 Our services delivery model is similar to your any other product kind of a subscription. The customer will subscribe to Tom Noon, select the package and will be set with the platform. The differentiator for us is that with the platform you're also getting this wide glove service of the Cloud Pros whenever you need. Hi, this is your host Apil Bhartia and welcome to another episode of Let's Talk About AI. Today we have with us Marina Sigal, CEO and co-founder of Tom Noon. Marina is great to have you on the show. Great to be here. Thank you for having me. It's my pleasure to host you here today and since you are co-founder of the company, I would love to know a bit about the history, the story of the company, when it was created, what problem you saw in the market that you felt nobody else is solving or addressing that you wanted to address. So let's get into that. So the history goes back into when me and my co-founders who work together in one of the pioneers of the cloud security posture management space. We all are coming from dom9 security that got acquired by Checkpoint and the CSPM space evolved into CNAP space and this is a very large market in the cloud security these days that is growing at a fascinating speed. And we were really passionate about the problem space of cloud security in general and by coming out of the CNAP space, which is mostly focused on detection, we knew that the next challenge will be in the remediation space and that was the problem that we decided to tackle in dom9. So dom9 is focused on how do we solve this challenge of remediating security, cloud security issues in a safe manner and in a very effective and precise way. If we look at security and specifically if we look at cloud security, how different is it from traditional IT security because traditional word security was someone else's problem. It was also an after that thought there was also different silos. Cloud seemed to be like a magical place that if you move to the cloud, all your problems will magically disappear, which is not the case. How security is different from traditional mindset and does it pose more challenges or it makes things easier for developers or operators? Cloud is much more dynamic and fast and things that are running in the cloud have a magnitude of the impact and the speed that we've seen before in the on-prem environment and even in hybrid environment. And because of this, the challenges are, the security is the same kind of, I have similar concepts, but the challenges are different. Nowadays what we need to focus on is on how to solve problems at scale without breaking anything that is running and changing so fast. And the lack of expertise in the field is not helping because the cloud evolves so fast and we couldn't train as many people at the same pace as our technologies have been developing and security usually comes after the technology that has been developed. So with all of that, the expertise problem, the resources problem, the dynamic nature of the cloud, it's just much more significant and high velocity problem to solve. You talked about shortage of people and everything. I also want to look at it from two different aspects. One is technology and one is people or culture. In cloud, what is dominant from what I heard is that technology is the easy part. People is the challenging part where you have to bring in those cultural changes. It seems like you kind of attached upon that. Technology is the thing that we know how to build, we are solving it, we are developing it. The biggest challenge with any technology, it doesn't matter if it's cloud or enterprise software or wherever technology will bring into the enterprises. It's the people in the process side that is getting problematic because you need to find the right people, you need to train the people and you need to make sure that the process is aligned with the technology that you're bringing in and that's exactly the core problem where that's a noon is coming to tackle with a newer approach to the cloud security. Who do you think is responsible for security in cloud? Is it developers? Is it, you know, operators and devops? Is it CISOs? Is it CEOs? And to also understand that which team are you targeting? Great question. There are different pieces of security and each team will be responsible for their own part of the process. And together, all of those pieces, they're kind of a part of the puzzle that we are putting together to solve for security in the cloud. So while security is coming with more of an overseeing function of a function that provides the tool sets, the governance, the definitions of how to secure and what needs to be secured, the execution is on the developers and the devops teams typically. And the biggest challenge is how to make them work together in collaboration in a very effective way so that each one of those teams knows what they are responsible for and how to make the other team successful through the collaboration. And that's where we are lacking and that's where the major gaps in security are that we are seeing these days. So while we understand it on paper, creating tool sets and creating the processes and making those teams collaborate is a very challenging task. Now let's look at your solutions because once again, when it comes to cloud, cloud is complex. The complexity is not going to go away, especially if you look at, you know, cloud native where you're building things yourself. That complexity is not going to go away, we have to deal with it and then you bring in security that adds another layer of complexity. But you cannot compromise with security just because things are complicated. So talk a bit about how do you make it easier for teams lower the barrier of entities so they don't have to, number one, compromise with security too, is that the teams can focus on building business application, which is the real bread and butter versus getting too much overwhelm with all these things which are important, but that should not be their job. Absolutely. So when we're looking at the security space, there are two parts of any kind of a security problem. One thing that you need to do is to detect what security issue you have and the other side of it is how do you fix it, right? So when you found the problem, the next step is actually the most challenging part of it is who's going to solve it, how they're going to solve it, and actually how they are going to do it without interrupting working production environment and without putting too much time outside of the daily jobs. And what we are seeing is that this process is requiring approach that is not only the technology and not only manual, it needs some combination of both worlds. We need a very scalable and strong technology to support the process, but we still need human involvement in order to make the decisions that are very complex to happen. And that's why Mr. Noon's approach by taking tech-enabled managed service that is driven by AI and powered by cloud-native technologies, we are solving this problem in a new and destructive way while providing the managed services component, but still providing the right technology to support it. And this way where we are finding that when we are providing a recommendation to the customer or a task that they need to focus on, this task already comes with the entire analysis of what will get broken if you're going to fix this problem, how to make the developers be comfortable with running the automation and ensure that nothing else that they are building is going to get impacted. So that's the fundamental piece where security nowadays needs to not only care about the security, but also care about what the production impact of those security changes that you're bringing in will cause and how to deal with it on a daily basis. No, let's also talk about the company. You folks announced seed funding and came out of its stealth. Talk a bit about funding. Let's also look at the areas, of course, companies new, so you will be growing in different parts, but what are the areas that you're going to focus on for, let's say, next one year? So our company is new, but we already have paying customers and we're already delivering the service and the technology to large and significant deployments in the cloud. Our focus in the next year would be two pieces. One is the services delivery side. How do we deliver the service to those customers that is enabled and empowered by technology? What are those methodologies and the steps that we are taking with the customers to make them satisfied with every interaction that should supposed to bring the value for the minutes they spent with us? And the other part is obviously the technology. Our AI-proud platform has a lot of different capabilities and each one of those capabilities is a whole separate roadmap. So our focus in the next year would be to provide AI capabilities for remediation purposes in the cloud and make sure that our remediation playbooks and technology is allowing customers to query and ask the questions and get the right answers from the platform as well as from our cloud pros for constantly contributing to the process. Can you also talk a bit about the leadership within the team? Absolutely. So we recently hired two executives who are joining our team from many years of experience in security. So one of them is Rand Agmias who is joining us as our CBO. He is a veteran in cloud and security and we work together back in the days during the checkpoint times. Rand is bringing the expertise in how to scale operations and go to market functions from different startups as well as through different acquisitions that he went through. Another executive that is one of the key hires is Joni Levovich, Jonathan Levovich. He is coming from again cloud security, a background in solution architecture from checkpoint and other companies in several startups. He's focused on building the team, building the practice of services delivery in, he's located on the east coast where we are planning to establish our remediation center for Termnune. Now when we are talking about making things easier for teams, can you also talk about when you look at Termnune, what kind of offering are we looking at? Do you offer software? Do you offer SaaS? Do you offer? So just give us an overview of your offerings. The innovation that Termnune brings to the managed services, delivery process is the technology. Our services delivery model is similar to your, any other product kind of a subscription. The customer will subscribe to Termnune, select the package and will be set with the platform. The differentiator for us is that with the platform you're also getting this wide glove service of the cloud process whenever you need them. So basically you will get the playbooks, you will get the prioritization and all of the goodies that you get from the technology and at the same time you are getting a cloud pro expert that knows your environment really well and allowing you to expand your team while getting more resources handy to you whenever you need them. Let's talk about something which is the hottest topic these generative AI GPT. What role do you see generative AI is going to play in cloud security space? And let's look at it from two different lenses. What is security for generative AI and second is generative AI for security? Security for generative AI. I don't see any difference between security for serverless or security for containers or security for any other types of new deployment models that we've seen in the past. So there will be definitely a set of controls and innovations and also products and technologies that we will develop to secure generative AI. There is a nuance to generative AI where we talk about privacy but I will put it aside but security wise I don't see a lot of differences. The main difference probably will be coming from the privacy and those types of regulations. And when we are talking about generative AI for security that's definitely a very fascinating piece of technology and in in progress that we are seeing that will allow us to execute faster. I'm so happy that we are getting these types of technologies these days because I think with the scale of the cloud and with the high velocity having such a huge amount of help that you can get for investigation capabilities for understanding the risks for even creating the remediation options with the technology it can be a huge jumpstart for the entire industry and the maturity levels of the technologies that we provide today. So I think definitely a lot of those tasks that we were doing manually for SOC and for GRC functions for different functions in security can be offloaded to technologies and we will be able to involve humans in the places where we actually need a more specific approach and for them known it's amazing because nowadays we will be able to do what we were planning to do much faster. How mature do you think generative AI is at this point? I mean of course it's very, very early but I talked to a lot of companies especially in the security space and they are already putting generative AI to use from your perspective, from Tenman's perspective, how mature do you think it is or you're still going to wait for a while for it to and here we are talking about the AI for security not the other way around. It's not mature and that's why we need humans to oversee and have a concierge on top of it. You cannot just let, same as we are not seeing Tesla or self-driving cars driving around without driver we still cannot let AI or generative AI models to run on their own. Definitely it will be in the phase of teaching and maturing those tools I believe for a couple of years. I don't think that we will be anytime soon at the place where we can just replace SOC analysts with a generative AI model just because of the impact that it can cause and the risk levels that potentially can increase by just letting machines drive it all on their own. I just had another discussion with a new AI company just like two hours ago and thing is that sometimes there is a minute depends on what kind of oil you are on that hey generative AI is going to take all our job replace up with you know bots and robots but the reality is that the good example that I gave is a photoshop photoshop did not eliminate the jobs of photographer is actually enabled not only those photographers to focus more time on high level thing get more clients and also enable a lot of the folks to get into the business versus earlier the same thing with the AI also I was talking to Stack Over Flow see a few days ago and he was like what the trend we are seeing is that it frees a lot of developers time in all those mundane tasks so they can they can go up higher in the ladder versus you know so sellers go up quality of code will go up so when you are saying you know that well analysts so should analysts worry that a generative AI is going to take their jobs away or you're like no it will just you know empower them it will be just like a tool I think we would see a much higher quality in in the detection rates and in false positive less false positive rates and we will definitely be able to reduce the amount of resources deficit in the industry but we will not be able to solve it all also we would see a new jobs coming out that are as a result of generative AI you probably will need to have new skill sets and be able to be more of an operator rather than an analyst so you would have this companion of AI doing everything for you but you will need to be able to ask the right question so we will not be able to eliminate humans will we be able to eliminate the amount of risk that we never got to look at before Marina thank you so much for taking time out today and talk about the company and I would love to chat with you for a second because I can see there are a lot of things in the pipeline thank you thank you thank you so much so much for having me