“Working in the cybersecurity industry means you’re one of the good guys”

“When people think of the cybersecurity industry, they often picture a guy in a hoodie hidden behind a computer screen, but that isn’t true anymore. People in the industry look like us, there are more and more women,” said Netta Schmeidler, who serves as VP of Product at Morphisec, in an interview with CTech. “We aren’t out there looking for a cure for Alzheimer’s, but we do prevent and protect the world against cyberattacks. Hackers attack power stations, public transportation lines, hospitals, and even Covid-19 research labs. When you work in the cybersecurity industry, you’re working for good, you’re one of the good guys or girls,” she quipped.

Morphisec is based out of the Gav-Yam Negev Park, a hotbed of Israeli high tech in the southern Negev region, and has its sales and marketing teams located in Boston. Its cyber offering prevents cyberattacks at endpoints - such as laptops or desktops - whether at the office or at home, virtual or physical, on the cloud or servers, and is designed for enterprises who neither have sufficient funds nor manpower to purchase costly solutions or manage such attacks.

“Attackers want to retain the element of surprise," Schmeidler explained. “They want to seal your IP address or financial information, and prevent you from working. They have many types of objectives, but we prevent all that.” Morphisec’s solution is easy to use, does not take up a lot of space on a central-processing unit, and can prevent attacks before they occur. “Our idea is to democratize security for companies that do not have extensive resources or funds,” she said.

Morphisec’s offering is a moving target defense (MTD), meaning it alters the attacker’s landscape, so whatever the attacker was planning on hitting no longer exists. “It doesn’t take up a lot of room on servers or require a lot of management in terms of configuration so it’s very easy to set up. It’s a set up and forget type of product,” she said.

Snatching the Mona Lisa

Typical solutions collect telemetry or people’s information stored on machines, which may dissuade many, and use that data to study attack patterns or hacker signatures. For example, if a malicious program first opens a file and then connects externally to a system, an average cybersecurity solution would collect those steps, file away that pattern, and compare that sequence, by attempting to match it with that of a known attacker. During the working from home era, many remain strongly opposed to their actions being collected and analyzed, making the Morphisec offering a better choice.

“The MTD concept is sort of like someone wanting to rob the Louvre to snatch the Mona Lisa. First, you’d buy the blueprints for the museum, study its security codes, and follow the map like going to the third floor, taking the fourth left, etc.,” she explained. “But if someone has changed the layout, then that becomes impossible. Let’s say you want to walk upstairs, but suddenly there are no stairs; or you want to take a left, but it no longer exists, so your robbery attempt has been prevented. And that’s what we do. We prevent the next attack.”

While some attackers design their own attack chains, others purchase or obtain such software illegally. In a disturbing twist, some viruses or malware can even lie dormant on a machine for years, and are only becoming more sophisticated in the post-Covid-19 era. Some attackers even study a machine or operating system’s vulnerabilities and weaknesses prior to the attack. “They know exactly what type of Windows system you’re using, what type of Microsoft Word program. When an attacker writes an attack, there are a set of assumptions for it to work, but we invalidate them. Just like the Louvre layout suddenly changed, we do the same thing with the operating system,” she explained.

Morphisec sells its solution exclusively to enterprises who have smaller security teams that cannot run complex software or to those that want to be more prudent or efficient with the way they work. So far, the company has completed a Series C round of $31 million in March 2021, placing the total amount of funds it has raised at $51.5 million. Jerusalem Venture Partners is its main investor, and Orange Ventures, Deutsche Telekom Capital Partners, OurCrowd, Evolution Equity Partners, General Electric Ventures, and others have also invested in the startup.

Women want to work for a higher purpose

A leading female figure in the industry, Schmeidler was listed as one of the top ten female experts in the cyber industry in 2021 by Black Hat USA, a major computer and cybersecurity conference that brings together professionals from across the industry. While more women are entering the cyber field and the trend appears to be growing, it isn’t enough, she noted. “In 2017, that number stood at 11%, but today it’s only 24% (including those who work on IT teams) in the U.S. It’s not bad, but it’s not good either. The numbers aren’t rising. I think that cyber and STEM (science, technology, engineering, and mathematics) are great career paths for women. I talk to girls in middle and high schools about what they're looking for in a job, and they tell me that they want to do good. They want to do something they’re proud of, want to be creative, and make a positive impact,” Schmeidler said.

Women today are looking to earn good salaries and breach the infamous wage gap, and this is an entirely new mindset change from previous generations where such thoughts were not at the forefront when choosing a career. “Women want a career that can be flexible, but they also want to be independent. This mindset of being able to afford a lifestyle and being able to take care of yourself is very important,” she added. “It’s important for women to be able to choose these careers.”

Having a more diverse cyber industry benefits both sides. “Attackers come in from various angles, and that’s why you need to have a diverse group of people with various approaches, backgrounds, and expertise, so that we have a better chance of beating the bad guys.”

“I think that women in particular encourage a more collaborative atmosphere. That’s important if you want to fight against these attackers: you must do it as a team,” she added. “And think about it: These attackers aren’t the Robin Hoods of the world, they’re just evil people.”