Hi everyone and welcome to MacRAE’S Growth Challenge podcast. Inside with B2B and manufacturing leaders where we uncover their stories, strategies and solutions to overcome growth challenges in their industries. I’m your host Maria and in each episode we will dive deep with founders, CEOs and industry experts to explore how to scale, innovate and lead in today’s competitive landscape. So let’s get started. Today we have Dor.
from Sola Security. Nice to meet you. How are you today?
I’m good, thank you for having me, Maria. Nice to meet you.
Nice to meet you. Dor, so why don’t you introduce yourself and your company, tell us a little bit about yourself and what is it that you guys do?
Yeah, sure. So let’s start from the beginning. I am Dor, Dor Swisa. Today I’m the VPR and D of cybersecurity startup in the cybersecurity industry. But before I will go into Sola, let’s talk a little bit about myself. I will introduce myself. Dor Swisa, 31 years old, live in Tel Aviv. I started my way in the IDF in A200 unit in different management and development roles. After the army, I wanted to try the private industry.
I go to a company named Razor Labs, manage a few full start-enders. From there, I wanted to understand what is the start-up nation looks like. So I go to CIDR security. I’ve been there in the backend side, CIDR has been acquired by Palo Alto networks and then AR &F and Palo Alto. And after Palo Alto adventure, we go to a new adventure that called Sola Security. So what is Solar? Sola Security is a cybersecurity AI company that
Bringing to the industry the platform that will help you to prompt your stack, that will help you to build your own security tools in minutes. What does it mean? In today’s world, in the industry of cybersecurity, we have ⁓ a lot of tools. The security tools are ⁓ mainly, we can separate them into two kinds. One is the bigger one, is the wide ones, like Prisma, Weez, and so on. Great products, great companies.
The main thing there, you’re getting a lot of modules, a lot of domain, they are trying to be good at everything. But in most of the cases, they are not good in all of the things. And more than that, in most of the cases, the company is not looking for a solution for all the domains. They’re looking for a specific domain that they want to get answer on. So if I’m talking about those kind of ⁓ security tools,
We’re talking about expensive, really, really wide, a lot of time and resources for the POCs. So this is one kind. The other kind is like the niche security tools. are trying to give an answer, a specific answer for a specific domain like cybersecurity, the startup that I’ve been in. ⁓ Amazing company, amazing tool, give a lot of value in the application security, a security domain. But the main issue with it is if I want
to have a better understanding of my security posture. If I want to understand how secure is my environment, my product, I need more than 20 tools like that in order to have it all. When Guy Fletcher came up with the idea of Solage, our beloved CEO, he wanted to bring to the table something different. He understand that in today world, in the AI world, one size doesn’t fit them all. You can’t bring
a solution, you can bring a product that looks the same for every one of the companies that use it. Why is that? Because every company, they have their own environment, their own stack. Everything is different. The configuration is different. The resources are different. They have different needs. Everyone wants to answer different security needs. You have a security use case, okay, you need your own tool for that. You need your own security tool for that.
And the users themselves, the practitioner themselves, they are different. You have the DevSecOps, he is one person. You have the security engineer, you have the CSPM engineer, and so on and so more. So when guys started to think about Solr, he understand that one side doesn’t feed them all. So he understand that he need to bring to the table some platform that will help our security practitioner to build their own security tool, their own tailor-made security tool. And when I’m talking about security tools,
is really, really wide in the definition of when you want to answer a question, what does you need in order to do so? So first of all, you need the data. You need to fetch all the data from the third party vendors that you are working on. The second is you need the option to explore the data, the exploration side. You need to ask what is going on there? What is my configuration? Ask the security questions.
After that, you need some dashboard, you need some visualization in order to show it to you, to your boss, to the CISO, to the CEO and so more. After that, you have the monitoring alert. You need to know when something is bad, when something bad is happening and you need to act. Once you got the alert, you need the automation side. You need to understand, okay, I got this alert, what I need to do? What is my remediation? Who I need to call to? Who I need to send select message to? So those are the pillars that build
from my perspective, a security tool. And when we’re talking about those pillars, this is what Solah bring to the table. With the use of AI with our beloved co-pilot, you can do to answer every question, every security question that you got in moments, in minutes. Something that can took for a regular work or process of POC with some tools can take weeks, days, and even more. You can do so in minutes. You just…
need to sign in to your Soli account to integrate your vendor that you want to work with, your stack, your tech stack, and then just to start asking and do whatever you need to enter your needs.
AI is so amazing. The things that it does nowadays is just so groundbreaking. I’m curious to know, you did mention that you have your main big companies that provide cybersecurity. And obviously now there’s a lot of smaller companies that are emerging and finding the gaps, right? Like you said, one thing does not fit all and then a company would need to add their own stuff. And it’s just creating this like cost and it’s making things a lot
harder, especially maybe if a company doesn’t have all the financial resources to invest so heavily. I’m curious to know though, if on the topic of cybersecurity and obviously digital trust, how did you guys ⁓ gain trust on something so sensitive with your clients? Because I feel like when it comes to protection, you want the
If we talk about the IDF, right? Like if you want the protection, you want the strongest, most secure, most experienced people in the world, right? So how are you guys building trust online with your clients and competing with those huge companies?
So this is a great question because this was one of the main questions early in the days of Solr that we tried to answer. Let’s start from the beginning. Okay. For every security company that respect ourselves, you need to have all the compliance, the relevant compliance, SOC, ISO and so more. So we have our amazing trust center. From day one, we had in our company security personas from the CEO that is the… ⁓
former CISO of AppSpy, Ron Peled, our COO, was CISO flight person. And we got another five security practitioners inside from different companies in purpose because we wanted different ⁓ perspectives on security, on how to do security. So once we started with this team, we understand that we need a trust center. We started the compliance from day one. We work on it.
we’re easier, ⁓ so can more. After that, we understand that it’s not enough because this is the regulation, you need to answer it and it’s okay, everyone got it. But once you want to gain trust, you can do it in so many ways. So let’s start from the beginning. The first one was that sola security is based on AI. The way to work with solar is a copilot. A lot of people, especially in the security domain, are afraid to work.
with copilots why they are not trustable, we don’t know what are the risks with that and so more. But when you are understanding that, if you want your user to trust in this copilot, you need to do a few things. One, you need to give the user to understanding what the model is doing behind the scene, the reasoning and thinking, what are the things that we are doing in order to give you the answer, and literally to give the steps.
We are fetching all the data, we data analyze the data, we’re doing X, Y, and Z. Very, very precise, very, very transparent with our users. The second part is you can’t give him an answer without an evidence for this answer. What does it mean? When we’re working with Solr, you can see that you can get your answer, but more than that, you can get with Solr a graph that will explain to you how we managed to get this answer.
What are the resources that are connected in order to understand that this is the right answers? And the graph is just one way to do evidence. You need to give to the user the information on how you got this answer, why this answer is right. And more than that, and this is like the top level things that Soli is doing, to give the user not just the obvious answer, like what are your public S3 buckets? Okay. This one is your public S3 buckets, but it’s not enough.
You want to give him to understand what is the blast radius of this risk, of this F3 bucket open to the world. What does it mean for you? So this is one part. This is like in the product itself to give, be transparent, to give the user the understanding what we are doing, what are our limitations to give him inside our dark, inside the product itself and more. The second part of it is to gain trust from
known companies, companies that are trust in Solr can give you a lot, a lot of trust. We have today around, I’m looking at the TV there to see the right number, 302,000 almost users in our system. A lot of different users, 300,000 and two hundreds. Yeah. This is very a lot. And we will talk about it.
300,000?
wow, that’s a lot.
And you guys give
that level of detail to every single client.
Yeah. And we will talk about, because the AI era, is one of the things that enable us the opportunity to build such a platform. You can do so. You can do everything really, really generic, but from the other end, you can do it really, really tailor-made. This is the main thing. This is like the secret sauce that we got. But from the trust perspective is more than all of those users is our thought leadership. As I mentioned before, we have a lot of strong security personas in Solr.
that doing a lot of lectures, posts, blogs, you can see them on different newspapers, you can see them in our blog in Sola Security and so more. Because this area is different. All of the AI generation, what’s going on, what is the difference for the world and specifically for the security industry? Everyone trying to get their answers. There is no one truth. There is no one.
that know exactly what’s going to be. But the things that everyone are really young are that you need to understand what you are doing. You need to understand on what you’re working with. You need to understand why this is your answers. And you need to understand that you have something that is protected, that is compliant, that you can ask people that know what’s going on behind the scenes in this product to gain your trust. And if to be honest, this is like
an ongoing effort that we are all the time working on. Task is not something that you build in one day, but it’s something that you can destroy in one moment. So this is the thing that we are working on so hard in order to do so.
Absolutely. So 300,000 clients and you guys been around for how long?
⁓ from my 2024.
So not a whole lot of time. ⁓ So tell me, what is your primary clients? Like who do you guys target? Obviously not everybody under the sun. Who do you try to target?
One and a half year. Yeah
Yeah, this is a great question because our ICP or target audience, this is something that we are all the time fine tuning it in from learning the industry, from learning our customers. So what we are looking at is like companies that are from 500 people to 5,000 people, companies that have a full time security engineer, CSO, practitioner from different kinds, DevSecOps, someone
who have the ownership on the security inside a company. We are focusing on companies that are cloud native. This is our strong domain right now. So we want companies that have their own cloud native, not on-prem companies, of course. So those are the people that are our target audience. But if to be honest, our old thing, our old vision, it came with another thing that it was important, the PLG motion.
So purchase the product led growth. And the main thing there is today in the security industry, if you want to sign up to a security tool, you want to do a POC, you need to contact to the salesperson, you need to schedule a demo, you need to do the POC, it will take some time. Solr is part of our change in the industry. As part of the disruption that we want to bring to the industry, we’re trying to do things differently. We’re giving our customers
the option to do everything of self-service. You can go inside Solr, sign up and that’s it. You’re in. As I mentioned before, in moments, in minutes, you can get your security answers for every security needs that you got. You will build your tailor-made security tool in moments. And this is the main thing in Solr. This is what is like the differentiator of Solr. You can do so in moments. Because of that,
we got a lot of customers. They can easily go inside to understand what is all, to verify what is all, if the product gives them the value that they wanted to. And to decide if they want to stay and work or not. This is something that is different in security industry, because we believe in our value that we are giving to our customers in moments. And this is the main thing. In minutes from the moment you sign up to the system, to the product, to the platform, until you get your value,
minutes.
And how do people usually find you? You did mention that you guys do do a lot of thought leadership. Sounds like all the executives are on board to publicly speak and get yourself out there. But as far as like your digital footprint, so SEO, generative search engines, because right, like how people are finding solutions is so different. Like people are no longer just, you know, typing in just keywords. They actually ask.
questions of the like chat GPT and pixel and Jen Genesis they all ask them questions How do you guys like what are you guys doing to stay competitive there and appear in those channels?
Yeah, this is a great question. So as you mentioned, of course we’re doing the thought leadership. We have a really strong marketing team that is working hard to put the Solr brand in the world and how they are doing it. Besides like that all the regular marketing stuff, the campaign and more. When you are talking about Solr, you are talking about security use cases. You are coming to Solr with some security use cases. So when you’re looking for a solution for a specific security use case,
You have question. You’re asking a question. What is my AWS security posture? This is the question. So one of the ways that we are working with is to find Solr from questions like this. We have a lot of those kinds of use cases inside Solr. So when user is asking something about this use case, he will find Solr. Beside that, of course that we are trying to bring Solr to every powerful tools.
reports, influencers that are strong in the industry. A lot of people heard about us because of our amazing investors during the seed and the A round. And because of that, Soli is like spreading the word. And more than that, this is something different. Because Soli is so different, people are curious to understand what is going on there, how they’re doing things different. They’re like speaking that we are different or they’re really, really implemented this way.
that really bring the solution to be this way.
What’s, obviously, again, going to cybersecurity, such a tricky industry. And the fact that you guys can give people answers in moments is really amazing. Because yeah, you’re right. It’s usually a huge sales cycle. There has to be a huge analytical component of all the processes and systems and decision makers. And so much that a security team has to sort through.
So the fact that people can get at least a sample of what is it that you’re doing in minutes is like truly astonishing and definitely groundbreaking. But like, what are some things that you guys have tried and they did not go so well for you and then you had to pivot real quick?
Mm-hmm.
Yeah, for sure. A lot of things. My opinion about startup is that a good startup is not like we value a good startup not from his mistake. We value a good startup from how much time it took him to understand that he got a mistake and solve it and to fix it. So in solo we have it all the time. This is one of the things that we are putting our focus on. In the first place, we just started with building.
We just started with building security tools. We give the user a really simple platform to build. He has his own copilot, but he’s the one that’s manually going to build it. We understand in today’s world it’s not going to work because you got copilot from the development area. You got like CHE GPT, you got all of those kinds of Gen.AI models that when you ask something, it’s not just give you the answer, it will build it for you.
If you want a documentation about the report for some kind of subject, it will give you the report itself. So this is one of our mistakes, our main mistakes that we had. We changed it really fast. In one month, we changed the whole way you are working with the platform from a manual way to be automated, to be asked the question. Once you know what is the security tool you want, just tell us and we will build it and we’ll bring it to you. And this was one of the things that
give us perspectives for two things. One is, as I mentioned before, Solr built based on AI infrastructure and more. This decision that we wanted to build Solr like this, help us to change the old UX user experience of the user from let’s build it manually to just prompt it and you will get it in a few weeks.
That’s music.
really, really
like three weeks. So this is one. The second thing, yeah.
I feel like when you
talk about it, you’re almost like even yourself, like you have this like glow to you about how amazing the product is. And it’s so good to see because like you’re so proud of the work that you guys are doing and you truly believe in it. You’re almost like when you talk about it, you’re almost surprised yourself of like how efficient and amazing it is. I love that. That’s really fantastic. Where are you guys currently? Like where is your main clientele? Like what areas of the world are you guys at?
I’m
You know. ⁓
So today
is like a lot of our POCs in Israel, in the US and Europe. Like right now we started from Israel because it’s like, friends and family, the design partners and more, but we did the shift to America, to the US and we are going to be focused on the US and Europe. Those going to be the market. Yeah.
US and Europe. You
guys are going to take over.
I believe so. I believe so. If to be modest, yeah, I believe that we will do it.
Yeah, yeah, of course. Very important.
⁓ Tell me, let’s say three to five, you guys are so brand new. You guys are, you’ve done so much in such a short amount of time. What is the vision for the next three to five years, especially considering how quickly AI and generative models are reshaping how organizations approach.
security but also attraction of new clients. Like how do you see you guys, where do you think you guys are gonna be in three to five years with all of that?
This is an amazing question because this is one of the questions that we are asking ourselves all the time. And this is my opinion, my honest opinion about this topic. One, as I mentioned before, one size doesn’t fit them all. All the big CEOs, all the big tech companies are talking about it. There is not going to be one software fit them all. Every persona will have their own tailor-made product, tailor-made app. Why?
because you can do it. Right now, companies know what are your needs. They know who you are. They know your environment. They know from questioning you. They know from what you bring to the table. What is your input? What you need? So from the part of one size doesn’t fit them all, it’s going to go in the next few years to a proactive place, in my opinion. Like if today,
When you are talking about security tool, you need to see like ⁓ visualizations and alerts and you have everything like separate two pillars and you need to do it in the future is going to be really, really simpler. What I need to secure today. This is going to be the question and this is going to be the answer. One, two, three, four, five. Why? Because this is your environment. This is the blast radius of this risk and so on and so on. So if you ask me,
in the next three to five years, a lot of proactiveness from products. Second one is going to be tailor-made products, especially for you, alongside the proactiveness.
Yeah, the personalization is amazing. The things that ⁓ AI can do to personalize things, it’s truly like we’ve never seen anything like that before. And quick, it’s so quick. Like you don’t have to wait. It’s like now.
Yeah.
You know, it’s more than that. It’s like, besides that, that everything is quick and you get all the answers that you want really, really quick. It’s like the FOMO that I have as a VP R &D of the industry is crazy because all day long you got so many updates on what’s new in the industry, what’s in the AI, which model is the best. Like, and it’s crazy. It’s changing the whole way that we are thinking about stuff. Not only from a product perspective, it’s already changing how I’m working with my R &D, how my R &D is working.
How is my engineers going to be better, faster and stronger all the time? It’s changing everything. But beside that, I will say three to five years. I don’t know. I don’t know what’s going to be beside what I already told you that I’m really pretty sure that this is going to be the way the main way. But I can’t wait to see what the world will look like, what the industry will look like, what R &D will look like in the next few years and what the entrepreneurial industry or domain is going to be like because
If to be honest, in five years from today, I’m envisioning that once an entrepreneur will go to a VC in the cyber security industry and will give them his idea or her idea, the VC will ask him one question. And the question is going to be, you can’t do it already with Sol.
I love it.
This
is the main thing. Solr is going to be a different company and a different product and platform around the world around the security world. As Michael Moritz, one of our beloved, ⁓ investor, tell us in our, like in early, in the early days of Solr, he told us guys, you’re really, really remind me Stripe. They started from the ground, Stripe, they started from the ground. They wanted to change the industry and they do so.
you
I love it. I love it.
Right? Yes.
and you are on the right path to there.
Yeah, Stripe me. That’s a thing. Like when it comes to payments, like do you have Stripe? Like that’s a very common thing. Yeah, a hundred percent. Like nobody like really worries about much else. Do have Stripe? Like, can you send me a link to Stripe? Yeah, it’s so easy to make transactions for businesses when they have Stripe set up a hundred percent. That’s such a good comparison. I guess my last question for you, you being on the R &D side and having a strong marketing team.
Exactly.
How do you guys balance that internally? Like who gets more of the pie? Is there a little bit like, you know, priorities who gets to play with the toy first or how does it go?
Yeah, I’m not sure what is going to be the answer of the VP marketing or mini is our VP marketing. But from my side is like our own way of thinking in solar is what brings the most value at the moment. This is the main, this is the main answer. Like once we have a decision to make the decision will be ⁓ based on what will bring the most valuable things. So a lot of the, of the times it’s going to be marketing.
Okay.
the next ⁓ meetup that we need to arrange, the next lecture that they need us to do, the next video that they will take a video of us. And some of the time is going to be the R &D. It’s really, really depend on the phase that you’re at as a product. A lot of time we have focus on what we need to do in order to do this POC really, really well to be a success. And some of the time I need my marketing team in order to…
to make our brand stronger, not only Solarbrand, the R&D of Solarbrand, in order to recruit more people, great people, in order for people to look at us as the standard of how to do a perfect R &D. And because of that, a lot of time that the marketing and the R &D teams are working together, I just posted today on LinkedIn on what are the ways to increase your headcount without really bringing new developers.
So one of the ways that we’re doing is like to use the marketing developer, okay, to work with us in order to bring something that is really, really important and urgent for now. So they give us to a few days to give us him for a few days in order for us to succeed. And this is like a team play.
Sounds like you guys are also a good team. How many people are in your business, your personal, like in solar?
Like the company? the company. Today we are a little bit less than 50 people.
That’s big. You guys been around for
a year. So a little less. So that’s, that’s really big. Awesome. Israel is such a great hub for a product like yours because it’s such a leading country with so many startups and tech related services, SAS softwares that are just really taking over the world. So Israel is a perfect hub for you to dip your toes in. Let’s put it that way. Yeah.
For sure.
Amazing.
For sure, and I will say more than that, that a lot of the people of like the management are people that work together in cybersecurity, our previous startup. And this is one of the things that give us the opportunity to run really fast because we already know the CTO, the VP product and I, we are working in the last five years together. It gives us the opportunity to work really fast together. And beside that, we bring to the team
a lot of new faces that we didn’t work with, but like the VP marketing that was here in Solr before me. And right now we are working so close together and this is the main thing, like to find the right team, to make them a team, an organized team that everyone know what is like responsibilities and from there to move as fast as you can.
I love it. Dol, thank you so much for your time. I had such a great time. I wanna see you guys take over the world and just wave your little flag at the top of the mountain. I would love that. Nothing more than that for you guys.
Mm-hmm.
Thank you so much, Maria. It was a pleasure for me too.
Thank you.
Bye bye.
Contact us to explore how we can help your business grow.
