Secure Ventures with Kyle McNulty
By Kyle McNulty
New episodes are published every other Tuesday.
If you are interested in sharing your story, please contact me at kyle@secureventures.io
Following the podcast really helps! Follow it on:
LinkedIn: www.linkedin.com/company/75106414
Twitter: twitter.com/VentureWithKyle
Secure Ventures with Kyle McNultyAug 10, 2021
Uno.ai | Shashank Tiwari on Pivoting a Cybersecurity Startup
Shashank is CEO and co-founder of Uno.ai, which is building an AI platform for managing GRC activities such as knowledge base usage and audits. I interviewed Shashank on the podcast back in November 2022, and at the time Uno was focused on using AI to automate activities in the SOC. The AI world has changed a lot since November 2022. The company has since pivoted, and in this episode we focus on what triggered the change in vision, what was wrong with the previous solution, and what is attractive about this new GRC use case.
Website: https://uno.ai/
Sponsor: https://vulncheck.com/
Previous Episode with Shashank (November 2022):
Evo Security: Mike Roth on why Target MSP Customers
Mike is the CEO and founder of Evo Security, which is building an Identity and Access Management (IAM) solution specifically designed for Managed Service Providers (MSPs). He started the company back in 2018 after leaving behind a private equity fund focused on oil and gas. In the episode, we discuss his transition into cyber from the energy world and what makes Evo uniquely positioned to serve the needs of MSPs given the variety of IAM solutions available on the market today.
Evo Security Website: https://www.evosecurity.com/
Sponsor: https://vulncheck.com/
ProtectAI: CISO Diana Kelley on the Dimensions of AI Security
Diana Kelley is the Chief Information Security Officer (CISO) for ProtectAI. She also serves on the boards of Women in Cybersecurity, The Executive Women’s Forum, InfoSec World, CyberFuture Foundation, TechTarget Security Editorial, and DevNet AI/ML. Diana was Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), a Manager at KPMG, CTO and co-founder of SecurityCurve, and Chief vCISO at SaltCybersecurity.
In the episode, we talk about her involvement with all of these different groups and how that has changed over time, plus how and why she arrived at ProtectAI. She also talks about the ProtectAI product strategy and how their different products play into their broader vision for AI security.
Website: protect.ai
Sponsor: VulnCheck - vulncheck.com
RealityDefender: CEO Ben Colman on Deepfake Detection
Ben is a serial entrepreneur, and his latest company is right in the middle of an exciting battle between the progress of AI and the defense capabilities to ensure its unethical uses are limited. Ben is CEO and co-founder of RealityDefender, which provides deepfake detection capabilities to determine if visual and audio media is AI generated. This is incredibly relevant right now, as there are news headlines every week with exploits featuring deepfake content. Before RealityDefender, Ben founded Covertix, a data protection company he sold after just a year. Before that, he had experience in banking and with another startup which leveraged blockchain for voting. In the episode we dive into the current world of deepfakes and deepfake detection, along with how RealityDefender is positioned in this space.
Ghost Security: Greg Martin on Application Security and Category Creation
Greg is CEO and co-founder of Ghost Security, which is an API and application security platform providing contextualized risk awareness of a company's cloud application profile. Ghost is Greg's third company. He previously founded JASK, a SOC automation tool, which he sold to Sumo Logic in 2019. Before JASK, he founded Anomali, which was an early threat intelligence platform. The company is still alive and strong today, and he still sits as an advisor. In the episode we discuss some of the key inflection points with each of his companies, the challenges inherent with being a category creator, and the value resulting from his role as an angel investor in the ecosystem.
RADICL: Chris Petersen on AI in the SOC
Chris:
- Co-founder, CEO, and CTO of RADICL, which is building an AI SOC analyst
- Was co-founder of LogRhythm, which sold to Thoma Bravo in a rumored billion dollar deal
Check out the episode for our discussion on building with friends and family, collecting enough data to develop an effective AI SOC analyst, and what it took for him to take the leap to start his first company.
StackAware: Walter Haydock on Understanding Market Appetite
Walter:
- Founder and CEO of StackAware, which started as a vulnerability management tool and is now an AI risk consulting company
- Creator of the popular security blog "Deploy Securely" that started his entrepreneurial journey
- Worked in the National Counterterrorism Center for two years
Check out the episode for our discussion on his pivot away from the initial product to a services model, why that might change in the future, and the role of his security blog Deploy Securely in growing StackAware.
Live from CVF 2023: Rick Gordon, CEO of Tidal Cyber
Rick is CEO of Tidal Cyber, which delivers threat-informed defense to enable security teams to protect against the threats most relevant for them. In the episode we discuss his journey from MITRE, the value of design partners, and how their teams thinks about classifying threats.
This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team!
Live from CVF 2023: Brian Price, CEO of Kion
Brian is CEO of Kion, which provides centralized cloud management including compliance, financials, and setup. In the episode we discuss Brian's transition from consulting and how the team thinks about security as just one portion of their solution.
This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team!
Live from CVF 2023: Marcos Torres, CFO of Huntress Labs
Marcos is CFO of Huntress Labs, which provides managed EDR services for SMBs. In the episode we discuss Marcos's role as CFO and why Huntress decided to focus on SMBs.
This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team!
Live from CVF 2023: Mike Denning, CEO of SecureG
Mike is CEO of SecureG, which is building cryptography solutions for communications infrastructure. In the episode we discuss their work with root of trust solutions and how the company is evolving towards more unique technology in building a PKI trust infrastructure for wireless.
This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team!
Live from CVF 2023: Robert Johnston, CEO of Adlumin
Robert is CEO of Adlumin, which sells a suite of cybersecurity tools designed to be more accessible for SMBs. In the episode we discuss his story building Adlumin while he was getting his MBA and how he navigates channel partners.
This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team!
Mobb: Eitan Worcel on Automatic Code Remediation
Eitan:
- CEO and co-founder of Mobb, applying automatic code remediation fixes for vulnerabilities from static code scans
- Previously head of product for HCL AppScan (spun out of IBM)
- Worked at IBM for 12 years despite previously deciding to avoid working at a big company
Dawn Capital: Henry Mason on the European Cybersecurity Ecosystem
Henry:
- Partner at Dawn Capital, which recently raised the largest early stage tech fund in Europe at $700M
- Previously worked at the Ministry of Justice in the UK
- Started his career as a consultant with Farsight Consulting
Check out the episode for our discussion on regional differences between European cybersecurity markets, expansion overseas, and more.
Kikrr: Mariana Padilla on Expediting Cybersecurity Pre-sales
Mariana:
- Co-founder and CEO of Kikrr, providing on-demand opportunities for cybersecurity practitioners to try new products
- Previously founded a digital marketing agency
- Started her career working as a teacher
Check out the episode for our discussion on transitioning to a cybersecurity founder from teaching, building a two-sided marketplace, and monetizing sales teams as opposed to cybersecurity practitioners.
https://kikrr.io/
Horizon3: Snehal Antani on Company Values and Autonomous Penetration Testing
Snehal:
- Co-founder and CEO of Horizon3, providing autonomous penetration testing capabilities
- Ex-CTO of Joint Special Operations Command (JSOC)
- Ex-CTO of Splunk
- Worked under CIO at GE Capital
- Worked under CTO at IBM
Check out the episode for our conversation about veterans in cybersecurity, how Snehal applied lessons from JSOC to Horizon3, how Snehal thinks about being a late-career founder, and more!
horizon3.ai
Dope Security: Kunal Agarwal on building a "dope" cybersecurity product
Kunal:
- Founder and CEO of dope.security, building a secure web gateway solution that makes security practitioners say "that's dope"
- Previously worked in product management at Symantec and then Forcepoint
- Produces animated videos on Youtube which have gained over 60M views
Check out the episode for our conversation on co-founder compatibility, secure web gateways vs. secure browsers, what it means to build a "dope" product, and more.
https://dope.security/
Greynoise: Andrew Morris on Honeypots for Threat Intelligence
Andrew:
- CEO and founder of Greynoise, providing threat intelligence classifying standard internet noise
- Previously worked on the R&D team at the cyber intelligence company Endgame (later acquired by Elastic in 2019)
- Dropped out of high school and never finished or attended college
Check out the episode for our conversation on the cybersecurity equivalent of waiting tables, the merits of a high school diploma, and the mechanisms behind the Greynoise threat intelligence model.
VulnCheck: Anthony Bettini on Converting Vulnerabilities to Exploit Intelligence
Anthony:
- CEO and founder of VulnCheck, going beyond just vulnerabilities to share exploit intelligence
- Previously founded FlawCheck, one of the original container security companies, which he sold to Tenable
- Previously founded Appthority, an early mobile app security company, which was acquired by Symantec
Check out the episode for our conversation on his lessons and themes after founding three companies and why he completely ignores the competitive landscape.
https://vulncheck.com/
Ex Sr. Director for White House Cybersecurity Policy - AJ Grotto
AJ:
- Director of the Geopolitics, Technology, and Governance program at the Stanford Cyber policy center
- Previously Senior Director for Cybersecurity Policy at the White House from 2015 to 2017, covering two administrations
- Was an adviser for Secretary of Commerce Penny Pritzker on cybersecurity measures
- Senior staff on the Senate Intelligence Committee overseeing budget and operations for NSA
- Started his career as a National Security Analyst at the Center for American Progress in 2003
In the episode we discuss everything from the effectiveness of our legislators in addressing high tech areas, partisan dynamics of cybersecurity, key focus areas for policy, and the effectiveness of recent policy like the Cyber Trust Mark and the CSRB review of Microsoft.
TLV Partners: Brian Sack on the Israeli Cybersecurity Ecosystem
Brian:
- Principal at TLV Partners focusing on enterprise software and cybersecurity, joined when the fund first started in 2015
- Previously worked at Square Peg Capital also in Israel
- Born in South Africa and worked in Australia for Grant Thornton before moving to Israel for Square Peg
In this episode Brian and I discuss the Israeli cybersecurity startup ecosystem. Given the number of founders I interview from Israel, I thought it would be valuable for the audience and myself to dive deeper. We discuss everything from the importance of Hebrew to the revolving door between government and the commercial sector.
Ox Security: Neatsun Ziv on Software Supply Chain Threat Contextualization
Neatsun:
- CEO and founder of Ox Security, providing prioritization insights for software supply chain vulnerability management
- Previously VP at Checkpoint for a decade
- Founded Vanadium, an EDR company, which he ran for 8 years
Check out the episode for our discussion on his lessons from Vanadium applied to Ox and how threat modeling applies to the software supply chain.
Links:
Best-of: Bruce Schneier on AI in Cybersecurity (2021)
This is a rerun of an episode recorded in July 2021.
In the episode, Bruce and I discuss his views on AI and how it may fundamentally change the security landscape for attackers and defenders. He mentions the key steps we need to take as a society to best guide AI innovation. Two years later, it is interesting to reflect on how we have performed according to his guidelines.
NetRise: Thomas Pace on Firmware Security for IoT
Tom:
- CEO and Founder of NetRise, identifying vulnerabilities in firmware through building SBOMs
- Ex-VP at Blackberry after the Cylance acquisition
- Previously worked as a cyber analyst at the US Strategic Petroleum Reserve where he first learned about the gaps in IoT security solutions
Check out the episode for our discussion on software vs. firmware SBOMs, whether tools are valuable if there are no clear remediation steps, and how IoT is addressed differently than other device types.
Salem Cyber: Jon Bagg on Virtual SOC Analysts
Jon:
- Founder and CEO of Salem Cyber, building a virtual SOC analyst
- Previously Principal at Booz Allen Hamilton
- Started his career at Verizon as a network and SIEM engineer
Check out the episode for our discussion about the automation capabilities available to a moden SOC and what gaps are left after applying SOAR tools.
Dark Sky Technology: Michael Mehlberg on Comprehensive Open Source Software Security
Mike:
- CEO and co-founder at Dark Sky Technologies, building a suite of products to address open source insecurity
- Previously VP of Product at Arxan and Microsemi
- Previously Senior Director of Business Development at Cryptography Research Inc
- Previously VP of Marketing at Star Lab
- Combined two decades of experience in cybersecurity!
Check out the episode for our discussion on gaining exposure across a variety of business units, supplementing software composition analysis (SCA) with additional context around package trust, and automating the translation of code into more secure languages.
Oligo: Gal Elbaz on Hacking Instagram and Software Supply Chain Security
Gal:
- CTO and co-founder at Oligo, providing a runtime solution for software supply chain security
- Worked at Checkpoint for 7 years
- Started his security journey in the IDF
- Met his co-founders as a child, and they conspired to start a company together for decades before launching Oligo!
Check out the episode for our discussion of his hack of instagram, how Oligo gets creative with reaching inundated CISOs, and how AI has changed the software supply chain landscape.
LimaCharlie: Maxime Lamothe-Brassard on Cybersecurity Middleware for Incident Response
Maxime:
- CEO and founder at LimaCharlie, middleware for cybersecurity application integration for incident response
- Previously worked for Google, Crowdstrike, and Canada's department of defense
Check out the episode for our discussion on the challenges of building your own security workflows, automation adoption journeys, and how the larger cybersecurity automation world is evolving.
Anzenna: Ganesh Krishnan on Contextual Learning for Cyber Workforce Development
Ganesh:
- CEO and founder at Anzenna, providing contextual learning opportunities to improve employees' cybersecurity training
- Previously founded Avid Secure, one of the original CSPM companies, which he sold to Sophos in 2019
- Joined Sophos as a VP of engineering and worked there for the last three years prior to launching Anzenna
Check out the episode for our discussion on the sale of Avid Secure at the very beginning of the CSPM boom, what contextual learning entails in the workforce development space, and how the Anzenna team is going about this challenge.
https://www.anzenna.ai/
Oak9: Aakash Shah on Modern Security Architecture Design and Security as Code
Aakash:
- CTO and co-founder at Oak9, helping organizations build secure architecture models using security as code blueprints
- Previously a security architect for major healthcare and health insurance companies such as Blue Cross Blue Shield
- Feature speaker at RSA 2023 talking about the security as code construct
Check out the episode for our conversation about the importance of security architecture as opposed to just security configurations and the value stemming from secure cloud infrastructure blueprints.
oak9.io
HiddenLayer: Chris Sestito on ML/AI Security Incidents and Defense Capabilities
Tito:
- CEO and Founder of HiddenLayer, securing organizations building or using machine learning models
- Previously VP of Engineering at Qualys
- Previously Senior Director of Data Science at Agari
- Previously Director of Threat Research at Cylance when they were hit by a model inference attack back in 2019
- Fun fact: The HiddenLayer co-founders have worked together for the last five years!
Check out the episode for our conversation about real-world attacks against machine learning models, the current state of AI security capabilities including monitoring and scanning, and the market appetite for this tooling.
C2A Security: Roy Fridman on Modern Automobile Security
Roy:
- CEO of C2A Security, providing a host of solutions to secure modern automobiles
- Previously VP of Foretellix, a leader in autonomous vehicle simulation testing
- Strongly believes increased security is a core requirement for autonomous vehicle adoption
Check out the episode for our conversation about how cars can be exploited, what companies can do about it, and how charging stations and autonomous vehicles present new threats.
https://c2a-sec.com/
Akto: Ankita Gupta on API Security and Building Products Engineers Love
Ankita:
- CEO and co-founder at Akto.io, building an API security product for engineers to love
- Previously was Chief of Staff to the CEO at CleverTap, where she met her co-founder Ankush
- Worked at VMware for several years where she developed her knowledge of the cybersecurity space
Check out the episode for our conversation on what it means to build a security product engineers love and how Akto is rethinking the traditional cybersecurity sales cycle.
Phylum: Pete Morgan on Software Supply Chain Vulnerabilities
Pete:
- CSO and co-founder at Phylum, securing software supply chains beyond just known CVEs
- Previously founded and led Clever Security, a security focused R&D shop and consultancy
- Ex-VP at Optiv and Accuvant
Check out the episode for our conversation on the range of vulnerabilities in the software supply chain and how major events like the Ukraine war can impact the public trust of open-source packages.
Phylum.io
Datatribe: John Funge on Building Successful Security Products
John:
- Managing director at Datatribe, focusing on applying his success to help build great products
- Three exits from companies he founded!
Check out the episode for our discussion on the Datatribe model and why it was compelling to him as an accomplished founder, as well as some of his top lessons for building successful cybersecurity products.
https://datatribe.com/
OnShore Security: Stel Valavanis on Running a Security Company for 30 Years
Stel:
- CEO and founder of OnShore Security, providing technology-enabled cybersecurity services for companies of all sizes
- CEO of OnShore since 1991, and he has sold off parts of the company three separate times
- Physics lover, artist, musician, and more!
Check out the episode for our discussion on growing a technology enabled services business, managing spin-offs, and staying inspired by a business for over 30 years.
onshore.com
Surf Security: Moty Jacob on Secure Browsers
Moty:
- CEO and co-founder of Surf Security, building a security focused browser to replace VPNs and VDI
- Over 25 years of security practitioner experience including three stints as CISO
- Fun fact: I initially stumbled on the company because I’m an avid surfer and was shocked to see the name. Turns out they were working on some neat stuff too!
Check out the episode for our discussion on the secure browser competitive landscape, what features customers are actually using right now, and how Moty thinks about the future of the space.
Links:
BalanceTheory: Greg Baker on Cybersecurity Knowledge Management
Greg:
- CEO and co-founder of BalanceTheory, helping organizations consume security knowledge effectively and efficiently
- Previously co-founded Decision Lab which was sold to Optiv
- Won the 2022 DataTribe cybersecurity start-up challenge which led to a $3M seed round
Check out the episode for our discussion on cybersecurity knowledge bases, shared information across organizations, and focusing on an MVP.
Kondukto: Cenk Kalpakoglu on Turkey's Market, Leaving the Family Business, and AppSec Automation
Cenk:
- CEO and co-founder of Kondukto, helping automate and centralize application security remediation
- Worked on several businesses with his father, a key inspiration in his career as we discuss in the episode
- Told me after the episode he had been bedridden from food poisoning in the days leading up to the interview!
Check out the episode for our conversation about the cybersecurity market in Turkey, when and why he left the family business to start Kondukto, and how Kondukto is looking to shake up the existing field of AppSec players.
Links:
kondukto.io
CyberOwl: Dan Ng on Maritime Security and Choosing a Customer Segment
Dan:
- CEO and co-founder of CyberOwl, asset management for maritime security
- Previously spent 10 years at KPMG across tax and strategy
- Was courted for months before deciding to help co-found CyberOwl
In the episode, we talk more about why the team decided to target maritime security, targeting a new customer segment via clustering, how they manage their product roadmap with aspirations to expand beyond maritime, and much more.
Links:
Uno.ai: Shashank Tiwari on the Future Role of AI in Security Operations
Shashank:
- CEO and founder of uno.ai, leveraging AI for story stitching and root cause analysis in security operations
- Ex VP of Engineering at StackRox
- Advisor, investor, expert-in-residence, and more!
Check out the episode for our discussion on how uno is rethinking traditional approaches to security operations.
Links:
Sonrai Security: Eric Kedrosky on being a Security Vendor CISO
Eric:
- CISO at Sonrai Security, a leader in cloud native security
- Ex-director of security and IT at Verafin
- Almost 20 years of experience in cybersecurity
Check out the episode for our discussion on the unique elements of his dual-role and his quick-hit thoughts on what’s next for cloud security.
Links:
Ron Gula: Lessons for Networking in Cybersecurity
Ron:
- President of Gula Tech Adventures, $100M self-funded VC firm
- Ex-CEO and Co-founder of Tenable, valued at over $7B at its peak in April
- Co-founder of Network Security Wizards, which created one of the first commercialized Network Intrusion Detection Systems (IDS)
- Networking expert!
Check out the episode for our conversation on how to approach networking with a goal-based mindset, the importance of authenticity, and leveraging topic experts.
https://www.gula.tech/data-care
RealDefense: Gary Guseinov on Security Holding Companies
Gary:
- CEO of RealDefense, a consumer security conglomerate with over 100 million users
- Ex-CEO and Founder of CyberDefender, which he grew to over $100 million in annual revenue
- Ex-CEO of Business Hangouts, the #1 enterprise video software for Google Suite
Check out the episode for our conversation on the value of cash-flowing cybersecurity businesses, the strategy of acquiring a portfolio of products, and the opportunities in consumer security.
Links:
- RealDefense: https://www.realdefen.se/home/
- SafeBase Example: https://security.safebase.io/
FleetDM: Mike McNeill on the BEST Way to Monetize a Product (Open Core)
Mike:
- Founder at FleetDM, helping organizations manage and optimize their OSquery deployments
- Previously founded Sails.js, the most popular MVC framework for node.js, with over 50 million downloads per year
- A strong believer in Open Source and Open Core software products
Check out the episode for our conversation on open source security software, pivoting from an open source contributor to a full-time founder, and more!
Links:
- https://fleetdm.com/
- GitLab article about Open Core: https://about.gitlab.com/company/pricing/
Brad Laporte and Rob Smith on Trends with Security Analyst Firms (e.g. Gartner)
Rob:
- Managing director at Lionfish Tech Advisors, providing security solution advisory services
- 8 year veteran of Gartner, leading Endpoint Security, Remote Access, and more
- 3-time founder
Brad:
- Advisor at Lionfish
- Previously senior product manager at Dell, IBM, and Acquia
- Veteran of Gartner, leading Endpoint Security and Threat Intelligence
Check out the episode for our discussion on the state of industry research via firms like Gartner and how the market is adapting with other alternatives.
Links:
- https://www.lionfishtechadvisors.com/
Sprinto: Girish Redekar on Rapid Product Iteration and Security Questionnaire Standards
Girish:
- Co-founder of Sprinto, a continuous compliance and security platform for cloud and on-prem.
- Previously co-founder at RecruiterBox which was acquired by TurnRiver Capital in 2018
- Both him and his co-founder Raghu didn't know how to code when they first started launching businesses!
Check out the episode for our discussion on iterating through product ideas in just a few months, the current state of security questionnaire standards, and much more.
Links:
- Sprinto: sprinto.com
- NorthStar (Sponsor): northstar.io
NorthStar: Alex Moss on Pivoting a Consulting Business to a Product
Alex:
- Co-founder and CEO of NorthStar, a risk-based vulnerability management platform
- Extensive experience in consulting both in security and contracts management (when he had to leave security to avoid a conflict of interest while building NorthStar after hours)
Check out the episode for our discussion on pivoting a consulting business and risk contextualization.
Links:
- https://www.northstar.io/
Cyera: Yotam Segev on Startup Idea Validation and Securing Data in the Cloud
Yotam:
- Founder and CEO of Cyera, a cloud data security platform
- Graduate of Israel's elite training program, Talpiot, which accepts just 50 people each year from 10,000 applicants
- Backed by both Sequoia AND Accel
Check out the episode for our discussion on deciding to found a company without an idea, customer validation, and data security in the cloud.
Links:
- Cyera: cyera.io
- NorthStar: northstar.io | Reach out at connect@northstar.io
Polymer: Yasir Ali on DLP for your SaaS Ecosystem
Yasir:
- Founder and CEO of Polymer, a DLP tool for your SaaS ecosystem
- Previously founded DVega, an enterprise consulting business
- Ex-mortgage bond trader
Check out the episode for our discussion on the insecurity in SaaS platforms and how DLP can work effectively in this space.
Links:
- Polymer: polymerhq.io
- Aspiron Search: aspironsearch.com | Reach out at info@aspironsearch.com