Getting into Cybersecurity

Are you looking to get into cybersecurity? This is my story of how I got into the field with a world class company, and why you should seriously consider the field.

My name is Cohavit Almagor, I’m married and a mother to three amazing kids. I’m also an R&D executive with many years of extensive hands-on, managerial and cross-functional leadership experience across the product development life cycle.

My story about getting into the cybersecurity field is not a trivial one:

-         NO, I didn’t serve in one of the Elite Intelligence Units in the Israeli army like many of the people in the industry

-         And NO, even though I have many years of technological experience, most of them are in fields which are not related to the cybersecurity area at all

-         And YES, getting into the cybersecurity required me to make some concessions

In a nutshell - I started my journey in the cybersecurity field because I WANTED TO.

How did I get to Palo Alto Networks?

After I completed computer science and math as well as MBA degrees, I started to work for several high-tech companies, at first, as a RT embedded programmer (C, Assembly), and then, as a high-level application engineer (C++, Java). My career was progressing as I expected, and I enjoyed working on different product layers, understanding the full flow and how products work end to end. I enjoyed experiencing and learning about management and leadership aspects as I was progressing with my career.

BUT all this time there was something missing… in fact, the more I was growing my career to higher management positions, the more this feeling got me.

It took me time to realize, but after long conversations with people I trust (family members and mentors), I came to understand that I was missing a sense of purpose! I wanted to feel passionate about the products I deliver to customers. I wanted to feel that they are doing something more meaningful then save them money or transferring data from one point to another (in an effective way...of course…) – but I wanted to feel that the products I deliver are lifesaving, protect from something evil, and make the world a better place.

And believe it or not, understanding the problem is half of the solution. So, I started looking for a new career opportunity, but this time I was focusing on the company’s products rather than a job function.

When a recruiter called me from a small start-up called “Cyvera”, there was no one happier and excited than me. After the interview with the VP of R&D he told me that as much as he appreciates my managerial experience as well as my passion, I am missing some fundamental technological background. They had found another candidate from Elite Intelligence Unit who would fit better to the Dev Manager role. I didn’t give up and immediately asked if there was another role. He thought a bit and then told me: “You know what? We are working on an endpoint protection product and we need to have a QA manager that will make all the endless tests permutations automatic – do you want to take this challenge?” After we talked some more I came to realize that endpoints are one of the most vulnerable components of the IT infrastructure. Nearly every attack first relies on compromising one of them, so I decided to take the opportunity!

When I came to sign, I understood that Palo Alto Networks had recently acquired this start up.

Testing the Endpoint

When I joined Palo Alto Networks (Cyvera), the Endpoint quality team was small and most of the team members were doing manual tests only. My first task was to build the organization from scratch, hiring leaders in several quality areas relevant to the endpoint – my motto was – “ my name is Cohavit (which means, star(light)) and I am hiring stars to join me.”

I was looking for Automation infrastructure (a leader with pure SW background), Performance (Endpoint perf is not trivial to measure like server perf), Functional & System (I needed someone with IT knowledge that had experience with security products as well as customers’ needs), and even a research lead for the penetration testing and security evaluation area. As a quality manager of a startup that was just acquired by a large company, I had the privilege to be a major part of establishing the foundations of processes such as Dev life cycle, version release & exit criteria, and customer deployment.

The greatest challenge of testing endpoints are the endless number of permutations and complex matrix of several parameters: there are versions of operating systems (windows, Mac, Linux, Android, each with its own version line), processes running on the endpoint (each with different version line), there are different sets of behaviors to different types of users, different customers’ architectures (like VDI) etc… and all of these keeps being updated on a regular basis.

The main solution for testing the above is a combination of maintaining a good relationship with customers, focusing on the relevant tests, building Labs that represent different sectors, running the common user-flows and of course, make it all AUTOMATED so a testing cycle can be completed within a reasonable time!

The greatest advantage of being in the testing field is getting an holistic view of the product and its use by customers. During that period, I learned a lot about cybersecurity– I learned how do exploit and malware work, different attack methods, the different phases in a cyber-attacks, the difference between preventing and detecting an attack, the implications and damages that can be done, and ways for remediation. It was all fascinating! 

From the QA --> R&D, From the On-Prem --> Cloud

After ~3 years, I had the opportunity to start a new role in the endpoint security product. A new manager joined, and decided to dissemble the quality group to the different product components (server & agent), which gave me the opportunity to manage the Servers group. The Server composed of two product lines: On-Prem (which has less of our focus over time) and the new Traps management service (a new cloud-based management system).

Managing an R&D group was not completely new to me – BUT starting over is always challenging, no matter how much experience you have under your belt. As a Quality manager, I was focusing on three main goals: conduct clear reports measuring the product’s quality, act as a gatekeeper by setting the exit criteria for the product’s release, all while raising flags when needed and focusing on the right tests to make sure testing can be done in a reasonable timeline.

The new role of managing the Servers R&D group forced me to do several switches in my way of thinking as well as day-to-day work. Now, it was all up to the group I was leading, and I had to look at the broader picture: planning, execution, and delivery with high quality. I had to change my approach to be more strategic and I had to focus on new areas:

· Organization, People, and Processes - I had responsibility over a new organization and I had to build leadership capacity, make sure the org structure matches the mission, ensure that the group has the right people on the right roles as well as relevant expertise and technical abilities. I had to rebuild the Dev life cycle processes and move to Agile while partnering with stakeholders like PMs and Support to make sure we were establishing productive working relationships.

· Technical Strategy – I had to develop a technical vision and road-map for the Cloud based server (Traps Management Service) on the architecture and technology. I managed aspects including managing and supporting new agent capabilities, providing additional security and stability, completing complex integrations with our application framework, and enable simple and friendly management for large enterprise customers as well as smooth move from the On-Prem to the cloud.

· Planning and Execution – Turn the above into a plan which will be delivered on time with high quality.

· Production Environment - Take ownership for customer experience and satisfaction for Traps management Service on production including the required measurements for customer experience, establishing production routines and building the right supporting tools.

This is my current role and I am excited coming to work every day knowing we deliver a great product. I am equally passionate about technology and customers and I thoroughly enjoy driving employees to deliver successful products.

But Why Palo Alto Networks?

During my career journey, I have had the opportunity to work for several companies and I also know people that works for many others. So far in my career, I believe that Palo Alto Networks is one of the BEST companies to work for:

- Colossal vision. Our mission is to protect our way of life in the digital age by preventing successful cyber attacks. In my opinion, this is an inspiring vision and a winning approach against sophisticated cyber-criminals. We have also a unique solution for detection and response that allows us to rapidly detect and respond to threats across the enterprise, spanning the network, cloud, and endpoints.

- Endless opportunities. I feel that the sky is the limit here. We are a result driven company which continuously supports and encourages people who can deliver and prove themselves. I can mention several career journeys (including mine) where employee’s careers were dramatically progressing, or they changed several positions within the company. Additionally, the company encourages employees’ initiatives which match its culture. I can tell you from my personal experience that I initiated a community outreach program in which the employees are lecturing and mentoring high school students. This program is done with the full support of the company and in cooperation with the Ministry of Education and the Manufacturers Association, in order to enhance relevance to the industry of what is taught in schools.

- The people and culture. People here have no ego, they are super professional in their domain and passionate about technology and the company’s mission. Palo Alto Networks encourages its employees to solve customers’ problems with initiative, and to take risks while learning from mistakes. I have had the opportunity and honor to have the greatest team, work with amazing colleagues from which I learned a lot, and worked with great managers who are taking extra care of my personal development and which is maximizing my abilities.

-        

I hope you've enjoyed reading this blog as much as I've enjoyed writing it. more to come soon!

If you are inspired and interested in having an impact on our mission and joining my team feel free to contact me.