From Microsoft to Startup: How Entro Security’s Itzik Alvas Made the Leap

From Microsoft to Startup: How Entro Security’s Itzik Alvas Made the Leap

There’s a specific kind of security at Microsoft. Not just job security—though running internal security for one of the company’s three main clouds is about as stable as corporate positions get. It’s the security of resources: unlimited budget, world-class talent, executive support. When you need to solve a problem, you can throw people and money at it until it’s contained.

Then there’s startup security: your own savings, a co-founder, and the knowledge that if you’re wrong about the market, you’ve traded one of the best security roles in tech for unemployment.

In a recent episode of Category Visionaries, Itzik Alvas, CEO and Co-Founder of Entro Security, shared how he made that leap—and more importantly, what he learned he couldn’t prepare for until he was already mid-jump.

The Position He Walked Away From

Understanding what Itzik left makes the leap more significant. “Prior to enter, I was responsible for the internal security and infrastructure of one of Microsoft’s clouds. Microsoft have three main clouds, and I was responsible for the internal security of one of them,” he explains.

This wasn’t a mid-level security role. This was infrastructure and internal security for a cloud platform serving millions of users and generating billions in revenue. The scope of responsibility, the complexity of the systems, the caliber of the team—these roles don’t open up frequently, and people don’t typically leave them voluntarily.

Before Microsoft, Itzik had been CISO of a healthcare organization. His career trajectory pointed toward increasingly senior security leadership positions at major enterprises. The path was clear, stable, and lucrative.

When Intent Doesn’t Match Reality

What’s fascinating about Itzik’s story is how unplanned it was. When asked if he’d always envisioned building a cybersecurity company, his answer is refreshingly honest: “Yeah, I had no idea. I had no idea.”

This matters because most founder origin stories get retrofitted with intentionality. The narrative becomes: “I always knew I’d build a company someday.” But that’s rarely true. Most founders stumble into entrepreneurship through a series of experiences that make not building something more uncomfortable than building it.

For Itzik, that discomfort came from repeated failure. “Were breached twice by non human identities over there,” he recalls about Microsoft. Combined with a breach at his previous role, the pattern became impossible to ignore. But experiencing a problem isn’t the same as deciding to solve it yourself.

The Gradual Recognition

“When did it? That’s a good question. I think, like, maybe one year before I started,” Itzik shares when asked when the idea began developing. Notice the timeframe: one year. Not a sudden epiphany but a gradual recognition that the gap between the problem’s severity and available solutions was too large to ignore.

That year matters. It’s the period between “this is frustrating” and “I’m going to quit my job to fix this.” During that time, Itzik was still at Microsoft, still dealing with the aftermath of breaches, still searching for tools that could actually solve the problem.

“I was facing, you know, big problem with non human identities and secrets. That’s the problem we actually solve right now with enter security, how to manage them, how to secure them,” he explains. The problem was clear. The solution wasn’t.

The Moment of Decision

The actual decision to leave Microsoft and start Entro came after exhausting alternatives. “After being breached for the third time. And after not being able to find solution that will help me resolve the problem, you know, I started to think maybe I should build something.”

That sequence reveals Itzik’s mindset: builder second, operator first. He didn’t leave Microsoft eager to be a founder. He left because staying would mean continuing to manage a problem he couldn’t solve with existing tools. The entrepreneurial leap was less about ambition and more about inability to accept an intolerable status quo.

“And that led me to the path of, you know, building my own startup. So I joined Fawcett with a friend of mine from the army. Adam Schriki is now the Co-Founder and CTO. And yeah, in very high level, that’s why we started enter.”

What You Can’t Prepare For

The transition from Microsoft to startup exposes gaps you can’t see from inside a corporation. At Microsoft, Itzik had been responsible for security operations at massive scale. He understood cloud infrastructure, threat modeling, incident response, team management—all skills that transfer to a startup.

What doesn’t transfer is the operational reality of early-stage companies. “The very first month is like very operational, finding offices, finding, you know, recruiting the right team and starting to move, but again, very operational. Like you will need everything. You need a bank account, you need a domain, you need all of those stuff.”

This litany—bank accounts, domains, offices—sounds trivial. At Microsoft, these things exist before you arrive. At a startup, everything must be built from nothing. “We listed everything we need to do prior to the seed money. Like we had a complete list, so we started to execute,” Itzik explains.

The mindset shift isn’t from security expert to founder. It’s from operator within existing systems to builder of systems from scratch. The skills that made Itzik successful at Microsoft—deep technical knowledge, incident response, team leadership—matter. But they’re insufficient without operational execution capability.

From Resources to Resourcefulness

Perhaps the biggest mindset shift is resource constraint. At Microsoft, when you identify a security problem, you can hire specialists, purchase tools, and allocate budget. The constraint is prioritization, not capability.

At Entro, especially pre-seed, every decision involves tradeoffs. Do you invest in product development or early customer acquisition? Do you hire engineering talent or sales capability? Do you attend conferences for brand awareness or focus on direct outreach for pipeline?

Itzik’s evolution shows in how he thinks about these tradeoffs now. When discussing events, for instance, he doesn’t default to “attend everything.” Instead: “I think that you should force yourself, what is your goal coming into that event?” The question itself reveals corporate-to-startup learning—being intentional about ROI because resources are finite.

The GTM Learning Curve

Corporate security leaders don’t typically run GTM. They evaluate vendors, but they don’t position products, create categories, or build sales pipelines. Itzik had deep knowledge of the buyer’s perspective—he’d been the buyer—but no experience on the vendor side.

“Out of the gate you want, you know, some design partners, you want some customers paying or not paying, whatever, but you want someone that understand the problem, want to solve the problem, and is willing to give you feedback,” he explains. This insight—prioritizing feedback quality over revenue—isn’t intuitive for first-time founders, especially those from technical backgrounds who might focus on building features rather than validating assumptions.

The category creation challenge added complexity. “That’s a very new category. We helped pioneer that,” Itzik notes. “Were the first company out there to do that, and now there are a lot of companies.” Creating a category means your GTM must educate before it converts. “We needed to build that category. We needed to drive a lot of market education,” he explains.

This requires different marketing tactics than selling into an established category. Corporate security leaders see finished GTM machines—polished websites, clear messaging, defined categories. Building one from scratch, especially when the category doesn’t exist, is entirely different work.

What Military Service Actually Prepared

Itzik’s time in the Israeli Defense Force’s cyber intelligence unit taught him something that corporate experience couldn’t: perseverance through uncertain outcomes. “Perseverance, I assume, like one, if any. If I only need to choose one, definitely. That,” he says when asked about key learnings.

“Usually it takes a while, and usually you run and, you know, you’re running through some closed doors. So definitely perseverance and. And learning a lot, and learning from feedback and improving and trying again.”

This mindset—expect closed doors, learn from feedback, try again—translates directly to startup building in ways that corporate success doesn’t. Microsoft taught Itzik how to operate at scale. The military taught him how to persist through failure. Startups require both, but the latter proves more essential early on.

The Unbridgeable Gap

What becomes clear from Itzik’s journey is that no amount of preparation fully bridges the gap between corporate leadership and startup founding. You can study GTM, interview customers, and plan meticulously. But until you’re actually responsible for every operational detail, selling to skeptical buyers, and making tradeoffs with constrained resources, you can’t fully understand what the role demands.

The question for corporate operators considering the leap isn’t whether they’re prepared—they’re not, not fully. The question is whether they’re willing to learn through doing, persist through inevitable failures, and build something where nothing existed before.

Itzik made the leap not because he was ready, but because staying felt impossible. That might be the only preparation that actually matters.