From CISO to Vendor : How his Security Experience Helped Guy Flechter Build Cider Security
Blog Series | Part 8 | Value Creation Founders Series
This blog post follows an exciting announcement of our portfolio company, Cider Security who has just come out of stealth with $38M funding to revolutionize the entire Application Security space and empower security to move at the speed of engineering. How? Cider’s solution is solving an existential problem for security and R&D teams, who are flooded with cyber solutions for production environments, but have limited point solutions at best to protect the SDLC and CI/CD side. Cider provides end-to-end visibility, frictionless integration and contextual security to enable security and engineering teams to build AppSec programs in minutes. It finally provides that overarching platform for all security needs before code gets to production.
A little background. Before becoming a founder himself, Guy wore a different hat. One that brought him to Glilot’s annual breakfast event at RSA Conference in 2017. Later, as the CISO of AppsFlyer and having started the security team from scratch, Guy was interested in working with startups from a strategic perspective to adopt more technologies that would advance the security framework and tech stack at AppsFlyer. He became one of Intsights’ (acquired by Rapid7) first customers and worked with Polyrize (acquired by Varonis) as one of their first deployment and as well as initial customer.
Lior Litwak, Managing Partner at Glilot+ attests: “I’ve known Guy Flechter for a while as “the CISO that tries every solution out there” – and was always grateful to get his view on cyber innovation. But when I got to REALLY know him after joining Glilot Capital Partners and learning that we had led the seed, I was blown away by what he and Daniel Krivelevich were building at Cider Security.”
For today’s blog post, I spoke with Guy to hear what encouraged him to move on from his CISO journey to a vendor one. Keep reading to learn more about it!
Keeping Up with the AppSec Industry
Cider is here to revolutionize the AppSec industry by creating a unified solution that enables any security activity as part of the Continuous Integration/Continuous Delivery pipeline (CI/CD) to take place in a single location, eliminating the need to deploy more or leverage different dashboards or methodologies. The CI/CD ecosystem is a very fast paced and vibrant environment with continuously growing capabilities such as code repositories, CI solutions and deployment tools. Moreover, the CI/CD is at the heart of the entire engineering team – EVERYTHING that is shipped to production moves through the CI/CD. This rapid evolution of increasingly diverse tech stacks, time-to adoption shrinking, and engineering environments and processes in a constant shift leaves security teams to face many challenges. An inability to keep up with the pace is creating gaps that are often taken advantage of by hackers.
And then came Cider Security : The Cider Security platform creates a unified view of the entire engineering ecosystem, providing Security teams with an in-depth understanding and comprehensive view of the technologies, systems, and processes unique to every engineering environment. Security teams are provided a highly tailored set of controls and solutions to optimize security and achieve full resilience across the entire CI/CD pipeline – all the way from code to deployment. Designed to eliminate the friction between Security teams and Engineering groups, the platform allows for AppSec programs to be implemented within minutes, democratizing security and allowing AppSec to become a commodity, consumable by organizations from all verticals, sizes, and maturity levels.
CISO to Vendor – Key Experience to Address the Right Pain Points
Guy comes to the cyber security industry with almost 20 years of experience with his most recent being three years as CISO at AppsFlyer where he witnessed the company grow from 300 employees to over 1000. His experience “in the trenches”, as he calls it, helped shape the idea of Cider as it came from a real pain point he experienced during his time on the executive side. He and his partner, Daniel Krivelevich, who also comes to Cider with many years of security experience, find themselves on calls with CISOs today and can confidently say, “I was sitting in your chair just a few months ago – we know exactly how it feels, exactly the constraints and friction that arises from different engineering groups.”
So what is it about Cider that appeals to a CISO, I asked Guy. He shared that Cider is a platform that covers most of the AppSec domain. As a CISO, the need of having complete visibility all across the CI/CD, technologies and framework and the path that the repos are going through in the production environment is imperative. Today, the average CISO manages five, six or even seven different tools that are touching a narrow part of the problem. Guy shared that instead what they need is to leverage a single platform that protects the entire process, embedding security layers inside the CI/CD as well as verifying that nothing is bypassing the CI/CD. Which is the “why” behind Cider.
Here to Build
As Cider launches out of stealth, I asked Guy, what’s next? He said, “we are here to build.” Everyday new capabilities and insights are coming through from customer feedback to make the platform better and help continue the path into evolving into the single operating system platform of security teams, Guy shared. “ We have had a lot of powerful people join our board such as Adrian Ludwig, the CISO at Atlassian, Travis McPeak, Head of Product Security at Databricks and Jonathan Jaffe, CISO at Lemonade as well as many others that are supporting this journey and this vision and who are highly connected to what we’re doing and see the amazing potential of where we can go.”
Want to share your take with Guy and his team as well? Reach out to talk. They’d love that. Thanks Guy for taking us along your journey. We can’t wait to see what’s next.