Alyona Levca, CEO of a startup Pinky CyberSafe(R), Ex-CEO of FinComBank. Alyona and her team are building a cybersecurity product for medium and small businesses - a virtual CISO. I am very pleased that she agreed to share the story of her journey into the world of technology startups and her experience of startup development in Moldova.
Table of Contents
The beginning of the journey
Alyona, thank you for agreeing to chat about such a difficult topic. I have studied your career path, and I found it very interesting. Please share what brought you to your current endeavour.
I started studying here in Chisinau at the Law Faculty of the State University. I studied for two years and in the summer a very good family friend who has a business in Moscow suggested that I try my hand at something else. His company was going through a stage of rapid growth and he hired consultants to help with the organisation of work. This company was recruiting business analysts. I went through the selection process, tests for candidates, and training. That's how I ended up in Moscow.
You had to leave your studies in Kishinev. Weren't you sorry?
The opportunity was very interesting, and I already had doubts about continuing my law studies. By that time I had already had practice in both the court and the prosecutor's office. And what I was taught did not coincide with reality.
At first it was a question of working on this project in Moscow for a year, and then as circumstances dictated. In the end, I lived in Moscow for five years. First, I took a leave of absence, and then, in order to get an education, I didn't change my faculty and graduated from law school here by correspondence.
Experience of working in a bank at the position of CEO
Having had experience of working with private companies, how did you decide to move into banking? The processes there are different, even though it is also a commercial organisation.
I am a very structured person by nature. I have everything on the clock, everything is organized. It is not a problem for me to be in both states - in chaos and in order. In a way, I feel more comfortable in a very structured environment.
Nothing motivates me like clarity of position, clarity of what needs to happen. And that's what 100% had in the bank. There's no tossing around. No "the owner woke up on his left foot today, so everyone got a kick in the head". Or he has a new idea and we all change caps - it's the flip side of working with a private business, in an "agile environment". I honestly take a break from that in the bank. But there are, of course, some downsides. There is indeed some excessive bureaucratization, everything does not move as quickly as we would like it to. Every decision has to be taken at so many levels, which often stalls the work.
Getting started with MGrinder
How did the idea to join the MGrinder team come about then?
It so happened that when I left the bank, I first worked with an American, he has a back office here, but his main company is in the US. He needed someone with banking expertise. I was his advisor. So I plunged a little bit into the fintech world. And it was so cool in the sense that it was like my knowledge and very cool new horizons that you can constantly discover for yourself. Plus, also my experience as a business analyst. It all fit together very seamlessly. After that, Robert Blamberg, the founder of MGrinder, invited me to work together. His team had an idea for a fintech product. He called me for this project. At the same time one of his teams was doing penetration testing. I had no idea what that was. You know, ethical hacking, whitehat hacking, these words sounded familiar, but that's all. Anyway, once again I faced the impostor syndrome - I had just dealt with fintech, and again something new.
New Challenges 🙂 I understand your journey into the world of cybersecurity started after that?
Yes, the idea behind Pinky CyberSafe didn't start with technology. Poor understanding of the dangers lurking in the digital world is a problem we all share. We all have a very poor understanding of what cyber security is. I can tell you this unequivocally now after immersing myself in this topic.
Everything connected to the Internet is vulnerable, and so vulnerable that sometimes it gets scary. Billions of dollars are lost every year to hacker attacks. Yes, most often it's big corporations, but small and medium-sized businesses fall under this thrall as well. And for small businesses, these attacks can be lethal.
When I started diving into this topic, we thought: there are a lot of products aimed at large companies, at those who pay a lot of money. But there are practically no products that would be made for small and medium-sized businesses, just for those who are most vulnerable. And what is on the market now is difficult, very expensive, and requires a lot of specific knowledge. So first there was a business idea: let's invent something for them and reinterpret the approach to cyber security. Let's make a product that is simple, understandable, and gives a concrete result. So the idea was born Pinky CyberSafe - virtual CISO for small and medium-sized businesses.
Courses in Berkeley and Harvard
Given that you didn't have the necessary technical skills, I suspect you had to take additional training. Did you?
Yes, last year I took Berkeley's product management course and then Harvard's cybersecurity course. I have learnt a lot in my life and I am learning non-stop. There are always courses, lectures, seminars - I have learnt how to make the most of everything.
I learnt some invaluable things from my product management course, among them the phrase: "If value is not clear, the price will always be too high" ("If value is not clear, the price will always be too high")."If the value of a product is not understood, the price will always seem high."). Harvard's cybersecurity course is very steep in terms of the amount of information and complexity, and it was not easy to handle. I felt like I was taking an MBA again.
Pinky CyberSafe team work format
I agree, continuing education is necessary now to keep up with the times. Now I would like to know more about your work process. In what format do you work with your team? Remotely or in an office?
In February this year, we decided to separate cyber security from MGrinder. We even legally have a separate company, Pinky-Tech. We have quite an interesting structure. There are those who work permanently and freelancers who get involved at certain stages when we need their knowledge and expertise. The team is scattered around the world. There are a few people in Croatia, one in Belgium, one in Romania, here in Chisinau me and two other guys. There are a few team members in Mexico. Everyone works remotely. There is an office in Chisinau from MGrinder, but we don't use it.
How do you find the right specialists?
As I said, I have learnt to make the most of everything. For example, we met some wonderful guys from Croatia at Wolf Summit. It is held in Poland, a very small, "chamber" event. There were only 500 people there, and among them were two cyber security companies - us and the Croatians. We got in touch, we called, we chatted. And we decided to set up a partnership. And we have been working with them for three months now, building MVPs together. So it is possible to make meaningful connections at these events, and to get some business out of it. Mostly, we find people through our network, through recommendations. We don't publish adverts because we're not at the stage of development where we're hiring en masse. In September we are flying to San Francisco for TechCrunch, and I think we will come from there with some meaningful connections, ideally with an investor.
What market are you targeting?
We are now at the product development stage. The MVP should be ready by the end of October. And then we can already talk about starting some first sales. That is when the most difficult thing will be, I think, to persuade the first clients to connect to our product. We are considering Moldova as a test market. We have a preliminary agreement with an Internet service provider, which will be our value added reseller in Moldova and possibly in Romania.
What can help Moldovan startups grow
Super, I wish you the best of luck with your launch! Knowing the kitchen of startups in Moldova, what would help their development?
Yes, I was recently at the MIT Summit and for the first time I hit on this topic. I will tell you by the example of our startup. Look, we are a startup close to deep tech, and we have a very resource-intensive research development process. In order to deliver the product we want, we need a very serious investment of money. And some of these investments are not classic investments, when you give a certain amount of money and expect a return on investment in a certain amount by a certain date. The problem is that investments in research development very often fail. Not because it is a failed product, but because that is the essence of research. Not all research ends in a positive outcome. You have research that produces a negative result. And the research process can be quite long. But innovation happens in research. Rarely does innovation happen as a result of insight. We have a very good test market, but we're very bad at investing in early stage startups. My view is that this is a consequence of the fact that we have a weak ecosystem that would foster innovation.
What about the grants that donor organisations give out?
What is the maximum grant we have in the IT field? We got 40,000 € from UNDP last year and I think that's the ceiling. We are certainly grateful and happy, but sorry, for R&D it's a month's work and that's a stretch. What are we talking about? We did the first proof of concept for 9 months, it was a failure. Thanks to MGrinder, we were funded from that source, otherwise we would have just fallen into oblivion. And that's the problem. We just don't have funds for research and innovation. Everything we have is directed to later stages and then in very small amounts. We have a lot of programs and grants of 2-3 thousand euros, for various needs, but they are not suitable for research at all.
What about loans from the bank?
Well, try to take a loan against research in a bank - nobody will give you anything. We have only one option in Moldova - bootstrap (author's note "self-starter"). We do not have a developed angel investor community, we do not have normal access to international investment, to venture funds that would invest in startups at early stages. We have a problem with this in general.
Based on your experience, how easy is it to run a tech business in Moldova?
We have a very weak legal framework for external investments. That is, we have no internal investments, we have no smart grants, and on top of all this, the attitude of foreign investors towards Moldova. I recently talked to several investors and the first thing they asked me was: "Why Moldova?" - and it was with this contemptuous tone. "Why don't you open a legal entity, for example, in Estonia?"
Why do you think there is such an attitude towards Moldova?
Many reasons. Firstly, we do not have a sensible guide on how to be an external investor. Yes, we have now made changes to the SRL regime that facilitate work with attracted capital and clarify many of the rules of the game, but this is only the beginning. All this is not yet mastered and digested, many state bodies have not yet accepted these changes and I am still facing the dilemma of how to explain to tax and other inspection bodies that I am selling 15% from a company with a capital of 1,000 Moldovan lei for $1,500,000.
Secondly, we should not forget about the low country risk rating of our country. Again, the government has managed to improve it somewhat, but it is still very far from "good". At the same time, we cannot boast of a high return on investment, as the market is small, sales here are low, and, therefore, profits are very relative.
In general, there is a clear dissonance between investor and investment requirements (including draconian AML legislation) and returns on capital, which does not attract external funds at all.
Well, and, of course, the geopolitical situation in the region does not make it easy to make such decisions.
It turns out that there is no way to do without registration of a company abroad?
Almost all of our external investments are actually the opening of international subsidiaries here. I recently advised one company that attracted 10 million dollars. Do you think it was to a Moldovan company? No, of course, to an American company. And here is a back office that is maintained as long as it is profitable.
I understand that a lot of things have been done for IT business in Moldova in recent years. But it seems that new reforms are needed.
Certainly, a lot has been done and not only for IT, but for all spheres, like the already mentioned SRL reform. Of course, there is the IT park, which promotes the interests of IT business, but there are questions here too. The work of IT park ends in 2028 and it is not clear what will happen next. At the beginning of July we had a meeting with the Prime Minister and what the public sector is proposing as a change in the work of the IT park is not at all what is actually needed now. I understand that they are trying to figure out how to help optimise the work, but unfortunately their ideas are far from reality.
What do you think is causing this and what might help?
In my opinion, this is because there are no practitioners on all these committees.
You mean there are people out there lobbying for interests but they don't know much about the IT field?
Yes, I'm not talking about IT park or ATIC representatives. That's fine. I am talking about, for example, secretaries of state in the government. They are so far removed from the reality of what is happening in the tech sector that they are simply unable to create a legislative framework for us, because they do not understand our needs and requirements.
Perhaps we should learn from the experience of the same Estonia 🙂 🙂
That's a good question. Probably helped by the fact that there were only a million of them left.
We're close to it.
Yes, we're very close to that. I don't want to just criticise. The current government is moving in the right direction, no doubt, but like in that dance - one step forward, two steps back. On the one hand, a lot of things are being done, and that's cool, but on the other hand - some changes contradict themselves, there is no clear vector and sequence. Sometimes I am thrown from extreme to extreme. Sometimes it seems to me that it would be better to do less, but of higher quality.
Yes, I too am looking at it from a positive perspective and optimism is palpable.
In fact, we have a huge amount of resources, but they are not always well managed. We need to create an ecosystem, not just scattered islands and programmes at the level of individual international donors. It is very important for us to consolidate our efforts, build a clear strategy for the development of the IT sector, attract and support external investments more actively, and create an "ideal" climate with clear deadlines and rules. I repeat, all this is not only at the level of international donors and individual development programmes, but at the state level, with the support of such organisations as MITP and ATIC. It is necessary to strengthen and develop the connection between government agencies and the IT sector. In the end, we need to understand that we are not on different sides of the barricades, we want the same thing - the development of Moldova. In general, there is a lot to work on.
If you have found a spelling error, please, notify us by selecting that text and pressing Ctrl+Enter.
