The following interview is a conversation we had with Arie Zilberstein, CEO and Co-Founder of Gem Security, on our podcast Category Visionaries. You can view the full episode here: $34 Million Raised to Power the Future of Cloud Detection and Response

Arie Zilberstein
Thank you for having me. 

Brett
Not a problem. So I was doing some research before the interview, and I see that you spent about a decade in Israel’s infamous unit 8200. So tell us about your time there. 

Arie Zilberstein
That’s right. Spent about a decade in the unit and a few of my best years in life so far. Even before starting gem security, I spent a decade doing different things from being an engineer, growing up the ladder, and being a manager, and then obviously getting into the cybersecurity area and leading offense security operations. And probably these years were where we had the most exciting challenges that we had to solve. I think one thing that was quite interesting in the unit is that we had a belief that we could solve things that are impossible, and we did many things that are in the outer world or seems quite impossible to solve. And getting that notion, cracking these type of challenges and puzzles that are perceived impossible in the unit actually taught me that everything is pretty much impossible. 

Arie Zilberstein
And these one of the values that they got out of the unit that shaped the way I am actually today. 

Brett
When you were first starting gem security, did you have anyone who thought it was impossible and tried to convince you to maybe do something else or go after a different market? For sure. 

Arie Zilberstein
When we started the company, we had a lot of advisors, friends, security practitioner that we consulted with, and some were pretty excited about what you’re doing. Some were skeptical that this is a space, it’s something we should do. But, you know, we listen to our heart and to our hunch, based on many years of experience in this space, to go and pursue that. And I think today, about two years after we started the company, I believe that the initial vision that is pretty accurately today, what we’re doing, proved that what we’re doing is the right thing, that we’re pursuing. 

Brett
Now, I understand after you left 8200, then you went to work at Signia, and you were leading incident response there as VP or eventually became VP. What did you learn during your time at Signia and then what led to you saying, I’m going to leave this company behind and go start my own company? 

Arie Zilberstein
So Signia was actually probably the best company to land after Union 8200 and after the IDF. If I wanted to be a founder and wanted to get broad perspective what security industry looks like and get to actual experience of what cybersecurity looks like at Signia was the VP of incident response, meaning that I had the opportunity and privilege to work with hundreds of companies that needed to respond to high profile breaches that happen in their environment. Meaning that when the company is on fire, they called us as an inch response company to respond to that, navigate the crisis, work with executive, but also solve the puzzle of the incident. 

Arie Zilberstein
That was pretty amazing experience to have to work with executive, to work with things, and also when something bad happens with the company is also a good place to see what working, but also and pretty much more so what breaks, and the things that we saw that breaks led us to some of the challenges we’re tackling today at gem security. And we’ll speak about it probably soon, too. 

Brett
Let’s talk about it. So, at a high level, when it comes to gem security, how do you think about describing what you do? Or how do you describe what you do? 

Arie Zilberstein
So, coming from the incident response space and tackling hundreds of breaches in the wild, on premise breaches and cloud native breaches, what we’ve seen in many years, whenever we came to respond to something bad happens in the cloud bridge, we saw that the situation was just harder. Organization didn’t have enough visibility to, they didn’t have means to detect, and they couldn’t respond in time to that incident. This triggers us, and you have to understand that there’s a gap in the market when it comes to really how companies detect and response to riches in the cloud and evolve the concept of what we’re doing. At Jamsico two is a cloud detection response. We help companies, and especially security operation incident responders better prepare to anything bad happen in the cloud. Bridges better see that, better detect it, and better respond to that. 

Arie Zilberstein
So ultimately, a cloud detection response. 

Brett
Take us back to the first, let’s say 90 days, maybe the first six months building this business and building this company. What did that 1st 90 days look like for you? 

Arie Zilberstein
It was amazing. It was amazing. For many reasons, because it was a lot of build. It was building the team, it was building the product, it was drawing on a whiteboard, the architecture and some of the first use cases we’re going to tackle. So I think the first 90 days, like coming together myself and founders running of here, it was about sitting and trying to understand what do we want to accomplish first? I think the first exciting part, which I really believe is really building the team, finding the right employees for the company from engineering and also from revenue side. The second part was really making our problem statement and the solution more accurate and building that foundations. 

Arie Zilberstein
And last is starting having the first introductions and first customer interaction to really understand and make our proposition faster, clearer, and to be able to guide us throughout what we’re building towards this journey. 

Brett
Take us back to the first paying customers that you were able to land. How did you pull that off? That’s something that every startup struggles with in the early days, is how do you get people to trust you and give you money? 

 

Arie Zilberstein
That’s an interesting, I think a few interesting stories here. But initially when we opened the company, one thing that we had in mind is that we sell the product from the first moment that we have the company, even before we have the product, because we want to understand that we’re selling something that is viable now. After a few months, were able to get our first design partner, which is a company that is really excited about solving that specific pain and chooses us as a team to solve that pain point. 

Arie Zilberstein
We got to work with a few amazing companies that believed in us, believed in team, believed in the proposition, and we spent a few months building the product together with them up to the point that we got back to them and said, did we deliver on the promise, on the proposition, on everything they said? And to be honest, and we are pretty fortunate to have that such a good execution that they said, yes, it’s a good thing. And this is how we transition some of our design partners after only a few months into paying customers. 

Brett
I want to also ask about some of the names that I see on the website. So some incredible endorsements from big CISO. So you have the Ciso or former Ciso City Twilio. You even have Admiral Mike Rogers there, the former head of the NSA. I actually saw him give a talk like ten years ago, so it was cool to see his face. But these are faces that are probably not easy to get to put on your website. How did you get their endorsement and how did you get them to be okay with kind of being out there and being in front of the brand like this. 

Arie Zilberstein
What I’ve also learned in building a business that it’s for sure not only about the product, about the technology, it’s a lot about relationship and building and being trusted, you know, trusted partner to many companies. So first of all, at the time of the incident response, this is really good time when you acquire relationship people that you can actually save their company and save their job sometimes. So this is a good way to drive relationships before that and even after the thing that I’ve done. And our founders at JeM is really building this relationship, finding the right opportunities and people to open the right doors, to be able to gain the trust within these people, to eventually have them as part of our journey. 

Arie Zilberstein
So that’s been also a focus for us to open the right doors, to speak with the right people, to gain the trust and prove that we are the proposition, the team and what we’re building at gems worth their time and their association with the company. And we are pretty fortunate to have an amazing group of people that are friends, founders, investors that are from the early days of Jim are really good partners of our sign this journey. 

Brett
If I look back through your history, what I don’t see is any titles related to marketing. So for you, when you were first starting gem, did you have any thoughts on marketing? Did you have a marketing philosophy? Or did you have to really just learn all of this marketing stuff since you launched the company? This show is brought to you by Front Lines Media podcast production studio that helps b two b founders launch, manage and grow their own podcast. Now, if you’re a founder, you may be thinking, I don’t have time to host a podcast. I’ve got a company to build. Well, that’s exactly what we built our service to do. You show up and host and we handle literally everything else. To set up a call to discuss launching your own podcast, visit Frontlines,io – podcast. Now back today’s episode. 

Arie Zilberstein
Doing instant response and being in the services is you sell, in many cases, yourself. Because we are providing the services and the quality of the service. This is, you know, that is actually doing the sales of the next part. So a lot of my experience was actually from doing services for a number of years, so that it was the first part. Second part was my co founder, Ron, who was forward to being a CTO, was a marketer himself as a company that worked before. So that brought a lot of experience back to the company. But to your point, many things that I do as a founder today, and the founder and CEO is learning things that I’ve never done myself. 

Arie Zilberstein
It’s about the marketing, it’s about the sales and many other venues of the company that it’s exciting new venues that I need to learn and for sure, many things I’ve learned in the past two years. Building gem how would you describe what. 

Brett
The marketing philosophy looks like today for. 

Arie Zilberstein
JeM in the market? Like cybersecurity markets, it’s really hard to navigate through the saturated noise in the market. Everyone is doing everything, many acronyms, many products. I think that our marketing strategy today is to be able to make the gym shine, to show differentiation, and also to make sure that the product really shines. So I think it’s a combination of really doing things around marketing, branding, and the way we are reaching and distributing the world. But it’s also, I think, a key part of marketing is actually having the right recognition and the right partners and customers. I think the best recognition that we get so far is having happy customers that speak about us and they would drive the actual differentiation of the product among the crowd, peer to peer, and among the crowds that we want to shine within them. 

Brett
When it comes to your market category, what category do you want to be in? And then what category do you get placed in? Like, are you placed in the SIM category typically, or where do you get placed and where do you want to be placed? 

Arie Zilberstein
So what we’re doing in gem security is actually building a new category, a category that is actually touching these two points that you said before. We’re not quite a SIM solution. And on the other side, we’re not quite a cloud security solution. We’re actually both. We’re a category like the cloud detection response category is a category that none of these left and right categories are delivering. On the one side, we have cloud security products like CNAP and CSPM. And they’re built for the cloud. They’re protecting the cloud, serve to build cloud environments that are as secure as possible, but they are not quite built for the sock. They don’t have the mindset of detection response. They don’t have the mindset of the threat of the investigators. That is the one side. This is why they lose. 

Arie Zilberstein
On the other side, we have companies like you said, like a SIM solutions or a source solution, and there are general purpose detection response solutions that aren’t built for the cloud. And this is why we also shine on their behalf. And that is pretty much why we are defining a new category that is in between the siem and the cloud. Security, where we help both security operation teams deal with the cloud security challenges in more of a instant response to security operation mindset. 

Brett
When we look at it from a line item or a budget perspective, does this replace any existing tools? So for a company that embraces and adopts Gem, are they able to get rid of some of the legacy categories that they had before? Or is it all about just adding on a new line item? And it’s a totally new category here. 

Arie Zilberstein
So ultimately, Gem is set to change the way security operation is done. Because if you think about what would cloud replace? Cloud replace on premise environment that you do have traditional tools to monitor this on prem environment. So today in most enterprise, you’ll have both on Prem and cloud. But the more we look into the future, we see the cloud is becoming more dominant in the space and we see gem in, is becoming more and more dominant in the security operation. But to your point, whether we are replacing or augmenting or alongside, today we live alongside a SIM solution. 

Arie Zilberstein
But we are able to replace some of the existing capabilities and work that security operation doing with traditional tools and convert it into doing that with the modern cloud tech response tool to replace their own existing things that they’ve built on top of the traditional ones. 

Brett
When it comes to who you’re targeting on your website and your primary marketing and your messaging, are you going after, like the CISO? Are you going after the director of detection and response? Are you going after the security analyst and the folks who are actually using these tools and then trying to sell it from there? Who are you really trying to target and speak to? 

 

Arie Zilberstein
So I’d say all, but mostly we would be targeting security operation leaders in different levels. Could be, by the way, the analyst that has a buying authority and organization in some cases, but usually it would be a director, VP cyber defense security operation that would be needed to understand what they do with detection response when it comes to the cloud. And usually this is where JeM is getting the most excitement. But when you speak about the CISO, so also CISOs have the initiative of transformation, how they bring cloud and make sure that it is monitored. So there are some angles on the CISO level that are very interested, but usually we will target the director of security operation and cyber defense. 

Brett
Makes sense. And I think CISOs are just being bombarded right now, right? 

Arie Zilberstein
Yeah, exactly. And we do have a way to really differentiate on the eyes of the CISO what we’re doing and the way we’re doing things different. So I think that there is angle and actually most of our customers today, we started from the CISO angle and then we only evolved to the security operation team. But never a deal would happen without having the bind from the security operators, from the security operation teams. That needs to love the product before any company would really be able to purchase. 

Brett
Gem, as I mentioned there in the intro, you’ve raised 34 million to date. What have you learned about fundraising throughout this journey? 

Arie Zilberstein
I learned that it’s, you know, for me at least, it’s a relationship game as well, and a long term game. And the way I look at that is that investors would be some of our closest partners in running the company and they would be on the boards for the long term. So it’s neat to pick who we want to have the partner on the board and the way we build a company. So it’s about getting this relationship, understanding who we want to work with. We need to, for sure, define the category well. Come with the right numbers, come with the right momentum, and then it shouldn’t be too hard to raise money. 

Brett
Let’s imagine that I come to you and I say, hey, Ari, I want to start a cybersecurity company. It’s not a competitor of yours, but I want to sell. So I want to build and sell a cybersecurity technology platform based on everything that you’ve learned about the space, everything you know about the space. What would be the number one piece of advice that you’d give me before I embark on that journey? 

Arie Zilberstein
I think that having a practitioner experience is something that is crucial. Being and serving some time as a practitioner, whether it’s on IR, on sec ops, on risk management, on any of these parts, is so crucial to get good perspective, realistic perspective of how the world looks like. I think that is one. The second part would be always look and listen to the customer, which is, you know, it’s similar, but really from a different approach. And we at Jem had an approach of selling the product from the first day, even when we didn’t have a product to actually sell. We wanted to get this feedback immediately because the only relevant thing that should dominate the way we actually build a product, looking forward. So these will be the two most important things that I would mention. 

Brett
Now, we’re depressingly already five weeks into 2024, so I’m sure you’re already long done with your 2024 planning. If we look ahead to the next year here, what are the top priorities and what’s keeping you up at night? 

Arie Zilberstein
So top priority for us. We’ve been living, you know, jam has been alive for less than two years. And in two years, we’ve been pretty successful so far, getting the traction that we got so far. Now, the next challenge for us is getting that success at scale and wouldn’t say keep me out at night, but what really I’m dealing with today is how to scale up the team, especially in the go to market. How do we take that promise, that proposition, the thing that works really well with some of the logs that you see on the website, and. And we bring that to the rest of the world, and we do it at scale and we do it fast to get to the targets that we’re aiming for. 

Arie Zilberstein
So it’s really about a scale game that we’re focused on in 2024 on the go to market and the rest of the company. 

Brett
Final question, let’s zoom out three to five years into the future. What’s the big picture vision that you’re building here? 

Arie Zilberstein
So the big picture for us is not CDR starts from being the critical piece in the security operations serving the cloud, but looking five or ten years from now, we look at the security operation and what this architecture of security mission will look like, and we see gem as one of the critical piece that would revolutionize security operation in the cloud era. And we believe that we have big part of how that picture is evolving. 

Brett
Amazing. All right. This has been such a fun conversation. I’ve really enjoyed it. I know our audience is going to really enjoy it as well. We are up on time, so we’ll have to wrap here before we do. If there’s any founders that are listening in, they feel inspired and they want to follow along with the gem journey. Where should they go? 

Arie Zilberstein
They should just message me on LinkedIn or send a message on the website. I’d love to speak with any founder and help on the journey. 

Brett
Amazing. Arie, thank you so much for taking the time. It’s been a lot of fun. 

Arie Zilberstein
Thank you so much for having me. Was fun. 

Brett
No problem. Keep in touch. 

Arie Zilberstein
Thank you. 

Brett
This episode of Category Visionaries is brought to you by Front Lines Media, Silicon Valley’s leading podcast production studio. If you’re a B2B founder looking for help launching and growing your own podcast, visit frontlines.io podcast. And for the latest episode, search for category visionaries on your podcast platform of choice. Thanks for listening and we’ll catch you on the next episode.