Interview with Shirley Salzman, CEO and Co-Founder of SeeMetrics
Shirley Salzman, the CEO and Co-Founder of SeeMetrics, has always had a tendency to venture into uncharted territories, determined to break barriers as a trailblazing woman. One notable instance was when she became the first woman to ever win a case against a high-tech company for paying her less than her male counterparts.
Today, she holds the position of CEO and Co-Founder in SeeMetrics, a cybersecurity performance company, despite lacking a formal background in the field.
What’s your career background?
Some of your readers may find it surprising to learn that I am the CEO of a cyber startup. Traditionally, CEOs of cyber companies have a background in cyber, often acquired by specialized army units in Israel. Moreover, the majority of CEOs in this field are men. I am proud to break these stereotypes as a woman who did not come from the cyber world. In fact, I believe my unique background is my source of strength.
My professional journey spans over a decade in commercial leadership roles at companies such as Percepto, Contguard, and Logic Industries. Prior to entering the high-tech industry, I gained valuable experience working with global policy and strategy firms, including the German Marshall Fund of the US and the Institute for Policy and Strategy at the Interdisciplinary Center, Herzliya, Israel.
These experiences have provided me with a diverse perspective and a deep understanding of the broader implications of cybersecurity.
In addition, I hold an MA with honors in International Security and Non-Proliferation from King’s College, London, which has equipped me with a solid academic foundation in the field. While my journey may differ from the conventional path, I believe that my interdisciplinary expertise and strategic mindset enable me to bring fresh insights and drive innovation in the cyber startup realm.
Where did the idea for your business come from?
Throughout my previous roles, I had the opportunity to collaborate closely with CISOs. During these interactions, I observed a clear industry-wide consensus on the importance of bridging the gap between security leaders, their senior stakeholders and their peers in other departments.
This gap was increasingly becoming a board-level issue as well as a company-wide issue. The cybersecurity industry has a huge gap between the data opportunity and the data access.
Drawing upon my background in commercial marketing and working alongside my partners, who have extensive expertise in security and data, we recognized the pressing need to address this challenge. We were determined to provide security leaders with the valuable insights derived from data analysis, which are currently lacking in their arsenal and hindering their ability to manage effectively and communicate with executives.
Driven by my inclination to approach challenges in unconventional ways, an aspect we will delve into further during this interview, I made the decision to establish a cybersecurity startup. Our primary objective is to empower CISOs by equipping them with the real-time and continuous performance data they require, enabling them to enhance their ability to manage based on data insights and to communicate effectively with senior executives.
The current cybersecurity landscape presents numerous tools, with the average global organization utilizing around 60+ security solutions. This extensive array forms an almost unmanageable security stack, constantly generating vast amounts of data.
The initial challenge lies in consolidating all this data into a unified space known as a security data lake. However, due to the various formats and structures in which the data exists, this process is highly complex and relies on the expertise of data engineers and analysts to manage it, maintain it and derive any meaningful insights from it.
Once the noise has been filtered out, there is a lack of standardized measurements to effectively weave together a cohesive narrative about the organization’s security landscape.
How did you move from idea to actual business?
Last year, alongside my co-founders, we established SeeMetrics. As we brainstormed ways to support CISOs in proactively managing their operations, we recognized the significance of leveraging our individual strengths, ultimately choosing to focus on data.
As a first step we started with building a community of security leaders and understanding their difficulties in the field of performance. We created a robust Advisory Committee including well-known industry names such as:
- Sounil Yu, CISO & Head of Research at JupiterOne
- Jason Chan, Former CISO of Netflix
- Rafael Franco, Former Deputy General of the Israeli Cyber Directorate
- Julie Tsai, Six-time CISO/Head of InfoSec and DevOps(Sec) specialist
- Frank Kim, CISO & Fellow at SANS Institute
- Yael Nagler, Yass Partners CEO
Six months after we launched SeeMetrics, we got additional market validation by Gartner defining a new emerging category “Cyber Performance Management”, only to later choose us as a sample vendor in the Gartner Hype Cycle for Cyber Risk Management 2022, listed under the Cybersecurity Performance Management (CPM) category.
In 2022 we also raised our seed funding of $6M by VCs such as Work-Bench, 8VC, AGP, Essence VC, K5 Global and Verissimo.
What’s your USP?
In the realm of cyber performance management, traditional approaches involve utilizing methods such as interviews, questionnaires, and surveys to gather and analyze data. We introduce a real-time, automatic way to measure performance of security operations based on data derived directly from the stack.
We have forged a close relationship with a global financial services provider. As the company experienced growth, its cybersecurity department expanded accordingly. However, as the department matured and became more sophisticated, it accumulated a diverse stack of tools that lacked interoperability.
This presented a significant challenge as the company struggled to gain a clear understanding of its operational performance. With legacy tools still in use and the implications of multiple mergers and acquisitions, the stack became increasingly complex. The company lacked visibility into the performance of its tools and lacked a standardized infrastructure for measuring and assessing what truly mattered. Consequently, the CISO and their teams faced exceedingly difficult discussions.
Typically, organizations confronted with such situations often rely on analysts and engineers to manually make sense of the situation. However, instead of resorting to labor-intensive manual work and investing substantial time with analysts and engineers, we were able to provide this company with automated and ongoing insights into their performance.
Rather than receiving static, one-time reports or developing an in-house performance program, they now receive a continuous stream of insights about which capabilities are missing, overlapping, underperforming and how it all impacts the overall program performance. They can see trends and measure performance against KPIs.
This allows for seamless collaboration within the security team, improved program management, and simplified communication with senior stakeholders. Consequently, senior stakeholders can now comprehend, in easily understandable terms, the activities of the cybersecurity team and the company’s position in relation to benchmarks and trends.
Who’s your target audience?
Our target audience encompasses security leaders of enterprises that utilize cloud-based tools in their operations, as this has become increasingly relevant in today’s business landscape.
To validate the demand for our SeeMetrics platform and its comprehensive features, we have conducted extensive market research and engaged with hundreds of CISOs and security teams within our network. Through these interactions, we have observed a wide range of demands from potential users. These needs vary from broader organizational goals of establishing data-driven processes to specific projects led by security teams seeking a metrics solution to streamline and minimize manual work.
In terms of our target market, we are primarily focusing on companies with 500 or more employees. This strategic approach allows us to cater to organizations where the need for our product is particularly clear and the impact of our platform can be maximized.
How do you spread the word about what you do?
We spread the word about what we do through a strong and well-executed go-to-market strategy. This includes participating in local and international events, hosting webinars, maintaining an active presence on social media, and creating thought leadership content such as articles.
We also have a strong community and network of advisors and investors who not only engage with us on our product development but also on community building. These efforts allow us to reach and engage with our target audience effectively.
What’s been your most successful marketing strategy?
One of our most successful marketing strategies involved our Mapping Capabilities campaign. As a validation of the lack of understanding and visibility into their own security programs, many security leaders cannot even communicate what tools they have and which capabilities they have covered. They don’t know which capabilities are missing, which are overlapping, which is underperforming.
Since mapping capabilities to the tools is a foundational part of what we do , we offered security leaders a free mapping of their tools and capabilities. The result was a glimpse into what capabilities were covered and which insights derived from that. This campaign drew huge attention from CISOs from various industries such as healthcare, government, finance and more.
What’s been the biggest obstacle you’ve had to overcome?
Throughout my experience at Logic, a technology company in Israel I worked for between 2012 to 2015, I encountered a significant obstacle. As the only woman on a team composed of men, I consistently felt that my male colleagues were being compensated more favorably for equal contributions. Not only were their terms better, but they even had superior parking spots compared to mine. Despite my strong intuition, I lacked concrete evidence to support my claims.
When the company announced its closure in 2015, I made the decision to directly inquire about my peers’ salaries. The stark disparity I discovered was truly astonishing. After careful consideration, I chose to take legal action not only to rectify the injustice done to me but also to pave the way for women to demand equal pay for equal work.
However, the challenge was formidable, as it entailed confronting a formidable management team that vehemently denied the existence of a wage gap. I harbored concerns that my decision to pursue the case would label me as a troublemaker once it became public.
For five arduous years, I diligently pursued the legal battle, determined to prove my case. Ultimately, my perseverance paid off, and I emerged victorious. Remarkably, I became the first woman in Israel to successfully sue and win a court case regarding unequal wages compared to male counterparts. This experience was a significant milestone, not only for me personally but also for the broader pursuit of gender pay equality.
And your proudest moment so far?
My proudest moment was when I completed raising SeeMetrics seed funding round of $6M. This highlighted SeeMetrics as a meaningful startup in front of an incredibly talented ecosystem of security leaders passionate about measurements and metrics, as well as the interface between security and business leadership.
In addition, closing our first deals were an absolute validation of the contribution the team is making to the industry.
Why is work so important to you?
The work we do at SeeMetrics holds immense significance to me. Through our platform, we have revolutionized the way security leaders become data leaders , and thereby enhance their cybersecurity performance. By providing them with a centralized and reliable source of truth, coupled with a comprehensive set of predefined metrics that align both business and security context, we empower them to derive automatic insights.
The true essence of SeeMetrics lies in the crystallization of the value inherent in the security programs that CISOs and their dedicated teams tirelessly develop and maintain. This value can now be effectively conveyed to the entire organization and the board of directors, as they can rely on a single source of truth enriched with historical trends, benchmarks, and key performance indicators (KPIs) that align with business objectives.
Enhanced security programs that perform better and operate more efficiently also result in the liberation of time and resources. This allows CISOs and security leaders to focus on strategic initiatives and broader goals, leading with increased confidence and assurance..
Who inspires you?
I’m inspired by a mix of Israeli female entrepreneurs and international female security leaders. Both of them share pioneering leadership in areas with a very harsh glass ceiling.
What are your three top pieces of advice for someone wanting to do something similar?
Stubbornness and resilience are crucial qualities when venturing into the entrepreneurship world, particularly when you don’t fit the conventional mold. Going against the grain means encountering frustrations and facing countless rejections. However, it’s important not to let these setbacks discourage you. Despite the challenging moments, the satisfaction of shattering barriers and breaking through the glass ceiling is invaluable.
2) Team sensitivity
In Hebrew, the word for “company” is the same as the word for “society” – “Hevra.” This concept serves as my guiding principle. While I don’t view the workplace as a substitute for family, I strongly believe in fostering a positive and friendly atmosphere that cultivates internal motivation for excellence among employees.
This includes recognizing the integral role of our offshore team, particularly our dedicated Ukrainian members, and going to great lengths to ensure they have the necessary support and resources, even in challenging situations such as being stranded or displaced.
3) Customer listening
Early in my career, a team lead taught me the invaluable lesson of actively listening to customers and the art of listening in general (including peers and partners). It’s easy to fall into the trap of simply presenting our pitch during initial interactions with potential customers.
However, true understanding and value lie in identifying and addressing their specific pain points. Mastering the art of listening and honing this skill is an ongoing process that requires practice and continuous improvement.
Find out more about SeeMetrics.