Interview with Shirley Salzman, CEO and Co-Founder of SeeMetrics

Shirley Salzman, the CEO and Co-Founder of SeeMetrics, has always had a tendency to venture into uncharted territories, determined to break barriers as a trailblazing woman. One notable instance was when she became the first woman to ever win a case against a high-tech company for paying her less than her male counterparts.

Today, she holds the position of CEO and Co-Founder in SeeMetrics, a cybersecurity performance company, despite lacking a formal background in the field.

What’s your career background?

Some of your readers may find it surprising to learn that I am the CEO of a cyber startup. Traditionally, CEOs of cyber companies have a background in cyber, often acquired by specialized army units in Israel. Moreover, the majority of CEOs in this field are men. I am proud to break these stereotypes as a woman who did not come from the cyber world. In fact, I believe my unique background is my source of strength.

My professional journey spans over a decade in commercial leadership roles at companies such as Percepto, Contguard, and Logic Industries. Prior to entering the high-tech industry, I gained valuable experience working with global policy and strategy firms, including the German Marshall Fund of the US and the Institute for Policy and Strategy at the Interdisciplinary Center, Herzliya, Israel.

These experiences have provided me with a diverse perspective and a deep understanding of the broader implications of cybersecurity.

In addition, I hold an MA with honors in International Security and Non-Proliferation from King’s College, London, which has equipped me with a solid academic foundation in the field. While my journey may differ from the conventional path, I believe that my interdisciplinary expertise and strategic mindset enable me to bring fresh insights and drive innovation in the cyber startup realm.

Where did the idea for your business come from?

Throughout my previous roles, I had the opportunity to collaborate closely with CISOs. During these interactions, I observed a clear industry-wide consensus on the importance of bridging the gap between security leaders, their senior stakeholders and their peers in other departments.

This gap was increasingly becoming a board-level issue as well as a company-wide issue. The cybersecurity industry has a huge gap between the data opportunity and the data access.

Drawing upon my background in commercial marketing and working alongside my partners, who have extensive expertise in security and data, we recognized the pressing need to address this challenge. We were determined to provide security leaders with the valuable insights derived from data analysis, which are currently lacking in their arsenal and hindering their ability to manage effectively and communicate with executives.

Driven by my inclination to approach challenges in unconventional ways, an aspect we will delve into further during this interview, I made the decision to establish a cybersecurity startup. Our primary objective is to empower CISOs by equipping them with the real-time and continuous performance data they require, enabling them to enhance their ability to manage based on data insights and to communicate effectively with senior executives.

The current cybersecurity landscape presents numerous tools, with the average global organization utilizing around 60+ security solutions. This extensive array forms an almost unmanageable security stack, constantly generating vast amounts of data.

The initial challenge lies in consolidating all this data into a unified space known as a security data lake. However, due to the various formats and structures in which the data exists, this process is highly complex and relies on the expertise of data engineers and analysts to manage it, maintain it and derive any meaningful insights from it.

Once the noise has been filtered out, there is a lack of standardized measurements to effectively weave together a cohesive narrative about the organization’s security landscape.

How did you move from idea to actual business?

Last year, alongside my co-founders, we established SeeMetrics. As we brainstormed ways to support CISOs in proactively managing their operations, we recognized the significance of leveraging our individual strengths, ultimately choosing to focus on data.

As a first step we started with building a community of security leaders and understanding their difficulties in the field of performance. We created a robust Advisory Committee including well-known industry names such as:

Sounil Yu, CISO & Head of Research at JupiterOne
Jason Chan, Former CISO of Netflix
Rafael Franco, Former Deputy General of the Israeli Cyber Directorate
Julie Tsai, Six-time CISO/Head of InfoSec and DevOps(Sec) specialist
Frank Kim, CISO & Fellow at SANS Institute
Yael Nagler, Yass Partners CEO

Six months after we launched SeeMetrics, we got additional market validation by Gartner defining a new emerging category “Cyber Performance Management”, only to later choose us as a sample vendor in the Gartner Hype Cycle for Cyber Risk Management 2022, listed under the Cybersecurity Performance Management (CPM) category.

In 2022 we also raised our seed funding of $6M by VCs such as Work-Bench, 8VC, AGP, Essence VC, K5 Global and Verissimo.

What’s your USP?

In the realm of cyber performance management, traditional approaches involve utilizing methods such as interviews, questionnaires, and surveys to gather and analyze data. We introduce a real-time, automatic way to measure performance of security operations based on data derived directly from the stack.

We have forged a close relationship with a global financial services provider. As the company experienced growth, its cybersecurity department expanded accordingly. However, as the department matured and became more sophisticated, it accumulated a diverse stack of tools that lacked interoperability.

This presented a significant challenge as the company struggled to gain a clear understanding of its operational performance. With legacy tools still in use and the implications of multiple mergers and acquisitions, the stack became increasingly complex. The company lacked visibility into the performance of its tools and lacked a standardized infrastructure for measuring and assessing what truly mattered. Consequently, the CISO and their teams faced exceedingly difficult discussions.

Typically, organizations confronted with such situations often rely on analysts and engineers to manually make sense of the situation. However, instead of resorting to labor-intensive manual work and investing substantial time with analysts and engineers, we were able to provide this company with automated and ongoing insights into their performance.

Rather than receiving static, one-time reports or developing an in-house performance program, they now receive a continuous stream of insights about which capabilities are missing, overlapping, underperforming and how it all impacts the overall program performance. They can see trends and measure performance against KPIs.

This allows for seamless collaboration within the security team, improved program management, and simplified communication with senior stakeholders. Consequently, senior stakeholders can now comprehend, in easily understandable terms, the activities of the cybersecurity team and the company’s position in relation to benchmarks and trends.

Who’s your target audience?

Our target audience encompasses security leaders of enterprises that utilize cloud-based tools in their operations, as this has become increasingly relevant in today’s business landscape.

To validate the demand for our SeeMetrics platform and its comprehensive features, we have conducted extensive market research and engaged with hundreds of CISOs and security teams within our network. Through these interactions, we have observed a wide range of demands from potential users. These needs vary from broader organizational goals of establishing data-driven processes to specific projects led by security teams seeking a metrics solution to streamline and minimize manual work.

In terms of our target market, we are primarily focusing on companies with 500 or more employees. This strategic approach allows us to cater to organizations where the need for our product is particularly clear and the impact of our platform can be maximized.

How do you spread the word about what you do?

We spread the word about what we do through a strong and well-executed go-to-market strategy. This includes participating in local and international events, hosting webinars, maintaining an active presence on social media, and creating thought leadership content such as articles.

We also have a strong community and network of advisors and investors who not only engage with us on our product development but also on community building. These efforts allow us to reach and engage with our target audience effectively.

What’s been your most successful marketing strategy?

One of our most successful marketing strategies involved our Mapping Capabilities campaign. As a validation of the lack of understanding and visibility into their own security programs, many security leaders cannot even communicate what tools they have and which capabilities they have covered. They don’t know which capabilities are missing, which are overlapping, which is underperforming.

Since mapping capabilities to the tools is a foundational part of what we do , we offered security leaders a free mapping of their tools and capabilities. The result was a glimpse into what capabilities were covered and which insights derived from that. This campaign drew huge attention from CISOs from various industries such as healthcare, government, finance and more.

What’s been the biggest obstacle you’ve had to overcome?

Throughout my experience at Logic, a technology company in Israel I worked for between 2012 to 2015, I encountered a significant obstacle. As the only woman on a team composed of men, I consistently felt that my male colleagues were being compensated more favorably for equal contributions. Not only were their terms better, but they even had superior parking spots compared to mine. Despite my strong intuition, I lacked concrete evidence to support my claims.

When the company announced its closure in 2015, I made the decision to directly inquire about my peers’ salaries. The stark disparity I discovered was truly astonishing. After careful consideration, I chose to take legal action not only to rectify the injustice done to me but also to pave the way for women to demand equal pay for equal work.

However, the challenge was formidable, as it entailed confronting a formidable management team that vehemently denied the existence of a wage gap. I harbored concerns that my decision to pursue the case would label me as a troublemaker once it became public.

For five arduous years, I diligently pursued the legal battle, determined to prove my case. Ultimately, my perseverance paid off, and I emerged victorious. Remarkably, I became the first woman in Israel to successfully sue and win a court case regarding unequal wages compared to male counterparts. This experience was a significant milestone, not only for me personally but also for the broader pursuit of gender pay equality.

And your proudest moment so far?

My proudest moment was when I completed raising SeeMetrics seed funding round of $6M. This highlighted SeeMetrics as a meaningful startup in front of an incredibly talented ecosystem of security leaders passionate about measurements and metrics, as well as the interface between security and business leadership.

In addition, closing our first deals were an absolute validation of the contribution the team is making to the industry.

Why is work so important to you?

The work we do at SeeMetrics holds immense significance to me. Through our platform, we have revolutionized the way security leaders become data leaders , and thereby enhance their cybersecurity performance. By providing them with a centralized and reliable source of truth, coupled with a comprehensive set of predefined metrics that align both business and security context, we empower them to derive automatic insights.

The true essence of SeeMetrics lies in the crystallization of the value inherent in the security programs that CISOs and their dedicated teams tirelessly develop and maintain. This value can now be effectively conveyed to the entire organization and the board of directors, as they can rely on a single source of truth enriched with historical trends, benchmarks, and key performance indicators (KPIs) that align with business objectives.

Enhanced security programs that perform better and operate more efficiently also result in the liberation of time and resources. This allows CISOs and security leaders to focus on strategic initiatives and broader goals, leading with increased confidence and assurance..

Who inspires you?

I’m inspired by a mix of Israeli female entrepreneurs and international female security leaders. Both of them share pioneering leadership in areas with a very harsh glass ceiling.

What are your three top pieces of advice for someone wanting to do something similar?

1) Perseverance

Stubbornness and resilience are crucial qualities when venturing into the entrepreneurship world, particularly when you don’t fit the conventional mold. Going against the grain means encountering frustrations and facing countless rejections. However, it’s important not to let these setbacks discourage you. Despite the challenging moments, the satisfaction of shattering barriers and breaking through the glass ceiling is invaluable.

2) Team sensitivity

In Hebrew, the word for “company” is the same as the word for “society” – “Hevra.” This concept serves as my guiding principle. While I don’t view the workplace as a substitute for family, I strongly believe in fostering a positive and friendly atmosphere that cultivates internal motivation for excellence among employees.

This includes recognizing the integral role of our offshore team, particularly our dedicated Ukrainian members, and going to great lengths to ensure they have the necessary support and resources, even in challenging situations such as being stranded or displaced.

3) Customer listening

Early in my career, a team lead taught me the invaluable lesson of actively listening to customers and the art of listening in general (including peers and partners). It’s easy to fall into the trap of simply presenting our pitch during initial interactions with potential customers.

However, true understanding and value lie in identifying and addressing their specific pain points. Mastering the art of listening and honing this skill is an ongoing process that requires practice and continuous improvement.

Find out more about SeeMetrics.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	1 year	This cookies is set by GDPR Cookie Consent WordPress Plugin. The cookie is used to remember the user consent for the cookies under the category "Analytics".
cookielawinfo-checkbox-necessary	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Others".
cookielawinfo-checkbox-performance	1 year	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__utma	2 years	This cookie is set by Google Analytics and is used to distinguish users and sessions. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmb	30 minutes	The cookie is set by Google Analytics. The cookie is used to determine new sessions/visits. The cookie is created when the JavaScript library executes and there are no existing __utma cookies. The cookie is updated every time data is sent to Google Analytics.
__utmc	session	The cookie is set by Google Analytics and is deleted when the user closes the browser. The cookie is not used by ga.js. The cookie is used to enable interoperability with urchin.js which is an older version of Google analytics and used in conjunction with the __utmb cookie to determine new sessions/visits.
__utmt	10 minutes	The cookie is set by Google Analytics and is used to throttle request rate.
__utmz	6 months	This cookie is set by Google analytics and is used to store the traffic source or campaign through which the visitor reached your site.

Cookie	Duration	Description
CONSENT	16 years 5 months 19 days 13 hours 20 minutes	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
vuid	2 years	This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_gtag_UA_39226696_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_omappvp	11 years	The cookie is set to identify new vs returning users. The cookie is used in conjunction with _omappvs cookie to determine whether a user is new or returning.
_omappvs	20 minutes	The cookie is used to in conjunction with the _omappvp cookies. If the cookies are set, the user is a returning user. If neither of the cookies are set, the user is a new user.

Cookie	Duration	Description
centerVisitorId	7978 years 5 months 19 days 13 hours 11 minutes	This is a HTTP cookie used to track the individual sessions on the website. It helps the website to compile statistical data from multiple visits. This data is used for lead generation as a part of marketing purpose.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
NID	6 months	This cookie is used to a profile based on user's interest and display personalized ads to the users.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.

Cookie	Duration	Description
cookielawinfo-checkbox-functional	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
view.ga79y7i4H2VjMus2eRJYqN.4ewaiz7cYMLxo2Fdorod4k	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.5659118702428160	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.5kjS2nejq2YcnYdvBnXie6	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.6M3TmeJYUdaXk4bFFoEsPB	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.AcqHN2Jx4LPTHTaVuvgpj7	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.az9ENbabTdjyzXZhvGZLsH	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.BfndspJeShXfBzLLV9vgf6	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.dExRyANhGorUfWBK88b8He	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.DLQVxHBCjsB8dSGzMQHEG8	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.ecCiQ7LhtWkSkJ7TaZBNeg	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.FQVDyuAXgSZP6EjzQVc8vZ	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.gm24Y7zkcqfXLnVYsG45ua	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.Jngw8VouAHPooyWULt96v8	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.JUp6DgKPEh2GnAKP6Hic9a	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.oXoiDpd347fYcUzoEogUp3	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.PxByyBFy44UYvo87EnhdAT	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.pXcNDvRdAUByFqYPw6mShD	1 day	No description
view.ga79y7i4H2VjMus2eRJYqN.QdALHubScinNuHaMzo6r4T	1 day	No description
yt-remote-connected-devices	never	No description available.
yt-remote-device-id	never	No description available.
_drip_client_6898597	2 years	No description
_drip_visitor_6898597	2 years	No description