Security, Cyber-Intel, and a Sense of Humor with Nir Rothenberg of Rapyd

[00:00:00] Nir Rothenberg: Take notes. Understand the concepts, understand what companies value.

[00:00:05] Nir Rothenberg: And make yourself somebody who can get accepted for the job, who can deliver on it, who can make the promises. and you'll see your career just skyrocket.

[00:00:36] Arlo: Hello, my name is Arlo Gilbert. I'm the founder of osano, but today I'm your host on the Privacy Insider. Today we are joined by Nir Rothenberg. The Chief Information Security Officer at Rapid, a fast growing payments provider out of Israel prior to his time at Rapid Nir was the head of security at NSO Group.

[00:00:58] Arlo: Most famous for Pegasus and many of the nation state hacking that we read about online where he personally helped to bring down Guzman and In addition to all of his time in security, Nir is an active advisor and investor in early stage startups. A big fan of the Israeli startup community. Nir, welcome to the show.

[00:01:20] Nir Rothenberg: I'm glad to be here. And before we start, I got an important question. Are we allowed to cuss? 

[00:01:26] Arlo: Oh, yeah. We can cuss as much as you want. 

[00:01:28] Arlo: Well, NIR, so, you know, you're known right now as the CISO at Rapid, I would love to hear a little bit about what Rapid does for anybody in the audience who's not familiar with your company.

[00:01:41] Nir Rothenberg: Yeah, thanks. So, first off, when you say I'm known this is a 

[00:01:44] Nir Rothenberg: privacy podcast, you know, as people aren't celebrities, when you tell somebody, oh, you're known, you're like, by who? You know, or maybe it's just me. so, so yeah, I, I, I am the CISO at Rapid Rapids, a payments company.

[00:01:57] Nir Rothenberg: Actually, today we just, got the news that we were, approved to get a license in another country.

[00:02:02] Nir Rothenberg: So we're a global payments company. Think of Stripe checkout.com. a DN yeah, that, that's where we operate. Uh, we're known for, doing a lot of m and as,and, ultra scale. we grew since,since my time from a small company with 50 people to two thousands of people globally. So, uh, you know, I've been a part of that journey as well. 

[00:02:22] Arlo: Wow. and you joined pretty early on in Rapid's career, right? I mean, you weren't employee 600.

[00:02:29] Nir Rothenberg: No, no, I was like probably 50 or 70 or something like that. 

[00:02:32] Arlo: Wow. And running, running security at a payments startup, I would imagine can be a little, a little daunting because you control money. So there's a lot of people out there that would love to go hack you.

[00:02:45] Nir Rothenberg: Yeah. I think if you're daunted then you know, security isn't for you. You know what I mean? first off, you have to be optimistic to the point of being naive. I think you have to be like, I got this. I can do this. You know what I mean? if that's not your mentality, if it's like, oh my God, the world's so bad.

[00:03:01] Nir Rothenberg: you're just not gonna make it. You're gonna be burned out. You know what I mean? Uh,there's all kinds of statistics about CISOs. that they're burned out. Like they're victims of the profession. Like, oh my God, they have to sit in front of a laptop and get paid poor people.

[00:03:15] Nir Rothenberg: You know what I mean? Like, they're victims. They, it can only last 18 months in their cushy job. I'm like, yeah, you know, it's not easy maybe, or maybe it's just really, really fun and fulfilling because you're at the forefront, you're at the bleeding edge of what's going on. You know what I mean?

[00:03:28] Nir Rothenberg: And you're something that really interests us. And I always tell my team, I tell them like it's good that cyber is in the news and it's good that there's hacks. As long as they don't get us, if they get us, that's bad, right? Because I'll probably get fired like the coach of the team. But as long as they don't get us, it's good that there's, uh, cyber out there.

[00:03:44] Nir Rothenberg: 'cause that's what lets us get paid and do cool stuff and keep protecting and keeping rapid and its user secure. so it, it's a good thing to have that. So, so I'm sorry. I'm just give you this whole rant about daunting. Let's see what the next word you.

[00:03:57] Nir Rothenberg: say, and I'll talk for another 10 minutes. 

[00:04:01] Arlo: Well, no, I mean, I think this is really interesting because the intersection of privacy and security is pretty important. And I mean, the reason that we're having you on this podcast is because you actually have had a fair amount of experience with data privacy in your various roles as the ciso, I assume, and it sounds like privacy is part of your daily job.

[00:04:22] Nir Rothenberg: Yeah. Yeah. So, early on in building the discipline, the privilege is there. and this is again, something I'd like to tell my team. I tell, like some grandpa, like I always tells 'em, you know, but I'd like to tell my team, uh,we're privileged to make the mistakes that in like 10 years, somebody's like, who the hell did this?

[00:04:39] Nir Rothenberg: Who's the idiot? So we get to be those idiots who make the first mistakes. So, a lot of things we did when we built the program early, it was just like me and the general counsel was like, we should figure out this privacy thing, you know, like we're going into Brazil.

[00:04:52] Nir Rothenberg: You heard there's like, this? CNA thing, you know what I mean? And then you gotta figure it out. the only way to do that is to be curious and to be lucky enough to find, people to collaborate with. Also internally, for instance, me and the general counsel of Rapid have a great relationship from the beginning.

[00:05:08] Nir Rothenberg: and we know how to empower each other the other various stakeholders in Rapid. But it goes also to getting the right partners, you know, the right companies to work with, the right consultants to work with that could help you understand, all the various issues of any compliance, but especially privacy, which is one of the more dynamic compliances, uh, of recent years.

[00:05:27] Nir Rothenberg: If you look at it. rapid is, has a lot of compliance restraints, again, being in payments, being global, And you know, privacy. It's definitely one that gets the most attention from partners, from customers, from regulators. It's always, starting with privacy and it just shows, you know how much work should be put in it.

[00:05:43] Arlo: And getting you, you mentioned that you guys just got a very exciting certification that's gonna allow you to process payments in a more global manner, but it sounds like, you know, you're keenly aware that going into a more global anything, probably means more laws to comply with. Are you guys prepared for that?

[00:05:59] Arlo: Are you worried about that at all?

[00:06:01] Nir Rothenberg: Yeah, we tried to build a program like that, honestly. I remember when, we just started the PRI privacy program and we started putting all the pieces in play and I tried to, this goes back to my early days, as a consultant myself. you know, one of the good things about consulting, it teaches you frameworks, the ways to think about anything.

[00:06:18] Nir Rothenberg: 'cause you have to go to any organization and give value. so if you look at a risk management framework, it's always like, what you're up against, and then decide what to do about it. So that's how I always break things down. So let's say the privacy program.

[00:06:32] Nir Rothenberg: With the general counsel, the first thing is like, okay, what are we up against? what's our requirements? what territories are we active in? What do they say there? Where are we strong? You know, do a, like a total gap analysis really, but very focused on what we're up against and try to avoid, hypotheticals, and all kinds of, of theoreticals and stuff that you're not up against, okay, there's enough to be up against without.

[00:06:55] Nir Rothenberg: And I think a lot of people make that sin make this big mistake and they go like, yeah, but what if theoretically the aliens come and they have a new regulation, the zombies fight them. It's like, why are you talking about like, which Comic-Con am I stuck in right now? You know what I mean? So, so focus is your ally.

[00:07:10] Nir Rothenberg: So once we had that, we could go to consultants and start finding, and you know, like every high tech company, there's like this whole industry of like, you know, privacy consultants today. and then you like, okay, it's great that you do Europe, but I got Asia and I got, Latin America and I got other territories and there's a lot of rules coming out.

[00:07:28] Nir Rothenberg: How do I make sure that you're the partner that could take me to those places as well? you'll be surprised, we went to like, you know, top law firms stopped consultancies and they, we didn't like their answers 'cause they were very narrow-minded, for them privacy was only GDPR.

[00:07:43] Nir Rothenberg: You know what I mean? I'm like, okay, maybe for us that's a main regulator, but what will happen two, three years? We have to make sure we're ready. again, it's not some big thing, but it's just that's two millimeter shift that makes a difference between, uh, being future proof and shuffling all?

[00:07:57] Nir Rothenberg: the time and putting out fires. 

[00:07:59] Arlo: And I, I've gotta imagine that part of the fun. Of being so early at a company is that you really get to influence those things as opposed to inheriting a program that was established by somebody else. is that the case for you at Rapid?

[00:08:12] Nir Rothenberg: Yeah. Yeah, definitely. that's one of the things that really, Till this day. That's the influence I think is something that I personally really enjoy. you know, if we have more time, we'd break down my personality and why, but I really enjoy that. I really enjoy that, you know, I can move the needle.

[00:08:26] Nir Rothenberg: I really enjoy that, that, thing. Just like I say, the mistakes I make will haunt people in the future. you know, people always think legacy is good. Like, oh, he invented the cell phone. No legacy's a mistake you made that. People are like, why is this road planned like that? That guy, the guy who planned that road, we all hate everybody in his own city.

[00:08:42] Nir Rothenberg: He's got a giant legacy. Like every morning you're stuck in traffic. You're like, who is the idiot who did that? And there's some guy, there's a guy, he did that and he has a legacy and he affects your life a lot. So, no, but all seriousness, he had the impact till this day. And I tell my team, like, you know, you should feel the impact.

[00:08:58] Nir Rothenberg: 'cause you know, if you're in security and privacy, and it's so dynamic, especially in a company that's growing, that's scaling, that's going to do territories. you can really change and influence the way things are done. and yeah, I think that's important. And also that your place in the table is very important because you enable these things to happen.

[00:09:17] Nir Rothenberg: a lot of times you talk about privacy, security as a guardrails, right? you enable somebody to drive fast down the road, good to feel that, I still feel that, that's one of the things I, I love most about Rapid?

[00:09:28] Nir Rothenberg: you know, and they get into negotiation like, no pay raise, but here's some more influence for you. 

[00:09:32] Arlo: That's right. we make up for our lack of cash as a startup 

[00:09:36] Nir Rothenberg: No, they, they pay other people. No, they pay other people. They, they got cash, they pay other people, but I come home like, Hey honey, I didn't get that raise, but I got another project. She's like, so what? you got more work for? Just kidding. I'm just kidding. 

[00:09:49] Arlo: Well, I think that one of the things that, you know, we had a chance to talk before this show and one of the things that I, you know, aside from being incredibly funny, one of the things that I really loved about talking to you is that you have a really non-traditional story on how you ended up in this role as a CISO and somebody who's owning both privacy and security at a, you know, a complicated high tech company.

[00:10:10] Arlo: And what we've heard from many of our listeners is that privacy and. To some degree, I'm imagining security can be a little bit lonely because you often have to be the no factory, right? You have to say, I know that sounds fun, but you're gonna get us sent to jail if you do that, and I'm really curious as our audience surely, is how did you get to this place?

[00:10:34] Arlo: what brought you into regulations and security? how did you even get here? Did you wake up one day as a, as a small child and say, security and privacy. That's where I would like to focus my efforts or did you come upon it accidentally? I'm curious how you got there.

[00:10:52] Nir Rothenberg: So when I was in the university, we went, or in high school rather, we went to a tour, a science facility, and I got bitten by a radioactive, I went home and, I lost my glasses and got this killer bod. I got a dad bod and became a CSO right away. so yeah, that's what happened.

[00:11:10] Nir Rothenberg: Don't tell anybody about my origin story. The movie's coming out. It's gonna be a big one. so yeah, so, so I think nobody, you know, I got little kids now and like, like, you know, no little kid ever thinks like, oh, I want to be the guy who's in charge of cyber risk or privacy risk. you don't think, 'cause that most people, they take it for granted.

[00:11:31] Nir Rothenberg: they're like, why would anybody hack me though? Because I didn't do anything wrong. Why would anybody abuse my personal information? It's none of their business. Like, people are decent. I wouldn't do that. Like if I would see, you know, your cell phone open, II would hand it to you. I'm like, Hey, excuse me, sir, your cell phone's open or whatever.

[00:11:47] Nir Rothenberg: You know, so why would anybody do it to me? it's a naive outlook that most people have. and that's how you start out, you know, that's why these things keep happening because organizations are naive and end users are naive and, you know, that's why scammers have an easy time. You know what I mean?

[00:12:03] Nir Rothenberg: So nobody thinks about it early on. I think a lot of people either get to it, you know, they get to it by mistake. I think almost everybody that I've met, ever met in cyber got to it, you know, through some coincidence. For me, it was really a coincidence. Like, I thought I was gonna be a scientist.

[00:12:19] Nir Rothenberg: I studied chemistry. I was like the worst chemist ever. I wasn't, I was no Walter White. I wasn't making any meth or anything like that. It was, uh, I was really, really bad. I couldn't even beat Jesse Pinkman, I couldn't do that. I can't say the bitch good. So, uh,but I watched that show.

[00:12:33] Nir Rothenberg: I watched this term. I'm like, why are they so good? so then I,I had to get a real job and I got into risk management. 'cause it sounded exciting because, you know, risk, what's more exciting? What's more exciting than a risk? You know? I'm like, wait a second. I get to deal with risks. What am I skydiving?

[00:12:49] Nir Rothenberg: Am I an actual superhero? That's like the naive outlook that you. I think you need to do to have, to be successful. You know what I mean? I think just so we talked about burnout. People are like, oh my God, I'm so lonely here in the, no, it's like the job isn't the problem. You're not collaborating, you know, empower yourself, Empower yourself and try to collaborate more. It sounds really stupid to say that, you know, that's like every podcast you ever listened to, it's like, if you believe and achieve and then conceive it, you know, they always like tell you, it's like, what do you want from me? but the truth is, it is like that.

[00:13:21] Nir Rothenberg: it's up to you. Are you lonely? Get some friends, collaborate, figure out how to have, have value. are you working at a company that, that, you know, looks down at privacy and thinks about it? Just they just wanna cover their ass and just, you know, put, check the box and you hate it 'cause you,you're passionate about it.

[00:13:38] Nir Rothenberg: Move companies. There's enough companies that, that they need this, that they're scaling and you're the person who's gonna make all the difference. and it's up to you. It's not always easy. You know, we've all had jobs we've hated. I remember my first job, by the way, of risk management. I couldn't stand it.

[00:13:51] Nir Rothenberg: I was like, for six months, I'm like, I'm done. Like, it's time to level up. And then like, it took me three more years to find a job. You know what I mean? I just couldn't find anything. Every job that accepted me was like worse than my current job. I'm like, oh my God, this is so much worse. so, you know, sometimes it's hard, but fortunately in privacy and in security teams are right now before AI takes over, you know, the market is still in our favor as professionals If we learn how to show value, we can get jobs. So, there are organizations where you won't be lonely. and for me it was all about the connection all the time. and I just happened 

[00:14:24] Nir Rothenberg: to, you know, starting risk management, get into it risk. I remember I was doing, an IT risk assessment.

[00:14:30] Nir Rothenberg: We used to call IT 

[00:14:31] Nir Rothenberg: assurance. And my boss, we were in Bank of Israel. He's like, oh, you know, you're,you're not doing it. Risk assessments, you're 

[00:14:37] Nir Rothenberg: doing, cyber assessments. I'm like. What's cyborg? Are we making up words like I'm,I'm doing a cyborg assessment, like, I was like, imagining like cyborgs.

[00:14:45] Nir Rothenberg: I'm like, but this is like the Central Bank of Israel. Like, why would they have a cyborg? And he's like, no, cyborg, it's a new thing. And I just couldn't get it. I'm like, okay, I guess I'm too dumb. You know, you're always very naive and you're like, oh, I guess I'm too dumb to get what cyber means. It seems like we're doing the exact same thing, but suddenly my salary started to go up and the market started getting hot.

[00:15:04] Nir Rothenberg: and you know, I remember they started, you know, the jobs started coming in better and more organizations like I was doing consulting organizations were needing us more than ever and suddenly I'm something called the Vcso, you know what I mean? And I'm going to, and I'm working in companies that would never even gimme the time of day if I applied.

[00:15:19] Nir Rothenberg: Suddenly I'm there.

[00:15:20] Nir Rothenberg: managing their cyber risks and understanding and implementing tools and really learning everything from the process. Just, that's a beautiful thing about risk assessments in any field. You always start with a process, then you think about the complexity and then you think about, you know, the probability for the Risk.

[00:15:36] Nir Rothenberg: to happen.

[00:15:37] Nir Rothenberg: And then you really look at every process from the ground up and you have a very kind of grounded way of looking at, reality. And then it translate really well to, to almost anything you do if you can get the technology, which again, I came from chemistry. I,I wasn't like in this kind of, you know, Israeli army military grade units, you know, which is great by the way.

[00:15:54] Nir Rothenberg: 'cause today I invest in startups. I work with a lot of Israeli startups and they all think I'm one of the them, you know, like from the unit, like, oh, where were you? Did you know That him? And I was like, no, I wasn't from there. And I'm a chemist. I was like, what? What are you doing here? I'm like, sorry, should, should I let myself out?

[00:16:09] Nir Rothenberg: You know? So kind of funny. Uh,

[00:16:11] Arlo: That is, that is fantastic. And, and so one of the things that I thought was really fascinating about your background is that, you know, although you started in risk, you then transitioned over to a very different kind of company when you joined NSO group. 

[00:16:29] Arlo: And, and for those who are listening and, don't know, maybe you can tell us a little bit about NSO group because they're big, but not everybody knows the name.

[00:16:39] Nir Rothenberg: Yeah, the coming on a privacy podcast, talk about it, working in NSO, it is like coming on a, you know, church podcast and talking about working for the Antichrist. You know, it's like,literally like that. Like NSO People don't know. NSO is, uh, NSO Group is an Israeli cyber espionage company, that sells cyber weapons to governments.

[00:16:58] Nir Rothenberg: if you Google them, you can read, they're associated with, some very interesting, uh, stories. Some of them are, more true than others. for instance, according to the press. and so o tools were used to, capture El Chapo, the famous drug dealer, if you're listening to this, it had nothing to do with that El Chapo, piece to you.

[00:17:18] Nir Rothenberg: I think his name is Guzman. He's one of the most notorious, Mexican, drug dealers. so they basically Did a cyber espionage job. A project all over on him and his surroundings. They were able to locate him twice and now he's in jail in the US for serious,drug charges.

[00:17:33] Nir Rothenberg: So, uh,and there's a lot of other stories and a lot of other scandals. So, it's one of the most notorious companies when you talk about like, government spying on citizens. and they, have very amazing technologies, just recently, like meta sued them for hacking WhatsApp.

[00:17:50] Nir Rothenberg: You know, you don't know too many companies that can hack WhatsApp. know, and again, just like with any kind of, uh, fugazi boogeyman kind of companies, a lot of it is true and a lot of it is like totally false and just they have no idea. And everything that kind of smells like some espionage is like, uh, oh, it's NO the big bad nso.

[00:18:08] Nir Rothenberg: I can't say they didn't enjoy that as well. As a company, when your,when your name is so big that you can, you know, hack anything, do anything. The customers come to you, you know what I mean? Especially if you're in the espionage business and your customers are limited. you know, 'cause there's regulations and they don't se they hardly sell to anybody.

[00:18:23] Nir Rothenberg: There's not lot of customers. So, so it was good. So, you know, I had the opportunity to work there. Again, totally naive. I was doing vcso roles for a bunch of, uh, Israeli companies. One of them, what happened to be in cyber intelligence. And NSO was looking for their head of security, who was somebody who worked with cyber intelligence companies.

[00:18:41] Nir Rothenberg: And somehow they got to me. I didn't know what it, what it

[00:18:44] Arlo: Did they, did they hack your phone to get to you? Did you wake up one morning with a message on your phone that says hello Nir?

[00:18:50] Nir Rothenberg: No, no, nobody hacked my phone. I'm not interested. I always tell people, I I, I get a lot, especially after I left. I get these businessmen's like, oh, you gotta tell me somebody hacked my phone. I'm like, why wouldn't anybody hack your phone?

[00:19:00] Nir Rothenberg: Like, you know why? What's so special that you have to understand to buy a use. NSO cost millions to infect somebody. Just to infect. One person costs hundreds of thousands, not millions. 'cause you gotta buy the whole system and the analyst and,and set it up. nobody does that to be like, I wonder what the candidate is thinking about me.

[00:19:17] Nir Rothenberg: You know, it's that, that it doesn't work like that. You know what I mean? It's like buying a tank to, to do a hit job. You know? For Hitman, it doesn't work like that. You know, governments have tanks, they have weapons, they have things much worse than n So they have planes and rockets and ultimately then they send a policeman with a taser.

[00:19:34] Nir Rothenberg: That's enough for me. You know what I mean? One guy with a taser, he'll get me. So they don't need,to hack me. They didn't. again, in a corporate setting, you know, as an executive rapid there is a risk. See, that's how, you know, that's already worth the trouble of even a nation state to get technology or for, you know, or for a criminal organization to get FinTech, you know, to get FinTech backend or stuff like that, or to get a massive breach of user information.

[00:20:00] Nir Rothenberg: That's always great, news for criminal organizations. So, but as an individual, we're not that interesting, you know, that, that's just the fact of it. And I had, like crazy people come to me, like, I'm sure, like, you know, every time I go, this is Drew's story. Every time I go on, uh, on Spotify, the songs are telling me something like, and I think it's my father-in-law.

[00:20:22] Nir Rothenberg: She tried to get me to divorce my husband. Like I had like a woman, like, explain this to me. And like,and like, you know, it's like you're telling me like, like, you know, the,big tech knew which pasta you're gonna buy in the supermarket and put like, you know, it's mathematically almost impossible for that to happen.

[00:20:37] Arlo: So the average, the average Jill, or the average Joe does not really have to worry about an NSO group because 

[00:20:43] Arlo: it's just not worth the money. 

[00:20:45] Nir Rothenberg: Yeah. When they when apple's like, oh, we exposed a nation state, zero day patch your iPhones today. It's like. Oh, you can patch tomorrow. Like you should, like, I'm a security guy. Patch your stuff, update your software. it's that's the best thing you can always do. If you, anybody here could be a ciso, anybody listening, you wanna be a ciso, go to a job interview.

[00:21:06] Nir Rothenberg: Say, yeah, yeah, I'll be a ciso. The first thing I'll do, I'll update everything all the time. You'll be better than like 75, 80% of companies in the world. If you can manage, do that. It's harder to do than it sounds. there's always like, you know, conflicts and problems and wait, but we have this thing will crash if we reset the server.

[00:21:22] Nir Rothenberg: But if you can do that, just patch. Just use the updates that the companies, uh, come out. but for an individual, if you have an iPhone and there's like some zero day that NSO found with you know, that NSO spotted and they use it. They use it on like three guys who are Mexican drug dealers and it's like

[00:21:40] Nir Rothenberg: very exclusive .

[00:21:42] Arlo: Soat NSO group, and I,don't wanna spend the whole time talking about NSO, but it's a, it's really, you know, interesting story. I mean, what was it like working there? you came in because of that VSO experience and you landed on their radar, what was that like for you?

[00:21:56] Arlo: I mean, that was a big change going from, you know, being a CISO that's engaging with, you know, financial institutions and shifting over to working for, you know, a nation state hacker. 

[00:22:07] Nir Rothenberg: Yeah, initially say level hacker. First off, I just,I still miss the technical level, like working with NSO and I still know some people from there, some in touch, some of the smartest people I've ever met. Like, they were so smart. they didn't see a need to move their hands when they walked.

[00:22:21] Nir Rothenberg: They were so smart that. you thought you were in Westworld. That was big when I was there, so it'd be like freeze mortar functions. And then they looked at you, they like, what are you doing Mortal? That was a good show. anyway, like the smartest people, like people who can like, take an iPhone co like take the source code, parse it, find a vulnerability, weaponize it, and sell it for hundreds of millions to nation states,to stop criminals and drugs usually, and drug dealers and terrorists and stuff like that.

[00:22:48] Nir Rothenberg: So it was smart people. It was also, you know, from our perspective and I, and people told me, oh, this sounds like the Simpson episode where,where Homer works for the bad guy and like from our perspective, we were doing good. We got like, like on the regular, when you're working in NSO, you get like, Western nations, European Asians, like, know, some of the best countries with the best human rights track record.

[00:23:10] Nir Rothenberg: And they would come and like, thanks to you. We got the guy before he killed thousands of people, he was about to explode in our subway or metro and we stopped him. Thanks to you,we stopped a woman trafficking rink. 'cause we were able to pinpoint the exact people. That's all the stories you get, you know, and, 'cause that's most of the stories because most people, most, nations we sell to are western nations.

[00:23:33] Nir Rothenberg: Sometimes there is needs, again. 'cause ultimately the terrorists, they don't live in Western. I mean, when they're deployed, they do, but when they're training, you know, Al-Qaeda isn't like, like, you know, it's not Alqaeda Belgium. Right. I mean,maybe they go to Belgium for an attack. It's not like, you know, you should just go to Belgium.

[00:23:49] Nir Rothenberg: They're like in, in third world countries in a lot of time. with low track records of,of human rights. Those are the countries that are trying to fight them. They're the for forefront a lot of times. and so you wanna empower them to stop it. Now, when you are working in NSO, you understand it's not like?

[00:24:06] Nir Rothenberg: either put a Pegasus and hack a phone or don't, you know, that's very naive.

[00:24:10] Nir Rothenberg: It's 

[00:24:11] Nir Rothenberg: either put a Pegasus and hack a phone or 

[00:24:13] Nir Rothenberg: capture. Everybody knows and torture them until they talk. That's usually how these countries operate. It's a government. It's a government. Like we all have 

[00:24:22] Nir Rothenberg: governments, anybody, I'm an Israel. 

[00:24:24] Nir Rothenberg: In the US there's horror stories about government activities.

[00:24:27] Nir Rothenberg: And every single, the government, they have the power, they have the ability, 

[00:24:31] Nir Rothenberg: and they do whatever they want. And if it's with violence, it's with violence. And if it's something elegant, like just 

[00:24:37] Nir Rothenberg: hacking a phone and seeing some information, they'll do that. You know what I mean? So I would argue. That if we're not naive and you compare, hacking a cell phone to torture and to the other methods that people extract informations or in the past, hacking the cell phone is the best thing you can do, especially when it's so expensive and so technological.

[00:24:58] Nir Rothenberg: That's, it's very limited to dozens or hundreds of people in the entire world at a given time. So, and again, it doesn't mean it can't be abused. Any tool can be abused. I could take Gmail and send spam and scams and trick people. It doesn't mean Gmail is bad. Gmail is a tool that's meant to do something good, collaborate, reach out, connect.

[00:25:19] Nir Rothenberg: You can abuse any tool. So, you know, that's how we came in. Now, is it a hundred percent true? I wasn't aware of everything, but from what I know. That's most of the truth. and again, it's a very complex subject that we could talk to a,a long time. but it was interesting that even in NSO we cared about privacy.

[00:25:38] Nir Rothenberg: 'cause we had privacy laws. So even in NSO, we had to be GDPR compliant because they have branches in the Europe and we had to be Israeli privacy law compliant. And we have to understand where we keep our PII and understand. Now, NSL doesn't keep the information of the systems of the clients because it's a nation state.

[00:25:56] Nir Rothenberg: US isn't like, Hey, you know what? we're gonna use your tools, but you can keep it in Tel Aviv in your 

[00:26:01] Arlo: Yeah, spin it up on our cloud 

[00:26:03] Nir Rothenberg: Yeah, yeah, yeah. You keep it 

[00:26:04] Nir Rothenberg: in your cloud. It doesn't work. Like, it's not like that, Like the customers keep the intelligence and, they use that in a court. and as far as their operations, and again, intelligence is a dirty business. James Bond isn't going to replace Mother Teresa anytime soon. Nobody's like, oh, you know who's a good guy? James Bond, he's a good guy. He's a standup guy, right? Like shaken, not stir. What a great, boy, what a good boy. No, he's a killer.

[00:26:30] Nir Rothenberg: He's a, you know, 

[00:26:32] Arlo: He is got a license to kill. I mean, that's the whole theme of the show.

[00:26:35] Nir Rothenberg: he's a, and he's a douchey guy who breaks girls' hearts. And he's like, nobody's like, oh, what a great friend James Bond. You know, he always remembers my, he, he doesn't remember your birthday, he's not a cool guy to hang out with.

[00:26:46] Nir Rothenberg: Everybody, like, kind of hates him. Like you talk about lonely go be James Bond. So if NS so is the tool he's using to hack his way in, you know what I mean? That that's a world it operates in. Now again, now let's talk about alternatives. Let's not be naive, you know, and, and that's I think is an important conversation to have that isn't had enough.

[00:27:05] Nir Rothenberg: 'cause it's really easy to see, oh, look at this terrible thing that's about to happen, patch now. or the bad guys, the evil bad guys will get you. a again, I think once he developed this kind of, uh, ability to see shades of gray. then you could be a little more focused, uh, and not chased, I call it chasing zombies attacks.

[00:27:24] Nir Rothenberg: Like, oh no, there's a, you know, AI's out, oh no, that's the, a privacy apocalypse. Let's stop everything we're doing and just focus on this thing, which is totally theoretical right now. You know? So these are the kind of things that when you work in a, that you get, so, but yeah, we did have privacy. We took it actually very seriously.

[00:27:41] Nir Rothenberg: I used to work with, a very strong lawyer there who,who was,the data privacy officer. We worked closely we did a beautiful project there for like GDPR readiness. It just came out that it was about to come out when we were there. And, 

[00:27:53] Arlo: That is so wild to me. I mean, I, I I, you know, thinking through the juxtaposition of NSO, you know, making sure they're GDPR compliant,I love, I love one thing you said, you know, about the alternatives, right? And II think that is a key thing that a lot of folks don't remember is that, you know, governments by their very nature, the way a government remains in power, and the way they enforce laws is through violence, right?

[00:28:19] Arlo: It's, if you don't follow the law, we're going to come to your house and we're gonna take you out of your bed, and we're gonna cuff you, and we're gonna take you to prison, or we're gonna take you to Guantanamo and we're gonna waterboard you until you tell us what we need to know.

[00:28:32] Nir Rothenberg: Or, or or other stuff that you don't even know about. 'cause it's so secret. You know what I mean? That's how they operate. and by the way, in every place in the world, there's no government. It's like, you know what, when we have a serious criminal, we just gotta let 'em chill. You know? Like, 'cause violence is bad.

[00:28:46] Nir Rothenberg: You know, it's like, yeah, we try not to. So even in the MO you see the riot police. There's, I, you know, you see it like in the most advanced countries, they have it, they use it and there's mis misuse of every single tool, you know. So.

[00:29:00] Nir Rothenberg: uh.That's just a reality. and it's really easy to close your eyes to that.

[00:29:05] Nir Rothenberg: just easy. Like, like, oh, it's just bad. It's just bad. And I think that's the complexity,that we have. And sometimes I'm disappointed 'cause even I, I'm talking to guy like, Yeah.

[00:29:12] Nir Rothenberg: I was an officer in a 2 0 0 and I did like a lot of similar stuff, but NSO is pure evil because I read the news once and I'm like, okay, maybe even the news was right.

[00:29:23] Nir Rothenberg: Do you have the entire context? Context is everything, by the way,in any assessment context, is everything in privacy, I'll tell you like, oh, you have this, database with private information. Now, is that good or bad? You have no idea. No, I, it is the same database. I say, okay, here's a database of credit card numbers and addresses of people. 

[00:29:43] Arlo: Yeah,

[00:29:43] Arlo: if you're, uh, a FinTech, of course, right? You need to have 

[00:29:46] Nir Rothenberg: No. Oh, no. Yeah, no. that's one context. Okay. If you're authentic or not, where's it located? Do you have PCI do. You have safeguards. You start adding context and then you can make a conclusion. but if I'll be naive, I'll be like, oh, private data and a database. That's horrible. Yeah.

[00:30:03] Nir Rothenberg: But if I told you I'm talking about MasterCard, you know, so it's like, yeah, of course they need that How will they let me get paid? You know what I mean? So, so that's how the world works. The Context is king, 

[00:30:14] Arlo: Context is king. I like that. that's a good phrase. And so, you know, when you were at NSO, I mean, it sounds like, you mentioned like El Chapo and Guzman and, you know, some of these things. are there any stories from NSO that really stand out to you? I know there was, uh,you know, like Pegasus got stolen at some point in time.

[00:30:33] Arlo: I mean, there was lots of 

[00:30:34] Nir Rothenberg: Yeah, yeah, yeah, yeah, yeah. So when I was there, unfortunately, but this is something that really helped me out later on, but when I was there, it sucked. So we had an employee, this is actually again in the news, you're invited to read, you read about it. But we had an employee actually steal the Pegasus.

[00:30:49] Nir Rothenberg: some pretty senior employee,in the automation department. and he tried to sell on the dark web where he got captured. and then, you know, you got discovered fortunately. And, and you got arrested and you got tried and convicted. And, again,the buyers were from, hostile countries.

[00:31:04] Nir Rothenberg: So, you know, not, not a good look for him. again, you know, I remember the guy, I remember the day he was interviewed. I remember seeing him,you know, I, I still remember like me, like going to grab a coffee and seeing him and then asking his hiring manager who's a buddy, who was a buddy of mine, like, Hey, who's this guy?

[00:31:20] Nir Rothenberg: he was very credentialed and you know, he, he's a technical guy sometimes. They're like, you know, more internalized. It's really hard to get it right. And again, you know, it happened, you know, it happened with Snowden. It happens, you know, the most secure environments and then of the 

[00:31:33] Nir Rothenberg: day people need to work and, and then these things happen. So yeah, I was involved in that. I 

[00:31:38] Nir Rothenberg: was, you know, involved in the investigation 

[00:31:40] Nir Rothenberg: and became like a pretty serious matter with the police and everything. And again, that's 

[00:31:44] Nir Rothenberg: like the highest breach you can, and it's also, you know, I think. In a lot of 

[00:31:49] Nir Rothenberg: companies when you think about the bad guys being on the outside 

[00:31:54] Nir Rothenberg: and it's almost like, you know, being betrayed by your own family.

[00:31:56] Nir Rothenberg: And I remember, I think I remember the CEO of NSO, very charismatic guy, like, you know, one in a million guy. And he was like, he was saying like, that's what hurts me the most, that like, this guy, okay, he hates me and he hates a company and he's leaving. But why would you get like, you know, hundreds of people you work with every day to lose their, uh,to lose their livelihood and,and to lose the ability to feed their families because of your anger?

[00:32:20] Nir Rothenberg: But again, that's a problem with acting emotionally. You know, there's a lot of, also, there's a lot of phases to, to these kind of, you know, insider risks. You know, first they think they can't get away with it, and then they realize that actually they can, and then they're like, you know, suddenly they feel very powerful.

[00:32:36] Nir Rothenberg: And then usually they kind of, uh, freaks them out. Like, oh my God, I can't believe I got away with this. And then they. Think what to do, and then they end up doing something stupid, like trying to sell it or whatever. You know what I mean? And and that's a lot of times where things go bad.

[00:32:47] Nir Rothenberg: but it taught me a lot of things because I knew there was a chance this would happen. Obviously we knew the risks and it's something we brought up. and I learned a lot of lessons about it. Again, we talked about the department of no and me saying like, oh, if you feel that way, don't victimize yourself.

[00:33:01] Nir Rothenberg: Empower yourself. 'cause I was kind of victimizing myself when that happened. I was like, oh my God. Like, you know, there's risks here and, you know, bad things could happen. Nobody's listening to me and no, no, no, no, no.no. And then it happened and I felt even worse. And then like, when I look bad at them, that's where my regrets.

[00:33:16] Nir Rothenberg: Like, you know, why wasn't I better? You know what I mean? That's the only thing I could control my actions. Why didn't I, you know, fight more, do more, et cetera, et cetera, et cetera. Ultimately, like I, I wasn't to blame, obviously, in fact, like the company, you know, gave me, kudos and that was part of the recovery and everything.

[00:33:34] Nir Rothenberg: but I think if you wanna improve, which is where you should, the state you should live in. Know, constant improvement. You know, every program should always strive for constant improvement. Every person should strive for constant improvement. Look at your past, look at a mistake and say like, you know, what can I learn from that?

[00:33:50] Nir Rothenberg: Why can't I do next time? That was one of the drivers of going to a place like Rapid, you know, when I started Rapid, I was like, this place is so boring because we were 50 people and we weren't hacking anybody. And you know, it's just like the payments go payments is a boring thing if you think about it.

[00:34:05] Nir Rothenberg: Like payments is the only interesting way it doesn't work. Just imagine going payments becomes like the most interesting thing that happened to you. And the story would be like this. I went to Walmart, it was COVID VI needed toilet paper and my, and the damn point of sales device didn't work. And that ruined my life.

[00:34:21] Nir Rothenberg: That really ruined my week. 'cause then I couldn't do this. And then my wife, and it's always, that's the only time payment. It's when it doesn't work. You know what I mean? And it's always interesting when it does work. you know, or, and even when it doesn't work, it's interesting, right? 

[00:34:33] Arlo: So, 

[00:34:34] Arlo: so I'm curious, I, I, I wanna hear about the transition over, over to Rapid and kind of what inspired you to, you know, take that leap from being part of a larger organization and jumping over to a smaller startup. But I'm, I'm also really curious, you know, when I, when, like, for example, with the theft that we were just talking about, did you find that that ended up occupying a lot of your time after, afterwards in terms of, you know, engaging with law enforcement and,

[00:35:00] Nir Rothenberg: Totally. All the, all 

[00:35:01] Nir Rothenberg: my time. 

[00:35:01] Nir Rothenberg: all my time. it was just around the holiday season and, uh, there was no holiday, you know, constantly, you know, just a forensics forensic activity. Understanding what happened, understanding how I kind of knew how, 'cause I knew where we were weak.

[00:35:14] Nir Rothenberg: I, I raised a flag there, you know what I mean? but. not just in a general sense, but exactly forensically, how did he manage, then doing all the actions that needed to be done afterwards to, to make sure you can minimize that, those risks. in that sense, and then taking, you know, and, and then to conclusions, personal conclusions about my actions, career conclusions about what's another company?

[00:35:36] Nir Rothenberg: So I end up staying a long time still, like, not a long time, but let's, I think about a year afterwards, but I already had on my radar, like, you know, the best thing for me is to find a place that, you know, you, I could be very influential so I can, to the best of my ability to make sure this doesn't happen again.

[00:35:52] Nir Rothenberg: And by the way, I still keep that mindset if something happens in rapid. I always think like, okay, how could I have stopped this. Like it has nothing to do with me, you know? and thank God we haven't had an event that, you know, like a big cyber event or anything like that, but even some operational event, which happens at every company all the time, you know?

[00:36:08] Nir Rothenberg: and I think said you're the CEO, uh, you know, of Osano, right? so it's such a lonely position because it's like, ah, he'll decide it's his problem, you know what I mean?it's kind of not fair if you're an executive. Why is it the CEO's problem? You know, why don't you collaborate? Why don't you like a better like partner there?

[00:36:27] Nir Rothenberg: Like maybe it should be your problem, even though it's not responsibility. Maybe you even find a way to work with the other C level or V level or whatever director and be like, Hey, you know, I'm worried about that. You know, most senior people, unless they're terrible, if you tell 'em like, I'm

[00:36:41] Nir Rothenberg: really worried about X, they're gonna give you the time of day, they're gonna talk to you, they're gonna think with you.

[00:36:46] Nir Rothenberg: But you know, we're all swapped. We don't do that. And then it all comes to the CEO and he doesn't have the luxury of saying like, oh, I don't care about that. 'cause you care about everything. You're the CEO. So I think, again, that's a lesson I try to have for myself. But yeah, it, yeah, it took all the time.

[00:37:02] Nir Rothenberg: It took all the time. when it happened. 

[00:37:04] Arlo: so, post breach was a, it sounds like a difficult time for you personally and professionally to just grapple with and reflect back on all those things. One thing you've been talking about that I think is really interesting is, is building that collaboration. Peers do you have any tips for the audience who, you know, they're risk professionals or their privacy professionals and they're, they're struggling to go build those relationships and build those bridges, do you have anything that's worked for you that you would recommend other folks do?

[00:37:33] Nir Rothenberg: Yeah, so obviously humor. it, it, it's funny,I, I still remember this, one of my first jobs, you know, like in Israel you do high school and then Army Military service. And one of my first jobs was like a telemarketing, like, you know, it was at night. 'cause you know, we have opposite hours with most of the US so we would, you know, I have like fairly, by the way, I have a bit of an accent.

[00:37:53] Nir Rothenberg: People thought I was Hispanic in the telemarketing. It was weird. Like, everybody thought I was Hispanic, apparently on the phone. Hispanic. Hispanic. it was, I was honored. It was like the coolest they've ever felt. but, and I sucked by the way. I was just horrible. I didn't have patience. I didn't know how to sell.

[00:38:06] Nir Rothenberg: I didn't understand anything. So we'd have to sell and, and you were supposed to get four cells a night or they'd fire you after a week. that, was hard work. So, you have to work all night, just make like hundreds of calls. Everybody would like curse you at that. Like, everybody's like, yeah, screw you and hang up in your face.

[00:38:21] Nir Rothenberg: And then somehow, just by sheer numbers, you need to get like four sales a night. Some people would get eight and 10 and then they get bonuses, but four was the number you'd have to stay. And I was, bad. I was getting like, you know, one a night, two a night. Like I had a great night. I got like three, you know, and I never ever get to four and like a month passed.

[00:38:40] Nir Rothenberg: And I was like, okay, I'm getting fired at the end of the month. Like I just can't get my number or a weeker. I'd remember right now. And then another month passed and I was there ready for a few months and finally got fired. My boss called me. He's like, listen here, you know the rule, you have to go. I. But I'm like, and you know, I'm like a deer in the forest.

[00:38:56] Nir Rothenberg: Like every time I come, like, is it happening today? Is he toying with me? And I was like, frustrated. 'cause I wasn't good by, but I was staying, you know what I mean? 'cause you know, you're supposed to get kicked out. And it's like, what? I was like mailing it in. But, then I was like, why'd you keep me for so long?

[00:39:08] Nir Rothenberg: He's like, you're funny. He said, when you work in telemarketing, like it's hard. It's grueling and like, you know, you're on the phones and there's so, so much negative energy thrown at you from, and by the way, I know today I, for a few years, I, I kept, people would call me and have a lot of empathy I'm like, oh, it's such a hard job. I'm really sorry. I'm not interested today. I'm like, how dare you call me? This is, you're the worst. How dare you? So, so, and I get it. It's like you take all, you know, wherever you are, the most negative stuff, you just throw down the phone at the person calling. So He said like, your, positivity was worth.

[00:39:44] Nir Rothenberg: Like obviously I can't lose too much money on you, but it was worth, uh, extra weeks, months that you're around. Uh, and I took that lesson with me. I think like ultimately you work with somebody, you spend hours with them every day. If it's fun to work with you, even if you give bad news, if it's fun to work with you, if you just make a good atmosphere, if you come and smile, if you just bring in positivity, people enjoy working with you.

[00:40:06] Nir Rothenberg: And that's very important. You know what I mean? and we all have these people in the office and we're like, I don't even know what that guy does. you know, he 

[00:40:12] Nir Rothenberg: puts a smile on my face where she puts a smile on my face when she comes in cause she's just got that 

[00:40:16] Nir Rothenberg: positive energy. So I tried to do that.

[00:40:19] Nir Rothenberg: Obviously being an executive 

[00:40:20] Nir Rothenberg: managing, you know, dozens and dozens of people globally, 

[00:40:24] Nir Rothenberg: I'm like very frustrated a lot. 'cause I have some vision and it's not executed and it's like a few levels of not executed. And I'm sure you know what I'm talking about. yeah, exactly. So. Then you're like, why is this not happening?

[00:40:36] Nir Rothenberg: And then,then you have like this kind of, you know, resting, bitch face. I would call it mad face, whatever you wanna call it. Like, like you're always like that. but you know, I try to channel that again you know, try to remind myself and when it happens, especially when I collaborate, you know, nobody knows a dark secret.

[00:40:50] Nir Rothenberg: My team knows. But when I collaborate and come, and I make that connection through humor, which is my tool, but also from really, really focusing and trying to see what the other side is going through. that's it, that's all you need to do. 

[00:41:04] Arlo: So, and humor.

[00:41:05] Nir Rothenberg: Empathy and humor. Pitching is overrated.

[00:41:08] Nir Rothenberg: Nobody cares about your like 10 page argument. Nobody's gonna read that. The, at best they're gonna put in chat, GPT and tell the, even though if they don't have a license, they're still gonna do it. And they're gonna say they're gonna take a screenshot and upload it. 'cause you can't lock it. They're gonna take a picture of the phone and just upload it like that.

[00:41:24] Nir Rothenberg: ChatGPT could eat that and understand that today you don't even need like OCR or whatever. They're gonna do that. And then they're gonna summarize your long ass, like pitch about why it's important and why you're right and why they're wrong. And they're gonna get a line out of it and they're not gonna listen to you.

[00:41:40] Nir Rothenberg: And it's just get gets harder and harder. So the way to do that is just not to play that game. Just don't play that game. Come to them with understanding and curiosity for what they're going for. Listen to them, understand their problems. and then especially if you don't have like, organizational power.

[00:41:58] Nir Rothenberg: 'cause one of the great things about working in a finance company, which is again, if, if you don't wanna do that, then work in finance. Finance, they care about compliance, they care about security. It's very, very, it's people or medicine, I think,less experience there. 

[00:42:12] Arlo: So where did your humor come from? Nir. I, I, I mean, were you always a funny guy? were you born and, and everybody was like, oh, look at that funny baby. 

[00:42:22] Nir Rothenberg: for sure, 

[00:42:23] Nir Rothenberg: for sure. They said that, they said like, I'm so sorry. They probably tell somebody, there's a few things. First off, I, I was in a school trip and I got bitten by radioactive. No, I just kidding. But, uh, first I think. Growing up in Israel, in the Middle East, you know, everybody knows like, what's happening here.

[00:42:41] Nir Rothenberg: You have to have some humor. You have to have some humor or, you don't have to, but it's much easier if you do, you know, when you're in the bomb shelter, or when you read all the horrible things or.

[00:42:49] Nir Rothenberg: when you see all the hate or when you, youknow, if you have a little bit of humor, it diffuses the negativity and it's easier to have discussions and it's easier to live.

[00:42:58] Nir Rothenberg: So I think, you know, just from the fact of the reality I'm in, in Israel and, but also really in the world, you know, it's tough times For many people. I think humor is something that if you develop, it's good. I think it also comes from your family. I came from a pretty big family.

[00:43:14] Nir Rothenberg: lots of siblings, uh, you know. If you're the funny one, that's a thing. You know, it's true. If you have, like, if you have like four or five siblings, You gotta have a role.

[00:43:23] Nir Rothenberg: Yeah. You know, so people don't forget you in the car, right. It's like, oh, where's a soda guy? I'm thirsty. You know?

[00:43:30] Nir Rothenberg: Oh, we forgot it. So, exactly. You're battling for attention, you're battling, you know, you get it. Then, I think you connect that to, it's just, you know, today it's just a great, such a great time for anything. Like when I was coming up and, you know, it starts, privacy, you know, in NSL or even really before that, we're just starting the draft and you're like, where can I understand what's privacy?

[00:43:52] Nir Rothenberg: Where can I talk to somebody who understands that You can like, go to a podcast? I remember when like I found out about like cybersecurity podcasts. I'm like, wait, you're telling me that the CISO of Google is talking about what he does for an hour for free, and I can just listen for free? and I, every week there's another like, and I can just listen and like rip them off and say, it's my idea and get all the credit.

[00:44:15] Nir Rothenberg: You know what I mean? So just that alone, the fact that this exists that you, you know, today you're, this is pretty useless, I guess professionally for most people, but uh,I assume sometimes you have people actually give, professional value and then you're like, wow, I should really do that in my program.

[00:44:29] Nir Rothenberg: Here's like three things. Maybe I can say that at end. So, you know, stick around guys and we'll talk about things you could do to, be better at your job. but, more jokes. so yes, same for comedy, Like go on Netflix, go on YouTube. You'll get the best comedians just doing hours and hours of standup.

[00:44:45] Arlo: You 

[00:44:45] Arlo: just have to, you have to pick your comedians though, because if you pick the wrong comedian, you might really be saying some bad stuff.

[00:44:51] Nir Rothenberg: man. Oh, I, I've picked the wrong comedians. I've picked the wrong comedians. I've made the bad jokes. I've apologized. It's happened. I've had people in my office saying, are you sure that your office isn't bugged? Because if it is, you're done for, I'm like, if my office was bugged, I'd be done for like six years ago, so my office is not bugged.

[00:45:09] Nir Rothenberg: Or, or somebody's like, like, how much dirt can you need? Do you need, like, really, like how much? So I definitely picked the wrong comedians. but it doesn't matter. The point is that,you know, humor and like, delivery, just like anything, you know, really something that you just, if you, it's a skill.

[00:45:23] Nir Rothenberg: You practice, it's perishable. You practice enough, you can get it, Anybody can have more humor. You just need to listen to people who deliver correctly, talk like them, and then you'll get it. Same thing. Anybody could be a better, a lot of times people ask, how can I get into cyber?

[00:45:37] Nir Rothenberg: I'm like, okay, this is what you do. Here's three podcasts. Listen to 50 episodes of each. Get back to me. Most of them never get back to me. The people who did are all security executives. Now, not many, like a handful of people. That's all they, obviously, they did more stuff, but after you listen to 150 episodes, let's say they're half hour episodes, you just listen to 75 hours of the highest level people talking about their craft.

[00:46:00] Nir Rothenberg: You have a clue. You understand the concepts. They talk about what they do. You take that, you start learning more. You start applying that to your job, you start getting a little bit of resume. Then you go to an interview, you have value. They'll ask you, oh, what would you do for a program? You're like, you just listen to the cisso of Uber.

[00:46:15] Nir Rothenberg: Explain what they do. And you're like, you know, I would do what Uber does. I would do like these six things. They're like, oh my God, you know what Uber does? You know, that's value right there. You pass the interview Y nobody cares. You know? Especially today, if I interview somebody and they don't have the experience they want, but they can do what I need, that's an interesting candidate.

[00:46:34] Nir Rothenberg: That's definitely somebody I would want to talk more and explore and have hired people and good people. some of my best people are people who didn't have the experience, but had the attitude and I knew they could do what I need, and that was right. Sometimes I was wrong, but usually let's focus on when I was right.

[00:46:48] Nir Rothenberg: So a lot, most of the times it was right and it paid off. So. That's my biggest advice to, you know, job seekers who wanna break into privacy, security, or whatever, find these kind of podcasts. Even this one, listen to it. Take notes. Understand the concepts, understand what companies value.

[00:47:07] Nir Rothenberg: And make yourself somebody who can get accepted for the job, who can deliver on it, who can make the promises. and you'll see your career just skyrocket.

[00:47:14] Arlo: I think that's, that's brilliant advice, Nir. I mean, and as an executive at company myself, I can tell you that you can teach the skills, you can teach the craft, but you cannot teach somebody to be curious 

[00:47:26] Nir Rothenberg: Or funny or funny.

[00:47:28] Nir Rothenberg: he has to want it and work at it and work on it and listen to tons of standup and make the joke. And then, and you know, remember when we were young, we'd like meet friends. Like, did you see this episode? Did you see night? Oh my God. And then you reenact the funny things and then you make your friends laugh by, by just reenacting what happened.

[00:47:45] Nir Rothenberg: And then, and that's how it starts. So, you know, you're not gonna, most people don't like, you know, do open mics or whatever, but you can still listen to standup and laugh to yourself and kinda remember like a zinger and then use it later on. And then, you know, after a while you gotta repertoire , 

[00:48:00] Nir Rothenberg: So you got that. 

[00:48:03] Arlo: That is awesome. And so, you know, talking more about the, I'd love to shift gears a little bit and talk a little bit about some of the more tactical stuff that you do in terms of thinking about the intersection of privacy and security, because those two realms used to be very separate. Privacy and, and security were kind of independent on their Venn diagram, but over the last five years we've seen them begin overlapping and I'm, I'm curious, when you think about building security programs, is privacy a part of that thought process and planning process, or do you do those two things independently?

[00:48:40] Nir Rothenberg: both. you know, it's not either. it's both. Right? So first off, if you wanna excel in privacy, you gotta do independently, you gotta bring in. it's a skillset. It's important. it's much more compliance oriented than a lot of cyber.

[00:48:55] Nir Rothenberg: but at the same time, when you any cyber program, one of, one of the, things you gotta take into account is compliance considerations regarding the data. You know, 'cause again, that's a context you need. I have all this data,but you know, I'm, uh, in an unregulated island in the Pacific. Okay, cool. I don't need to do anything about it. I don't have to be a compliance ready. I don't have to tomorrow morning approve. I'm fine. But you know, if you work in a global payments company like I do, we have to assume that tomorrow morning a regulator's gonna ask some questions and we wanna be ready with answers.

[00:49:30] Nir Rothenberg: So you have to be ready. You know what I mean? You have to be ready. It doesn't mean you have to get everything right. A lot of people are like, oh my God, I have this gap. Okay, great. We'll have something to aspire to later on. You can't fix anything. That's all, again, that's even naive. If you wanna fix every gap, you're naive.

[00:49:45] Nir Rothenberg: You're naive, you can't fix, you want the gaps. It's like you want cyber to be around. You don't want to get hacked. You don't want the gaps to materialize, so you choose your battles. 

[00:49:55] Arlo: When you, when you think about security, right? The, one of the tenets of security is, you know, log, log, log, right? You know, keep it all, keep it all because that's where the, that's where you're gonna find the fingerprints and the footprints for somebody who's trying to attack you. has privacy, made it more difficult?

[00:50:12] Arlo: To implement some of those security protocols because we talk about data minimization, which is very much the opposite of what security professionals historically 

[00:50:21] Nir Rothenberg: Yeah, but, but it's, but it's only if you're a dummy, you know what I mean? it's like, like I can't have this seatbelt, it's choking me. No, you're just not sitting straight, you know? It's like seat belts are designed so, so yeah. Logs. You should have at least a year of logs, if not more.

[00:50:35] Nir Rothenberg: It depends what your context is. but it doesn't mean it has to have PII, like, I, there's ne there's zero forensic that's just like police, but I'm talking like for a regular company that just wants to know who hacked it. It's not like, oh wait, we don't know the Bob's last name. And we have, we don't have this PII in the log.

[00:50:53] Nir Rothenberg: We can't investigate. No, it's not important that when, you investigate cyber, you wanna investigate, you know, the who, how, what. So Bob is only important if he's the hacker. You know what I mean? If he's not the hacker, if he's just a data subject to kind of use your service, it doesn't matter. Your log could just totally be a. know, ob, sophisticated and encrypted, and you just remove that. You know what I mean? So, fact,it's, you know, it hinders you to have that. in fact, logs should be as small as possible. So I would argue that if you want, have a good monitoring program, don't take all the logs, whatever you need, think about how you can get hacked, especially today in the, in the world of scale.

[00:51:33] Nir Rothenberg: when you do payments globally, you're talking about millions and billions of payments. If I take all that information over to security, I'm just gonna pay millions just to, to ingest that, to compute that. It's just so hard. I would rather minimize that. To exactly what I need to solve, the riddle that's happening.

[00:51:51] Nir Rothenberg: So, so, and again, it's not, it's not like, oh my God, what could happen? It's like, you know what could happen? It happens all the time. Just that's what happens. You know exactly how there's like five ways to get in. They can get in like this and then you'll need to know these things. So log that. So what we did.

[00:52:08] Nir Rothenberg: We work really hard and we with our sim vendor and we wrote custom loggers for our applications, meaning, 'cause we don't even want all the logs, we don't even want, forget about PII, not p obviously. Additionally, because we're PCI compliant, it's very important. We wanna make sure that all the PCI information and we expand that to PII doesn't go to where it shouldn't go.

[00:52:28] Nir Rothenberg: So, you know, for analytics and you know, AI and all this data stuff, nobody needs to know the personal information, right? So, we partner with some tools that allow this compliant access. There's all kinds of cool technology. People should look into something like differential, uh, privacy,where it kind of, for every, value, it puts in like, you know, a lot of incorrect value to the point that.

[00:52:51] Nir Rothenberg: Statistically it's the same, but you can know which one it's real. So my name would be, would appear like 16 times. It's like it's impossible to trace back to the real person, and it works really well with data privacy and and data streamers and a lot of other stuff.

[00:53:05] Nir Rothenberg: So anyway, there's a lot of cool solutions we do. But the point is, for logging and monitoring, we minimize it. We went even less. And then now, you know, it's cheaper, it's faster, and we get the answers we need when we need it. And when the forensics people come in, it will be ultra focused on how they need to respond.

[00:53:22] Nir Rothenberg: And we know, because we didn't do, obviously we worked with the forensics as well. We know if an event like God forbid we ever have an incident, we'll be able to respond right away with exactly what we need. and, and that way it, it works perfectly. It's combined for privacy. So I'm just saying just like anything quality.

[00:53:39] Nir Rothenberg: You know what I mean? it's like, how can I have like, you know, a chocolate dessert that doesn't have an aftertaste? It sounds like you just didn't go to a good restaurant. How can I have a good Ruben sandwich that doesn't have that crunchy or whatever, you know, afterwards it has that, you know, the, the pastramis and the mustard isn't spicy enough.

[00:53:55] Nir Rothenberg: You didn't go to the right Ruben restaurant place. Right. You need to go to the right place. so, you know, the answer is quality. It's quality. don't victimize it. They'll be like, it's so hard to do it. Yeah. Usually. 'cause if you do it bad, it's hard to do.

[00:54:06] Nir Rothenberg: it. 

[00:54:07] Arlo: I love that though. I mean, you, You raise a really good point. There's a, a lot of discussion about data minimization and often you find that privacy teams are having to argue with other teams at the organization about data minimization and, you know, like it saves you money.

[00:54:24] Arlo: that's a pretty compelling argument. Ingesting those billions of lines of logs costs a lot.

[00:54:30] Nir Rothenberg: Yeah. and again, if there's, for instance, 'cause we're in finance, there's a lot of anti-money laundering, 

[00:54:36] Nir Rothenberg: compliance and a lot of other reasons to keep data and even to keep it for five or 

[00:54:40] Nir Rothenberg: seven years, right? and that usually trumps privacy. 

[00:54:43] Nir Rothenberg: Again, we're talking about NSO, right? a lot.

[00:54:45] Nir Rothenberg: of times when the government wants to 

[00:54:47] Nir Rothenberg: catch the bad guys who do fraud, they don't care about privacy. They're like, just give it to me now. Gimme a dump of your data and I'm just gonna keep it whatever I want. and if you ask me questions, I'll arrest you. By the way, 

[00:54:56] Nir Rothenberg: this is all governments in the west, in the eu, if they wanna, they're investigating criminals who are, you know, moving money.

[00:55:03] Nir Rothenberg: They'll do anything. They're ruthless. so something we have to keep it. But again, also, what do we have to keep and how long and how do we know to erase it? That's where really a lot of times you can excel because, It's hard to be good at everything. A lot of privacy professionals, they know the privacy relations really well.

[00:55:18] Nir Rothenberg: They know what flies, they're amazing, but what they don't understand is how the product is technically built. but as cyber professionals, we understand that a lot better. Many times, not always, because we actually put safeguards in place and, you know, we have to run a pan test and we get results.

[00:55:35] Nir Rothenberg: So this collaboration is really great. You know, we're like their CTO so to speak, you know, so a lot of times I go with my, I'll go with the privacy team, or somebody from my team will go to meetings and we say with the architects in r and d and we're like, remember when you put that feature in for that cyber Azure?

[00:55:50] Nir Rothenberg: So let's do that and get the data. Or remember, we wanted to have that encryption because of the customer wanted this kind of key, so let's do that, but make it, you know, use encryption trick to kind of, you know, kill the data that you can't get it. you know, we kind of brainstorm together and we collaborate.

[00:56:06] Nir Rothenberg: and by the way, it works well if your legal team likes you, it's always good, right? It's always good. Like you're always, there's always a contract that you need them to, you know, you need them to work on really fast, even when they have a lot of more important things to do. You know, you got, I gotta sign this vendor now, or, or, you know, the spring sale is off or whatever.

[00:56:23] Nir Rothenberg: So, it's really good to collaborate and I think it's, again, I think it's very important. I think it's very important if you wanna have high quality, When you go to like a chef restaurant, I assume the kitchen, nobody's like, ah, I don't care. The tomatoes suck 'cause I'm doing potatoes or I'm doing soups.

[00:56:38] Nir Rothenberg: No, you want the kitchen to be good. You want the quality to be high. So I, I think that that's a good attitude to have, when you collaborate.

[00:56:47] Arlo: I love that. Keep the quality high. So speaking of quality, what's next for Rapid? you guys are a fast growing payments platform. you know, there's a big 800 pound gorilla in the, in that category, in the form of Stripe. what is it that Rapid does that you feel is, is something that stands out that's different that, that gives you guys an edge in the space?

[00:57:08] Nir Rothenberg: Yeah, so globally we're, we're very strong. so yes, Stripe is a gorilla, by the way. Stripe is one of Rapid's investors. because Stripe, they're so big, they tried to look at the up and coming companies and bet on them early, which they did, very well with Rapid, and actually got to meet Patrick Colson once, when he came to, to visit Rapid.

[00:57:26] Nir Rothenberg: And, you know, it was a real honor to meet him. again, I came from nso, so I was like, I like a novelty hire. And I was like, I'm like, so wait, you're like the biggest FinTech really.

[00:57:37] Nir Rothenberg: Like, but yeah, Stripe are amazing and these kind of category leaders, what they do is they raise the whole category. So thanks to the easiness of Stripe, there's a whole generation of. Businesses that expect really easy payments in many payment methods all over the world.

[00:57:51] Nir Rothenberg: And that's a giant opportunity for a lot of companies, rapid included. So the payments, field, just growing and growing. And there it seems like there's enough room for everybody. So again, it's not, a lot of companies also they have Stripe, but they also have a rapid or another company because, you know, you have to be redundant in payments.

[00:58:08] Nir Rothenberg: and that's great. so I think what I see is, uh, you know, rapid is killing it. We also do a lot of m and as, uh, we buy like almost a company a year, every two years because we just bought a company R Size. I'm integrating it. you're asking me what's next. It's almost like, you know, I feel like I'm at,at the treadmill, sprinting, and you're like, so what's your next sprint?

[00:58:28] Nir Rothenberg: I'm like, let me get this one through. You know what I mean? it's like I, it's really like just before you and after you have calls with like Columbia to integrate them and,I don't know what's next. I'm still, I, you know, if you wanna live in the present, set yourself on fire, you'll be like so present.

[00:58:43] Nir Rothenberg: You know what I mean? So, uh, a lot of times in our profession, cyber or privacy, there's just a giant flaming fire to put out. 

[00:58:51] Arlo: And you're at a startup. I mean, so on top of that, right? You 

[00:58:54] Arlo: know, everything's going a thousand miles an hour.

[00:58:57] Nir Rothenberg: And if it's not, and, and I got that mentality. And so if it's not, 'cause I can't, I'm one of the early ones. So if it's not, I'm like, what's going on here?

[00:59:05] Nir Rothenberg: Why is there a process? We should just go, you know? So, uh,which is again, I have to like calm down here. Those them see the real, you make a joke. 

[00:59:14] Arlo: Be empathetic, be 

[00:59:16] Nir Rothenberg: Be empathetic. What did you see in that podcast? Do that. 

[00:59:21] Arlo: So this has been an amazing interview and I know that I have really enjoyed listening to you, but you know, you're, you're a professional in security and risk, and I'm curious, you know, when you go home at night or when you, when you start your day, is there anything that you do that you wouldn't necessarily recommend that everybody else do in terms of privacy and security? 

[00:59:44] Nir Rothenberg: in terms of privacy and security?

[00:59:45] Nir Rothenberg: there's so many things I would not recommend people to do, but in terms of privacy and security, wow, that, that's a really interesting question, I would say that. Social media is horrible. you know, doom scrolling there, there's so many hours of nights that I was like, you know, I finished the work and I just wanna get, I should get into bed and sleep is so important. And then I'm like, you know, 40 minutes later, an hour, I'm like, what did I just do?

[01:00:10] Nir Rothenberg: I didn't, I have so many emails I didn't get to. Did I just watch like a thousand reels? You know what I mean? So that thing I always regretted, I always feel so weak, you know what I mean? It's like succumbed to the drug, you know, the dopamine, the, and endless the dopamine. You feel like you just, feel your iq like really like going down until it's like I tell you, you forget to breathe.

[01:00:30] Nir Rothenberg: You forget to like, take breaths, you know? And they're like, okay, I gotta stop this. You know what I mean? It just, it is just the worst. It really is the worst, especially if, if you love what you do, and I really love cyber nowadays, and there, there's always another startup to help and et cetera, et cetera.

[01:00:45] Nir Rothenberg: so, so that's, uh, one thing, another tip I can give is, you know, if some, if somebody gets scammed, your wife, your mom, your kids, and then you're like, it's like almost, you know, there's a saying in Hebrew, probably in English too. Uh, the shoemaker walks barefoot, right? it's more eloquently than I say it.

[01:01:02] Nir Rothenberg: So you're like, dammit. Like they, they just, scammed my mom. My mom. Like, why didn't I, like, why didn't I not have the patience to like, kind of explain it? So I actually went to my son's school, third grade. gave them like, know, a lesson like in like, you know, online safety. It was freaking unbearable.

[01:01:19] Nir Rothenberg: They didn't respect me at all. I'm like, but guys, don't, you know, I'm an executive. And, uh, they're like, shut up. No, but, but no, they really cute kids. It's like, by the way, it's today's kids technology is like their favorite subject. They were like, they were glistening. I never remember, but I remember just being bored outta my mind in school and they were like, oh, like, oh my God, they're all raising their hands.

[01:01:38] Nir Rothenberg: Please, please, let me tell you about the time that somebody hacked my, my uncle. And, you know, they all, they're like living it and they, they have no idea. And the parents have no idea. They don't, you know, at least around me, like, I talk to parents, like, do you put like any limits? Do you put like any apps?

[01:01:53] Nir Rothenberg: Are you like, you monitoring your kids' activity? You know, are you letting them, you know, watch shorts? Like, you know, it's a drug for us. Do you let like a little kid do that? And people are like, oh, we should, shouldn't we? You know, there's no, I feel a lot of parents don't have that. So, so when that happens around me, I'm like, I know better.

[01:02:09] Nir Rothenberg: this is so important in modern life. I should know better. I should act better. You know, they say like, nobody's gonna remember your work hard except your kids, right? So, So a lot of times it's your kids, your family. When you have this ability to teach and you do that and you get, you know, you're like, you're the go-to guy, you, in the company.

[01:02:29] Nir Rothenberg: And yet, somebody hacked my dad's Facebook, right? I'm like, did you have MFA? Like, what's MFM? Like, I failed you as a son. I'm so sorry. You know what I mean? 

[01:02:38] Arlo: Well, Nir, this has been amazing. and for everybody listening, please head over to Rapid and, take a look at their global payments processing platform. 

[01:02:45] Nir Rothenberg: the Y by the way. 

[01:02:46] Arlo: Rapyd.net is their website, so head over, uh, invested in by Stripe, competing with Stripe. That dynamic sounds complicated, but I can't wait to watch it play out.

[01:02:58] Arlo: Nir thank you for joining today. It's been a real pleasure.

[01:03:00] Nir Rothenberg: I just gotta say, we're not competing with Stripe 'cause Stripe is mainly US and we're not. so, you know, there's nothing to watch. It's like a different territory, but yeah, I,I love watching Stripe. They're like, they're doing it right. and I invite anybody listening to connect with me on LinkedIn.

[01:03:15] Nir Rothenberg: you know, if you have any crazy startups ideas, you know, Israel's like the, is like the great global startup hub. I help a lot of startups. I help a lot of founders. 

[01:03:26] Nir Rothenberg: If you're a founder and, you know, you want some advice, you need some help, I'm busy, but, you know, can reach out. I always love to, you know, help, startups when I can.

[01:03:35] Nir Rothenberg: and, and, yeah, that's it.

[01:03:37] Arlo: It's very generous of you. Nir. Thanks so much for joining us. This has been a pleasure, and, you are definitely the funniest CISO that I have ever met. Leading with empathy and humor is a real treat for us to learn about. And if you'd like to learn more about near, you can find him on LinkedIn, or you can.

[01:03:54] Arlo: go visit his company's website at rapyd.net. that's R A P Y D.net where they do global payments.

[01:04:01]