Nitay Milner’s entrepreneurial story starts long before cybersecurity. At 13, he took the money from his bar mitzvah and turned it into a DJ business. By 18, he already had five employees and real revenue. “I was always that kid who needed something big, something interesting, something that moves the needle,” he told me. That itch—for ownership, for building—never left.
After serving in the financial advisor to the Chief of Staff unit in the IDF, helping manage tens of billions in defense budgets, Milner studied computer science and deliberately chose product management as his path into tech. “Product felt like a mini-CEO role,” he said. “Balancing customers, R&D, and market fit—that’s the best preparation for founding.” At Epsagon, and later at Cisco Cloud Observability after the $500M acquisition, he led cloud-native and observability products before making the jump into security entrepreneurship.
Orion Security was born from a deliberate, methodical ideation process—not a midnight epiphany. Milner and his co-founder, Jonathan, ran a Converge–Diverge process: forty ideas in a Notion table, many intentionally “stupid,” then weeks of pruning based on feasibility, differentiation, and passion. They focused on security because both had lived the pain—Milner from the product side at Cisco, Jonathan from years in Unit 8200’s offensive ranks. After dozens of conversations with CISOs, one theme kept surfacing: everyone hated DLP, but everyone needed data protection.
“Half the CISOs told us, ‘You look young and ambitious—don’t waste your best years on DLP,’” Milner laughed. “But when we asked about their biggest security problems, they always came back to: ‘I just don’t want sensitive data leaking out.’ They wouldn’t say ‘DLP,’ but they were describing DLP.”
The challenge was clear: the category was right, the implementation was broken. Traditional DLP depends on brittle, static policies and mountains of manual work. Deployment cycles run 8–12 months. False positives flood teams. Only the largest enterprises can afford to staff it. Milner and his co-founder sat in a room and asked themselves a blunt question: Are we just building “another DLP,” or can we design something fundamentally different—something that uses LLMs and intent-based analysis to make DLP 100x better at a tenth of the operational cost?
Their thesis: legacy DLP is anomaly detection for people, and people are inherently anomalous. Machine learning on behavior alone was never going to be enough. But LLMs bring something qualitatively new—contextual understanding. Orion’s approach is to treat every potential data exfiltration event as if a smart analyst were sitting there, looking at the user, the content, the destination, and the business context, then deciding: is this actually risky or just work-as-usual? “Think of it as moving from ‘did something weird happen?’ to ‘did something dangerous happen?’” Milner explained.
That shift—toward intent- and risk-based decisions—echoes the broader data-in-motion story I’ve heard from leaders like Jonathan Roizin of Flow Security, who framed the future of security around understanding how data actually moves, not just where it rests. Orion is doing that specifically for DLP in the AI era, where exfiltration paths now include SaaS, collaboration tools, and AI channels like unmanaged ChatGPT sessions.
Milner sees Orion’s mission as twofold. First, to make DLP something any serious company can “take for granted,” just like endpoint protection or SASE—no year-long rollout, no army of analysts. “If we do our job,” he said, “DLP becomes a default control, not a luxury project.” Second, to extend protection beyond humans to AI agents. “Today DLP barely works for people,” he noted. “But AI agents are already starting to write emails, move data, and trigger workflows. What happens when an internal agent accidentally sends your entire customer list to a third party? Someone has to be the DLP for AI as well.”
The 0-to-1 journey has been anything but trivial. Early on, Orion faced a double trust gap: CISOs were deeply skeptical of anything labeled “DLP,” and the AI buzz made it easy to dismiss yet another “AI for security” pitch. Milner’s answer was ruthless focus on time-to-value. “We set ourselves a crazy target: on day one of a POC, the customer should already see real data leaks and a map of how data moves in their org,” he said. “Not in eight months—today.” That constraint forced hard technical choices, but it’s now paying off; POCs often show value in the first meeting instead of after a quarter.
As a first-time security founder and CEO, Milner is candid about the personal load. “It’s intense,” he admitted. “There’s pressure, anxiety, a lot of responsibility. But I feel like I was built for this. The way to scale is not being the smartest person in the room; it’s hiring people who are better than you and making sure they all run in the same direction.” For him, the CEO’s real job is assembling and mentoring the right team—not being the hero.
Looking ahead, Milner believes data security is on the verge of a generational reset. “Everyone feels that data security is about to be redefined,” he said. “Our job is to take the sharpest AI technology and turn it into practical value for customers as fast as possible.” If Orion succeeds, DLP may finally become what it was supposed to be all along: a ubiquitous, low-friction safety net for the information that actually matters.
About Michael Matias: Michael Matias is the CEO and Co-Founder of Clarity, an AI-powered cybersecurity startup backed by venture capital firms including Bessemer Venture Partners and Walden Catalyst. Clarity develops advanced AI technologies protecting organizations from sophisticated phishing attacks and AI-generated social engineering threats, including deepfakes. Before founding Clarity, Matias studied Computer Science with a specialization in AI at Stanford University and led cybersecurity teams in Unit 8200 of the Israel Defense Forces. Forbes Israel recognized him early on, naming him to the exclusive 18Under18 list in 2013 and the Forbes 30Under30 list thereafter. Matias authored the book Age is Only an Int and hosts the podcast 20MinuteLeaders.
