“You can learn anything if you want it badly enough, but if you are not deeply passionate about your business and its’ success, all of the knowledge and skills in the world will not help.”

Interview by Kevin Ohashi of Ohashi Media
____________________________________________________________

This Interview was made possible by our friends at

Domain name registration, premium domain auctions, and domain monetization services

____________________________________________________________

Ruvi Kitov is the Founder and CEO of Tufin Technologies. His educational background is in Computer Science which he studied at The University of Maryland where he graduated cum laude.  After graduating he worked at Check Point Software, one of the biggest companies in the computer security industry.    Ruvi held positions at Check Point which gave him the responsibility to design some of their core technologies.  In 2003, Ruvi left Check Point and started Tufin Technologies.

Tufin Technologies provide Security Lifecycle Management solutions.  They have created two products, SecureTrack and SecureChange Workflow which both focus on different aspects of securing networks.  SecureTrack is designed to automatically track, monitor and create reports about network infrastructure such as firewalls, routers and switches.  It also helps create security policies and optimize them.  SecureTrack is designed to take a lot of the manual overhead in maintaining a secure network.  SecureChange Workflow is designed to help enforce security policy changes and analyze risks in different changes made to certain policies.  These two products form the backbone of Tufin Technologies which now has over 550 customers worldwide and works with industry leaders such as Check Point, Juniper, Cisco, Fortinet and more.

MO:
At what stage in a company’s lifecycle does a solution like Tufin’s become important?  You seem to be targeting enterprises that have a lot of infrastructure and perhaps face regulatory issues.  When do your solutions make sense for a company and when do they not make sense?

Ruvi:
Our solution is usually relevant to large enterprises, with multiple office locations and lots of networks, so the typical customer has hundreds of employees or more. Regulatory compliance is another factor, especially with increasing regulation by the major credit card companies, in the wake of several very large security breaches, involving stolen identities of millions of consumers. So any typical large organization has the complexities that really require our products to untangle them, as well as any company engaged in heavy credit card processing, and subject to Payment Card Industry (PCI) compliance.

MO:
I saw in another interview you talk a lot about security becoming outsourced to other companies.  What do you think the long term implications for this type of behavior might be for businesses, security researchers and system administrators?

Ruvi:
We see a lot of businesses outsourcing their IT security operations, or at least considering it. Some of our largest customers are Managed Service Providers who specialize in outsourcing security operations for customers of all sizes. There are many long term implications for this outsourcing – security administrators currently employed at various companies may face unfortunate layoffs in case their company decides to outsource their security operations (unless they “shift” over to the outsourcing team). On the other hand, managed service providers will be hiring more IT security staff, so the same people could land jobs right next door, and instead of handling just one customer’s security, they may now need to specialize in their skill set, and apply those skills across multiple customers.

Another implication on businesses is that although they may have outsourced the IT security operation, they will usually need to retain risk management staff in-house, in order to verify that the managed service provider is actually doing its job, and providing an adequate level of security.  That means in addition to technical skills MSSP security specialists need to have strong communication skills and have a solid understanding of their customers’ business requirements and how those impact their security policies.

MO:
Your product is something designed to help prevent bad things from happening.  If it’s anything like the spam/virus industries you are always fighting an uphill battle against the next threat.  What sort of attitude do you have to take and maintain in a company while working in an industry like this?

Ruvi:
Of course we have to stay on top of the latest trends and security issues, and we have some people who are well-connected and informed in the network vulnerabilities space. That being said, we don’t search for vulnerabilities on the network – there are other solutions that are responsible for such services. Our products enable the customer to configure his corporate security policies in our product, so that we could catch potential violations to those policies, both to potential security risks and to potential network downtime.

MO:
Following up on the last question, how do you handle clients in such an environment?  I am sure you have the legal aspects covered, but is there any more training/policies/guidelines/philosophy you and your employees use to handle clients?

Ruvi:
The most important part of our company’s philosophy and values is the focus we place on the customer and the end-user, especially given the unique approach needed in the security market. That focus is evident in various processes and programs, including our TCSE training program (Tufin Certified Security Expert) and our commitment to “fanatical customer support” (that’s what we call it internally). As far as security goes, we have very strict corporate policies and standards that we must adhere to. Since many of Tufin’s employees previously worked with other security vendors, the sensitivity to client data comes naturally, and we treat data security very seriously.

MO:
You created SecureTrack after leaving Check Point with Reuven Harrison.  Based off of your histories I have to assume you knew each other from Check Point where you both worked.  What inspired you to both to leave Check Point and start Tufin?  Could you walk us through how you came up with the idea, why you needed to leave Check Point to do it, how you bootstrapped, and did you ever take investment?

Ruvi:
Actually, when we left Check Point we did not have the idea for the product yet, we just knew that we wanted to be independent, and to build our own business. We started out doing security consulting as we searched for an idea, and that’s how we initially boot-strapped the business. The idea for SecureTrack came to us around April of 2004, and by December of 2004 we had a Beta of the product, which we sold to several customers – those initial sales provided cash for the next few months, and gave us the confidence to incorporate the business; that’s also when we stopped consulting and started focusing only on product development. We also took very small salaries in the first two years, and worked with a very small staff at first. We ended up running the company successfully (staying cash-flow positive) with no investment all the way until December of 2007, when we took out first and only round of investment, in order to expand our sales and marketing efforts.

MO:
From what I can tell, you never formally studied any sort of business or management.  Where did you learn the skills necessary to successfully run Tufin?  Could you tell us about any books, courses, mentors and the lessons they taught you that have really made a meaningful difference in your management style/leadership?

Ruvi:
It’s true, I never studied business in college, but I’ve always been interested in business. I think that working for a successful growing company like Check Point was a great “school” for me and my partner – we did not engage in the business side of things, but were exposed enough to the company culture and how things worked, that we learned a lot through interaction. When we started Tufin, we received advice from various people, which was very helpful – sometimes a small piece of advice from someone knowledgeable can be priceless. Any business founder should seek mentors to help them with guidance. I’m also an avid reader of business books, and I’ve picked up great lessons from many different sources.

Some of my personal recommendations are:

Good to Great by Jim Collins – excellent book about the “secret sauce” of great companies

Founders at Work by Jessica Livingston – interviews of leading startup founders, very inspiring

High Output Management by Andy Grove – I actually just finished reading it now, and found it very useful and refreshing

The number one lesson that I’ve learned, will sound like a cliché, but it’s true: the most important factors in your business success are your drive and perseverance, much more than knowledge or skills. You can learn anything if you want it badly enough, but if you are not deeply passionate about your business and its success, all of the knowledge and skills in the world will not help.