This document provides background on Demi Ben-Ari and discusses some lessons learned from mistakes made as a CTO. It addresses topics like third party security risks, the roles and responsibilities of a CTO versus VP of R&D, challenges with fundraising, hiring, culture, focus, and changes/refactoring. The conclusion emphasizes prioritizing problems to solve, working with the right partners, saying no, moving fast, and enjoying the startup journey.
1. CTO Management Tool Box
(All the things I’ve done wrong)
Demi Ben-Ari
Co-Founder, CTO at Panorays
2. About Me
Demi Ben-Ari, Co-Founder & CTO @ Panorays
● Google Developer Expert
● Co-Founder of Communities:
○ “Big Things” - Big Data, Data Science, DevOps
○ Google Developer Group Cloud
○ Ofek Alumni Association
In the Past:
● Sr. Data Engineer - Windward
● Team Leader & Sr. Java Software Engineer,
Missile defense and Alert System - “Ofek” – IAF
3.
4. Some important things
● What I’m not: Startups / Engineering Expert
● What you won’t be after this evening: Startups / Engineering Expert
● What you will be after this talk?
● Happier people (Because I’ve stopped talking)
● You’ll know about some of the mistakes I’ve done along the way..(only some)
● The answer to the “What’s the meaning of life?” (42)
5.
6. A breach to even the
smallest 3rd party
may cause a cyber
typhoon in the
industry.
- Confidential -
7. P.2
P N I D A T A B R E A C H
~300 Employees
PNI Data Breach – Photo Services Affected – By Thomas George
BREACHED
- Supplier - Evaluator
8. 3rd Party vendors
flow data into
company’s
systems
Providers hold
information about
customers /
employees
Consultants hold
sensitive
information of the
company
It’s Not Only Your IT Vendors
S Supplier E Evaluator - Confidential -
11. Startup (Wikipedia)
● "A startup or start-up is an entrepreneurial venture which is a newly
emerged business venture that aims to meet a marketplace need…..A startup is a
new business venture…”
● Start-ups do have high rates of failure, but the minority that have gone on to
be successful includes companies that have become large and influential.
● https://en.wikipedia.org/wiki/Startup_company
19. Fund Raising – Responsibilities of the CTO (techie)
● Due Diligence Process
● Explaining the technology
● Do you need to attend VC meetings?
● Presence out there – even without being in the room
22. Company Culture vs Engineering Culture
● Who sets the culture?
● Can you change the culture?
● Understand the people and correlate them to you wanted culture.
24. Focus
● Ask: “What’s the most important thing now?”
● Saying “No” is an art – Master that practice
● Ask: “Who’s in charge?” – Follow that and trust people
● Failing fast will help you focus
https://imgflip.com/i/1qtk2w
25. Changes – Refactoring code and services
● It has got to create value - to be worth a while
● Has to have scope and concrete goals
● Microservices are easier to erase than a Monolith
● If it takes too long, you’re doing something wrong
26. Conclusion
● Think what problem you’re trying to solve
● Who are you trying to solve it with :)
● Prioritize everything and move fast
● Learn to say “No” (I’m really shitty at it)
● Try enjoying the ride
It’s important to note though that these breaches at third parties are not just a small incident, but rather can create havoc across the eco-system. Even the smallest supplier can have a direct financial and business impact on companies.
PNI MEDIA, small canidan company have been breaches caused all this large enterprises to be breach as well. And that’s just the start
Supplier can be one who integrates with the company systems or even a law firm which hold sensitive data. Florist.
We tend to think that third parties are typically your IT vendors. However, it really is every single partner you do business with – the payroll agency to the legal firm. I like to take as an example a case we had at one of the banks we work with. They were telling us that they’re monitoring their flower delivery service. This was quite surprising at first. When asked why they said that the flower delivery service holds all the sensitive info of their VIP customers and employees. It comes to show that each vendor is considered risky.
When we look at third parties, the question arises – how do hackers get in? They get the foot in the door through these three layers: application, IT&Network; and employees.