Tomer Weingarten: From cyber outsider to building SentinelOne into a $1B ARR category leader
Download MP3Welcome to Inside the Network. I'm Sid Trivedi.
Ross Haleliuk:I am Ross Haleliuk.
Mahendra Ramsinghani:And I am Mahendra Ramsinghani. We have spent decades building, investing, and researching cybersecurity companies.
Sid Trivedi:On this podcast, we invite you to join us inside the network where we bring the best founders, operators, and investors building the future of cyber.
Ross Haleliuk:We will talk about the hard parts of the founder journey, launching companies, getting to product market fit, raising capital, and scaling to an exit.
Mahendra Ramsinghani:And, yes, we will also be talking about epic failures.
Sid Trivedi:But, Mahendra, we're here to make the founder journey easier.
Mahendra Ramsinghani:That is correct, Sid. But we cannot make it too much easier because startups are hard, And, of course, you already knew that.
Ross Haleliuk:Alright, you two. Enough. Let's get started with this week's episode.
Mahendra Ramsinghani:Our guest today is Tomer Weingarten, cofounder and CEO of SentinelOne, who grew up as a bored kid in a small Israeli town, hacking games with his best friend for entertainment to eventually taking on giants like Microsoft and CrowdStrike on a global stage. Tomer Weingarten is not your typical cybersecurity CEO. Starting from humble beginnings, he became a millionaire at a young age of 24 and then blew it all away so that he could stay hungry and even stay foolish. He pitched Sand Hill Road VCs without the coveted unit 8,200 pedigree and still built one of the fastest growing public companies in cybersecurity. Today, as CEO of SentinelOne, he is leading the fight in a world where every day is war.
Mahendra Ramsinghani:In this conversation, Tomer shares what it means to be a wartime CEO, how his technical depth gives him a deep advantage in this business, and the most important part, how he plans to grow SentinelOne in this age of AI. Let's get started.
Sid Trivedi:Tomer, welcome to Inside the Network.
Tomer Weingarten:Thank you, Sid. Great being here. Thank you for having me.
Sid Trivedi:We're gonna talk about a bunch of different topics, but let's really start with the early entrepreneurial journey that you've had in your early career beginnings. You were tinkering with computers from a very, very young age, and I read that your father bought you a computer very early on in life. And you actually met your future SentinelOne cofounder, Almog, in second grade, and you were bonding over software and hacking experiments. What initially sparked that passion for tech and entrepreneurship, and how did those early experiences really shape your approach on how you build companies?
Tomer Weingarten:Yeah. I mean, it's a good question. And I think to kind of understand better those days, I think a lot of the spark for doing something with tech was actually born out of complete boredom. Because where where we grew up, imagine like a small town in in Israel. I mean, there's not a ton to do.
Tomer Weingarten:You're basically looking for trouble, every, you know, every minute of your day. And when this when my dad got me this PC, I remember booting it up, and it boots up and it gets to, like, seed prompt, which is just like the DOS prompt, and that's it. It's like a, you know, black screen. You don't know what to do. Right?
Tomer Weingarten:It doesn't count with any instruction manual. It doesn't count with, like, what to do next. It's very free form. So the first few days, you know, I just booted it up and looked at it. I I couldn't really understand what to do with it.
Tomer Weingarten:But the more we started tinkering, I think we realized that this is an amazing gateway. You know, back then, didn't really have the Internet, didn't really have, like, the World Wide Web. You had Usenets. You had some you had the IRC that was just getting started, but but it was a portal. It was a portal for, you know, meeting people in the complete other side of the world, accessing data that otherwise you would never have known existed.
Tomer Weingarten:And I think the other thing there was, funnily enough, like, the computer games. Because as a kid, I mean, what you wanna do is play games, and suddenly, there's a whole new world where you're running these really interesting games. But as you're playing the games, I think you also start to understand, I would do this differently. I would build this game in a different way. And then you're starting to ask yourself, how is this happening?
Tomer Weingarten:Like, what what I'm seeing here, what I'm interacting with, like, how does it really work? And I remember even, you know, age seven or eight, we would go and we would edit in Visual Basic. We we just try and find, like, all the the code that existed that was preloaded with the DOS operating system. I think it was like a Gorilla Bass, which was like the the visual basic game that was included, you know, with it, and we would edit it and change the game and do all that stuff. And and from that point on, you know, was really, to me, was just an instrument where you can create.
Tomer Weingarten:Right? I mean, I don't know. I can't draw very well. I'm not a I'm not a painter, but with with product, with, like, imagination and then understanding that with this machine, you can program and you can create and you can do something completely novel and completely new, that was fascinating. And I think it was coupled with one other thing that I'm not sure why I had, like, since the early days, which is, like, a very deep frustration with the current software that I was using.
Tomer Weingarten:Like, you know, why can't this be better was my constant, I think, question. And from there, you just wanna do it and and you start learning and you also understand that a lot of this information is not like your typical, hey. Let's go to school and learn something type stuff, but it's more things that you can you can learn by yourself. The the literature is there. You maybe need to buy a few books, but then you can get at least for me, it was very easy to get well versed very quickly in multiple programming languages.
Tomer Weingarten:So understanding even architecture and what would be needed to build even a website and all that that entails from the front end and all the way to the database and, you know, learning how to stand up MySQL servers and, you know, thinking about scale, I think, was was really it was a great first principles experience that was kind of coming from necessity for me. But I I carried, you know, that technical knowledge and have continued to evolve it, like, pretty much ever since.
Sid Trivedi:And what about meeting Almog and your SentinelOne cofounder? Tell us a little bit about that first meeting. And you may not remember it fully, but you may probably remember early childhood years.
Tomer Weingarten:Yeah. No. For sure. Look, we we grew up in the same neighborhood, and he was a very, very smart kid. And I had that same kind of draw to the same things, and and we clicked immediately.
Tomer Weingarten:And and then the computer love was was also shared, And you get two really, really smart kids just looking to do something, and and very quickly, I think you get to the world of cybersecurity from the other side of it. Because that point in time, again, the context is very small town, like technology is not a thing. For us, it was like, how can we get online? How can we get our friends online? How can we do more online?
Tomer Weingarten:How can we get all the resources that we need when we have not a dollar to spare? So a lot of it kind of leads you to, okay. Let's see what's open. Right? And from there, things starts rolling, and you kind of get drawn to this this very amazing world of, like, all the underlying infrastructure that's sitting out there to facilitate what, let's call it, the the normal people are using when they're using the the Internet.
Tomer Weingarten:But but that was fascinating. I mean, understanding how things flow, understanding, you know, parameter restrictions or lack thereof, I should say, back then was really interesting. And you you do a lot of it for fun and games, and you do a lot of it for bragging rights, honestly. I mean, you know, I remember we used to log online to the IRC, and you always had to add this really cool IP mask, which would typically come from, like, this server shell that you would get into someplace and you would go online with, like, very funky domains. Like, you could go with, like, some .gov type stuff or or whatever.
Tomer Weingarten:And and that was kind of, you know, the fun and games. That was our catch the flag. Right? I mean, that that's what we would do as kids. And I think Almo got a real passion for it.
Tomer Weingarten:I really just like coding more than I like, you know, just browsing online and hacking everything that's possible. And he he made a true profession out of it very early on. He, you know, he went to work at Check Point, and he became head of innovation there and really kind of, I think, sparked most of the Check Point doesn't do a ton of innovation, to be honest. But the little that came, I think, came from him and and Hugo and some some of his some of his folks on the on his team. So, you know, when we linked up kind of later in life and kind of decided to do something, it came mainly from him, like this desire to do something in cybersecurity.
Tomer Weingarten:To me, I just kind of thought about at this point in my life, like, how can the next thing I do be meaningful enough and something that would actually make a difference because I I got a bit tired than just, you know, thinking about products, building them, selling them, making lots of money, and and moving on. Like, I quickly realized it's not something that is is fulfilling or interesting for me. So when the idea to do something in cybersecurity came, I think we we first kind of sat down and said, hey. Can can this be meaningful? We we don't wanna build just another thing.
Tomer Weingarten:I mean, that's not gonna worth the time and the effort, and thus SentinelOne was born.
Ross Haleliuk:Tomer, at just 24 after your first startup got acquired, you suddenly had a few million dollars in your account. And as you said, you spend it very quickly on all kinds of nonsense so that you don't get complacent. Looking back at that time, what did that early success and how you handled it teach you about motivation and and risk taking? And also, would you do anything differently now, or was spending that money the way you did it was the best decision to drive you forward and to enable you to do what you did later?
Tomer Weingarten:Yeah. No. It's for sure not the best decision. I would not I would not advise going that route. But I came with from a family with not a ton of means.
Tomer Weingarten:Right? So when something like this happens to you and it and it's such a, I would say, big inflection point in your life, then, obviously, it's a bit confusing. Obviously, the the younger you are, the more confusing it gets. And and I thought that I can easily just kind of get lost in doing nothing because you kind of feel, hey. You know, I just hit jackpot.
Tomer Weingarten:I don't necessarily if I do this right and, you know, you get the advice of the parents and the fam your parents and your family, and they're like, invest the money and do this and buy an apartment and, you should be set for life. This is the best it's gonna be. Right? I mean, that's sincerely what people think at that point in time and may maybe even including myself, but it never felt right to me, and I felt like I'm kind of drowning in doing just, like, meaningless stuff. And and then I kind of said, look.
Tomer Weingarten:I'll be fine. Like, no no matter what, like, I can take I can take these risks and and I'll figure it out. And and something else better might come or not, but I've I've trusted myself to, you know, kind of push myself out of the comfort zone. And and sometimes I found that to do that, maybe you need to remove some anchors. Sometimes to keep grounded, you need to add some anchors.
Tomer Weingarten:But at that point in time, I kind of needed to move away from this corrupting way of life, I would say, that comes with, you know, a lot of money in a at a at an, you know, early age. So it was a good decision in that perspective. I mean, blowing out through all the money, I I don't know. It doesn't really matter. But but I definitely think that making sure that I push myself to the point that that I have to do it, I think, was was critical for me.
Tomer Weingarten:I I didn't have to do it ever since. I think I I then kind of I got the lesson. Right? So you don't need to kind of enforce yourself again to to these things, but all in all, I don't regret it. Let's
Mahendra Ramsinghani:And that's a helpful insight, Tomer, you know, how you add anchors or remove weights so that you can either ground yourself or or lift off into different domains and also being self aware to sort of know that this could become a corrupting way of life, and I need to propel myself in a new direction. Now before you started SentinelOne, you had been in the role of a developer. I mean, you're probably one of the first guests we have on our podcast who could talk about server shells, standing up SQL serve you know, servers. So you've been the VP of product. You've been a developer.
Mahendra Ramsinghani:You've been a CTO. You've been in all of these roles. Now how did that help you in your journey, or what insights did that give you as you started Central?
Tomer Weingarten:Yeah. You you know, I mean, to me, this is so kind of innate to who I am and to what I do that I can't even envision it a different way. Like, I don't know how you can be a super effective CEO or anything, honestly, in tech without understanding the tech. Like, it's really, really a huge advantage that that I think you have if you just understand how stuff works, the easiest way I I can put it. And it allows you, I think, to articulate a vision that is not just grounded in a concept.
Tomer Weingarten:It's grounded in the complete implementation of the concept as well and and seeing the way there and understanding what components would be needed and knowing also what the bottlenecks are gonna be or what the, you know, the potential building blocks that you're gonna have to have over time to reach your vision. So to me, it it was priceless. And and I throughout time, I dabbled pretty much with every aspect of development. Like, at the end of the day, when I wanted to build my first kind of a a product, I remember we kinda thought it was me in a in a different partner back then, and we said, okay. You know, let's maybe raise some money and, like, who's gonna give us money?
Tomer Weingarten:It was very, very unclear. And we kinda said, you know, we gotta get some developers to to build this, and we just thought, oh, we're gonna have an idea. We're gonna hire some developers, and we know we're gonna make it happen. And I and I remember, I think it was my dad who, you know, we we talked to about that, and he looked at us and he said, what do you mean you're gonna hire the developers? You are the developers.
Tomer Weingarten:And from that point on, we kind of realized, okay. I mean, let let's just learn everything we need to learn in order to to build this and and do this. And from there, I think I became very well versed not only with, like, back end and and algorithms, but then also the all the way to the database layer. And later on when the cloud kind of started and started working very directly with, like, AWS environment, and that was amazing. I mean, that's where I think where you can just imagine the scale and everything gets more automated and the capabilities you get are now kind of in the in the click of a button away and front end development.
Tomer Weingarten:And then when kind of the the tensor world started and, like, statistics. I mean, all of that just became incredibly fascinating to me, but I I really had, like, knowledge of all the stack to the point that I would actually, even at Sentinel, here's a nugget that I'm not sure I I've said ever, but the first few user interfaces that we've had, I've literally designed myself. Like, I sat with Photoshop and I thought about the user experience and and all that stuff. We were a group of 11 developers when when we started at the at the end of the day. Everybody was contributing code, including myself.
Tomer Weingarten:You know, everybody was working in the product, including myself, and that meant also designing some stuff, building UI, building some endpoint capabilities, building some back end capabilities. Obviously, of that is no longer in the platform. Do not fear. But, again, I mean, it's it's all about understanding these building blocks that are gonna get you to to where you wanna go, and I think also understanding the problem domain in in a very, very deep way. And I think I've learned so much more on cybersecurity since starting Sentinel One than I knew before.
Tomer Weingarten:I was always kind of well versed in it from, you know, our team hacking days. But I think once we started truly interfacing with the adversaries, I think this is where you kind of put your hacking hat on and you start kind of using it for the complete inverse manner. But in essence, it's it's almost the same skills that you need if you wanna build great defense. You gotta get, I think, a really good understanding of the path of exploitation, vulnerabilities, how networks are built, the attack surface, how that's expanding, and attacker behaviors more than anything. Attacker mentality, attacker philosophy, like each one of the adversaries that we deal with today.
Tomer Weingarten:And, you know, look, we we live in a world where every day is war. I know it's not for you maybe, but for us that are kind of on the on the front lines, I mean, every every day is war. Every day is war with, you know, the Chinese, the Russians, the Iranians, you know, North Koreans, you you name it. Cybercrime syndicates. There's not a moment that goes by without attacks and and offense in cyberspace.
Tomer Weingarten:So at some point, you kind of adopt like a semi military, I think, kind of way of life when you do some of these things. But, again, that's kind of that's kind of our day to day. I mean, today, it's it's everything we, you know, live and breathe.
Ross Haleliuk:Tomer you mentioned that before even building, you have gone really, really deep to understand the problem space. You've been writing code. You've been designing some of the UI on your own. And then what are your thoughts about the way startups are built today in cybersecurity where people very quickly go and identify the problem space? They may very well need to go and hire developers because they don't know how to build in that problem space, and the growth happens very, very quickly.
Ross Haleliuk:Talk to us towards that.
Tomer Weingarten:I'm gonna I'm gonna try and be as diplomatic as possible here. K? Because a lot of these are my friends and my peers and, you know, I'm not sure they always love what I have to say in that perspective. Look.
Tomer Weingarten:When when we started the company, we spent two years building the product. There there was nothing to ship. There was kind of shaky betas, and we had some great customers running betas, but we never had anybody pay us a single dime for the for the first couple of years of of kind of building, you know, building the product. To date, I mean, there is extreme deep IP in everything we do. You know, we got over, I think, a 100 plus patents just for kind of our endpoint and machine learning stuff, not to mention all the stuff we do with with data today.
Tomer Weingarten:To me, it was always about building deep technology. And and I kinda felt like, in general, when you're building if you're planning to build something big, you cannot build it without deep IP. You cannot build it without deep technology. Now it might not be true what I'm saying here. I think there's a lot of businesses that get to scale, get really nice sales, and their IP mode is probably not deep IP.
Tomer Weingarten:It could be in the experience. It could be in the workflow. It could be in how good the UI is. I don't consider all of that deep IP, but it's still obviously meaningful IP. Startups today, I mean, especially in the age of the LLM, I think you're looking at at something I would I can only describe it as really dangerous, to be honest.
Tomer Weingarten:Dangerous from the venture capital perspective, dangerous from the product capability perspective, dangerous from the customer value perspective. Because I think even if you look at some of the most successful ones, you would describe success, you know, scaling from zero to 100,000,000 of ARR. Like, that's a measure for anything. Like, $1,000,000, you know, 1 $100,000,000 in ARR is is the inkling of product market fit. It's not the end of product market fit, and I think that's what people tend to miss.
Tomer Weingarten:And then you kind of see largely shallow IP, lots of open source usage, lots of libraries cobbled together, really neat experience, which means that teams understand the workflow for the customer. It's very enticing for the customer because they're getting a, oh, you know, that's something I do a 100 times a day, and now there's this, and you can just click two buttons. It's actually happening. So you get some value. I think the value from what I've seen in the past decade in cybersecurity, we only talk about new capabilities.
Tomer Weingarten:We are not talking about the diminishing capabilities. And a lot of these capabilities that you're seeing are slowly from the moment you put them up there, they're starting to diminish. And, you know, you can talk about CSPM for days, and if we talk about CSPM, I don't know, a year ago, a year and a half ago, it was like, oh my god. This is the best capability since sliced bread. Ever since that point, it's diminishing slowly or fastly, however you wanna you wanna call it, to the point that probably in twelve months, we replace all of CSPM with a prompt that can show misconfiguration, fix misconfiguration, here's the plan, click here, done.
Tomer Weingarten:So I really think when you look at what startups are doing today, some of them, they're pipe dreaming. I don't know if they're gonna have a business in in a year. Some of them are rushing to get to, like, you know, $20.34, $50,100, you know, million dollar of ARR to declare some semblance of success only to get stuck after. And and look. There is a good slew.
Tomer Weingarten:I wouldn't call them zombie companies. They're still growing, but they're growing, you know, roughly, you know, at the rates that you see with public companies. But there is, like, a $102,103 $100,000,000 scale. It's hard to see what what's the future for some of these companies, some of these capabilities if it's not consolidation of one way, shape, or form. But there's also, again, the LLM world, I mean, a lot of the actual capability is gonna get consolidated and and folded up.
Tomer Weingarten:So I think right now it's the wild wild west, and you kind of don't know what sticks. And we all get in security really excited with shiny objects that we don't always think about the order of magnitude of improvement that is required. And then customers sometimes gravitate towards things that give them a single order of magnitude of improvement, and they and they kinda feel okay. I've done it. Now my SOC is automated.
Tomer Weingarten:I, you know, I took a 100 alerts and I made them 20. I'm golden. I mean, the it's it's non scalable. You're not thinking about the broader issue. You're not thinking about speed.
Tomer Weingarten:You're not thinking about how to even architect your system to be able to deal with the challenges that are upcoming. The challenge is not collating 100 alerts to 50 or running an auto investigation. The challenge is orchestrating enterprise wide cybersecurity in real time so we can address attacks in real time. And everything your people are deploying kind of now in their environments, if it's not truly geared and supportive to that goal, in my in my view, right, this is my own myopic view of the world, I think you're just gonna find it practically a waste of time or something that can then be achieved with a hyper automation agentic studio, which is, you know, some of the stuff that we do today is we just give people the freedom to build any workflow that they want and inject agentic capabilities into it. So it's almost like an app builder that's baked on top of the data security data that you collect, and you kinda realize you can build a lot of what startups are building just by dragging and dropping a few, you know, a few blocks.
Tomer Weingarten:So I really think that if you're not building deep IP and it's getting harder and harder to build deep IP in this world, you know, given, I think, the the significant lean you have on LLMs right now as being the core of what you do. Everything else that comes after the LLM, before the LLM, that's your IP. Can you build something substantial? Can you build something that is not easily replaceable? Can you build something that will be needed even if AI gets 10 times better and a 100 times more scaled and pervasive, is your offering gonna be there to show value in that world?
Tomer Weingarten:And and I'm just not entirely sure everybody's thinking about it the same way. A lot of folks are really focused on, let me get some revenue now. I need to show my zero to 100, so I better get something sellable and I better get it now and somebody better pays pay for it immediately.
Sid Trivedi:Talking about, you know, real technical innovation, you talked about how it took two years to build the original product for SentinelOne. I I want you to go back to 2013. You you're starting in your in your head. Go back to 2013 and give us some insight on into that. And in particular, you've talked pretty extensively about this publicly, but you had felt at the time that the antivirus business, which is the business, you know, before Endpoint, had been stagnant for many years, and you also felt that it was time that someone needed to do something different.
Sid Trivedi:And in particular, even back then in 2013, you were talking about a proactive AI driven approach in AV. What was the moment that led you and Almog to found SentinelOne? What was the part that convinced you that, hey. We have uncovered something that the rest of the market has not yet uncovered, and how much was that AI and behavior based detection? How important was it?
Sid Trivedi:I mean, you've talked about it publicly, but, really, tell us about 2013 and what what was going through your head.
Tomer Weingarten:Look. I mean, it was probably still is the most important thing that that we do. Let let me start with today for a second so we can understand where where it's at and where it was in 02/2013. Because today, we cover tens of millions of workloads worldwide in some of the most critical large enterprises, government agencies that you can imagine. And when I say cover, what I mean is that there is this agent that sits there baked with machine learning models and algorithms that works completely autonomously.
Tomer Weingarten:It doesn't have a dependency on the cloud. It doesn't need any human supervision, and it is the thing that decides whether something is gonna run or not run across all of these environments. Some of these are services that all of us are using practically using now. So if that algorithm is getting it wrong, we don't have a podcast right now or we don't have, you know, rideshare right now or we don't have a rocket in the sky or we don't have a phone call or we don't have, like, that's the scale. Right?
Tomer Weingarten:And this is AI running on all these devices completely autonomously. So this is the state today. In 02/2013, the world was very different where, again, coming from the, call it, the offensive perspective, everything was becoming incredibly breachable. The the protection on the endpoint was signature based and a bunch of other rule sets, and that was the easiest thing for attackers to bypass. Literally, you know, you go through the firewall, which by the way, the firewall is not a security product.
Tomer Weingarten:The firewall is an access control mechanism. So it it had no semblance. Today, I mean, they've added a lot of detection capabilities, but back then, it couldn't detect. You could punch malware through it all day long. As long as you had the access approved, there's no issue.
Tomer Weingarten:So you get into the perimeter, the perimeter is gone. People were starting to move to the cloud, and you kind of say, okay. I mean, now the perimeter is totally gonna be gone because it's completely punctured. Right? There's in and out coming from the cloud.
Tomer Weingarten:The endpoint obviously can protect shit, And then, you know, you get to what FireEye was trying to do back in the day, which was the best solution against APTs. It was the sandbox. And the sandbox was this thing literally an appliance. You put it in the network, put a SPAN port, you know, and and have all the traffic route through it, and it would catch the files that were kind of running around in the network. Most attacks that it was geared to catch were file based.
Tomer Weingarten:So it takes the file, detonates it in the sandbox, try to instrument it, which I think is is a good point for us where we kind of said, okay. Instrumentation is really interesting because what instrumentation is doing in the sandbox is kind of going through all the interactions of how the file was running and interfacing with the operating system. And and we said, okay. I mean, that that's an interesting approach, but why do it on a sandbox? Like, the the sandbox is you can detect it's a sandbox and thus say, oh, no.
Tomer Weingarten:I'm not doing anything. Shut down. Get all the way to the endpoint, and then there's nothing there and you can run freely. That was the most common thing that you would see. And, also, it wasn't really the natural place to see activity.
Tomer Weingarten:You don't have the user on the sandbox. You don't have the real programs. You don't have the real device. And attacks were just using all of that to evade, get to the target that they wanna compromise, and from there, the road was easy. So what we started thinking is, you know, what does the world look like beyond signatures?
Tomer Weingarten:Like, how can you detect badness in the most generic way possible? So, basically, if you had no prior knowledge, would you be able to tell by the actions that are happening on the machine that something is now doing something bad and what is bad, generally? And and then we said, I mean, look. This is this could be a very classic use case to leverage machine learning and basically start baselining what bad behavior looks like on the device. It doesn't have to be file borne.
Tomer Weingarten:It could be, you know, even a live attacker that is now doing something on the endpoint. Our thesis was that what you will do will forever look different than benign behavior on the endpoint. When we open up a Word file, when we, you know, open up the podcast, when we share files, we do all of that, if I take all the instrumentation of the benign operation of the device, I instrument it at the kernel level, I get all the the different calls, network, memory, disk, all of it, and you put it into a cluster, you can say, okay. This is my my benign set. And now same device and you run some malware or you run some attack code or you deploy a remote code exploit and you view again how that reflects for instrumentation.
Tomer Weingarten:You put all of that into machine learning and you start getting, you know, these these two models that can tell you this doesn't look normal. This looks different. And so that was, I think, kind of the the point the point of origination for us. And then and then you had other much, you know, harder questions honestly, which is, can you make it run-in real time? Because we wanted to build a preventive system.
Tomer Weingarten:We didn't want just something that comes there and after the fact tells you, oh, you know, we saw some bad behavior just happened an hour ago and everybody's out with your stuff. No. I mean, we wanted we wanted to build some, which, by the way, every sim solution in the world today, I mean, that's exactly what you get. You you get a a nice view into the past when you look at the events that are coming in versus, you know, endpoint protection, especially ours, which is parsing through the data in real time and is able to interact and interface and intercept in real time. So the one of the main questions was, can we run this in real time in line with the device as things are happening so we can then intercept, stop, and potentially even remediate if we saw some damage happening?
Tomer Weingarten:So can you do it in real time? Can you do it in real time without shutting down every possible resource of the device? Like, our goal was to be slimmer than an antivirus, which, by the way, we are today, by far more lightweight than an antivirus even though we do a whole lot more on the endpoint. And the last piece was, can you do it, like, super accurately? Right?
Tomer Weingarten:I mean, because if you can't do it accurately, then you can't really do prevention. You can't really start stopping stuff in your own accord if you're shutting down, like, critical processes. So it was a huge undertaking. And and to get it right, you know, there were points in time where we I remember it vividly. I mean, we would sit in kind of the the ragtag office that, you know, that we've had back then, and we would be incredibly frustrated because we couldn't get, like, the agent to parse through all the data without taking, like, a full core, you know, from a from a multithreaded CPU.
Tomer Weingarten:So, I mean, there there was a lot of work in engineering that got into, you know, building what looks very trivial today. You know, it's just better than the antivirus and, you know, it just stops stuff. But, look, it's the first line and last line of defense for many, many, many workloads out there at the end of the day, whether it's, you know, server environments or cloud environments, you know, all the way to to Kubernetes environments today and, obviously, kind of the bread and butter endpoints that that we all use. So, again, was nontrivial. I don't think that we knew for sure that all of it can work in the way that we dream it to be.
Tomer Weingarten:I mean, each one of these aspects had a mitigative plan. Like, if we can get it to go this way, what would be the fallback? But eventually and look. We still have an amazing engineering team. I think that's the one thing that people have to remember.
Tomer Weingarten:I mean, this place is all about the talent, and and it's all about making impossible things happen. And that's how you create deep IP and, you know, you get some incredibly brilliant people to do the impossible, basically, and and that's kinda what you see running today worldwide.
Ross Haleliuk:Tomer, I've written extensively about the unit 8,200 and the importance of the unit in the Israeli cybersecurity startup ecosystem. But it's important to highlight that neither yourself nor your cofounder came out of the unit, unlike many of the founders that are starting the companies today. And in fact, you've said in the past that this was a tremendous strength because you didn't have the 8200 frame of mind. I have many questions about this. So first of all, what is the 8,200 frame of mind?
Ross Haleliuk:And secondly, how did being outsiders to that traditional cyber network influence the way in which you build SentinelOne, in which you define the technology? Did it give you a different perspective? Did it give you some advantages? Maybe did it give you any disadvantages or challenges that you ended up facing in gaining credibility?
Tomer Weingarten:Yeah. No. Look. Let me let me try and reframe it or maybe a bit more broadly. First of all, it was a tremendous disadvantage to get started.
Tomer Weingarten:Right? I mean, you're going in and you're talking to, like, Sandhill Road VCs, and you wanna raise funds for this thing that will disrupt the $20,000,000,000 market cap companies. You know, Symantec and McAfee, you're gonna revolutionize the world. And you're Israeli. I mean, you can't you can't hide that fact.
Tomer Weingarten:And you're in cybersecurity, and you're obviously not trying to hide that fact, but then it kind of ends. Like, that is it. I just like cybersecurity, and I'm Israeli, and I'm not 8,200. And I'm not, you know, ex military. So I think it it was really, really, really hard back then to kind of showcase the credibility because everybody was just looking for that same criteria.
Tomer Weingarten:To a lesser degree in Silicon Valley, definitely in Israel. And and I think to me, that was also, like, one of the main reasons why I kind of felt like, to me, this journey needs to be in Silicon Valley. It cannot be in Israel because people don't really understand the problem set and the opportunity, definitely not the technology, and they understand they understand only pedigree. And and that pedigree were just something I didn't have. I mean, I didn't, you know, have Gil Schwed as a friend or, you know, the the ex commander.
Tomer Weingarten:They're all my friends now. I mean, that these are my friends, but but back then, obviously, it's not the case. Right? I'm like a 29 year old kid that nobody knows, honestly. And so that that was a huge disadvantage.
Tomer Weingarten:But on the flip side, you know, I had other folks on the team very early on that came exactly from these units. To date, I mean, as you can imagine, a lot of our, like, Israeli based r and d I mean, these are these are folks that are coming from from these units. And, obviously, I mean, they're incredibly talented. I mean, they possess probably much more knowledge than I have in certain areas than than I would ever have. So I think there's definitely learnings that I did not get by not serving in these units.
Tomer Weingarten:But on the flip side, we kind of felt like the thing that makes us very successful is our ability to think without boundaries, to think without constantly be tainted by the downloads of somebody else or or the kind of the the opinions and the frames of mind of of somebody else no matter who that is. Obviously, there's incredibly smart people in the world and you wanna listen to everything that they say. But for, like, very young, individuals, I mean, 80 to 100, you know, folks, they're 18 years old, you get them into this thing, and that thing is is a machine. And that machine, I think, imprints you in a in a certain way. It gives you a lot of great things, but it also gives you a certain mentality and a certain philosophy you like it or not.
Tomer Weingarten:And whether they call it a philosophy or not, I mean, just by the virtue of how you do stuff, I think you're gonna get into into a certain path. Not being in that path or not being in any path, to be honest, it gives you a lot of freedom. Now it's it's your choice what you do with that freedom, and it's your choice what opinions you establish and what your ideas are. But to me, that that was almost like a sacred thing. Like, I I, look, I listen and I read and I see everything that's happening.
Tomer Weingarten:In cybersecurity, outside of cybersecurity, you know, I I got other hobbies. You know, I find neuroscience fascinating, and I sit on the board of trustees of Palo Alto University for mental health. And I love quantum physics, and I spend a lot of my free time in just reading research there. But what I found from these disciplines, by the way, and I would say quantum physics more than anything, is really the importance of freedom of thought and and really being not tainted by the many, many dogmas that we have throughout our lifetime. The less you put yourself or kind of adhere immediately to found these boxes, I think the more open you are to just contemplate whatever.
Tomer Weingarten:And and I think sometimes that whatever looks crazy to some people, but it's only crazy until you do it and until you prove it's successful.
Mahendra Ramsinghani:So, Tomer, the first few years are still a grind for you. You know, you were the only salesperson at Central One for the first three years. You're not from 8200, so no VC wants to talk to you on Sandal Road. Help us understand what those two, three years were like for you. You also touched on mental health.
Mahendra Ramsinghani:You know, this is an incredibly tough journey, lonesome journey for a founder. And then also give us some insights into how you snagged your first investor, snagged your first customer, and give us some inspiration there.
Tomer Weingarten:Yeah. Look. I mean, I I was just dissing, like, Sandel. Right? I mean, eventually, you know, we had Excel invest in us, and, you know, we had some really, really great really great investors from the seed level and and ever since, I mean, all the T Rays were investors.
Tomer Weingarten:You know? Xcel invested and Sequoia invested and Insight invested, and I'm probably forgetting in Redpoint and some really amazing investors along the road in Thirdpoint and many many others. I think I've raised probably close to a billion dollar pre IPO and then another billion 0.4 post IPO. I never thought of myself as a salesperson. Like, I I do not sell things.
Tomer Weingarten:I don't think I ever, like, closed the deal or, like, made terms. You know, I show up and, you know, I I speak about, like, what our product can do and what I think it can do for for the customer more than anything else. And, you know, and I listen and I find ways, you know, on how we can be helpful to customers. And that's largely what I've done also in the initial stages, and it was it was challenging. It was challenging because, you know, I've never done it before, to be honest, especially now kind of at the enterprise level, you know, that that we're doing it today.
Tomer Weingarten:So it was it was very foreign to me, and I'm and I'm a very straightforward person. Like, I come into these conversations, and I kind of call it like it is. You know? Right? I mean, I'm not trying to go through the playbook process of how you do, you know, enterprise selling in a competitive environment.
Tomer Weingarten:Right? Like, I don't care about that. I don't come in and start bad mouthing the competition and do all that stuff. I come in and, you know, I talk about technology. That's what I know what to do how to do.
Tomer Weingarten:And I think eventually, you know, the main thing with kind of the VCs were just to help them see the opportunity and help them get more conviction in the technological direction that we have. Because as you can imagine, I mean, it's not something that's very straightforward to explain, and many, many folks that are not deeply technical will understand it. Sadly enough, I remember back then, like, a lot of VCs would send you to experts, all kinds of different experts from many, many different kinds. Some of them will end up being your competition. So you can imagine what type of advice they're gonna give back to the VCs.
Tomer Weingarten:I mean, you know, if one of your expert is, like, I don't know, I mean, what would he say? Oh, that stuff, it doesn't work. I mean, don't don't invest in it. Of course. So you can imagine the world is a very interesting place, you know, and the and the dynamics are you know, Sid, you you know that you know that stuff pretty well.
Tomer Weingarten:Right? So to me, I was just really just focused on getting people to understand the technology. And I failed many, many times. Right? I mean, I think I got, like, hundreds of no's, you know, throughout this process as as any entrepreneur gets.
Tomer Weingarten:But I think, you know, there there were some great funds that eventually saw what, you know, what the art of the possible would be, and they believed in us. And, you know, I'm I'm very grateful for that. I mean, they they helped us kind of come off the ground really, really quickly. You know, I remember I was trying to raise, like, a million dollars and, you know, I ended up with, like, $500,000 worth of seed. And it's probably one of the happiest moments in my life was just the realization that somebody's giving me all that money to go and build something totally new, totally fresh, and I think that was, like, a real magical moment.
Tomer Weingarten:But, you know, the moment you get a little bit of traction there and and people start to see, like, okay. There's a major opportunity here. Technology actually works, at least even conceptually into the future, then I think the thing you know, things become slight slightly easier. I would never call it easy. It is a very tough journey mentally.
Tomer Weingarten:There's no question about it. Like, again, you know, you opened we we opened and we talked about, hey. You know, there's lot of bad stuff that's happening. Let's talk about the bad stuff. We didn't talk a lot about the bad stuff.
Tomer Weingarten:But you can imagine that in every part of the story of this journey, there's constantly bad stuff happening. There's not a day that progresses without something that that you're gonna have to deal with, change, improve, optimize. It's just part of the journey. And I think if people have this expectation that they go into any of these startups to kind of stand alone company journeys going after the biggest market forces that you have, is gonna be a an insane roller coaster. And and, you know, the highs, the lows, they sometimes come together.
Tomer Weingarten:Right? I mean, it's you don't even in nature, I'm not sure you have something to describe. It's not a roller coaster. There's no roller coaster that goes up and down at the same time. I mean, that would be just crazy, but that's the reality of what you, you know, you have to deal with.
Tomer Weingarten:And you have to be also maybe a tiny bit crazy. I mean, if you're going after Microsoft and then you're kind of saying, you know, I'm building something that is better than the biggest company in the world or one of the or second biggest company in the world, and I'm building something better than the biggest cybersecurity company in the world, and I'm biggest sign I'm building something better than the second biggest cybersecurity company in the world, and these are my competitors. And to date, our win rates, our success, our growth still triumphs, which is crazy. I mean, throughout all these market conditions, throughout inflation, throughout a bubble burst, throughout, you know, zero interest to mega interest, throughout tariff day, throughout all of these things that ensue. We've been growing just in a very, very amazing way, one of the fastest growing, you know, companies on the public markets.
Tomer Weingarten:Really grateful for, you know, the resilience of our people and, you know, how they carry themselves, like, throughout all these different gyrations and knowing that, you know, no no day is gonna be just a super easy day when we're all just relaxed and, you know, everything is fine. That's not cybersecurity. Maybe other parts of software, but not not cybersecurity.
Ross Haleliuk:And probably not startups in general. So in at Sentinel as SentinelOne scaled from a scrappy start up to a public company, how did your role and how did your leadership style evolve? Look looking back at the time when you were writing code and then going forward to the time when the company went public in mid twenty twenty twenty one at around 15,000,000,000 valuation, a lot has changed. Are there any lessons on hiring leaders or shaping culture that you would be willing to share?
Tomer Weingarten:I think the the biggest thing is that your leadership has to change all the time. Like, if somebody thinks that you start as a leader and that is it and you got it and now, you know, you run with it all day long, it's just not the case. I mean, it wasn't the case for me. I think I was a very different leader early on. Maybe that's what was called for also.
Tomer Weingarten:I think I was much more militaristic, I would say, in in kind of my my style, and I was much more hard driving and, you know, I I would just punch through punch through walls. Maybe not very pleasant to work with. I think a lot of people were just generally quite scared to interact with me in any way, shape, or form, which eventually led to problems, have to say. Like, people just couldn't come to me with issues even that at some point I kind of realized, okay. I mean, this this is not the way.
Tomer Weingarten:I mean, I'm not this is not yielding what I needed to yield, so there there need to be a different way. But I think a lot of it revolves around your leadership team as well and kind of how, you know, how you build and who who are the people you surround yourself with. I think for me, the biggest learnings are were maybe still are kind of dealing with compromise, knowing that many, many decisions that you're gonna take are gonna be great for one thing, but a compromise for some other thing. And and I think you have to really decide, like, what's more important to you at the given moment. And, you know, sometimes we make decisions to solve for the here and now, and we know that it's something that may not scale later and may cause other issues later.
Tomer Weingarten:How do you look at these decisions, I think, are are kind of constantly probably the most challenging points for for any leader, the short term versus the long term. I've learned, I think, very early on to test myself time and time again. So literally to write down decision points and what I've decided and look back after three months or five months or six months kind of back into, okay. So I took this decision. Did I get what I wanted to get?
Tomer Weingarten:And did I get to the vector? Did I get to the progress? Am I am I on the right path? And as I saw that these are converging more and more and more and more at really high percentages, then you can just run with it much, much faster because you know you're you're kind of taking the right decisions. But sometimes you need that calibration to know that you're just not running with, like, imaginary decisions that everything is going well.
Tomer Weingarten:And I think the the biggest thing that I think is also very different with Central One is that we we're very much kind of a different corporation. Like, we we are now a public company, you know, kind of close to a billion dollar in scale for revenue, which is close to 10 times where we were at IPO revenue wise, which is really crazy to think. IPO We was, a $100,000,000 four years ago, so it, you know, it's been it's been a journey. But but I think the main thing is that we are still laser focused on just doing the right thing. I mean, we're we're very focused on customers, very focused on building technology, very focused on making the world more secure.
Tomer Weingarten:And and we truly believe that everything else is gonna eventually, you know, kind of align as long as we stick to our mission. And thus, you know, we don't maybe spend as much time in, like, overarching marketing and and all that stuff. And a lot of the things that you see in cybersecurity today, which I've seen for years, but but I think have just become more and more accentuated, is the fact that given the state of confusion, I think just lack of clarity for customers in general as to what comes next, Cybersecurity vendors always had and now even more have this ability to basically throw a narrative out there that fits with their product portfolio and get people to consume. And and sometimes it's in complete detachment from the actual capabilities, what's coming, is it gonna scale for another year. It doesn't really matter the power of the narrative, the power of marketing, the power of these machines, the power of the locked customer base.
Tomer Weingarten:If you've already amassed, let's say, you know, 50,000 customers, your ability to just put more stuff through that grinder and sell more is sometimes, again, in complete disconnect from what these customers actually need. And in many cases, they might not even uncover what they need because they're locked in that narrative bubble for whatever vendor is currently kind of owning the relationship, you know, top of mind for them or whatnot. So to me, that's probably one of the most challenging things is I don't wanna sell what my competitor is selling. I wanna sell what I believe is gonna make the customer the most secure. So the work here is kind of it's double factor.
Tomer Weingarten:It's not only building better outcomes and better technologies. It's also, I think, describing to customers what security could look like without the constraints of the current stories that they're hearing from vendor a or vendor b or vendor c that just made a blockbuster acquisition, and they gotta push more of that stuff into their environments with no apparent synergistic customer value.
Mahendra Ramsinghani:Thank you, Tomer. I think you talked about the importance of building a solid product and then also being able to get the customer to shift from a state of inertia or being in a locked state with existing vendors to look at something new. There is a third dimension here which sort of falls into, I would say, the macro or outside the direct control of your domain, and that's the stock market. Yes. Central One is a publicly traded company, and it's growing steadily.
Mahendra Ramsinghani:You know, you have done 10x in four years, you know, going from 100,000,000 to now approaching a billion dollars in ARR. But then you look at the stock market, and a lot of people would judge a company based on market cap or multiples. And there is certain abstract randomness to that, and there is certain rationality to that. How do you see this? And share with us some of your both frustrations as well as your views of of this world.
Tomer Weingarten:Yeah. Look. I mean, I think it's very, very clear that how valuable SentinelOne is and what SentinelOne does in its place and its customer base and its revenues and its growth and its free cash flow and all of that is now standing in complete disconnect to the company's market evaluation. I'm not gonna be this is not this is an SEC approved statement because it's just plain to see. Right?
Tomer Weingarten:I mean, there's nothing here that I'm saying that is crazy. With that, everything you said is also true. Right? I mean, people in in our world, so as part of that marketing and narrative and with the help of how other vendors would help position SentinelOne. Right?
Tomer Weingarten:I mean, they would point to that. Obviously, their market cap implies that the company is whatever. Right? And and it's just not the case. Like, the the market cap doesn't affect our technology.
Tomer Weingarten:The market cap doesn't affect our service level to customers. And if you look at any third party at the station, it clearly doesn't affect the efficacy, you know, of our products versus the competition. Like, we literally lead in every perspective from endpoint to what our SIEM solution can do. Our SIM solution is one of the only ones that is real time in this space. I mean, it's just it's mind blowing why people switch to other SIMs right now where they're just moving from one SIM to a different SIM because somebody's advertising.
Tomer Weingarten:I don't even know what they're advertising to get these people to move, but it's better pricing at the end of the day. But but when you think about our capability set, again, all of that stands in complete contrast to to our market valuation. So that's definitely frustrating. Right? It's frustrating to me as the biggest individual shareholder, you know, in in the company as you can imagine.
Tomer Weingarten:And it's it's frustrating for me as the CEO and, you know, looking at the morale of our people that know that they're doing something that's probably worth, you know, much, much more, but it's not being reflected. But, also, I think we have to remember that we have responsibility here for that as well. Right? I mean, we we had some quarters where we were not consistent enough. And, you know, we've made we set a very ambitious growth goals for ourselves, and we fell short of them.
Tomer Weingarten:And I think the public market expect a certain mode of operation on a quarterly basis. Now if you ask me, I mean, the quarter based system, is it the best way to run a company? I would probably say no. It's definitely not that. And then the interesting part is that if you zoom out and look at CenterOne's performance on a yearly basis since IPO, it's practically second to none.
Tomer Weingarten:Inside the years, I mean, you get all kinds of different gyrations, and I think this is where investors, you are looking rightfully so at the system that worked for many, many, many generations now, which is the public market. And if you're on the public market, you need to play by the rules of the public market. And I think that's the thing that we just need to to do better, but I'm not gonna sacrifice the strategy we have and what we need to do and the change that we need to undertake, especially in this brave new world that we're at just for satisfying a quarterly target. I'm much more focused on the long term. I know it's painful right now for me, for, you know, our shareholders, and we're obviously working in tandem to get to a point where our value is much more reflective to who SynthemOne is and and our revenue scale and so forth.
Tomer Weingarten:But, again, it's not it's not priority number one. It it's never gonna be priority number one. And I sincerely believe that, you know, it's just a question of time until that aligns back to where it needs to be. And it's incumbent upon us to show more consistency, and it's incumbent upon us to come in and set reasonable goals for ourselves and then show the market that we can execute to them and give people the predictability that they want on a quarterly basis. I think on a on a on a yearly basis, you know, show me a better company, but people just don't look at that.
Sid Trivedi:That's a great way to put it. And for what it's worth, we at Foundation Capital are SentinelOne customers. So on this agent right now as we're speaking, I I always remind our team. I'm like, know, if you have an issue, I'll just call Tober on this topic. Let's talk a little bit about strategy and company strategy at scale.
Sid Trivedi:So very recently, you announced that you're acquiring Prompt Security, which for our listeners, if they don't know, it's a startup focused on protecting companies from Gen AI risk, which is a new and emerging risk. Why was Prompt the acquisition that you felt you know, this was an era you wanted to buy versus build? And broadly, how do you think about buy versus build, particularly as SentinelOne has expanded from that endpoint business over to cloud, over to data analytics, over to identity protection. You've gone into these different areas. How do you think how do you weigh buy versus build in in in those conversations?
Tomer Weingarten:Look. I I think more broadly, we kind of split our platform capabilities in two. I mean, ones that we believe are super strategic must win and ones that are we just wanna give better service for our customers and we want to have the services under under the umbrella. And and we believe we have table stakes capability at minimum, sometimes even better than some of the leaders in the space. So it's kind of split in two.
Tomer Weingarten:For prompt, you know, and with every acquisition that we do, we POC pretty much everybody, and we talk to everybody in this space. Like, we got a tremendous tap into the startup, not only startup, you know, scale companies, all of it, public companies. Like, we're constantly keeping tabs on everybody, honestly. I mean, there's there's a lot of acquisitions here that we contemplate and, you know, we put on back into the drawer. But when we see, I think, a market opportunity as big as the one that we now have the ability to serve with Prompt, then, you know, we kind of take into consideration, I think, chiefly time to market and competitive differentiation.
Tomer Weingarten:And in essence, you can build anything. Right? I mean, especially now, you know, when you got cloud code, you can vibe code anything you want. I'm just kidding. But but at the end of the day, it's gonna take time.
Tomer Weingarten:And standing up teams is gonna take more time, and shifting focus is is more time. Everything is time at the end of the day. That to me is, like, the the ultimate currency. And then kind of looked at the world of of possible solutions or trying to address what I think what I can only describe is the crisis that enterprises have today in allowing their employees to use GenAI products safely. And the genie is out of the bottle.
Tomer Weingarten:It's there. It's in the environment. Everybody's trying to find ways to regulate usage, I would say, unsuccessfully, at least from everything that we're seeing. Very little customers have had, like, the right controls in place. Most of them, they try to block it and, you know, go to the firewall, set up some rules, block the traffic, half successful.
Tomer Weingarten:Others, you know, they're trying to block it in the browser. Great. I mean, what about all the other endpoint, the rest of the endpoint? So there's definitely, you know, a huge pool in the market. And then we looked at all these companies that claim to do something in in that domain, ones that are more focused in model protection, one more in employee protection.
Tomer Weingarten:And, honestly, I mean, very quickly, you get to, like, an n of one with a company that took, like, more of a a DLP approach on the endpoint that coincidentally, I have to say, is also very, very complementary to our footprint on the endpoint. Suddenly, you find this very interesting, you know, synergy both in terms of approach and in terms of relevance to what we do today on our endpoint fleet. And and I think then you just talk to customers. And when you talk to customers and the conversations are very short, very precise, and customers get very excited, and I have to tell you, it doesn't happen all the time. It doesn't happen to with every product.
Tomer Weingarten:Doesn't happen with every acquisition. Let's be fair about it. But when you see it there, I mean, that's a huge indication that, you know, you need to probably move to do something in the field. And when you validate the approach, I think it kind of zeros in more on the company. And then you kind of say, there's nobody else that's doing it in this fashion.
Tomer Weingarten:So also in terms of, like, competitive advantage competitive advantage, competitive differentiation, this looks pretty good to me. You vet the team. I didn't know anybody at prompt, to be honest. You know, I I got a lot of friends all across the industry, but I knew literally no one at at prompt. But the more we kind of worked with them through diligence, the more we looked at the technology, you know, we we just got more and more comfortable and more and more impressed with what they can do.
Tomer Weingarten:And and I think this is then it becomes, like, an easy acquisition. I wish, like, acquisitions would be kind of as slam dunk from all these perspectives. I think they need to come with a really robust integration strategy, which, you know, obviously, is the thing that's gonna unlock the value here. But, you know, all in all, it really is about market needs and time to market. And then, obviously, the talent you're getting, the competitive differentiation, I think all of those are just incredibly important.
Ross Haleliuk:Thank you, Tomer. We've talked about a lot today, and I would like our last question to be around AI because that is how it has to be in 2025. There is a lot of hype around AI. What advice do you have for for CISOs, for founders, for operators, investors, and everybody else trying to make sense of this hype? And, also, where do you believe AI will actually truly deliver the biggest payoff in cyber defense in the next few years?
Ross Haleliuk:And how do you think the organizations have to prepare for it?
Tomer Weingarten:Yeah. I think it and, you know, it really is, I think, a question that kind of both these questions go hand in hand, I would say. I sincerely believe that at this point in time, what CSOs, security teams should be focused on are first principles and architectures. There is no solution out there that does what it advertises. There is no solution out there that is a silver bullet right now.
Tomer Weingarten:And the main thing you need to focus on is how do I design my environment right now to be as ready as possible to the point where there could be this AI system that can then manage my environment, basically. So how do you build the right controls? How do you decouple the decision making? Let's say, the brain from the controls, Make sure you have the right controls. Make sure you have the right data pipelines.
Tomer Weingarten:Make sure you can stream data. Make sure you can orchestrate action back. So really think in the most generic terms even without thinking about these specific, like, email security or or network security or identity security, it's just a component. I mean, it's it's a component in a wider system, I think that is probably the only thing that you can do right now. If you're jumping into, oh my god.
Tomer Weingarten:I've seen this agentic workflow thing that is gonna revolutionize what I do, then you go and you deploy that, and I think you get, like I can only describe it as a false sense of productivity where you get some, you know, some uplift just to get stuck again in some other bottleneck while the attack landscape is not focused on miniaturizing an automatic workflow. They're focused on asking an LLM to hack you, period, without seven different workflows. So the generic way that you see reasoning going, I think eventually, will see much more broad based systems that are able to tap in and then really drive cybersecurity for you. Kinda think about it as a as a as an autopilot where you get human supervision, maybe MDR teams in the future are just supervisors for AI systems that are driving everything in your enterprise def defense. And I think in that world, I mean, think about enterprise defense as you got the detection, but you also got the configuration, which is like all the misconfigs and vulnerabilities and and all that stuff.
Tomer Weingarten:And you got discovery, and then you got response and orchestration and and and all of that. But but I really, really think that things are gonna get at some point much more automated, much more broad based, going now process by process and trying to automate workflows. To me, that is maybe an immediate pain relief for environments that are very inflated with alerts, but it's not it's not something that's gonna be, like, super productive in the next, you know, twelve, twenty four months. And and the other thing the other thing that frustrates me honestly is that, you know, if you look like things even like the MITRE evaluation framework, when you get different products there and you realize very quickly that you have products on that list that generate 10 times, sometimes 100 times more, literally a 100 times. I'm just saying it.
Tomer Weingarten:A 100 times more alerts per intrusion, per technique, per detection than other products. And what's happening is that some of these vendors are coming in and they're selling you agentic capabilities or whatever they wanna call it to deal with the massive alerts that the product is generating to begin with. And in essence, you can just pick a product that generates much, much less alerts where the AI is more embedded in it, and then you don't need to deploy yet another thing that shows you this magic of minimizing these alerts. So these are just some of the nuances that that you see today. But, look, I mean, there there's all gains to be had.
Tomer Weingarten:There's a real problem right now with production grade systems. So I think there's a lot of beautiful stuff that works in theory. Really amazing stuff. In our labs, I can show you things that, you know, it's gonna blow your mind what it can do. It's truly mesmerizing, amazing, scary, all of the above.
Tomer Weingarten:The distance between what it's doing into getting it into a production environment is nontrivial by by any degree, maybe impossible with the current state of the art. So I just think that the horizon is the one unknown to all of us, and that's where, you know, if if people think the horizon is too far, they gravitate to the capabilities of the now. But if the horizon is closer than that, then sometimes you're just wasting time and money and effort to do something that you'll throw away, you know, in in a in a quarter or two or in a year. And I think we've seen already a cycle like that in generative AI with a year ago with, like, the chatbots and the copilots. And, you know, everybody was like, oh my god.
Tomer Weingarten:This is it. Let's do it. Satya is telling me it's, you know, a 100 times more productivity. I just need to get to Office three six five and the e five license. We're gonna be the most productive company in the world.
Tomer Weingarten:Well, apparently not. And now, like, who cares about that? Right? I mean, we're not even talking about that. So we really have to always kind of fight our own inclination to go with the trends.
Tomer Weingarten:It's like even at the age of TikTok, I think it's even more exacerbated where you you got a trend, and it could be, like, momentary and it can drop. It can be like this, but eventually, it's just a trend. I mean, it's it's not much more than that in many cases.
Mahendra Ramsinghani:Tomer, this has been a fascinating journey. And, you know, as we think about your persona, the best thing that comes to our mind is that you are a classic example of the wartime CEO who's working really, really hard to become a peacetime CEO. You know, you talked about your self awareness and how you write things down. You talked about the fact that people wanna come to you and they should not fear of you and how you're building your own journey as a leader in that journey. And I feel like the world definitely needs more CEOs like you.
Mahendra Ramsinghani:You know, you help make this world a safer place with with the work you do. You know, you talked about looking for trouble. We hope more people like you go looking for this kind of trouble where the world becomes better. You talked about staying uncorrupted by riches, a very rare attribute because the vast majority would, I don't know, go to Vegas, get drunk, and and lose their stuff. So we hope that you stay uncorrupted, and you stay true to who you are as a person who's constantly growing and constantly helping others.
Mahendra Ramsinghani:So thank you for your time.
Tomer Weingarten:Thank you. Really, really appreciate it.
Sid Trivedi:Thank you for joining us Inside the Network.
Ross Haleliuk:If you like this episode, please leave us a review and share it with others.
Mahendra Ramsinghani:If you really, really liked it and you have some feedback for us, wrap it on a bottle of Yamazaki and send it to me first.
Sid Trivedi:No. Don't do that. Mahendra gets too many gifts already. Please reach out by email or LinkedIn.
