Interview: Aliona Levca & Pinky Cybersafe
Today we explore the startup journey of Aliona Levca, Co-Founder and CEO at Pinky Cybersafe, from Moldova.
Pinky CyberSafe is Enhancing cybersecurity awareness for SMEs and utilizes AI-driven solutions to fortify digital defenses.
You can listen to the episode with Aliona Levca on Spotify:
Or read the interview.
Pitching Pinky Cybersafe
What we are trying to do is solve the biggest challenge that small businesses face while dealing with the risks and threats of the digital space. On one hand, they don’t have enough resources to find, install, and manage the cybersecurity solutions that already exist on the market.
On the other hand, they don’t have enough knowledge to understand what they need, why they need it, and how these tools can benefit them. So, what we are basically doing is making cybersecurity accessible to small businesses, especially from these two perspectives: from a perspective of resources and from a perspective of knowledge required. We streamline the experience for small businesses on our platform.
We offer advanced tools with a very easy, approachable interface that empowers small businesses to solve their own problems and to understand the challenges and the mitigation measures much better.
How has everything started for Pinky Cybersafe
It actually began when I was CFO and later CEO at the local bank here in Moldova. I had to approve this huge budget for different areas of bank activity, including IT budgets and cybersecurity budgets. I’m very good with numbers. I understand numbers, processes, and everything behind the numbers.
The cybersecurity part was always a challenge for me because, even with some background in IT, that part of cybersecurity was always too complicated, too advanced, too specialized, and often written in a language that is not understandable for business. It’s not written in a risk language, but in a technical language, which is always challenging.
First, the idea that we are doing something wrong in cybersecurity came to me. I mean the approach, not the tools or technology. If that approach is not suitable for us—a bank that has resources, the team, and the required knowledge—how should small businesses handle this? How should they solve this challenge for themselves?
During my time at the bank, this didn’t seem like a big problem because I had the same misconception as most of us do—that small companies are not targets for cyber attacks because cyber criminals would look for big companies, big profits, big whatever. Then I started to dig deeper into the subject and found out that 53 percent of attacks are directed towards small businesses. More than half are directed towards small businesses.
That’s when it clicked. There is a huge need on the market and a huge underserved segment that has no protection. I dug deeper and found out about supply chain attacks, where big companies are attacked through small companies. So, a big company might have all the security, people, and resources, but they have a supplier—a small company—that is not protected. An attacker can penetrate the big company’s environment through the small company, creating a huge weakness for the big company as well. This amplified the problem further, showing the potential is much larger.
We discussed this business opportunity with my current business partner and co-founder. We invited some very bright minds in cybersecurity, network architecture, and product management to Moldova, to Chisinau, and had a brainstorming session with a simple question: what can we do? That’s basically how, during this brainstorming session, the idea of Pinky Cybersafe and this whole educational and empowering journey appeared.
How did the name Pinky Cybersafe happen
We purposely selected the name. The second half, Cybersafe, is clearly associated with cybersecurity. The first half, however, is a little bit confusing and should throw off most people looking at our startup’s name. We did this to communicate that we are not like the usual cybersecurity companies. This is also reflected in our color scheme. Typically, cybersecurity company logos use colors like red and black or yellow and black because they are warning signs and are meant to be frightening. Our colors are pink and deep blue, which give a sense of trust, something playful, and approachable.
This is the concept. It’s all about making cybersecurity accessible. Pinky should give you the sense that cybersecurity is not that technical. We make it simple, nice, and easy. We make it approachable.
Secret Sauce of Pinky Cybersafe
I wouldn’t want to dive too much into the know-how, but I do want to share some of our competitive traits. First of all, we are coming back to the word “accessible,” and for us, accessible means super easy. A very different user experience is one of the biggest focuses for us in product development, specifically user interface and user experience.
We did thorough market research on the available competitive tools and solutions. We looked at what is out there. Personally, being not that advanced in the technical part, I was the test monkey who tried all these solutions. Not only me, but a couple of others as well. We all came to the same conclusion: these solutions are targeted towards cybersecurity specialists or at least system administrators. A network administrator is someone who understands the whole setup of how cybersecurity should work in a network, while the decision-maker is a business person.
Remember my first encounter with the cybersecurity problem? We are changing the message content of our UI/UX on our platform. We are translating it—purposely using this term—from technical language into business language. We are using ML algorithms to do so. The technical part is still accessible, but for your convenience as a business owner and decision-maker, you also have the business language, which helps you understand the technical part better.
This is the main differentiator we have right now. In terms of technology, we are building up our solution and have some additional perks regarding filtering false positive and false negative alerts in our system and things of that nature.
The biggest events in cybersecurity field
That I keep on seeing while reading the specialized news. By the way, if I can, I would really love to recommend the Dark Reading portal. It’s a very good source of information with a very large and almost limitless point of view on different topics. They gather news from all over the world.
I think there is an ongoing case that actually started in 2020, the so-called SolarWinds attack. It was a very big incident that happened in the U.S. A lot of government organizations, including the Defense Department and several nuclear plants, were affected by this attack. The fascinating thing about this was that it was not discovered for nine months. The attack was ongoing for nine months, and the attacker was in the system for nine months.
Even more fascinating is that right now, in 2024, some of the organizations affected by that attack are still discovering traces of malicious presence in their networks. This attack supposedly is still ongoing. So we have four years of supposedly very well-defended organizations that are in continuous incidents with limited capability of understanding how they were affected. They don’t have 100 percent assurance that they protected all their data and systems. This is the scariest part because if these big players can be hacked, it is absolutely obvious that everyone can be hacked.
The second part of it is how they got hacked. They were hacked through a provider of a network management solution. There was another recent attack across multiple states in the U.S. where 600,000 internet routers were affected and shut down because there was malicious code installed during the last system update. So 600,000 routers were shut down, and 600,000 objects lost connection to the internet. The entry point was the provider of network services.
This is a trend. I’m not saying it’s new, but this is something we all need to realize as business owners. There are a lot of weaknesses and threats. We shouldn’t be self-assured that if we have a service provider or a cybersecurity provider, we are safe. No, we are not. Unless we, as a company, own our cybersecurity program and structure, we are not safe. We are under attack, and we will be under attack.
Pinky’s Team and Ethical Hackers
We do have certified ethical hackers on board. There are a number of European and worldwide certifications, and we have several members who are certified. This was essential for us from the start. We understood that as soon as we became even a little bit visible, we would become targets for attacks. So, we needed to ensure that we are providing the best possible services and protection with today’s technology.
This team works closely with the development team. Our ethical hackers, both men and women from Croatia, are a company specialized in penetration testing and ethical hacking. They have completed numerous assignments for different clients, although I cannot disclose the clients for publicity reasons. They are currently working closely with our development team. The dynamic is straightforward: as soon as we have an idea, we first design it to be secure, then develop the prototype, and finally test the prototype to ensure it is secure. It is a continuous check within our process.
Additionally, we have team members specialized in providing cybersecurity services. Our Chief Information Security Officer, from Moldova, is also a co-founder of a company providing managed cybersecurity services for clients in Canada. This gives us valuable insight into serving businesses and understanding how it works for small and medium businesses dealing with cybersecurity service providers.
We also have a brilliant designer, Niko, who is one of the biggest stars on our team. Our competitive advantage is our UI/UX, and our current branding and platform design are due to his creativity and understanding of the challenges small businesses face in cybersecurity.
Lastly, my co-founder, a business person far from the cybersecurity part, understood the challenge and the market potential. He continuously supports our operations. We are bootstrapped so far, except for a grant, and he is the one who believes in the idea and fuels its continuous development.
The biggest challenges
The startup path is all about challenges and opportunities and transforming challenges into opportunities. The biggest challenge for us as a company right now, actually, there are two. We are very focused on the product.
The process opportunity is to find the perfect market fit. We have an idea, an opinion, and a design for how the product should look, how it should work, and what value it should offer to the customer. But in the end, it’s the customer who decides if it works or not.
The challenge right now is to onboard friendly customers. We have developed our MVP, our minimum viable product, and the challenge is to onboard friendly customers who would share their feedback on using Pinky Cybersafe, what they would like to see, what they don’t like, and what they think. It is also for us to understand how to communicate with businesses, to validate our hypothesis about communication and promotion, and to engage businesses in working with our platform.
That’s the biggest challenge, and it’s connected to some market challenges like low awareness among small businesses and misconceptions. As I shared, small businesses often think they are not affected by cyberattacks, and that’s not the only misconception. Another one is the belief that having an antivirus or firewall makes them safe.
Another challenge we are facing, which is common for all startups, is financing. We are a deep tech company with a lot of R&D activities, and financing R&D is quite challenging. Most venture funds and private investors want to see a viable business model. While we do have a business model designed and forecasted, it is not yet validated by the market. This is a challenge for most deep tech companies because our R&D processes take a lot of time before we have a marketable product. It’s very hard to convince investors that it’s worth the risk with a high-risk profile company.
I feel responsible for the whole company, so those are my challenges. The company is not abstract; it’s the people who are part of it, making this company. And I think this is a challenge for all of us. I’m sharing this, and with constant meetings with our team, I don’t think I have personal challenges versus company challenges. I think we share this as a team. So those are my challenges as well. This is something I’m working on right now.
Business environment for women in Moldova
I am not going to say that we have specific challenges for women in Moldova. I don’t think this is the case. Even though we are still underrepresented as co-founders in the whole tech ecosystem and startup ecosystem.
I personally, this is my opinion, don’t think this is due to external limitations. For example, in my journey, I did not have any obstacles linked to the fact that I’m a woman. It wasn’t about that. It was about the general limitations we have in our startup ecosystem. Again, this is my opinion, but this underrepresentation in deep tech and the startup ecosystem is due to a long-standing issue starting from education and our own perceptions as women about what we can and cannot do, where we are good at, and where we are not good at.
We should change, of course with some help and support, the way we think about our place in this startup ecosystem. It’s hard because it’s mostly men in deep tech. But, with few exceptions of certain characters I encountered during my path, I did not feel any discrimination as a woman trying to enter this deep tech field.
More than that, during my course in cybersecurity at Harvard, our head tutor emphasized several times that he wants to see more women in these courses. He pointed out that the way women think is very suitable for cybersecurity fields because we are very risk-averse. We think about risks, what can go wrong, and we don’t like to take unnecessary risks. This mindset is exactly what is needed for cybersecurity and deep tech.
We have what it takes. What we need is to believe in ourselves and, of course, to get support. In Moldova, we are starting to build up support for women in tech and women in STEM, which I welcome very much. Right now, it’s up to us to change our mindset, to change our own belief about what we can or cannot do, and to just go for it.