Culture, Privacy & Startups: Anush Begoyan, Head of Cybersecurity @ClickOut Media

Cyber isn’t just technical—it’s human. Anush Begoyan brings a rare perspective that blends engineering, linguistics, and anthropology. In this episode, she unpacks how cultural norms shape privacy risks, what startups get wrong about security, and why structured thinking is key to solving real-world cyber challenges.

This transcript was generated automatically by AI. If you find any mistakes, please email us.

0:00:00
(Anush)
Most of the time, startups develop cybersecurity when they already had a loss. Because if you have a successful startup, you grow very fast, then you don't know how to scale, you don't know how to scale technology, you start plugging things in and then you say, well, hang on, what do I do? And then you have a security that will spend a year to try to plug the holes that you actually have created.

0:00:23
(Announcer)
Hello, everyone. You're listening to Cloud Next, your go-to source for cloud innovation and leaders insight, brought to you by GlobalDots.

0:00:36
(Ganesh)
Cybersecurity is often seen as a purely technical field, but what if the way we think about security is shaped just as much by culture, language, and even arts? I'm Ganesh the Awesome, Solutions Architect at GlobalDots, where we research innovations every day so you don't have to. As always, we invite you to join the conversation on LinkedIn. Let us know your thoughts, who you'd like us to talk to, and what topics we should tackle next. Our guest today,

0:01:01
(Ganesh)
Anuj Begulian, has a career path that defies conventions, starting in linguistics, moving through software engineering, and now leading cybersecurity at ClickUp Media. She has also researched how cultural differences impact privacy and security, and she's an advocate for breaking stereotypes about women in leadership. Anoush, before we start, what should the people know about you? Tell the listener a little bit about yourself.

0:01:23
(Anush)
Hi, Ganesh. Thank you very much for having me in your podcast. And I think you've given a great kind of introduction to what I stand for and my career and the moves around. So I started my education in linguistics, although I wanted to go to polytechnic, but it wasn't a very kind of a female thing to do in Armenia when I was growing up. So I ended up learning English in university and then I moved around different countries

0:01:51
(Anush)
and still carried on the linguistics up until I got to London. I thought, that's it. I'm going to Polytechnic. I'm going to study software engineering and that's what I want to do. And I loved every single bit of it. I missed only just like two lectures in three years. I just loved it. It was just my thing. And then I was raising a family,

0:02:11
(Anush)
so I stayed in university and I lectured as children were young, and I needed the flexibility. And then Stuxnet happened, and I'm like, wow, this is really interesting. Because if you look at the composition of Stuxnet from the linguistics perspective, very sophisticated, from software engineering perspective, it was very sophisticated. But from the human behavior perspective, it was even far more sophisticated because people couldn't figure out why these Stuxnet happened.

0:02:37
(Anush)
They were thinking, oh, well, it was an attack that we stopped, but I still believe it wasn't an attack that we stopped. I think it was just an attack to show what can be done in cyber warfare. So that kind of really triggered my interest. Then I moved into cybersecurity and I realized that for me to actually get my hands on real stuff is to leave academia and to move into consultancy. So then I moved around consultancies and hence, you know, shaped my career. But that's kind of a very small rundown of how

0:03:04
(Anush)
I moved around between different disciplines and somewhat careers.

0:03:09
(Ganesh)
So very fascinating history. Maybe just for the listener to unpack what Stuxnet is, just in case someone doesn't know, could you give us like the smallest summary?

0:03:18
(Anush)
Oh, Stuxnet was a fascinating attack that happened on an Iranian nuclear plant, which in the simplest version, what it did is slow down the cooling reactor. And eventually, if this wasn't stopped, then the reactor would have exploded. This is a very kind of a dumbed down version of why Stuxnet was so fascinating. For me, it was just like, wow, this is very powerful.

0:03:47
(Ganesh)
But that's okay. We're mostly interested in you in this episode, not in the history of that cyber attack. So, but thank you for the clarity on that. That's very useful. So you've just mentioned you've had a pretty varied career, linguistics, software engineering, cybersecurity. What do you think connects these things together in your view?

0:04:08
(Anush)
Well, so languages is just the languages that we speak, human languages. Software engineering is languages that we program computers to speak. So it's again a representation of how we express ourselves, whether it's in a tech field or whether it's in a human field. We can even add music to that, which is another language that we kind of use to express things. And all of these come together in a very structured way. So if you look at languages that have very clear structure, they have syntax, they have grammar, different languages have different variations of those. So is software engineering, right? So

0:04:45
(Anush)
it's just literally different languages. People have structure, they have logic. Just like human languages, we use logic to express our views, our opinions. Just like in software engineering, you will use logic to express whatever functionality you want that particular program to do. And the cybersecurity, then you move into cybersecurity, which is again, a very structured representation of our behavior.

0:05:07
(Anush)
So this may sound like quite bizarre. Okay, so cybersecurity, representation of our behavior. But if you really look at how cybersecurity kind of evolves, at the evolution of cybersecurity, you will really see that we have technology, we have set of circumstances, whether it's economic or political or whatever, you have different adoption of those technologies,

0:05:28
(Anush)
which in its turn shows our behavior via the way we behave towards adopting those technologies. Then it shows the risks that come with it, and then we have the policies that plug in those risks, how to mitigate those risks, and we end up with regulations, with standards, and so on.

0:05:44
(Anush)
So all of this is connected, and I think the common denominator is literally human beings. It's just us and how we express ourselves, whether that's via technology, whether that's via language, via music, or whatever. It's our expression and our adoption of the reality around us.

0:06:01
(Ganesh)
It's a very beautiful or symbiotic way to look at how humans are interacting with technology and very fascinating. And when you talk about the fact that computer coding comes out of languages and there's a logic extension and these kinds of things, it makes me wonder about technology that's out there that might not necessarily be the most well-written or the most beautiful thing that's out there, which is highly successful because it resonates with humans. And then likewise, that people could be creating actually

0:06:40
(Ganesh)
the best piece of software possible, but is not written in a way or consumable by humans. And I think there's probably lots of examples out of there, but what are your thoughts on the people making this and the human imprint that they put on this software that comes out there, all these technologies that come out there and how that affects how they're actually received in the world?

0:07:02
(Anush)
So there are a couple of things to really think about. So when you create a piece of software, there are lots of things you need to consider, right? So budget, your audience, the market, how you're gonna put it into market and how you're gonna consume. You can create the best piece of software

0:07:18
(Anush)
that you think really is addressing a current issue, but there's no need in the market and that's gonna go to waste, right? And you can create the absolutely poor coded software that has a need and people use it, and then we have a lot of vulnerabilities that are coming out of that. So I think it's the, in the startup community that we have right now,

0:07:38
(Anush)
from the inception of the software to the production of it, there's a very short time. We have the agile development methodology that we just spin in sprints and we check out whatever needs to be done by the date, whatever needs to be done. So quite a lot of applications are created

0:07:54
(Anush)
as a means of generating business, so attracting or targeting or solving a particular business need. While you have a piece of software, like AI for example, that you just like literally probably just started as a,

0:08:09
(Anush)
oh, let's see what the idea is about. You know, the organic AI that I used to read when 20 years back when I was studying, it was very, very different in nature than what we ended up having, just the evolution of it, what it ends up.

0:08:20
(Anush)
So you're always gonna have a poorly written software, very good written software, just like in any other things that we do, poorly done job and a very well done job. But one thing you cannot do, you cannot really create a perfect software. I mean, you can in theory, but it will take you decades.

0:08:37
(Anush)
And by the time you finish with that software, no one's going to need it because the business would have moved on. So there's a balance of finding what you create, how you create, you need to get the right time. And then you can start fixing the bugs, which unfortunately is the case in quite a lot of instances that you have seen. You know, we've got something that, oh my God, nobody saw this coming. Oh yeah, people did see it coming, but we're kind of

0:08:58
(Anush)
gambling with the time and competition when it goes to market. Yeah, and I guess we never really solved all the bugs in music, language and culture. So we have no chance of solving all the bugs in software engineering if that comes later

0:09:13
(Ganesh)
in the line.

0:09:14
(Anush)
Music was perfect though. Music didn't have any bugs because it was all up to interpretation.

0:09:19
(Ganesh)
Yeah, well, maybe. I could definitely think of imperfect music. I was forced to listen to the Backstreet Boys on the radio this morning and that didn't feel perfect.

0:09:28
(Anush)
Oh my God. Yeah, that just literally throws me back to the 90s.

0:09:33
(Ganesh)
Yeah, it feels like I did something wrong this morning for that to be on the radio. I want to go back to the similarities between them. So we've mentioned about music languages and cybersecurity, you said, require similar ways of thinking. And from your perspective, this structured way of thinking, how does that evolve into different disciplines for solving cyber security?

0:09:59
(Anush)
So I look at generally in things the way our brain works because I find the way we think fascinating. I wanted to go into neuroscience. I wanted to be a neurosurgeon rather than neuroscience, but I wasn't very good at chemistry, so that wasn't going to happen. So I thought, okay, fine, I'll just go and do other things because I just don't like

0:10:22
(Anush)
this chemistry. But that stayed with me. Why we do certain things, how our brain processes things, and how the brain works at its efficiency. So if you look at the way that our brain evolves,

0:10:34
(Anush)
so look at the music. So if you're exposed to music or you're studying music when you're young, you learn set of rules. Music has set of rules and it's very mathematical, although people think it's not, it's very mathematical.

0:10:46
(Anush)
Like even if you go back, like Aristotle at some point, not at some point, Aristotle has classified music as genre of mathematics. It got lost, right? But that was his classification because it's very mathematical, which then goes back why mathematical models actually create very good music right now. We have software that creates music without really composing. It's just mathematical models, right?

0:11:06
(Anush)
So if you look, if you think about the training, like you train a muscle, you have different tools that you train the same muscle or different muscles, right? And muscle memory stays. So exactly same way. You learn music, for example,

0:11:18
(Anush)
and it's a structure, set of rules that you need to comply. You just need to comply, you just need to comply. You need to find a way of resolving anything you cannot comply with. So your brain works in finding, creating the taxonomy that will help you to actually solve the problem of doing something. So very, very structured, exactly the same way the language, very structured.

0:11:37
(Anush)
It has syntax, it has abbreviations, it has apostrophes, it has this and that. We can have one sentence without any signs, without any marks, and you and I will actually create a text that's very, very different. So we need those structure rules. And same notes, right? We can have the same notes, and if we do not know how to count those notes, which is complying

0:11:56
(Anush)
by the syntax of the music, then we will have very different music. So if you kind of look at that, and if you look, okay, so your brain, what does your brain do? We learned one structure, we'll learn another structure, we'll learn another structure. Your brain maps those structures. The way your brain works is by mapping the structures and seeing what is different, analyzing the difference, and then finding a solution. So that bad analysis we call gap analysis in cybersecurity. No difference to what we really do, right?

0:12:26
(Anush)
But that's how your brain works. So whatever you know, it maps onto a current new situation, solves a problem with how to remember it, how to know that, and then moves forward with a solution. It's no different in cybersecurity. We have frameworks, we have structures, right?

0:12:40
(Anush)
We are given a standard. Here you go, the standard, and go and do a risk assessment for a company, for example. You will go and do a risk assessment, you will do the mapping, and you will see what's different, and you will solve, and your kind of a proposal will be very different from the previous proposal, or maybe similar, but there will be nuance to it. And that is the improvisation that you need to come up with, which is the problem-solving. So if you look at the brain activity as such, these are just different examples of how your brain will do. And by switching between different music, different languages, one language to the

0:13:10
(Anush)
other, to the other, to the other, you just map the different structures, different grammars, and different word structures, and you just remember. Your brain becomes very agile and very quick because it's very similar. So it knows how to work. So you give it a different problem, says, aha, this is how I'm going to do it. I'm going to map it. I'm going to find the difference. I'm going to solve it.

0:13:28
(Anush)
And I'm going to remember it. That's how I see it. Very interesting. I like the analogy of training the muscle because I never really thought of cybersecurity as equatable to the body, but it's kind of, you know, improving your security posture is a bit like going to the gym for the body, you know, it's getting your workout.

0:13:52
(Anush)
And then the different protocols, you know, the NIST 2 or whatever, the different frameworks, ISO 27001 are like, you know, some are doing weights, some are doing cardio or something like that. So I quite, it's built some little vision in my mind of a fitness person. But yeah, it's a, I never mapped it like that. And the incidence response, like the drills we do in incidence response is exactly that, right? To create that muscle memory in

0:14:18
(Anush)
our brain that, okay, when this happens, this is how we do it. So it has more incidents you respond to, more like automatic it becomes, right? So you know, okay, after this, I'm doing this, I'm doing that, oh, whoops, I can't do this now. What I'm gonna do, I'm gonna improvise. More incidents you have to respond, more of those variations are already in your mind.

0:14:34
(Anush)
So you're training your mind really to that response. You can't even compare it with any athletes, right? How they respond. Take boxing, for example, right? You don't have time to think. You have to literally—it has to be the muscle memory. It has to be the reaction, the train, on the punches that are coming. You look into their eyes. You don't look into their hands. You don't see where their hands are going. You need to look into their eyes. My dad told me he was a boxer. So you have to look into the eyes to know where the punch is coming from. Same with incidence response. You need to look at exactly what was at the onset to know what's coming, not what already happened and then response to it.

0:15:13
(Anush)
So there are lots of analogies you can actually do, but I truly believe that everything around us that we create resembles our human body and human behavior. Even in just medical anatomy, you can actually cut all different parts of cybersecurity into different parts of the brain. What's a neural network? That's

0:15:32
(Anush)
how we're networking, right? How do we respond to those networks? I really believe everything is mapped to human anatomy.

0:15:38
(Ganesh)
It definitely resonates with me. You've reminded me that I actually, a couple of years ago at my company, SKO, was talking about sock as a service and seam as a service. And actually, I equated the whole thing to the human brain, because you're constantly getting messages from your hands to say you're touching something hot and it's sending a message and, you know, your brain is the seam of the body. And it's very much like that, actually. It's quite funny because the argument I was making at the time is that there's too many inputs and too many things going

0:16:14
(Ganesh)
into the seam that you can't possibly interpret what they all are, and you need help doing that, which is why we outsource the seam functionality to people. But yeah, it makes a lot of sense and it just makes it a lot more fun, I think, to think of it like that as well, rather than it just being these cold, dead bits of equipment and software. Like, these are extensions of our consciousness and who we are as people. One tiny note, which I wanted to share when you mentioned it, but you talked about

0:16:47
(Ganesh)
the music and patterns in the brain. Interesting fact that there's only one thing you can tell about a brain after a person is dead when you cut it in half, and that's if they could play an instrument or not.

0:16:59
(Anush)
Wow, I did not know that. I thought you'd like that. Wow, this is very interesting. I probably, you know, I mean, I did not know that. I thought you'd like that. Wow. This is very interesting. I probably, you know, I mean, I would like that experiment to be done on me, but I won't know anyway, right? So not that I'm going to know from my own brain, but yeah. It's funny. I would have thought it would

0:17:16
(Ganesh)
have been multiple languages or something would alter the brain, but apparently it's if you're, if you're fluent with an instrument, that's the thing that is, you can tell from the brain anyway, that we digress. So. At this point in time, after this very varied and interesting career, which, uh, I think you could have been a neuroscientist, by the way, you seem to have the passion for it. And for me, that's probably enough, but I don't know. But you've been in cyber security now. We love to learn from real world challenges.

0:17:45
(Ganesh)
Have you had a technical challenge recently, something major that you could share with our listeners and they could take anything away from?

0:17:51
(Anush)
I can share things that are not very sensitive to share. But I think one thing that is very interesting that my career was in big organizations. So quite a lot of people, you of people move around in big consultancies. And predominantly, my cybersecurity career was in finance sector. And as we know, finance sector is the most mature

0:18:13
(Anush)
in cybersecurity because it's the most regulated and it's most regulated because it's people's money in the end of the day, right? So when you move from, when you work in that environment, you kind of theoretically know

0:18:24
(Anush)
that there are all these other industries that are not as mature as, you know, the finance industries. And there's a saying that if you've been in finance industry, cybersecurity, you pretty much can tackle on everything and anything because it's the peak of maturity, right? But the interesting thing is that when I moved from a big company into a small company, which was at the state of a startup, and it still is about six, seven years old, the rules are very different.

0:18:51
(Anush)
And the things you have to create from a very, very beginning, you did not realize that how much of the things do not exist, starting from AV, for example, starting creating, do you need a network? How these all these standalone laptops and computers know, starting creating, do I need a network? How these all these, you know, standalone laptops and computers and every other device, how I'm going to secure that.

0:19:11
(Anush)
While you're tackling all that, your main issue is actually making the board or the management or the founders, or, you know, whoever is at the top to understand what cybersecurity is. Because most of the time startups develop

0:19:26
(Anush)
cybersecurity when they already had a loss, right? So they will lose the money and startups, you know, depending which industry you're in, but startups are the ones that are easier to attack because number one, they don't have cybersecurity. So it's easier to get in and whatever they get away with, they get away with, right? So why would they go and tackle and attack, you know, a very kind of mature postures? So one thing I think to consider is that when you are going into a startup community, this is for people who are, you know, moving careers for, you know, changing jobs. When you're considering startup community, it's very

0:20:01
(Anush)
interesting. It's very challenging because you get to build everything from ground up. But you kind of realize, hang on, 20 years ago at the conferences that we were going, we're all talking about, you know, convincing the board that cybersecurity is important, that cybersecurity's expenditure is a fraction of IT's expenditure and all of that stuff, which then gives you the constraints and you cannot, you know, build the capabilities you need to, you know, protect the company. These conversations are real. Right now, they're real in startup community. So while if you're coming from a very mature posture, you don't really have that,

0:20:35
(Anush)
you know, a skill set to try to convince the board because the board knows, right? So one of the challenges is, okay, so how do I make this into a business case for them to understand? Although, yes, even if they had a loss, you can say, well, you lost all of this money. And they say, well, yeah, hang on, but you've been here. We don't have any more hacks. You know, you're doing a great job. And this is one of the time, right? You know, nobody knows about it. Better you do your job, you know, less visible you are because you know, there's nothing happening. There are no incidents. No one's going to come and pat your shoulders and say, well, wonderful. We didn't have any

0:21:11
(Anush)
tech in one year. Right? You miss one thing, you're out. And that's like a challenge of cybersecurity. But I think for the people who do have startups and who listen to this podcast, what I would advise is, if you're not prepared to have cybersecurity representation in your startup, at least get advice from cybersecurity experts to say, what are the things that I need to consider before I start growing? Because if you have a successful startup, you grow very fast. Then you don't know how to scale. You don't know

0:21:44
(Speaker 5)
how to scale technology. don't know how to

0:21:45
(Ganesh)
scale technology. You start plugging things in and then you say, well, hang on, what do I do? And then you have a security that will spend a year to try to plug the holes that you actually have created. Yeah, very wise. I'd never really thought about that before, but actually you don't need to be a very strong personality in a bank because they'll question you for not spending budget, I imagine. They're so expectant on spending so much money on that.

0:22:14
(Ganesh)
And we talk about it quite a lot on the podcast actually, that it's a lost idea that you need to be a very big personality to be a CISO. You know, I think people have this idea of a CISO as a very dry, uh, security professional, someone who's quite boring or, you know, someone who just fills a role because it's necessary in the company. But actually it's totally the opposite. They need to be like the most charismatic.

0:22:40
(Ganesh)
They need to have a really good storytelling ability to be able to get the money out of the bank or to convince them to spend it. And for sure, startups are the worst. I mean, I even had to laugh the other day. There was a story on LinkedIn. I'm no big fan before I get into the story, by the way, but Elon Musk and his Doge department

0:22:59
(Ganesh)
within the US Treasury, and they left a database open on their website, which means that people could hack the main interface of it. So this is like the number one richest country on the planet, just with the most basic security flaws. And that's because he's operating like a startup. So you can see it.

0:23:21
(Ganesh)
You can even see in the US government when they try and do a startup with inside themselves that they have the same problems. So everybody's open to it for a hundred percent. And on the getting advice, yeah, that's a tricky one. I think thankfully for a lot of those guys or a lot of those people generally, at least they have basic tools that you can just stick on top of a cloud environment now and it can say, am I sufficient for an ISO audit?

0:23:48
(Ganesh)
Or you have these kind of tools like Vanta and other things like that for compliance, makes their lives a little bit easier. Because I think previously, I mean, I had to pass an ISO audit in the days before there was software to help for that. And it was an absolute nightmare. You know, it was like a three person, a a three-man team that took weeks and weeks and weeks.

0:24:07
(Ganesh)
Total nightmare. So at least things are getting easier for the startups out there.

0:24:10
(Anush)
That is if they know, if they know what they need to, you know, address. Some of the startups are not even subject to any regulations and compliance. So they just fly under radar, which is a detriment to themselves, because they are really open to hacking community. And bear in mind, while we have the very basic vulnerabilities, which is literally the human, right?

0:24:33
(Anush)
But, you know, I really believe that education is everything and anything when it comes to the human can be your, you know, your biggest shield and biggest defense. But we need to remember that while 20, 30 years ago, you needed to actually know mathematics and programming, and you need to be able to actually write a program to hack, all of that is freely available, literally on the underground economy. You don't even need to buy the software. What you do, you just go into underground economy and say, well, this is my

0:25:03
(Anush)
competitor. I'm a startup. He's a startup, right? And we are in the same field. I want you to take them down. You just pay whatever you need to pay in your cryptocurrency and they're down. Right. And their IP is out and that you have won the competition.

0:25:17
(Anush)
So I think from the business perspective, understanding how easy it is for someone to take you down if they wanted you to. And most of the hacks, you know, well, we know cybercrime is for money, but we also know that, you know, taking a competition down is one of the things in startup. And in startup, wrong leg forward, and that's it. You're done. You don't hear too much about that in the news. I guess it's, it's clandestine enough that it doesn't, they never get caught or very rarely get caught. Or if they do get

0:25:46
(Ganesh)
caught, it's such a small thing that nobody cares. But I guess it must happen quite a lot.

0:25:50
(Anush)
Well, if you're just a startup and nobody knows about you, who's going to write about you? Yeah. Like there's not going to be any interest in it.

0:25:57
(Ganesh)
Yeah, exactly. Yeah. I wonder how many people go through with it. I can definitely think of people I've met in my career that would be happy to hire underground hackers to take out an enemy. So it wouldn't be greatly surprising.

0:26:11
(Anush)
It's more common than you think. Yeah. Well, we work a lot with the airlines actually in Global Dots. And I can tell you, they are the most aggressive, have the most aggressive scraping engines of anybody. And they will all deny that they're using them. But who else is scraping each other's sites? You know, it's like a real warfare out there. And we get to meet them. I think one thing, one thing to kind of think that the global cyber economy is the third largest

0:26:49
(Anush)
economy globally. Third largest economy in the world. And you think, okay, well, it's not just, oh, you know, kiddies playing around. There are actually people who specialize in it, right? It's their careers. It pays more than a traditional career does.

0:27:06
(Ganesh)
Well, it supports the entire of North Korea at the moment. I mean, they only live off that kind of money, so I'm led to believe, I should say.

0:27:17
(Anush)
There are larger players than them.

0:27:19
(Ganesh)
Yeah, more than 1.4 billion. I think that was the latest heist. That's crazy amounts of money. Oh, it was. It was. I want to jump back and talk about privacy perceptions. You've done some cultural research on how different cultures evaluate privacy and what that perception means to them. How does that look like? How does a

0:27:44
(Ganesh)
cultural background influence the way a company approaches security and privacy so i am.

0:27:50
(Anush)
The interest that i had in privacy in the concept of a price actually stem realizing that my concept of friendship and how you are with your colleagues and all of that is very, very different from the people in West. And I started looking at it when I was doing actually my master's and I thought, oh, let me just have a look at the cultures and the privacy and cybersecurity. What does that actually mean to companies? But how do you look at cultures?

0:28:28
(Anush)
How do you define them? How do you say one culture, the other culture, you're not going to go and say Armenians, Russians, English, French, and all of that, because that's not how you define cultures. And I looked at it from the angle of collective and individualistic societies. So that is quite common characteristic rather than division of certain behaviors, where in collective societies, you have a group's interest that is at the heart of a behavior. And in individualistic societies, you have individual

0:28:59
(Anush)
that is at the heart of a behavior. So if something doesn't benefit me as an individual, I'm not doing it. That is pretty much the Western world, right? So we're very individualistic, very kind of everything, my career, my this, my that. When you look at the collective societies, it's the family, it's the collective, it's the group, or don't do this, the neighbor will say that. In Western societies, like who cares? I don't even know who my neighbor is, right? And that is like a reality. And then you have a melting pot, which is London, where you have all this congregation of all different societies. Okay, and we all go to do the same job, right? We all have the same set of rules,

0:29:34
(Anush)
you know, same policy. You know, this is your password policy. This is your laptop policy. How are we actually going to treat that? And yes, of course, we're going to understand that, but our interpretation of privacy is very different. So for example, what is private for me is not private for you. So if I'm from a collective society, then I'm given one laptop, for example, and my family was 20 years ago, you would have had one machine 10 years ago, one machine in a household. And if your sibling wants to come and play around on a machine, you're going to give them a password. They're going to get in there and they're going to play with it, right?

0:30:06
(Anush)
And you're not going to even think that, hang on, maybe this is a breach of privacy, breach of protocol that I have signed with a company, given it into a Western world. No, this is my work machine. This is not for playing. If you want to play, go and buy yourself a computer, for example. This is in very exaggerated forms. And I always love my personal experience. I remember when my mom was visiting years and years ago, and she didn't speak English, and she will receive my mail, she will open my mail, and she will leave it there for me. And it was so fascinating and funny for me, because it's not that she was opening it so

0:30:42
(Anush)
she can see what's inside because she didn't speak the language, but it was more being helpful, right? So if you kind of look from the privacy perspective, if that happened in a Western society, like if I am to open a letter of my children without telling them, I can tell you I will not have a flying pass.

0:30:59
(Ganesh)
Yeah, it definitely, definitely resonates. Working in a global docks as a global company, as you might imagine, and the differences between how a German culture will receive a technology versus how an Israeli company will receive a technology or a British company. It's always quite amazing to see that things that would sell very well and be very, very well received in one country don't work in another country at all.

0:31:31
(Ganesh)
And those privacy issues, I mean, particularly Germany is very, very harsh on privacy. They don't want their data going anywhere. They don't want the data leaving the EU. They don't even, most of them still want on-premise for a lot of their installations when everybody else has given up. Most of the countries don't care now if you're using a SaaS product. They just hope that you're mostly secure and you've got the certifications and whatever.

0:31:57
(Ganesh)
It always quite surprises me because you kind of make the mistake, well I do, of thinking that everybody thinks like you. The way you think and the way you see the world, you think that's how everyone sees it, and it's totally not the case.

0:32:09
(Anush)
Like we say, common sense is not so common after all, right? You mix cultures and it's not common anymore. So the whole concept of common sense, we say, but it's common sense, why did you not think about it? Well, because I have a very different background, so that common sense doesn't apply anymore, right? So I always say, if I go back to Armenia, I will never drive because they actually drive by their common sense, not by traffic rules, and their common sense is very different from my common sense, so I'm going to get in trouble. I'm going to get in a traffic accident. And the same is in industry, right? So when you kind of think that, okay, so I have given you, like I can give real life examples.

0:32:45
(Anush)
So we will give a machine to a person as a company machine that they need to conduct their work on this machine. They will actually fold it, put it aside, and they continue working on their personal machine. And you think, and you find out months later, I'm like, why?

0:33:01
(Anush)
Oh, it's more convenient. Yeah, but there's a reason why we've given you that, right? And you have signed that you actually will be doing that. You will be conducting all the business. And then you have all the business and you have the personnel migrates on there. All right, fine.

0:33:14
(Anush)
So how I'm going to mitigate now a link you're going to click on your personal email that you're not going to be clued in because our brain doesn't switch very well, right, between work and between personal. So you need to physically divide those things if you want to minimize your risk. So in reality, in workplace, it's exactly that. You think, okay, hang on, but why am I giving you a machine if you're not going

0:33:36
(Ganesh)
to use it? Like, where is common sense in that, right? Not so common. It's funny. You're saying all that, and I'm sitting here thinking about all the things that are on my laptop. It's amazing I'm not blushing while we're having this conversation.

0:33:50
(Anush)
But bear in mind one thing which might help, right? So if you have a company laptop, then your internet, your browsing, everything you do is actually managed by the company if you're signed in with your credentials, right? Company credentials. So everything you have there is actually up for scrutiny by your colleagues

0:34:09
(Ganesh)
if they want to do. Thankfully, I live quite a boring life, so you wouldn't find anything interesting in there. But yeah, it's a... So you say, so everybody says. I want to come on to a topic which is somewhat of a favourite on the podcast and it's about women in cybersecurity and that they're often pressured to appear strictly professional. How do you feel this expectation affects their ability to be yourself at work or themselves

0:34:39
(Anush)
at work? I think from what I've observed with my colleagues and from my personal experience, it's very challenging for us to fit in into this whatever the concept of professionalism looks like in male world, for example, right? So if you are in a male dominated industry,

0:35:01
(Anush)
which finance was mine, and if you're in cybersecurity that there aren't that many women, you fall in the category that your behavior is looked from the angle of what is acceptable to the majority and the majority are men.

0:35:14
(Anush)
So what is professionalism for men? You need to stick into that category. And that may be the way you dress, for example. You will notice that quite a lot of women, I remember when I was going to DEF CON years and years ago, I was probably one of the extremely few women. And on top of that,

0:35:32
(Anush)
I was one, even probably one, or there will be another one, who are wearing heels, right? And then it kind of looked like, hmm, why is she wearing red lipstick? Why her hair is down? Why is she all of a sudden, you know, it's perceived differently, but no one actually looks at the man in that way. Nobody says, oh, why he's got his hair down today? Or why is he wearing a nice tie, for example, right? It puts you in, you know, sometimes you find that your brain, instead of working of solving

0:36:00
(Anush)
a current situation you have, is kind of thinking, oh, what did they think? Why did they look at me? And so when I even had a situation at a workplace that I wasn't being asked to join introductory drinks or this and that, and when I said, hang on, I'm sitting right next to you, you're inviting a newbie guy who just joined.

0:36:20
(Anush)
I'm here, I'm in your team, why am I not invited? And the answer was, oh, we didn't even notice that. And then it was, we think that it might be perceived incorrectly, that if we invite you to drink, I'm like, why would it be perceived incorrectly? Why am I being singled out? Because you think I'm, I don't know, attractive or this and that?

0:36:43
(Anush)
And it kind of puts you in a like, that you just said that, you do realize you just said that, right? That I'm being singled out from how am I supposed to be bonding with when these deals are being bonded, when I'm not invited, because you think that if you invite me to that gathering, I might misunderstand your intentions. It's a business dream, no? So still quite a bit of that. Well, we definitely seem to have a long way to go on a lot of those fronts.

0:37:13
(Anush)
I also feel like there's not only the sort of visual representation that is highly under scrutiny, which isn't for men for whatever reason, historical reasons, let's be honest. But the emotional aspect is also the bar is much higher for women. I can think of numerous examples where I've had a boss who's completely lost his temper and shouting and screaming like a baby. That's seen as a

0:37:46
(Anush)
strength, you know, a good sign of a leader that he can lose his temper and do whatever. And then the exact same in a female leader is seen as she's hysterical and she should take time off because she's being emotional. Yes. And we don't have the same scales, basically. We're not weighing the same. It's not apples for apples, it seems. Because it's not, right? So we are very different, but as you say, the bar...

0:38:11
(Anush)
We need to acknowledge the fact that we have come quite a long way. I mean, this would not have been even a discussion 10 years ago, right? It would not have. They would just think, well, what are you talking about? But I have examples, like for example, I remember once it took me four hours. To actually run around with my sick child from different places to different

0:38:31
(Anush)
places before I actually managed to get to the job and I wasn't even five minutes late by the time I got there. And then my boss said, well, you could have just not turned up. I'm like, I would not think about doing that. While in comparison, in one of the projects, a very senior person was just throwing a tantrum and I'm like, what's going on? And he goes, Oh, my child's bus was late and I had to drive to the school.

0:38:58
(Anush)
And I just looked, I'm like, imagine if I said that, I would not be on the project. I can guarantee you that. So there is that, and you do feel frustrated and you do adopt, unfortunately, you adopt whatever it is now in bigger companies, bigger organizations, it's better. It's getting much better. You can actually get support.

0:39:18
(Anush)
You can say, well, I need to cater for it. But the perception is still the same, right? Not the same. But there's a long way to go for the perception because you express yourself, even like the unconscious bias. Men will look at you and think you're not technical enough. And then, because I had that said for a particular project, that I'm not technical enough. And I'm like, okay, I don't

0:39:41
(Anush)
know what technicality requires. And then when I've inquired who actually was put on that on that project, it was somebody who was almost 20 years younger than me, who had a degree in politics, and who shadowed a project for two months that was application development. And I just looked at like, right, so the fact that I have software engineering degree, the fact that I lectured different software engineering languages for 12 years, I'm not technical enough. And they said, Oh, I'm like, yep.

0:40:11
(Ganesh)
This is it's so if I hadn't heard the story 10 times before, I would say it was unbelievable. Yeah, unfortunately, it is believable, which is common. Common. Yes. What was it like? Yeah, I'm going really far back now to the start, but when you did that software engineering course, whenever that was, I'm guessing you must have been in a super duper minority then as well. So what was that experience? How were you treated there?

0:40:38
(Anush)
I remember on the first lecture I went, there were all computer science students. So you had all the people who were doing like computer science students. So you had all the people who were doing like computer science, and then you had all the different, you know, software engineering, internet programming, this, this, this, this, this. And from amongst all of them, I'm not exaggerating, we were probably 5% of the student population on that course that were women. When then we graduated from software engineering discipline, I was one of three

0:41:08
(Anush)
women who actually graduated from software engineering. So it was very, very small. I remember when I graduated, I didn't even have confidence to actually go and get a software engineering job. I thought, oh, well, you know, the imposter syndrome, I had no idea what it was. I'm like, oh no, I mean, I don't even know how I've done it. Why, how, I don't know. I just followed whatever I wanted to do.

0:41:30
(Anush)
But that was the reality. And quite a lot of women then fall into information systems, into things that weren't as technical. And when I was studying, when I was actually not studying, when I was actually lecturing, you would see the behavior of girls and behavior of boys. And this is why behavior for me was always a very

0:41:53
(Anush)
interesting thing because I moved around cultures. It was a year that I moved from four countries, four different languages, four different cultures. And you kind of observe and your eye kind of picks up the different patterns of behavior. And you would see, for example, Asian groups when you do a task, a group task, you will have Asian groups sitting there and you have male and you have female. And you will see very often women are the ones who give solutions, but they will not present the solutions. And you will have men

0:42:20
(Anush)
that will actually take the solution and present because they are the leaders. And when you probe the questions, they don't even know the answers. So I would then encourage women, so I did a bit of study, encourage the girls to present their ideas, you know, but this is your idea, right? Why did you give up on the idea? Why did you give up on your idea?

0:42:37
(Anush)
Because somebody talks louder than you with a wrong answer than you. So going back from how do we encourage more women? How do we encourage more girls into STEM subjects? It actually buys small things like that by literally seeing the dynamics that are in school. I was a chair of governors for 10 years

0:42:58
(Anush)
and we have done a bit of work on that. You know, how do we present, you know, how do we not segregate, you know, what boys do, what girls do? And it really by fostering this, yeah, well, why aren't you speaking up, and tiny things like that, if we want more women to end up in STEM subjects. And also seeing that you don't need to look like a

0:43:17
(Anush)
man if you go into STEM subject, you can still have your lipstick, you can still have your heels,

0:43:22
(Speaker 4)
that's fine. Yeah, I love it.

0:43:25
(Ganesh)
So you touched briefly on what we can do to foster change there. That's the next thing I wanted to talk about. So obviously encouraging those STEM subjects from a young age and removing any sort of cultural barrier where we see that women shouldn't be going into computers or mathematics, which I think is, we're slowly getting there. But what else do you see from your world that we can do to make a change?

0:43:49
(Anush)
I think on the higher levels, if we're talking about on the organizational level rather than a societal level, I really think that all the initiatives, there are quite a lot of initiatives. Like you take a major company, they do have initiatives, right? Women in tech, women in cybersecurity, women here, women there. And I think the very important component is to have a good male representation in those groups. Because it's just like we're preaching to convert it, as the saying goes, right? So you will gather around, women gather around, we tell our

0:44:27
(Anush)
issues, but who are we seeing those issues from? From the male colleagues, right? So they need to be included in these conversations. And it doesn't really even need to be a big topic or a big conversation or anything. It's just like if we have the culture that we can speak out without worrying about political correctness, for example. If I say that, will HR start chasing me? Because will somebody then start saying, oh, hang on, this is harassment, this is this,

0:44:57
(Anush)
this is that? So I think the red tape is good for certain things, but I think sometimes you know, sometimes it actually acts as an inhibitor for a faster change. And I understand why we need to have all of those things to make sure that things are happening in a controlled environment,

0:45:15
(Anush)
that, you know, we don't have things we don't wanna have. But I think we, the Western societies, Western companies, now are so highly politicized that you really cannot even express your mind at times, thinking, okay, how many months I need to explain what actually I said and what I meant.

0:45:33
(Anush)
That can be an inhibitor.

0:45:36
(Ganesh)
Good pieces of advice. And I hope that somehow we get some steps along the way, at least with my professional lifetime. It seems like such a huge problem. It seems like a multi-generational one rather than something that we're going to fix in like two years or something. The fact we're having the conversations shows progress.

0:45:57
(Ganesh)
I agree with that too. And we're having more of them. We're coming towards the end and we always like to ask one question to our guests, which is the DeLorean question. And if you could go back in time and give yourself one professional piece of advice, what would it be?

0:46:17
(Anush)
I'm pretty sure it would be not to worry too much to fit in, in the job you're doing. Just be yourself. And it's a very difficult thing. It sounds very easy. It sounds very simple. But if I was to go back, I wouldn't worry that much about fitting in. I would just worry about doing the job.

0:46:36
(Ganesh)
Be yourself. Everybody else is already taken.

0:46:39
(Anush)
True. Very, very true.

0:46:42
(Ganesh)
Yeah. wise words. Thank you so much. It's been a real pleasure having you on, a genuinely interesting conversation. Any closing words?

0:46:53
(Anush)
I think I've said pretty much everything, but I absolutely love that you are doing the podcast and you're bringing different people, different perspectives. And I think it's very interesting to look at what people are thinking in the same industry that you are. Because nowadays that we have quite a lot of work that's done remotely from our homes, we sometimes don't get the chance to really talk about certain topics that bother us or, bother us or, you know, interest us. So thank you very much for bringing all of that up.

0:47:27
(Ganesh)
Yeah, total pleasure. I really, really thank you.

0:47:30
(Speaker 3)
Thank you.

0:47:31
(Ganesh)
This episode was produced and edited by Daniel Ohana and Tom O'Morvinson, sound editing and mix by Bren Russell. I'm Ganesh The Awesome. And if you're ready to deep dive and start transforming the way you approach cloud practices

0:47:43
(Ganesh)
and cybersecurity strategies, then the team and myself at GlobalDots are at your disposal. We are cloud innovation hunters and we search the globe looking for the future tech solutions so we can bring them to you. We've been doing it for over 20 years. It's what we do. And if I don't say so myself, we do it pretty well.

0:48:01
(Ganesh)
So have a word with the experts. Don't be shy. Don't be shy. And remember that conversations are always for free.

Related Content

  • Why C-Suite Executives Are Switching from VPNs to ZTNA
    Cloud Security
    Why C-Suite Executives Are Switching from VPNs to ZTNA

    Hybrid workforces and cloud-first strategies have exposed the cracks in VPNs. Designed for simpler times, these legacy tools now create more problems than they solve. They slow your team down, leave security gaps, and make scaling a headache. How do you secure remote access without these hurdles? The answer is Zero Trust Network Access (ZTNA). […]

  • Rethinking IT Security to Build Resilience for the Modern Threat Landscape
    Cloud Security
    Rethinking IT Security to Build Resilience for the Modern Threat Landscape

    The recent two decades have changed how applications are built, delivered, and used. We used to have isolated networks with predictable entry points, but today, that has been replaced with a dynamic, interconnected web of APIs. The consequence of this is the dissolution of the traditional security perimeter. Today, protecting a single network boundary doesn’t […]

  • Cybersecurity Without the Buzzwords: Nir Rothenberg, CISO @Rapyd
    Cloud Security
    Cybersecurity Without the Buzzwords: Nir Rothenberg, CISO @Rapyd

    Forget buzzwords. Nir Rothenberg, CISO at Rapyd, brings brutal honesty about what cybersecurity work really looks like. From lessons at NSO to scaling security in a global fintech, Nir shares why doing the basics right—patching, prioritizing, and partnering well—is what truly matters. We also cover AI, burnout, and building strong teams in a multi-cloud world.

  • CloudHub 2025: Tech Leaders on Vetting, Scaling & Staying Ahead
    Cloud Security
    CloudHub 2025: Tech Leaders on Vetting, Scaling & Staying Ahead

    Recorded live at CloudHub 2025, this episode brings real-world insights from security and DevOps leaders on the challenges of cloud security, solution vetting, and balancing innovation with risk. Featuring Alex Nayshtut (Cellebrite), Einat Shimoni (Lusha), Sagi Levanon (Wotch Health), Anna Lerner (SolarEdge), and Alon Krispin (Allot). Join us for a candid discussion on how today’s tech leaders navigate the ever-evolving cloud landscape.

  • Closing the Gaps in API Security: How to Build Visibility and Protection for Modern Enterprises
    Cloud Security
    Closing the Gaps in API Security: How to Build Visibility and Protection for Modern Enterprises

    APIs may be your organization’s greatest enabler, but without proper context, they can become its Achilles’ heel. APIs power modern digital ecosystems, connecting applications, enabling seamless machine-to-machine communication, and driving operational efficiencies. However, as APIs become the backbone of enterprises, they also represent an expanding attack surface — one that traditional Web Application and API […]

  • Compliance Without Chaos: Meiran Galis, CEO @Scytale
    Compliance Automation
    Compliance Without Chaos: Meiran Galis, CEO @Scytale

    Security compliance is a major roadblock for startups—time-consuming, costly, and complex. But what if it didn’t have to be? Meiran Galis, CEO & Founder of Scytale, reveals how startups can automate and streamline compliance without breaking the bank. He shares his journey from EY to building a startup, explains why AI will transform compliance and gives candid advice on startup growth. Tune in for insights on SOC 2, ISO 27001, AI regulations, and scaling with confidence.

  • What are the biggest business worries in 2025?
    Cloud Cost Optimization
    What are the biggest business worries in 2025?

    No matter their industry or profession, practically every business in the UK and around the world has concerns for the year ahead. Whether it’s employee retention, rising costs, or simply finding new customers, each and every business owner has to make crucial decisions around these fears in order to successfully lead their company forward. However, […]

  • From 2024 to 2025: The Evolving DDoS Threat Landscape
    Cloud Security
    From 2024 to 2025: The Evolving DDoS Threat Landscape

    The numbers from the DDoS landscape tell a troubling story. In Q3 2024, DDoS attacks reached unprecedented levels, reaching a record-breaking Tbps and billion packet-per-second attack. These hyper-volumetric campaigns tested the resilience of global networks against attackers who are becoming faster, smarter, and more resourceful. They also became a wake-up call for IT leaders who […]

  • Universal ZTNA: How Does it Compare to Traditional ZTNA?
    Cloud Security
    Universal ZTNA: How Does it Compare to Traditional ZTNA?

    How will you protect your network as cloud-first strategies and hybrid workforces redefine the modern business landscape? While Traditional Zero-Trust Network Access (ZTNA) solutions laid the foundation for secure access, Universal ZTNA is rewriting the rules. Imagine a solution that unifies your security policies across all environments, simplifies management, and scales easily. That’s Universal ZTNA. […]

  • How eBPF Enhances Threat Detection and Cloud Observability
    Cloud Security
    How eBPF Enhances Threat Detection and Cloud Observability

    Cloud-native environments are growing more complex and distributed. This growth makes security and performance observability even more critical to modern DevSecOps strategies. Enter eBPF (Extended Berkeley Packet Filter), a revolutionary technology that can run sandboxed programs in a privileged context such as the operating system kernel, which enables enhanced: Its ability to extend kernel capabilities […]

  • Is Your Architecture Ready for Kafka? Yaniv Ben Hemo, CEO @Superstream
    Cloud Infrastructure Design
    Is Your Architecture Ready for Kafka? Yaniv Ben Hemo, CEO @Superstream

    When does your architecture outgrow REST APIs? Yaniv Ben Hemo, Co-Founder & CEO at Superstream, joins us to unpack what Kafka actually is, when you need it, and why it’s often misunderstood. From real-time user experience to scaling microservices and optimizing for cost—not just performance—this episode is a practical guide to understanding Kafka’s role in modern data strategy and how Superstream is helping companies get more from it.

  • Weak Defences: The Most Hackable Sports Passwords
    Web Security
    Weak Defences: The Most Hackable Sports Passwords

    We get it. Thinking of another password that you haven’t used before can be frustrating – especially when we have to change or update our passwords so regularly. But while it might be tempting to use your favourite sports teams and clubs as passwords, it’s a risky move for your cyber security.  Using unique passwords […]

  • Solving Network Security Issues for Rapidly Growing Global Businesses
    Web Security
    Solving Network Security Issues for Rapidly Growing Global Businesses

    Introduction Ryohin Keikaku is a global manufacturing and retail company that handles everything from product planning to sales for products known as “Mujirushi-Ryohin” in Japan and “MUJI” overseas. To keep pace with its rapid expansion—adding 100 new stores annually in Japan—and its growing global presence, now spanning 225 locations across 20 countries, including 50 stores […]

  • Optimizing Cloud Costs: Ido Kotler, Co-Founder & CPO @ Pelanor
    Cloud Cost Optimization
    Optimizing Cloud Costs: Ido Kotler, Co-Founder & CPO @ Pelanor

    Cloud cost allocation is broken—but why? Ido Kotler, Co-Founder & CPO of Pelanor, reveals why traditional FinOps tools fail and how a smarter, data-driven approach can fix them. We dive into the power of eBPF for cost visibility, the challenge of multi-tenant environments, and how effective altruism shapes Ido’s leadership. If you're scaling in the cloud, this episode is packed with insights on cost efficiency, accountability, and decision-making.

  • 4 Common Kafka Installation Errors – And Proven Steps to Avoid Them
    Cloud Cost Optimization
    4 Common Kafka Installation Errors – And Proven Steps to Avoid Them

    Apache Kafka is the platform of choice for real-time data processing, but getting it up and running can feel like an uphill battle.  With high throughput and fault tolerance, companies like Spotify rely on this distributed streamlining platform to deliver seamless services for over 600 million global users – supporting everything from log aggregation and […]

Amplify Your Cloud Security

Technology, security threats, and competition all change rapidly and constantly. Your security stack must, therefore, be ahead of every emerging threat and, just as importantly, enable full-speed business processes by reducing friction in critical workflows.

Achieve this with GlobalDots’ curated solutions:

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services