one. Like most Israelis, I served in the armed forces, specifically in the Israeli Navy, where I was an officer for six and a half years, starting with serving on missile ships.  Later, I served as an instructor at the naval academy. On completion of service, I started working with Israeli defense companies, which worked extensively with India. After that, I moved to Homeland Security, and you will recall the terrorist attacks in Mumbai, around 2008. Israeli companies work with governments and organizations all over the world to improve their internal security, smart cities, and border security. Four years later, I saw that form of terrorism is starting to decline and that there is an emerging field called cybersecurity.

In 2010, there was a cyberattack on Iran’s nuclear facility (Stuxnet), and that incident highlighted the need to secure not just the IT infrastructure and the data that resides within but also the physical infrastructure.

Pursuing the current opportunities, I have worked with Israeli startups–there are 350 cybersecurity startups in Israel that are divided into roughly 150 cybersecurity product categories, collectively. My niche within that was to take my previous experience, product skills, pre-sale skills, marketing skills, and help those companies with their product offerings. And for the past six years, I moved between companies until I found my current position.

During this time, I met hundreds of local marketers and professionals and there was much sharing in communities, and we also established a community of like-minded professionals to share information about cybersecurity and marketing. Currently, this community has 350 members from all the major cybersecurity companies in Israel.

Can you tell us the story of SentinelOne and how it scaled up so quickly? How did you land up at SentinelOne? What are you involved in these days?

SentinelOne was established more than seven years ago and it was just like any other startup. People (in the company) knew one another from the military service and they came up with an idea to improve endpoint security. SentinelOne grew very rapidly and most of the company is now located overseas. The HQ is in the U.S. and they now have a large presence in the EU. We just established the first Asia Pacific HQ in Singapore. So, it has grown very quickly, and we now have 500 employees and many customers.

I got into it through one of the people in the community, who is also an ex-Israeli Navy. He suggested that I help them boost their marketing efforts on the local front. SentinelOne has been investing in brand awareness and brand recognition globally, especially in the North American market. And in the local market, it never got sufficient attention. But when it got to a point where we needed to recruit about 100 people each year, the lack of public awareness became a challenge.

I joined about a year ago. I began as a consultant and then I saw it as a good fit, and later joined full time, last January.

On the local front, I am helping with recruitment marketing, and we look for the top talent in cybersecurity and technology, in general. I’m also part of the global marketing team made up of content marketers, product marketers, people who are tech-savvy — and we create content that generates leads. We publish that content in many channels.

As an outsider, I was impressed with SentinelOne as it achieved something very few companies in the world, especially here in Israel, are able to do on that scale. Last year we did a business of $100 mn globally and this year we hope to increase that.

Even the pandemic has not made a dent in our sales. So, I am envisioning great things for this company.

How did you help customers when the pandemic was announced in March?

When this happened, we were among the first to inform customers about the risks of working from home. We conducted a webinar in early March to inform them. We also reached out to our existing customers and offered to extend the number of licenses. Since they were sending workers home, they would be looking to buy new licenses. That’s not something they were expecting. That’s not something that was budgeted. We offered that to them for a period of 90 days and this was also available to new customers.

We then started monitoring the threat intelligence landscape, and we have a blog with COVID-related threats. We advise people about IOCs (Indicators of Compromise) and compromised IP addresses.  We also beefed up our support and conduct surveys to measure their level of satisfaction.

How has the SentinelOne product evolved to help remote workers in a decentralized environment? Can it stop ransomware?

The product was initially built as an on-prem solution. We observe that people who work from remote locations connect and then they disconnect and go to a coffee shop and continue working. So, our product can work even in a non-connected environment when you are not connected to the cloud, or where there is no Wi-Fi connection. Our product will still secure you in a robust manner.

We invest in the autonomy of the product. We also invest in the ability to perform a roll-back, specifically for ransomware attacks. Sometimes our systems are able to stop these attacks. So, this is behavioral-based. If it is not a known threat, we will pick it up, but sometimes we could be late by a few seconds. That’s why we make sure that the product allows one to roll back and decrypt some of the files. We were also able to detect new forms of ransomware, create a decryptor, and publish it online for anyone to access.

To counter this, we identify a new device on the network and fingerprint it, and we compare it to other devices in the network. Let’s say it is a security camera. If it starts behaving differently from other cameras, we can then block it through the firewall and prevent it from accessing the external world. So, we can restrict its behavior in a cyberattack.

This is an ongoing battle. We have to keep learning what the attackers are doing and keep training our algorithm to respond to the threat.

Read a longer version of this interview in the October 2020 issue of CISO MAG. Subscribe here.