We are totally on the roll, because guess what? We have another great interview for you!
This time we decided to present you one of the start-up company – Shieldfy. Eslam Salem CEO of Shieldfy has told us about cyber security in Egypt and what kind of difficulties his company faced as a start-up.
Trust me you don’t want to miss this interview!
[Hakin9 Magazine]: Hello Eslam! Could you introduce yourself to our readers?
[Eslam Salem]: My name is Eslam Salem I am the founder and CEO of Shieldfy , I worked as a web developer for about 11 years and worked as a security consultant and freelance penetration tester for many companies.
[H9]: What exactly is Shieldfy?
[ES]: Shieldfy is a cloud-based security firewall and anti-malware; basically it protects websites from hacker attacks and malware infection.
[H9]: The market is full of different products and services that will protect our websites and computers. What makes Shieldfy special?
[ES]: Shieldfy is focusing on simplicity to our end users, so they don’t have to be experts in servers and programming to get started with us. We only require the user to upload one file or install one of our plugins, like WordPress plugin, and that’s it. Also, the fact we are on the same server with the client gives us the power to protect the website from specialized attacks to its software besides normal random attacks.
[H9]: Why was Shieldfy created? Was there any reason behind this idea?
[ES]: It begins with my needs as a web developer. I was searching for a proper solution for my clients to protect them from attacks, especially zero-day attacks on third-party scripts. But all solutions I found were either so complicated and expensive or not that good so I decided to build Shieldfy.
[H9]: What was the process of building a security solution of your own like? What was the most difficult part, and why?
[ES]: First, I started it as a side project, then it became a passion and attracted my team members to be a part of it. There were a number of difficulties; first, we operate in a field that is totally new to MENA region so we didn’t find many people with experience in the field so we had to research and learn a lot, which helped us a lot, in fact, to develop our own personality and our own methods instead of copying other companies. Another difficulty was the lack of funding; investors got excited about our work but didn’t want to get involved. They preferred to wait and see how we would acquire the market, so we depended on ourselves to fund, and we’re now in the middle of negotiation with another investor and maybe we can close the deal in the next couple of weeks.
[H9]: Your company is a start-up – do you think it gives an advantage over big security corporations, or is it just that much harder?
[ES]: The Cyber-Security field is growing very fast and the fact we are a startup gives us the ability to move fast and adopt quickly with the market needs.
[H9]: On your website, you have information that you are always one step ahead of hackers? How do you accomplish that?
[ES]: We have our own security team which is very talented; we don’t wait for attacks to happen, we continue to research in our labs for new hacking techniques, and we do regular manual tests for our clients to find any vulnerability before anyone else does.
[H9]: So you can assure your clients that they are 100% safe? What if they are successfully attacked?
[ES]: We all know there is no such thing is 100% safe, there will be always a weakness. The real question is the second one; what if hacker successfully hacked one of our websites?? Our security team is always prepared to help the websites with two steps. First: clean the website from any backdoors planted by the hacked. Second: investigate the hacking to know what happened and help the website owner to fix any vulnerability or weakness found to make sure we avoid it in the future.
[H9]: Do you think that nowadays breaching is easier than five years ago? Or are hackers simply more capable?
[ES]: Actually both, with the web revolution, all data now is on the web. That wasn’t the situation five years ago. Now, everything is in the web and that attracts many talented people to join the war as a blackhat or whitehat.
[H9]: Do you think the side they choose is a matter of character, or is there more to it?
[ES]: Yes kinda, people choose to be blackhat because of many reasons; it’s mysterious and sexy and more profitable, but morals come into the picture so now many talents convert to be whitehat. It now has the same glory, especially the bounty hunters and it’s profitable, too, much safer and, most important, it’s legal.
[H9]: One of your values is “we care”. Is it truly an important aspect in cyber security field?
[ES]: Yes, of course , if you care about your customers you will be able to understand their situation and provide them what they need.
[H9]: Do you think that in a field as complex as cybersecurity, the clients always knows what they need? Are they sufficiently aware of the topic to decide for themselves?
[ES]: Most of them don’t, that’s why our rule is to make it simpler and more user friendly. We have to be the bridge between the normal user and the security with its complexity and details.
[H9]: Do you think there is a perfect point of balance between security and convenience?
[ES]: It’s a hard question, no one found the right equation to do that and as we all say it’s a Security Vs Usability issue. For example, if a bank decides that the best way to respond to suspicious activity is to freeze your account … it’s the safest solution but it’s not the most convenient for the customers.
[H9]: What about the ease of use? What do you find the most important: convenience, ease of use or effectiveness? How much do you find those particular features important?
[ES]: Convenience and ease of use are important but it must not affect the effectiveness. For example, your computer will work faster without the antivirus but soon you will be infected and maybe your passwords and credit card be exposed. On the other hand, the ease of use is so important, you can’t get the most out of a tool you don’t know how to use no matter how good the tool is, so in my opinion, ease of use and effectiveness are the most important in cybersecurity field.
[H9]: Can you tell us more about cyber security in Egypt? What kind of challenges does it face?
[ES]: Cyber security in Egypt is growing very fast, we have many talents working in foreign companies or as a freelance penetration testers. But sadly, in the form of companies, we are still young but we hope that we see many companies operate in Egypt in this field soon.
[H9]: What are some of the challenges security companies face in your country?
[ES]: As I mentioned before, the biggest challenge is the market is still young, we have to educate the customer about how important security is, also it’s hard for security companies to get funded in Egypt. Investors don’t want to get involved with something they don’t fully understand with absence of solid numbers about market opportunity.
[H9]: Do you have any thoughts or experiences you would like to share with our audience? Any good advice?
[ES]: Security is a serious issue so if you have a website or network you want to protect it. Don’t ever rely on manual security only or automated solutions only, use both and use multi-layer security as much as you can.