CTO Sessions: Amir Jerbi, Aqua Security

What makes an effective tech strategy? “An effective technology strategy is one that can easily be explained over a whiteboard session to non-techies.”

Aqua Security

Name: Amir Jerbi

Company: Aqua Security

Job title: Co-Founder & CTO

Date started current role: October 2015

Location: Israel

Amir Jerbi is the co-founder and CTO at Aqua Security. Jerbi has 20 years of security software experience in technical leadership positions. Jerbi co-founded Aqua with the vision of creating a security solution that will be simpler and lighter than traditional security products. Prior to Aqua, he was a Chief Architect at CA Technologies, in charge of the host-based security product line, building enterprise grade security products for Global 1000 companies. Jerbi has 14 cloud and virtual security patents under his belt. In his free time, Jerbi enjoys backpacking in exotic places.

What was your first job? At the age of 17, just after graduating from high school, I took my first job working for a big bank in Israel. All Israelis are required to serve in the military, but there was a gap between my high school graduation and the start of my military commitment. So, I took the opportunity to work in the early days of online banking, back when most people were still using dial-up connections - if they had internet access at home. There were no high-speed broadband connections, no smartphone apps - consumers had to use their modems to connect to the bank’s website and conduct transactions. I was part of the team that deployed those first online banking solutions for commercial companies. 

Did you always want to work in IT? Yes, going back to my elementary/grade school days. When I was 10 years old in the fourth grade, my father bought me the first computer -- the Apple IIC, and I started learning to program. In fact, I learned programming before I learned English. Hebrew was my first language, but all of the programming languages required you to learn English in order to write code. So I started learning how to write and speak English while I learned how to write programming. I started in order to learn to program.

What was your education? Do you hold any certifications? What are they? I hold a master’s degree in computer science. I was working full-time, so I enrolled in Israel’s Open University remote learning program. That allowed me to take all of my courses and complete my projects and exams over the weekend and evenings and I was able to finish my diploma.

Explain your career path. Did you take any detours? If so, discuss. Once I began serving in the Israeli army, I was able to gain more experience in becoming a developer and working as part of a developer team. After I left the Army after four years, I took a job with a small startup as a software developer. My career path stayed in the IT sector. I became a development team leader, then an architect, a senior architect, and then a chief architect. I spent about 15 years working for the same company before I decided to start my own company, which was Aqua Security and assumed the CTO role.

What type of CTO are you? I am enthusiastic about technology, to put it mildly. Whenever I encounter a challenge, my first thought is always “how can I solve this through the application of technology?” I like to be hands-on, and when I encounter new products or emerging technologies, I like to try them out for myself to determine how I can apply them to the current challenge.

Which emerging technology are you most excited about the prospect of? This ties nicely to my previous answer. In Aqua’s domain of cloud security, there is now an emerging technology called eBPF that enables security companies like Aqua to automate the collection of data from the operating system in order to monitor operating system resources to identify any security incidents. It’s truly an example of emerging tech - very few companies have started using it. But I expect within three years it will become a standard because it's so frictionless.

Are there any technologies which you think are overhyped? Why? Some aspects of the capabilities of machine learning technology are overhyped, especially in the security domain. I see a lot of companies adding machine learning into the marketing and sales language describing their value proposition, trying to claim that machine learning can solve all of the issues that are out there. I do think that ML is amazing for a number of utilities, and the future is very bright. But when talking specifically about security, we’re still in the early days and cannot claim that ML is the solution for all of today’s complex security issues.

What is one unique initiative that you’ve employed over the last 12 months that you’re really proud of? One that I’ve deployed in the last year is creating a patent program that allows our technology team to determine whether a new product feature or even a concept can be patented. It’s impossible to overstate how laborious and cumbersome the process of researching and applying for a patent can be. Our new process is much more lightweight because it enables us to generate a short document - usually no more than a couple of pages - that serves as the basis for creating a patent on behalf of the specific inventor or inventors. I would say we have been awarded about a dozen patents by following this process.

Are you leading a digital transformation? If so, does it emphasise customer experience and revenue growth or operational efficiency? If both, how do you balance the two? We provide the tools to facilitate the core component of many organisations’ digital transformations: the move to the cloud. We provide them with the security controls that will allow them to expedite their migration without having to lose focus on their day-to-day priorities and responsibilities. Some customers are moving to the cloud to meet revenue or growth goals, others to improve operational efficiency. Whatever their individual needs, they rely on Aqua to address any security concerns that they might have while making their transformations.

What is the biggest issue that you’re helping customers with at the moment? When we talk to our customers about securing their cloud applications, it’s not uncommon for them to ask us to educate them on the basics of cloud security. They don’t know how to secure the workloads, and that’s not unusual because the concept of cloud security is still quite new in the security industry.

How do you align your technology use to meet business goals? Aligning technology with business goals is a balancing act between new innovation and incremental improvements of the technology. I try to make sure Aqua is working on at least one innovative technology initiative at all times. That’s how we ensure we keep providing new differentiating capabilities that are the basis of our growth. 

Do you have any trouble matching product/service strategy with tech strategy? I lead both product and technology groups at Aqua, which I believe creates tight alignment between our product and technology strategies. This alignment is super important in the cloud security domain, which is rapidly evolving, and requires the agility to adapt to these changes.

What makes an effective tech strategy? An effective technology strategy is one that can easily be explained over a whiteboard session to non-techies. The more simple the strategy is, the more chances it has to be adopted across the organisation.

What predictions do you have for the role of the CTO in the future? The job of a CTO has become more technical over the last several years, and I think that trend will continue as more companies accelerate their digital transformation initiatives. One of the key requirements for the modern CTO is deciding which new technologies to implement to meet the needs of the business, and just as importantly, which ones to not implement. That becomes more and more difficult as the number of options continues to increase.

What has been your greatest career achievement? More than five years ago, I decided to leave my day job and start a company, which was Aqua Security. I had a passion for securing the cloud, and more specifically, securing containers. What’s made this experience so rewarding is that we’re still growing - we recently raised a $135 million Series E funding round at a $1 billion valuation - and I’m still learning on both the technology and business development sides.

Looking back with 20:20 hindsight, what would you have done differently? The main challenge over the last year has been making the transition from working in an office to working remotely full-time. I am used to working closely with my team, and it took me some time to get used to the back-to-back Zoom meetings with very little of the personal interactions that occur when everyone is together at the office. I started to adopt small changes, like shorter meetings, embracing collaboration tools like Microsoft Teams, and blocking off time for myself in my calendar.

What are you reading now? Reed Hastings’ No Rules Rules: Netflix and the Culture of Reinvention.

Most people don't know that I… Play the piano.

In my spare time, I like to…Travel with my family, backpacking, and go on sightseeing hikes, although I’ve been limited to exploring Israel since the onset of the pandemic...

Ask me to do anything but… Take a hands-off or abstract approach to problem-solving. I’m execution-driven, so whatever you need me to do needs to be concrete in terms of setting goals and measuring progress and results.