First, when you are building something new and innovative with no benchmark product to refer to, be very confident in your vision, despite the many “NOs” that you will likely receive throughout your journey. Second, there is always a path no one yet followed. Take pride in knowing you will be the first. Last but not least, most startups do not fail; it’s simply that entrepreneurs ultimately give up. Do not be that entrepreneur who gives up.
As a part of our series about business leaders who are shaking things up in their industry, I had the pleasure of interviewing Natali Tshuva.
Natali Tshuva, CEO of Sternum, brings over 10 years of experience, both as a researcher and a team leader, in the field of offensive cybersecurity and software development. After graduating magna cum laude B.Sc. in Computer Science at the age of 19, as part of a special program for gifted and talented kids, Natali was handpicked to serve in IDF’s 8200 elite technology unit (the Israeli equivalent of NSA) as a low-level security software engineer. Prior to founding Sternum, Natali held several security research-related roles, including leading different R&D teams at two global cyber intelligence market leaders.
Thank you so much for doing this with us! Before we dig in, our readers would like to get to know you a bit more. Can you tell us a bit about your “backstory”? What led you to this particular career path?
Thank you for inviting me to participate! I grew up with the dream of becoming a doctor, knowing from an early age that I wanted to make an impact. So I always asked myself- how can I best achieve that?
While that dream always remained, I also found another passion, cybersecurity. I pursued my undergraduate degree in computer science at 14 years old. After college, I was handpicked to serve in the Israel Defense Force’s (IDF) esteemed 8200 cybersecurity unit as a security software engineer, where I designed, developed, and implemented sophisticated, critical software. Following my army service, I took on several security research-related roles, where I discovered several zero-day vulnerabilities in the Linux Kernel operating system, Android devices, and embedded systems, as well as led different R&D teams in building products and technologies.
But I eventually reached a crossroad. That childhood dream of mine to become a doctor remained and it was time to decide: should I continue on the already successful path of cybersecurity and technology, or switch focus completely and enter medical school? I battled with these conflicting thoughts for a while, but after consulting with one of my mentors, I realized that these two paths didn’t have to conflict after all. There was an option where both paths converged — cybersecurity and insights for the medical industry.
I discovered that due to security issues, life-saving medical devices that could have implemented advanced technologies and evolved to include remote treatments were often prevented from being released as they lacked the proper protection. I realized that by leveraging my domain expertise in cybersecurity and computer science, together with my passion for the medical field and saving lives, I could create a more significant and larger-scale impact than by practicing medicine. Creating technology that enables the connected revolution and offers insights from real-time data could truly make a difference across industries.
It was this passion to make an impact, my experience in cybersecurity, a deep interest in the connected revolution, and my mission to build something special that led me to co-found Sternum.
Can you tell our readers what it is about the work you’re doing that’s disruptive?
Until now, figuring out how to secure the IoT revolution was a big question mark. IoT devices affect and will continue to affect every aspect of our lives, yet they are very different from existing devices and networks that the cyber industry knows how to protect. While many companies have tried to use traditional solutions to secure IoT devices, it is now clear that those cybersecurity methods are simply not enough. Network security-based solutions only protect enterprises, not distributed environments where IoT is dominant. Passive approaches that include endlessly searching for and patching vulnerabilities are not sustainable and are very weak.
The IoT device market requires a new type of solution that is capable of preventing attacks and monitoring those diversified devices from within, while securing them at scale — whether old or new, high-end or low-end, resource-rich or limited, Linux or RTOS. While creating such technology is challenging, this is the work that we are committed to doing. It’s these solutions that will continue to disrupt the cybersecurity market.
We developed unified, military-grade solutions in order to secure the connected revolution from within. We leveraged our military experience, deep knowledge in vulnerability exploitation, and attack characteristics and embedded systems to create innovative solutions revolutionizing IoT cybersecurity for industries across the board, including critical infrastructure, medical devices, and other high-impact devices. This on-device solution is very disruptive, especially in a market that was and continues to be hyper-focused on network security-based solutions or vulnerability scanning. Building on top of these advanced on-device techniques to analyze and secure code, we offer first-of-its-kind visibility into those devices, enabling unique insights concerning various aspects.
Can you share a story about the funniest mistake you made when you were first starting? Can you tell us what lesson you learned from that?
All I can say is, under any circumstances, do not go for an office that has a central air conditioning system. By the way, I am usually the one who prefers a cooler temperature.
We all need a little help along the journey. Who have been some of your mentors? Can you share a story about how they made an impact?
I have many talented and experienced friends who I’ve consulted with throughout the years, though I’m very careful who I take advice from.
One of my mentors, Professor Gabi Barbash, provided me with significant advice at the beginning of my journey. Before I started Sternum, I was seriously considering changing directions and becoming a doctor, so I consulted Gabi, who was the CEO of one of the biggest hospitals in Israel and a doctor himself. I explained how becoming a doctor was my dream, but that I had already established a prominent career in the cybersecurity and computer science space. Gabi heard me and asked about my motives. Then he delivered some of the soundest advice I ever heard. He said, and I quote: “you have a talent and with it you could be a great doctor, just like you’re a great technologist; however, you are ALREADY great at what you do. Take that and use it to make an impact on other industries including medical. Don’t waste any more years becoming the best in a new field when you already established yourself as the best in another.”
This was one of the most important insights I received that led me to co-found Sternum and make an impact on the medical industry through my existing unique skill set instead of pursuing an entirely different passion.
In today’s parlance, being disruptive is usually a positive adjective. But is disrupting always good? When do we say the converse, that a system or structure has ‘withstood the test of time’? Can you articulate to our readers when disrupting an industry is positive, and when disrupting an industry is ‘not so positive’? Can you share some examples of what you mean?
When a truly new challenge appears that prevents us from moving forward and where existing solutions do little to clear a path forward — this is where innovation and disruption is usually positive. When a new approach enables new things to happen, this is where disruption is sustainable.
For instance, let’s take Sternum’s solution for medical devices. Until now, solutions that involve remote care and management of patients (through insulin pumps, pacemakers, neuromodulation devices, etc.) face a significant cybersecurity hurdle that prevented them from utilizing the full potential of connectivity. No existing solution could protect those embedded devices from within, as existing endpoint solutions for PCs or servers just wouldn’t work on embedded IoT devices. Sternum’s solution can protect old devices as well as new ones regardless of architecture, including the 3rd party code within medical devices which can pose significant cybersecurity risks and are considered hard to secure. Our solutions enable medical device manufacturers to innovate safely for better healthcare for us all.
Can you share 3 of the best words of advice you’ve gotten along your journey? Please give a story or example for each.
First, when you are building something new and innovative with no benchmark product to refer to, be very confident in your vision, despite the many “NOs” that you will likely receive throughout your journey.
Second, there is always a path no one yet followed. Take pride in knowing you will be the first.
Last but not least, most startups do not fail; it’s simply that entrepreneurs ultimately give up. Do not be that entrepreneur who gives up.
We are sure you aren’t done. How are you going to shake things up next?
We are only at the beginning of our journey in securing the world of IoT devices. There is more to come as we continue to ensure that any connected device can have embedded protection and is able to be monitored and analyzed by its operator. So stay tuned!
Do you have a book, podcast, or talk that’s had a deep impact on your thinking? Can you share a story with us? Can you explain why it was so resonant with you?
Lean In by Sheryl Sandberg was an inspiring read for me. Empowering women in the workplace is very important. In cybersecurity, where just 24 percent of workers are women, and even less are in leadership positions, I know first-hand the importance of encouraging young girls to reach for the stars.
Can you please give us your favorite “Life Lesson Quote”? Can you share how that was relevant to you in your life?
This might not be the answer you’re expecting, but I’m actually not a big believer in life lesson quotes. I believe every person follows her or his individual path and learns lessons along the way. No quote can truly depict the human experience.
You are a person of great influence. If you could inspire a movement that would bring the most amount of good to the most amount of people, what would that be? You never know what your idea can trigger. 🙂
An impactful movement that comes to mind is the international movement for women’s rights. Women are still facing violence, discrimination, and lack of rights across the globe; even in countries deemed most advanced we still see women forced to deal with painful inequalities. While many groups and minorities have suffered from many similar problems (and I empathize with them all), I think women are by far the most affected throughout history and if I could invest in one thing only — I would invest in that. If we can eliminate these inequalities, we will only be further empowered to solve the others as well, as they share the same traits.
How can our readers follow you online?
This was very inspiring. Thank you so much for joining us!