Shahar Maor never planned to become a CISO. His entry point into security came almost by accident—after studying economics and briefly working in the Ministry of Finance, he stumbled into information security in 2007, a time when the term “cybersecurity” wasn’t even in use. “I knew nothing about the field when I started,” he told me. “But I was hired anyway. That’s how it began.”
Fast forward nearly two decades, and Maor now sits at the heart of one of the most difficult jobs in modern enterprise: the Chief Information Security Officer. As he describes it, being a CISO is like being the goalkeeper in soccer. Nobody notices you until there’s a breach—then all the blame arrives at once. “We’re measured only when something goes wrong,” he said. “When things are quiet, people even ask whether we’re needed at all.”
That tension has only intensified with the arrival of AI. Attackers are armed with new capabilities—from credential stuffing to AI-powered phishing—while defenders are expected to master an ever-expanding universe of tools, budgets, and regulations. Maor put it bluntly: “Either you learn to harness new technology to your advantage, or it runs over you.”
Trust, budgets, and sleepless nights
For CISOs, the challenge is rarely just technology. It’s trust—inside the organization, with leadership, and with vendors. Maor emphasized how critical it is to be transparent with boards and executives about what the security team can and cannot do. “Incidents will happen,” he said. “The key is making sure leadership understands the tradeoffs, the priorities, and where we’ve decided to focus resources.”
Budgets are another constant source of tension. With hundreds of vendors vying for attention, the temptation is to buy more tools. But as Maor noted, the responsible CISO must often say no. “Sometimes you need to be the adult in the room,” he said. “Know the company’s financial reality. Otherwise, you end up with too many tools and not enough clarity.”
Collaboration as survival strategy
One of the more striking parts of our conversation was Maor’s description of the Israeli CISO community. Unlike CMOs or CROs, who often compete directly, CISOs collaborate extensively—even with peers in rival companies. “If you get hit, I might be next,” he explained. That recognition has led to unprecedented levels of sharing, from private WhatsApp groups to informal alliances where vulnerabilities, breaches, and lessons learned are openly exchanged. “It’s almost like a union,” he laughed, “but it’s about raising the bar for everyone.”
CISOs and startups: a symbiotic loop
Perhaps nowhere is Israel’s cyber ecosystem more unique than in the tight bond between CISOs and startups. Maor works actively with young companies as design partners, often implementing early-stage products before they’re widely known. “Many times a startup has taught me about a problem I didn’t even know existed,” he said. “And sometimes their solution solved a pain point faster than any large vendor could.”
This collaboration is not just altruistic—it keeps CISOs like Maor on the cutting edge, while giving startups the real-world feedback they need to survive. As Nir Rothenberg told me in a separate conversation, “Startups are our R&D arm”. Maor echoes that sentiment, arguing that CISOs often learn as much from startups as the startups learn from them.
The CISO as parent, teacher, and realist
Maor drew a fascinating parallel between being a CISO and being a parent. At home, he tells his kids they can’t be shielded from TikTok, AI chatbots, or even risky online behaviors. Instead, he tries to give them tools to make smart choices. “It’s the same with employees,” he said. “You can’t block everything. You have to educate, guide, and build resilience.”
This is the heart of modern security leadership. As Tsion (TJ) Gonen told me in another conversation, AI isn’t about adding more dashboards and red alerts—it’s about integrating solutions into daily workflows so people can actually act. Maor sees it similarly: AI tools can help, but the real job is cultural. “The hardest projects aren’t technical,” he said. “They’re about changing mindsets.”
Two lessons
When I asked Maor for closing advice, he offered two simple points. To fellow CISOs: never get too comfortable. “The moment you feel calm in this role is the moment you’re in danger,” he warned. To entrepreneurs: think beyond a feature. “Don’t just solve the problem you saw in the army. Build something defensible—something that tackles a real, enduring need.”
It’s advice forged from years on the frontlines of enterprise defense, and from countless sleepless nights. In Maor’s world, calm is not an option—but collaboration, vigilance, and adaptability might just be the difference between survival and failure.
Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
