I’m really excited to announce that I’m taking a role at Orca Security as Advisory CISO. Together, we aim to help more CISOs prioritize the work that matters.

I bet you have questions, and I have answers!

Why Orca?

I’ve been a fan of Orca since the day I was introduced to them a few years ago. I was a Venture Advisor for YL Ventures (where I’m now an Operating Partner), and I received a text message from Yoav Leitersdorf (Managing Partner at YL Ventures), to the effect of, “We have a really hot founding group and we need to act fast.  Can you jump on a quick call?  Today?” It was a Sunday, and I was at Gillette Stadium, waiting for the Patriots to host the Bills (the Patriots won, 24-12, on their way to winning their sixth championship). The game would start in just over an hour.

“Sure.  How about right now?” I found an almost quiet place in a corner of the stadium, and got on the phone with Avi Shua and Gil Geron. They explained the idea of SideScanning; leveraging the snapshot images that cloud platforms automatically created, conducting continuous security assessments without impacting the live images at all. I was hooked. In the aftercall, Yoav asked me the standard “Should we invest?” question, and I didn’t hesitate. Unlike my usual equivocation (“well, it’s not my money, but…”), I went with “Absolutely.” Easy agentless integration, no impact to production, comprehensive visibility, and complete lateral coverage in an environment? What wasn’t to love?

Avi and Gil invited me to be an Advisor in the early days, and I was thrilled to stay in close contact with Orca. We all share a common vision that the fundamental building blocks of a secure environment are hygiene (doing the basics right, even when the basics are more complex than they appear) and prioritization (not inundating your users with alerts that don’t matter to them today).

Together, we aim to help security teams enable their business partners to execute in a safer world. I think that Orca is poised to change how organizations think about security in the cloud, and I’m happy to be part of the Orca pod.

What’s an Advisory CISO?

Here at Orca, an Advisory CISO is a qualified CISO whose job is now to provide advice and guidance across a wide range of topics. With two decades under my belt leading security for Akamai Technologies, added to my own military information warfare experience, as well as success in diverse other fields, there are a lot of areas of expertise that I bring to the table.

I’ll be providing the CISO view to the Orca teams, so you’ll see my insights woven into our future product direction, my take woven into our marketing, and I’m even going to be working with the HR team on leadership and talent management practices.

What I will also be doing is providing industry education and awareness around CISO-level topics. Some of those will be about the public cloud, but not all of them. Most of that will be public communications. You’ll find me speaking at conferences and writing down my thoughts. I’m launching a podcast, Cloud Security Reinvented, which interviews security leaders about the insights they’ve drawn, both from cloud transformations and the longevity of their own careers.

But I’m also happy to engage in smaller conversations. Are you a CISO, and want my thoughts on a topic? I’m available to you, whether you’re an Orca customer or not. You can start a conversation on LinkedIn, or over on Twitter. And, once travel becomes a little more commonplace (get vaccinated, y’all, if you can), I’ll be happily hosting CISO dinners all across the world.

What about your other roles?

Orca will be my primary role, but I’ll still keep active in my portfolio. I’m still an Operating Partner at YL Ventures, so you’ll see me still heavily engaged in the startup ecosystem, helping early stage startups accelerate their success. The book I’m writing on leadership is well underway, and my leadership training company, Duha, is still actively developing leadership skills training.  But my headline role is Advisory CISO, Orca Security.


Orca specializes in AWS Cloud Security, Google Cloud Platform Security, and Microsoft Azure Cloud Security.