Yair Attar is the Co-founder and CEO of OTORIO, which delivers next-generation OT security and digital risk management systems to global industrial companies. With over 15 years of experience in cybersecurity, software engineering, and risk management, he protects industrial and critical infrastructure from cyber threats. As a former Senior Officer in the Israeli Defense Force’s Cyber Command, Yair headed the military’s Incident Response and Threat Hunting division to defend national, mission-critical systems.
Here’s a glimpse of what you’ll learn:
- Yair Attar shares his journey offering cybersecurity solutions for industrial and critical infrastructure
- Cybersecurity risks in industrial settings and control systems
- How OTORIO was formed
- Instances of actual cyber attacks
- Yair explains how OTORIO helps companies with cybersecurity issues
- When is the right time to outsource cybersecurity solutions?
- Mistakes companies make with cybersecurity preparations
- OTORIO’s steps for reducing cybersecurity risks for clients
- Yair talks about growing through partnerships
- The value of joining EO as an entrepreneur
- How Yair achieves work-life balance
In this episode…
As technology continues to advance, cyber threats are becoming more prevalent. Cybersecurity is a critical concern for businesses and individuals alike. So how can you remain vigilant in protecting your assets and information from cybercriminals looking to exploit vulnerabilities in your system?
According to Yair Attar, control systems are especially vulnerable to cyber threats. These systems help manage critical infrastructure such as power grids, water treatment plants, and transportation systems. If these systems are compromised, it could result in significant disruption and potential danger to the public. Therefore, it’s crucial to have measures in place to protect these control systems from cyberattacks. Yair recommends hiring a firm that offers cybersecurity solutions for industrial and critical infrastructure.
In this episode of the Rising Entrepreneurs Podcast, Dr. Jeremy Weisz sits down with Yair Attar, Co-founder and CTO of OTORIO, to discuss his entrepreneurial journey offering cybersecurity solutions for industrial and critical infrastructure. Yair talks about cybersecurity risks in industrial settings and control systems, the formation of OTORIO and how it helps businesses, mistakes companies make with cybersecurity preparations and entrepreneurial growth through partnerships.
Resources mentioned in this episode:
- EO Israel
- EO Accelerator
- Entrepreneurs’ Organization (EO)
- Dr. Jeremy Weisz on LinkedIn
- Inspired Insider Podcast
- Yair Attar on LinkedIn
- Daniel Bren on LinkedIn
- ANDRITZ on LinkedIn
- “[Top Israel Leader Series] Engineering the Autonomous Revolution with Rabbi Mois Navon of Mobileye” on the Inspired Insider Podcast
- “[Israel Business Series] Crafting a Great Brand Story: Tips and Tricks With Nir Zavaro” on the Inspired Insider Podcast
- “[EO Israel] Innovative Staffing Software With Amit Oestreicher” on the Rising Entrepreneurs Podcast
- “[EO Israel] Delivering Value to Global Markets With Orit Oz” on the Rising Entrepreneurs Podcast
Sponsor for this episode…
At Rise25, we’re committed to helping you connect with your Dream 100 referral partners, clients, and strategic partners through our done-for-you podcast solution.
We’re a professional podcast production agency that makes creating a podcast effortless. Since 2009, our proven system has helped thousands of B2B businesses build strong relationships with referral partners, clients, and audiences without doing the hard work.
What do you need to start a podcast?
When you use our proven system, all you need is an idea and a voice. We handle the strategy, production, and distribution – you just need to show up and talk.
The Rise25 podcasting solution is designed to help you build a profitable podcast. This requires a specific strategy, and we’ve got that down pat. We focus on making sure you have a direct path to ROI, which is the most important component. Plus, our podcast production company takes any heavy lifting of production and distribution off your plate.
We make distribution easy.
We’ll distribute each episode across more than 11 unique channels, including iTunes, Spotify, and Google Podcasts. We’ll also create copy for each episode and promote your show across social media.
Co-founders Dr. Jeremy Weisz and John Corcoran credit podcasting as being the best thing they have ever done for their businesses. Podcasting connected them with the founders/CEOs of P90x, Atari, Einstein Bagels, Mattel, Rx Bars, YPO, EO, Lending Tree, FreshBooks, and many more.
The relationships you form through podcasting run deep. Jeremy and John became business partners through podcasting. They have even gone on family vacations and attended weddings of guests who have been on the podcast.
Podcast production has a lot of moving parts and is a big commitment on our end; we only want to work with people who are committed to their business and to cultivating amazing relationships.
Rise25 Co-founders, Dr. Jeremy Weisz and John Corcoran, have been podcasting and advising about podcasting since 2008.
Welcome to the Rising Entrepreneurs Podcast where we feature top founders and entrepreneurs and their journey. Now let’s get started with the show.
Dr. Jeremy Weisz 0:13
Dr. Jeremy Weisz here founder of inspiredinsider.com I talk with inspirational entrepreneurs and leaders today is no different. Yair Attar of Otorio.com And you can they protect everything you operate. Right. Okay, so cybersecurity solutions. We’re going to go into it what they do, but yeah, you’re I always like to point out other episodes people should check out of the podcast. And because this is part of my top Israel business leader series, there was a really good one I did with Nois Navon of Mobileye, who was one of the founding engineers. And they talked about the journey of being acquired by Intel for $15.3 billion. So it was a pretty crazy journey. I had also a fellow EO Israel member of IR, Orit Oz she’s run the agency for over 25 years in the b2b space helping companies with global expansion. I had EO Israel member Amit Oestriecher of Xtras and g-nie talk about how he lost all of his clients overnight, not once, but twice, crazy journey and how he bounced back Nir Zavaro wrote, F*ck the Slides, excuse my French. And he talked about storytelling and branding. And Ron gave a founder of webs.io. helping protect brands from the dark web and brand protection, and many more. So check those out on inspiredinsider.com. And this episode is brought to you by Rise25. At Rise25 we help businesses give to and connect to their dream 100 relationships. And we do that by helping you run your podcast. We’re an easy button for a company to launch and run a podcast and we do the strategy, the accountability and the full execution year we call ourselves the magic elves that work in the background and make it look easy for the host in the company to create great content and great great relationships. You know, for me, the number one thing in my life is relationships. And I’m always looking at ways to give to my best relationships. And I’ve found no better way over the past decade to profile the people in companies I most admire and share with the world with their work in so you’ve thought about podcasting you should if you have questions, go to Rise25.com. To learn more. I’m excited to introduce you Yair Attar the CTO and co founder at OTORIO which is a cyber physical system, cybersecurity company and they help organizations with a safe and secure digitalization journey. And prior to or OTORIO will call it was a major Attar led the Israeli Defense Force incident response and threat hunting cybersecurity divisions. He has over 15 years of experience in cybersecurity software engineering, risk management with a focus on protecting industrial and critical infrastructure from cyber threats. So the Yair thanks for joining me.
Yair Attar 2:57
Thank you for having me.
Dr. Jeremy Weisz 2:58
So talk about how did you get on this journey to help protect people from this industrial and critical infrastructure from cyber threats?
Yair Attar 3:10
Okay. So, um, first, like, on my personal journey, I started as a software engineer within the Israeli Defense Forces. And I really had the honor and opportunity to do various positions, and which led to my previous world, which was, as you mentioned, leading Israel nation state incident response and threat hunting units. And as we know, unfortunately, Israel has a lot of attention towards us. So I think cyber security domain is something that you learn best from experience. This is one of the reasons why Israel is such a, from a cybersecurity perspective, such a strong nation, we learn at a very young age. And I think also, the Israeli Defense Forces is a great melting point from melting pot sorry, from from like society perspective, right? Because you get people that are being screened from the whole society and population of Israel. And you get this culture that developed at a very young age that you can do everything right, I remember even situations with with my own soldiers, that something needs to be done by I don’t know, it’s kind of weekend for beginning weekend, like, the soldier never did it before. And he’s telling me like, I have no clue and I’m like, Okay, I mean, do I don’t care make it happen, right. So you develop like, and you’re successful, one time after another and you develop this mentality like that everything is possible. And I think by the way, this is one, what’s something that also leads to like this thing called startup nation and things like that, because at a very young age, and then you go out from the Israeli Defense Forces, with this type of mentality, and you believe in yourself, and you start building things. And I also think that something that, you know, about me in general, but I think also represents to some extent, the Israel, philosophy was things were small, but we’re agile, and we fast and we adapt. And we understand. And I think to in order to win, or in a lot of areas in life, you need to be able to do that I even have, like, for example, one of the things that I had an opportunity and this was in the newspapers that I can talk about it, but before I finished my military service, there was sort of like a capture the flag, multinational exercise being led by Israel, and the Cyber Command and NSA. And I won’t forget the moment where, you know, I brought like, I lead the Israeli Blue team, and I brought like, around 20, young soldiers that from different like areas within the Army, like from from sorry, from the army, from the Navy, from the Air Force, and whatever, they didn’t even work with each other before. And then I get a tour to the US side, and I get to huge hall with like, 200 people, and everyone are so experts at what they do. Like they did it for many years. And I’m like, getting back to my room with my tea. And I’m like thinking to myself, Oh, shit, no way. No way. And but I can show it right? So so I’m telling to my team, we’re gonna win this, we’re going to take it and whatever the exercise starts, and then I, then I get it. You know, we have to have, we say, this is what needs to be done. Everyone knows what they need to do, go do it, you trust each other you there’s accountability. And there’s no need for additional approvals or additional processes, which are important to newer, bigger organization. But when you’re small, and you want to move fast, it just don’t work. So I think this is what really helped us, then we won. But this is really what what clicked my mind that one of our uniqueness is that we are first learners, and we can adjust and build fast things to make it when wherever we are. And I think this is something that then when I finished my military service, so I went and opened a tutorial. And I had also the opportunity with the experience, I got to meet my co founder, Danny Bran, which he established the Cyber Defense Command in the Israeli Defense Forces. So he was a big name. And we started our journey together. And I think it was a really good match both from personal and professional perspective. And what we understood, I think there were some events throughout our service that led us to the understanding what risk management is all about. And I think there was like, one time there was i No one share the full details, but let me just say that there are two systems. One is the mailing service, and you know, everyone are impacted, it’s not working. And you get the chief of staff office calling immediately, right, this needs to be fixed now. And then in part of there’s a critical system operational system that is not working. And nobody noticed. And by luck, we didn’t need it, specifically at the time. But it was only by luck. And the whole organization was focused on the mailing service. And I think this is what led us to the understanding that there’s a need for non experts, not for cybersecurity, or it or technical people, for business stakeholders to understand what the digital risks are, and how they reflect on the operational business. So when we went to the Commerce to basically to the outside world and start seeing the market, it was clear that we want to do something in cybersecurity and risk management and we saw what’s happening in the operational side. It’s not just industrial because today everything is becoming more connected. We’re talking about from smart warehouses and logistics and cameras and buildings and so everything is becoming more and more connected. That there was a solution that in the mind did back then there were like multiple companies, but they were doing more of the same, which is and detecting of a threat when the attacker is within the network. Now, this was based on a novel you could say right in, about like 13 years ago, there was like a major event called Stuxnet, that maybe we’ll get back to it. But basically, this was one of the first times and it had a lot of I would say echo around it, that a nation was able with code to effect a physical process. In this case, it was an Iranian nuclear facility, enriching uranium, or building an atom bomb. And basically, with code that was written somewhere in the world, was able to affect and actually stop and or reduce the creation of centrifuges. And this caused like Eric, anyone to understand, okay, oh, no, like, something like this can happen to us. Since then, I think the whole market evolved significant, whoever
Dr. Jeremy Weisz 11:16
was behind that was trying to stall the manufacturing of nuclear weapons.
Yair Attar 11:22
Correct. But one of the challenges with that, is that once it was published, it became an open source. So think about it. Now you have such a weapon that any hacker with it doesn’t need to be an expert can start using and targets, other types of organizations. And the whole this whole threat landscape is just changing and evolving. Another just example is that during COVID, there was a new marketplace, called wrasse, ransomware as a service, you get to the dark web, you ask, I want you to go and run some with this company. And I offer five bitcoins or whatever, some specific amount of money, and someone jumps and say, I can do that. And all of a sudden, you have a platform and marketplace, or basically targeting different entities and organizations around the world creating impact. And what we start seeing is that also impact on operations, impact on physical operations is happening. And I think, to some extent, what led us to the understanding, again, that, as I mentioned before, from a risk management perspective, right, is that our market needs to be able to manage this risk proactively. There’s a lot of today, trends around industry 4.0, from predictive maintenance, and basically doing more with less. So thinking about this concept, just from a cybersecurity and digital risks perspective, how can I proactively take actions that will reduce the potential of my organization being impacted, and unfortunately, today, every other week, you will hear this thing happening. And one last thing, which was very helpful for our journey that actually really helped us to boost our journey to some extent. We met and industrialist we met someone that has a vision of autonomous manufacturing. And this man, Dr. Wolfgang Lightner, which is the majority stakeholder of a company named Andritz, which they are an industrial engineering, global company, which they are what they do is they basically build plans, machineries for different types of industries. Every time they want to talk to customers of them, they like they said, Okay, this is a great idea, but what do you do about cybersecurity? This is when he understood that he needs to do something about cybersecurity. And we partnered with them at the beginning of 2018. We’re basically together we established a tutorial to serve also them as a customer and also leverage them as a party to their end customers. But also, of course, we are working directly with today, many global organizations everywhere. But this really helped us to boost our reach to the market and also our understanding of what does it mean a manufacturing site operations, working with automation engineers, and helping us really to build the solution that really fits those complex use cases, because one of the challenges as well. And today, the IT security space is very well established. Everyone knows exactly, there’s a very clear understanding what needs to be done, what type of solutions out there that are needed, etc. This space, ot cyber, CPS are cyber physical systems like different names, but instead evolving is still maturing, and a lot of organizations don’t always have the understanding what they need to do. And sometimes even you see clash of different cultures. And within an organization, IT security teams and operational members that didn’t talk to one another for a very long time, you know, blue collar is white colors. And this, now with the digitalization causes them that they need to start talking together because things are being connected to the cloud and sensors and whatever and IoT and IoT. And this is what’s happening in the market. So this is in a nutshell, our journey. Yeah.[Continue to Page 2]