CTO Sessions: Dima Potekhin, CyCognito

Name: Dima Potekhin

Company: CyCognito

Job title: CTO and Co-founder

Date started current role: 2017

Location: Tel Aviv, Israel

Dima Potekhin, CTO and Co-Founder of CyCognito, is an expert in mass-scale data analysis and security. He is an autodidact who has been coding since the age of nine and holds four patents that include processes for large content delivery networks (CDNs) and internet-scale infrastructure. Prior to founding CyCognito, he founded multiple companies, including Epicycle Technologies, a software consulting firm specialising in big data, computer vision, image processing, geographic information systems and other domains requiring huge scale and complex mathematical algorithms; and Metaqube, that developed a cutting edge city-scale augmented reality technology for mobile devices. As a Software Engineer and Security Researcher in the Israel Defense Forces, he participated in a project that received the prestigious Israel Defense Prize.

What was your first job? I started as an IT guy in 1996, when I was 14 years old, as soon as I could legally be employed in Israel. It was a videoconferencing startup (later acquired by Polycom) and I’d go there to work after school a few days each week.

Did you always want to work in IT? I was always technically inclined and because I got into it at a very young age. It was kind of a no-brainer. Obviously growing up in a supportive family with a strong academic and engineering background helped. I owe my parents a lot!

What was your education? Do you hold any certifications? What are they? That’s an interesting question. At the core, I’m an autodidact and a “hacker” in the old-school sense, where you take things apart and learn through hands-on experience -  with theory sprinkled on top.

I started coding in BASIC when I was 9. I barely knew English, there was no Internet and no real books on the programming language . I had to grind my way through until I started understanding both - I learned English and BASIC simultaneously. A few years later my dad was learning C, so I read his books and did the exercises. Then I started working and never stopped. By day I learned a lot from the people I worked with, and by night I was trying things out.

I started a degree in CS, but I felt it was too academic and out of touch with the industry, so I went back to independent learning.

Explain your career path. Did you take any detours? If so, discuss. I never thought about what I do as “building a career” and never cared for titles and such. For me it was much simpler. The only reasons for choosing one job over another were:

1. Will I enjoy working with those people?
2. Would I learn from them
3. Is there an interesting and hard technical challenge
4. Does it bring value?

In hindsight, it was almost a random walk without much plan. But I would never change a thing!

My journey has been diverse. I have worked in cybersecurity, large-scale internet operation, CDNs, digital currency (before it was cool), augmented reality, GIS systems, aerial photography, and 3D imaging. I always preferred startups and small teams where I can make an impact and build something from the ground up.

Did I take any detours? I don’t feel like I did. I love building cool things with awesome people and I was able to achieve that throughout most of my journey.

What type of CTO are you? That’s a good question! Every CTO is different. I’ve seen many CTO positions at different organisations and although they share qualities and skills, no two were the same.

In my case, I’m both a CTO and a co-founder. Those are not the same, and sometimes even create an internal conflict. As a “founding CTO” I started as a developer, analyst, QA, and even sales engineer because I was the engineering team. Gradually people started joining and I became more of a team leader, then an engineering manager, and finally something that you can call a “proper CTO”.

We are building a platform that consists of multiple interlocking products. One of my main concerns is creating a unified team and a unified system architecture. I don’t want us to resemble several companies stitched together into a Frankenstein monster, which often happens when multiple products are involved, either from organic growth or through M&A. Unification is our long-term edge, and a lot of that is on me.

In practice, I’m still all over the place, helping teams and individual contributors with cracking some tough problems, helping with HR & management, guiding the system architecture, helping with technical product questions, and of course, global strategy. We are currently at a growth stage, so recently I’m shifting more of my attention towards the go-to-market team.

Which emerging technology are you most excited about the prospect of? There are many! I think that cloud and managed services are just getting started. Organisations and IT professionals are still discovering their benefits. We have not fully detached ourselves from the mentality of “Here is a computer, let’s install some stuff on it”. Therefore I’m very intrigued by the various serverless approaches. In a way, current cloud systems are still based on the notion of “computers” (although technology like Kubernetes blurred the lines). But we can try to build abstraction layers on top of that, and turn computers/instances into just a “detail of implementation” for most business tasks - while focusing on the actual business challenge at hand.

Honorable mention goes to the new and exciting data technologies, automation and of course machine learning, but that still has a long way to go.

Are there any technologies which you think are overhyped? Why? There is always something being hyped, and there are usually waves of hype before something becomes truly useful and mature, if indeed it actually makes it to that point.

I think a good example of “misguided hype” is when a technology that can only have value when properly applied to solve specific problems is hyped without context - or held up as the answer for something irrelevant. Good examples are “blockchain” or “AI/ML”. Although both are pretty amazing and can be super useful in certain applications, just blindly applying them everywhere will create disappointment.

What is one unique initiative that you’ve employed over the last 12 months that you’re really proud of? In the past year, a strategic milestone for us is that we achieved proper “platformization” - meaning the transition from a single product to an offering that spans several product categories. That was our strategy from the early days, and I tried to build the system architecture and the engineering team in a way that would allow this eventual transition. So it finally happened, thanks to our hard-working group! I’m really proud of how the team brought it together.

Are you leading a digital transformation? If so, does it emphasise customer experience and revenue growth or operational efficiency? If both, how do you balance the two? We are a modern cloud-native SaaS company, so fortunately we had the opportunity to build the organisation with today’s best practices.

It’s no surprise that many of our customers are also going through digital transformation, and that they create unnecessary exposure to external adversaries, especially in cloud environments. So for them it’s more of an operational efficiency versus a security posture. We believe that what we do reduces that risk so they can focus on their bottom line. Digital transformation is actually very close to my heart.

What is the biggest issue that you’re helping customers with at the moment? The state of security is that there are thousands of competing products in myriad niches, but there is no single way to quantify risk and just focus in on remediating the most burning security gaps. If you look at why, first, you see that organisations are unable to discover all their unknown-unknowns (e.g. that a cloud environment someone created is unmanaged, forgotten, and yet fully accessible). The other challenge is that It’s very difficult for companies to focus their limited resources on exactly the right security hot spots. Serious security gaps in high-value customer facing assets are often buried under thousands of less relevant security issues piled up on less critical assets.

It’s a huge issue, and the market is just starting to understand what attackers understood 20+ years ago.

How do you align your technology use to meet business goals? Current attempts at managing security risk are all too often done manually. In best cases, it’s carried out by tools such as vulnerability scanners that need to be configured. I should point out that a scanner might cover less than half of the actual exposed infrastructure and totally miss the really important business context. Or companies rely on pen-testing which is expensive and slow, and at best gives snapshots of mere dozens of systems.

We are convinced that security best serves business goals when it becomes an end-to-end automated process on a huge scale. It begins with business mapping, through asset discovery, security issue detection, and all the way to up-to-date exploitation intelligence. In a nutshell, we combine deep security expertise with a world-scale data operation – for the purpose of creating an accurate risk assessment of the organisation and a prioritised action plan, with the prioritisation based on actual risk. It takes deep security capabilities as well as technology coming from large scale data systems, BI systems, search engines, algorithms in areas of graph theory, statistics, ML and NLP. It’s the most existing and diverse tech project I ever worked on! And we are just getting started :)

Do you have any trouble matching product/service strategy with tech strategy? Our product is based on the technology we built, so not really. The complexities come from the fact that both the technology and the product are multi-layered. This creates a need for careful architectural and technical product alignment.

What makes an effective tech strategy? First of all it needs to focus on unique value and strategic company goals. It also must solve something, it needs to bring value to a problem. Too many technologies are created just for the sake of technology. Next, to be effective, focus the strategy on what you are very good at and on the unique capabilities that you bring to the table. Don’t reinvent wheels, don’t build non-core-value things when you could more easily integrate with existing solutions. Avoid the costly “not invented here” mentality, where IT only trusts applications that were developed internally, because that can kill productivity.

What predictions do you have for the role of the CTO in the future? As I mentioned above, all CTOs are different, but here are some thoughts:

I think that data technologies will continue to mature and CTOs will need to use more data in their decision making. Business development will become more prominent in the life of every CTO, because there are many services and components that can be integrated - instead of building them from scratch.

CTOs will need to become even more security aware and adopt a security-first approach. Unfortunately we see many customers with systems that could be much more secure if that had been their focus at an early stage, rather than later superimposing security solutions on top of them.

What has been your greatest career achievement? Although I've never thought along those lines, it’s definitely CyCognito. Never before have I been able to build anything like that! And I’m so glad I could do this with Rob, our CEO and our wonderful team.

Looking back with 20:20 hindsight, what would you have done differently? I’m actually very happy with how things have transpired, so I wouldn’t change much. I do recognise that during much of my “career” I was too buried in tech (which I love) and didn’t raise my head early enough to learn about product management, sales, and marketing, etc. But that's in the past, we’re in the present now, and the future is ahead of us.