Adi Sharabani, CEO and co-founder of mobile security company Skycure, spoke about threats on mobile devices at RSA Conference APJ 2014 in Singapore. In this Q&A he talks about what excites him about information security and how he got to where he is today.
RSA Conference: Can you provide some background on how you got into the security industry and how you ended up where you are today?
Sharabani: As a child I was always excited about technology and security was closely tied to this. I am an 8200 veteran, one of the known security units in the Israel Defense Forces. This really opened my eyes to the world and history of security. I later joined a company called Watchfire, a leader in the field of application security. At Watchfire I built and managed the security and research team and was in charge of identifying new threats that the Internet poses on applications. IBM eventually acquired Watchfire and I continued my work leading security for IBM software products.
Skycure was created when Yair Amit (who is now the CTO of Skycure) and I spent our time analyzing various systems and identified a simple truth–when it comes to desktops & servers there are a myriad of solutions to identify and protect against threats. At the end of the day, anything is breakable. Not only was there a need to manage the operations, detect and handle these threats, but organizations also needed the ability to evolve to address the changing nature of these attacks.
Mobile devices are becoming the weakest link when it comes to corporate security and for the most part, these devices are simply running naked. It was clear to both Yair and I that there is a real need to identify and protect against all mobile related threats. This is what really ignited the start of Skycure and my focus today.
RSA Conference: What excites you the most about working in the security industry?
Sharabani: I’m obviously very passionate about this, so let me break this down.
From a security and research standpoint, mobile represents some of the toughest challenges in the security field today and one of the biggest challenges in the technical world. There are constant holes in mobile technology - tracking them all is a futile exercise. This challenge excites me because, quite simply, it’s really hard. For example, how do you break into the most up-to-date iOS device? What I love about this is that I know there is an answer – everything is breakable, everything is possible. Combine this with the challenge of the unknown and that’s what gives me an adrenaline rush. Researching these problems and working with peers to solve them is something that I am ecstatic about. When you find that small hole in the armor, that tipping point, it is the most amazing experience of all.
The second aspect is changing the way security works. We’ve seen the IT industry go through a revolution the past few years. Solutions now exist to automate the process of assessing, using, deploying, and even getting IT-related tools in the hands of customers. This same revolution is coming to the security industry.
What excites me the most is being at the start of this revolution. In the coming years we will see large deals in the security industry conducted without traditional sales cycles. To really ensure protection, we have to make the process of securing every device much faster, easier to use, and more efficient.
RSA Conference: If you could pick one thing that has made the most important impact on your career and where you are today, what would it be?
Sharabani: My father is not a technical person. But I have a vivid memory of him holding a screwdriver and standing over our video player when I was a child. I asked what he was doing. He said the video player was broken and he was going to fix it. I was impressed. I had no idea my father had a hidden skill set of fixing video players, and so I asked him about this. Imagine my shock when he told me he simply had no clue on how video player works. He said, “We’ll see,” and proceeded to take the machine apart. I watched, transfixed (and with constant interruptions as children do), as he turned the screws and removed the cover. He later found a ribbon that was ripped, searched for ribbons of similar size and began the fitting process. Through trial and error, suddenly the video player worked. I was amazed.
You don’t need to know how to do anything, you just need to experiment. Endorsing challenges has become a key part of my life. Opening things, taking them apart, looking at them and challenging myself is what really made me who I am. You can build your biggest capabilities through trial and failure and be prepared to handle any new challenge.
This is why I love research in the security industry, and it’s a philosophy I take into every technical problem. I see things and immediately want to open them, see how they work, learn from that, and see how I can make them better. Just as in life, you see challenges. Endorse, embrace and appreciate them. When you find yourself facing that brick wall, this is how you build your toolset to overcome and become stronger. This is how you build leaders in the security research industry.
RSA Conference: How do you think the industry can come together even better to share ideas and innovations?
Sharabani: We are doing a good job on the research front. There are a lot of discussions from researchers (like us and others), and conferences such as RSA Conference do much to encourage this. The problem is that the collaboration is more theoretical and less practical in knowledge of actual threats we see daily. It is clear that what is missing is a platform that would allow all vendors to collaborate on actual data that they see. This would give us the ability to fight the threats we see on a day-to-day basis, together. We can leverage that collaboration to be much smarter in addressing, predicting and protecting against the changing nature of threats in this world.
RSA Conference: What has changed in the industry that would affect what you talked about at RSA Conference 2014?
Sharabani: At the RSA Conference 2014 we uncovered new mobile-related vulnerabilities and summarized the different vectors of attacks affecting organizations. The number of mobile devices is growing steadily and will only increase. Business is no longer conducted just on desktops. Its core functionality is moving to the mobile devices.
The notion of mobile will become redundant as a few years from now everything will become mobile. Targeting the mobile devices of organizations will be the focal point of attacks. Attackers are seeing that the value of mobile attacks is increasing and that increases the risk to organizations. There has also been a substantial increase in the amount of threats uncovered on a day-to-day basis. For example we recently discussed maps.skycure.com at RSA Conference where you can see all of the threats around you and see first-hand the massive amount of attacks. This will only continue to skyrocket as we move into the coming year.