The Story of Entro Security: The Company Building the Future of Non-Human Identity Management

The Story of Entro Security: The Company Building the Future of Non-Human Identity Management

There’s a particular kind of learning that only comes from failure. Not the kind you read about in case studies or discuss in post-mortems, but the kind you live through—watching systems you’re responsible for get breached, scrambling to contain the damage, and knowing you couldn’t prevent it because the tools simply didn’t exist. For Itzik Alvas, CEO and Co-Founder of Entro Security, this education came in three painful installments.

In a recent episode of Category Visionaries, Itzik shared how repeated security failures became the foundation for building an entirely new category in cybersecurity. This is the story of how frustration, perseverance, and a refusal to accept “good enough” led to pioneering non-human identity management.

The Education of a Security Leader

Itzik’s path to entrepreneurship began in Israel’s cyber intelligence unit, working on the offensive side of cyber operations. “My time in the Israeli Defense Force, I was part of the cyber intelligent unit over there, and I was on the offensive side of cyber. And, you know, we’ve done some big stuff over there, some national scale,” he recalls.

The experience taught him something fundamental that would later shape his approach to building Entro: “Perseverance, I assume, like one, if any. If I only need to choose one, definitely. That. Usually it takes a while, and usually you run and, you know, you’re running through some closed doors. So definitely perseverance and. And learning a lot, and learning from feedback and improving and trying again.”

After military service, Itzik transitioned to corporate cybersecurity, taking on increasingly senior roles. The challenges shifted from offensive operations to defense—protecting massive infrastructure from the kinds of attacks he once helped execute.

When the Defender Becomes the Victim

The turning point came not from success, but from repeated failure. Itzik found himself responsible for securing one of Microsoft’s three main clouds. “I was responsible for the internal security and infrastructure of one of Microsoft’s clouds. Microsoft have three main clouds, and I was responsible for the internal security of one of them. And were breached twice by non human identities over there,” he explains.

The attacks followed a pattern. Developers and DevOps teams would create programmatic access keys—service accounts, API keys, connection strings—to allow applications to authenticate against databases and other resources. These credentials would scatter across codebases, Slack messages, and configuration files. Nobody managed their lifecycle. Nobody tracked their permissions. And eventually, attackers would find them.

Before Microsoft, the same vulnerability had struck when Itzik served as CISO of a healthcare organization. “Were breached over there as well, by non human identities and secrets,” he notes. Three breaches, three different organizations, same root cause.

Most security leaders would file incident reports and move on. Itzik went looking for solutions. “After being breached for the third time. And after not being able to find solution that will help me resolve the problem, you know, I started to think maybe I should build something.”

Building Something That Didn’t Exist

The decision to start Entro wasn’t immediate. Itzik had no background in entrepreneurship. “I had no idea. I had no idea,” he says when asked if he’d always planned to build a company. The idea developed gradually, about a year before actually starting, as the gap between the problem’s severity and the available solutions became impossible to ignore.

He reached out to Adam Schriki, a friend from his army days, and together they founded Entro in summer 2022. The problem they set out to solve was clear: “Developers, DevOps users are the ones who are creating permissioning. Them, using them are without security oversight and they scatter them around so they, you know, committing them into code, they are sending them over slack and no one is actually managing their lifecycle, no one is deleting them, no one is making sure their permissions are right side.”

The result? “Today, non human identity targeted attacks are the second most frequent attack vector out there.”

The Early Days: Building Operational Foundation

Post-seed funding, Entro’s first months looked like any startup’s operational scramble. “The very first month is like very operational, finding offices, finding, you know, recruiting the right team and starting to move, but again, very operational. Like you will need everything. You need a bank account, you need a domain, you need all of those stuff,” Itzik recalls.

But parallel to operational setup, they focused on something more strategic: finding design partners. “Out of the gate you want, you know, some design partners, you want some customers paying or not paying, whatever, but you want someone that understand the problem, want to solve the problem, and is willing to give you feedback about what you’re doing to make sure that you’re advancing it right direction.”

This early focus on feedback quality over revenue would prove critical. When you’re pioneering a category, you’re not just building a product—you’re defining what the product category should do.

Pioneering a Category

Non-human identity management didn’t exist as a recognized category when Entro launched. “That’s a very new category. We helped pioneer that,” Itzik explains. “Were the first company out there to do that, and now there are a lot of companies.”

Creating a category meant creating the market itself. “We needed to build that category. We needed to drive a lot of market education about why is it a serious problem,” he says. Every conversation required teaching organizations to recognize a vulnerability they’d lived with for years without naming it.

The challenge extended to marketing. Rather than following cybersecurity’s typical aesthetic—”blue and white and somewhat black and very serious approach”—Entro chose a different path. “I led security for a long while and, you know, I wanted something that looks and feels more, you know, young and fun,” Itzik shares. “The main goal was to make it as fun as B2C, but definitely still B2B company.”

The playful branding was a calculated risk. When asked if it cost them deals, Itzik responded: “I don’t think so. Like, I don’t know if someone came into the website and left because they feel like that’s not serious enough for them. Hopefully, you know, the logos out there and the customer acquisitions and the stuff we’re doing means more.”

The Future: Leading Identity

Entro’s vision extends far beyond non-human identities. When asked about the three-to-five-year outlook, Itzik’s answer was definitive: “To lead the identity market, for sure. And there are a lot of companies that have done great things with the identity market. Most of them are more often on premise solutions and the cloud is much larger. So definitely lead the identity market. It’s a huge one.”

This positioning reveals strategic thinking about market evolution. By establishing category leadership in non-human identity management—a specific, solvable problem—Entro builds credibility to expand into the broader identity market. The on-premise solutions that dominated the previous generation of identity management aren’t designed for cloud-native architectures. As organizations complete their cloud migrations, they’ll need identity solutions built for that environment from the ground up.

For the next twelve months, Itzik’s priorities are clear: “Customer acquisition, keeping our current position and awareness in the vertical, and of course expanding our capabilities and product. Definitely expand our platform.”

A Category Built on Perseverance

From the Israeli Defense Force to Microsoft to founding Entro, Itzik’s journey reflects the lesson he learned early: perseverance matters more than brilliance. He didn’t invent a revolutionary technology or stumble upon a clever insight. He experienced a problem repeatedly, couldn’t find a solution, and refused to accept that gap.

The story of Entro Security is ultimately about the distance between knowing a problem exists and building the solution. That distance is measured not in technical complexity but in willingness to persist through closed doors, to learn from feedback, and to try again. It’s the kind of education you can’t get from success—only from the failures that teach you what needs to exist.