Secure Ventures with Kyle McNulty

Rehan is CEO and founder of Securiti AI, which is providing a data command center to help organizations secure and enable their data for AI use cases. Rehan as an incredible track record which we discuss in more detail on the episode. He sold his first company for $180 million, and his second company for $280 million. Securiti AI has already raised $180 million to date from top tier investors, and they are geared up for an even bigger number. I was incredibly impressed with his track record identifying landmark technology trends and then building differentiated businesses with tailwinds from those trends. In the episode we walk through how each of these experiences built on one another, the rationale for each business, and how Securiti AI is positioned at the intersection of three of the most pivotal technology growth areas: data, AI, and cybersecurity.

Raj is CEO and co-founder of Blueflag, which helps ensure developers only have the access permissions needed for their roles, reducing risk of excess exposure. Raj started his career as an engineer and then in marketing at Adobe and VMware before taking on a COO role at Cloudknox, which they later sold to Microsoft. Raj took his lessons from working with identity at Cloudknox and applied them to designing Blueflag while paying attention to the nuanced differences for the development lifecycle. In the episode we discuss his core tenets of successful marketing in cybersecurity, the promise and challenges of cloud infrastructure entitlements management, the value of his time as an entrepreneur in residence, and how he has constantly reevaluated strategy at Blueflag informed by his previous experience.Website

Luke is Chief Product Officer and co-founder at Semgrep. Semgrep performs static application security testing, a form of code analysis, and has grown to become one of the mainstay application security tools on the market over the last eight years. Luke started Semgrep after three years at Palantir as a software engineer and product manager, and this episode really helped drive home the supportive community amongst former Palantir employees. In the discussion we cover his early entrepreneurial efforts such as modifying Xboxes, the 17 different product variations they tried before the current form of Semgrep, and how he thinks about the innovator's dilemma as a growth-stage company in a vertical being disrupted by AI.Website

Recorded live at Blu Ventures' Cyber Venture Forum! I got the chance to speak with Rick Howard, previously Chief Security Officer at Palo Alto Networks from 2013 to 2019. Rick has a wealth of cybersecurity industry experience, and he wrote a book called Cybersecurity First Principles and maintains the cybersecurity book hall of fame, called the Cybersecurity Canon. In this episode we discussed his perspective on the fundamental themes of cybersecurity with a lens to how entrepreneurs and investors can leverage these ideas.Cybersecurity Canon WebsiteCybersecurity First Principles on AmazonSponsored by VulnCheck!

This episode is a recording of a live interview held on stage at Blu Ventures' Cyber Venture Forum in February. A huge shoutout and thank you to the Blu Ventures team for putting together an awesome event. Bricklayer is building an AI-based agent to assist with security operations workflows. Before Bricklayer, Adam founded ThreatConnect which he led for over a decade. In the conversation we discuss his learnings from his experience at ThreatConnect, acquiring vs. building a new capability, and how he thinks about competition in the AI SOC space.Website: bricklayer.aiSponsor: VulnCheck

Amir is co-founder and CEO at Vorlon Security, which provides visibility and monitoring for SaaS app connections within an enterprise. For example, Vorlon can detect what other applications are connected to your Salesforce instance along with what data is flowing between each relationship. This helps security teams detect data exfiltration, data leakage, improper configuration, and more. Before Vorlon, Amir worked his way from a software developer into progressively more customer-facing roles, most recently as a Director at Palo Alto Networks. We kick off the episode talking about his early motivation to become a founder and how he led a decade of his career in pursuit of preparing himself for that role. Now, the team is continuing to focus on product and growth after raising $15 million last year from Accel and Shield Capital.WebsiteSponsor: VulnCheck

Josh Kamdjou is CEO and Founder of Sublime Security. Josh started Sublime after realizing just how easy it was for him to break into companies with phishing emails. He wanted to build a solution that better addressed the tailored environment of each organization such as historical data. Now the company has raised over $80 million from leading VCs such as IVP, Index Ventures, and Decibel. Before Sublime, Josh worked as a DoD hacker for 9 years.In the episode we discuss his emphasis on leveraging the attacker perspective, the fundamental difficulties of email security, his conviction in product-led growth, and more.Website: https://sublime.security/Sponsor: VulnCheck

Jon is co-founder and CEO of Halcyon, which is building an endpoint solution fully focused on anti-ransomware. Halcyon recently raised at a $1B valuation in 2024. Jon started his career in cybersecurity consulting for a decade before joining Cylance in 2014 as Chief Research Officer. After his stint at Cylance, in 2017 Jon founded Boldend, which was building offensive cyber capabilities to be used by the US intelligence community for information gathering and electronic warfare. Boldend was acquired by Sixgen three years after Jon stepped down as CEO to start Halcyon given the critical impact of ransomware on US companies.

Tushar was the CEO of Attivo Networks for a decade before selling to SentinelOne for $600 million dollars in 2022. Attivo Networks built deception technology which would trick attackers into attacking fake infrastructure. A common form of deception is a honeypot, which is an intentionally vulnerable server so defenders can gather information about attackers such as their IP address or attack techniques. Attivo provided comprehensive deception solutions and served five of the Fortune 10. In the episode we talk about Tushar's learnings from a decade at Cisco, the unique origin story of Attivo and its founders, and the sale process to SentinelOne.

Pete is CEO and co-founder of Realm Security, which is building a security data fabric to help companies manage their disparate log sources for monitoring tools. For companies spending millions of dollars every year on contracts with Splunk, Realm is the light at the end of the tunnel that can help them move to a cheaper SIEM tool. Pete started his career at Rapid7 after dropping out of college, and he worked his way through a variety of cybersecurity sales leadership roles since, including companies acquired by CarbonBlack and Cisco. In the episode we talk about his emphasis on moving roles for new learning opportunities, his obsession with customer problems rather than potential solutions, and how Realm's message is unique in a cyber ecosystem where vendors are always asking for CISOs to grow their budget. Website Sponsor: VulnCheck

In the spirit of the end of the year, I decided to put together some highlights from a handful of episodes over the course of 2024. This episode will feature a select few snippets from five different episodes over the course of the year including Chris from RADICL and LogRhythm, Gil from Orca, Chris from Veracode, Andy from BreachRx, and Kabir from Leen. There will be a mix of stories of unique crossroads, general entrepreneurial advice, and cybersecurity-specific challenges. Thank you to all the listeners this year! Sponsor: Vulncheck

Odysseas is co-founder and CEO of Phylax, a web3 security company building a security layer for blockchain-based protocols. Before Phylax, Odysseas worked at Nomad, a crypto exchange which suffered a $190M breach in August 2022. In the episode, we talk about his unique background as a developer relations manager, the approach law enforcement takes to recover funds in the wake of a crypto breach, the different attack surfaces for the web3 ecosystem, and more. If you are not a blockchain expert, do not worry, me neither. There are still plenty of interesting high level conversation points throughout!

Maksym is CEO and founder of Mantis Analytics, providing holistic security awareness to organizations through a social media monitoring platform. The tool combs media channels to identify risks to a customer's business and escalates alerts accordingly. I thought this would be an interesting opportunity to look at the broader security world to understand some parallels with pure cybersecurity. Maksym worked in business intelligence and product management for two decades before the Ukraine war inspired him to start something that would make a difference. In the episode we talk about the war events leading to the creation of Mantis, the pivot from a focus on solely disinformation, the problems with keyword searches with the growth of generative AI, and more.  Website Sponsor: VulnCheck

Ben is founder and CEO of watchTowr, building an external attack surface management tool (EASM) that performs automated penetration testing and red teaming activities. Before founding watchTowr in 2021, Ben worked as a security consultant for a decade focused largely on penetration testing. And as Ben describes in the episode, what started as a combination of cobbled together scripts from his previous experience has since grown into a comprehensive automation platform. Website: https://watchtowr.com/ Sponsor: VulnCheck

Uri is co-founder and CEO of Refine Intelligence, which is focused on anti money laundering and check fraud. Uri previously came on the podcast in 2022 and talked about the evolution of fraud prevention over the last 20 years. I re-released that episode back in August because I loved the story so much. At that time, we talked mostly about his previous company, BioCatch, which sold a majority stake to Permira earlier this year at a 1.3 billion dollar valuation. In this episode, we pick up the story with the evolution of fraud over the last few years, including why money laundering and check fraud still present such massive risk areas to banks. Website: refineintelligence.com Sponsor: VulnCheck

David is CEO and Founder of Naoris Protocol, which provides a blockchain-based mesh architecture for improved endpoint integrity. The company was founded in 2016 and has since raised over $30 million. Before Naoris, David was a cyber leader at a range of global companies including AT&T, Electronic Arts, London City Airport, and others. In the episode, we discuss his background discovering cybersecurity in a small farming village in Portugal and the real-world applications of blockchain technology which have yet to become popularized.

Oded is co-founder and CEO of Akeyless, which provides a vaultless secrets management platform for companies to manage their non-human identities. We will talk more about the vault vs. vaultless approach in the episode, but essentially the Akeyless design allows for a SaaS model which dramatically reduces time to value compared to often cumbersome vault implementation. Akeyless last raised a whopping $65 million dollar Series B in late 2022. Before Akeyless, Oded navigated a winding career parth from a Captain in the IDF working on identity management, to professional services, to product management at a B2C transportation technology company, and then finally back to identity management and Akeyless in 2018. Akeyless Website Thanks to our sponsor, VulnCheck!

Oz is co-founder and CEO of Opsin, which provides access control capabilities to LLM outputs ensuring users only get appropriate outputs based on their access level. The company was founded earlier this year, but they have already seen strong customer and investor interest given they are aimed at a key roadblock in making gen AI more available within the enterprise. Before Opsin, Oz worked in product management at high profile technology and security companies for most of the last decade, including Fireeye and Abnormal (where he met his co-founder James). In the episode we discuss everything from the origin story to the technical challenges of applying access control to these outputs and how to maintain current records despite a constantly changing access landscape. Website Sponsor: VulnCheck

Kabir is co-founder and CEO of Leen, which is creating a unified security API to enable simpler integrations of security tooling. As Kabir will immediately tell you, he has no background in cybersecurity. However, he does have extensive experience with growing partnerships and sales numbers in industries where he has no background. He worked in business development for the last 15 years across a variety of tech companies including NativeX, Kiip, and Typeform. As he tells in the episode, he very carefully and patiently assembled the founding team, and the problem Leen is addressing then emerged as the imperative from their extensive whiteboarding sessions. Now, after a hot start, the team is in the middle of key strategy decisions that will determine the future of the company. Website: Leen Sponsor: VulnCheck

This episode is a re-release of a conversation I had with Uri back in the beginning of 2022. It is truly one of my all-time favorites because of how well he illustrates the evolution of fraud prevention in financial services over time. Rest assured, he will be back on the show soon to talk about his new company which was in stealth at the time of this recording. His new company's website Our sponsor, VulnCheck!

Andy is CEO and co-founder of BreachRx, which provides incident response management tooling to help organizations respond effectively, consistently, and in accordance with legal requirements. Andy has a JD, an MBA, and a philosophy degree, which combine for a unique skillset. He worked in data breach litigation early in his career, and before starting BreachRx he was a Director for a government consulting group specializing in technology litigation. BreachRx ties together his experience across his career, as he is uniquely knowledgable about the legal complications that arise when managing cyber incidents. In the episode, we jump from the evolution of data privacy to the importance of dedicated communication channels for breach response to the personal liability of executives in cyber incidents. Website: BreachRx Sponsor: VulnCheck

Craig is co-founder and CEO of Bleach Cyber, which is building a product for small businesses to manage their holistic cybersecurity posture in a streamlined fashion. Before Bleach, Craig was COO and co-founder of Cyvatar which is a cybersecurity as a service offering for SMBs. Craig has 15 years of experience as a CISO or equivalent, including at companies such as Monster.com and Fujitsu. In the episode we touch on his journey from CISO to founder, the comparison of cybersecurity for extremely small businesses to B2C, and the strategy behind their go to market approach currently in-play. Website Sponsor: VulnCheck

Vivek is the CEO and co-founder of SquareX, which is building a Chrome extension to help users secure their web browser activities. Before SquareX, Vivek founded and led Pentester Academy, one of the leaders in online cybersecurity training. Pentester Academy was acquired by INE, which then led to the birth of SquareX. In the episode we discuss his story of learning penetration testing skills and building educational resources along with the pros and cons of offering an extension-based product compared to a complete browser as seen by others in the space. Website Sponsor: VulnCheck

Luigi is CEO and co-founder of Bfore.ai, which detects malicious infrastructure before it is used in an attack. The company has two products today under its broader pre-crime technology umbrella, and we talk about those in more detail during the episode. Prior to Bfore.ai, Luigi was a diehard Dell employee. He started in tech support and worked his way to become a VP for solution sales for the EMEA market. He then led EMEA sales for Quest software, which was a spinout from Dell. He left in 2017 after over two decades under the Dell family and thought he was retiring. However, a year later, he started Bfore.ai after a series of events he describes as serendipitous. In the episode, we discuss the unique founding story, what pre-crime technology entails, and the data supporting its relevance under a broader threat intelligence program. Website: Bfore.ai Sponsor: vulncheck.com

Liran is one of the founding partners at Team8, one of the most preeminent investors in Israel with over one billion dollars under management. Team8 started in 2014 with a focus on cybersecurity and enterprise technology, and it has since evolved to include investments in fintech and healthcare as well. Before starting Team8, Liran was in Unit 8200 and then worked in product-focused roles at two high-growth tech companies. In the episode we discuss his story of starting such a successful fund at a young age, the opportunity they saw in a foundry model in Israel, and the areas of cybersecurity that can support standalone public companies as opposed to just acquisition targets. Team8 website: team8.vc Sponsor: vulncheck.com

Gil is co-founder and CEO of Orca Security, one of the leading cloud security platforms on the market today. The company was last valued at 1.8 billion dollars in late 2021. Orca has 8 co-founders, and Gil started as Chief Product Officer before taking the CEO reins last year. We talk more about this dynamic in the episode. Before Orca, Gil worked at Check Point for a decade where he gained experience across a variety of different cutting-edge domains including mobile security, advanced threat protection, and cloud gateway. In the episode, we discuss the commoditization of the CSPM space, the relevance of AI in cloud security remediation, and the strategy for Orca moving forward including regional expansion. Orca Website: orca.security Sponsor: vulncheck.com

Chris is co-founder and CTO of Veracode, an application security powerhouse which was last valued at 2.5 billion in march 2022. The company was founded in 2005 as a code review automation platform, and it has since evolved to be one of the gold standard application security tools. Before founding Veracode, Chris worked as a security researcher and engineer for a decade where he grew frustrated with the manual source code review process. In the episode, we discuss how long it took Chris to believe he had really created something special, the important technical decisions the team made both early on and later in the company's life, and how the DevSecOps movement and new entrants impacted Veracode's market positioning. Veracode: https://www.veracode.com/ Sponsor: https://vulncheck.com/

Shashank is CEO and co-founder of Uno.ai, which is building an AI platform for managing GRC activities such as knowledge base usage and audits. I interviewed Shashank on the podcast back in November 2022, and at the time Uno was focused on using AI to automate activities in the SOC. The AI world has changed a lot since November 2022. The company has since pivoted, and in this episode we focus on what triggered the change in vision, what was wrong with the previous solution, and what is attractive about this new GRC use case. Website: https://uno.ai/ Sponsor: https://vulncheck.com/ Previous Episode with Shashank (November 2022): Apple Podcasts

Mike is the CEO and founder of Evo Security, which is building an Identity and Access Management (IAM) solution specifically designed for Managed Service Providers (MSPs). He started the company back in 2018 after leaving behind a private equity fund focused on oil and gas. In the episode, we discuss his transition into cyber from the energy world and what makes Evo uniquely positioned to serve the needs of MSPs given the variety of IAM solutions available on the market today. Evo Security Website: https://www.evosecurity.com/ Sponsor: https://vulncheck.com/

Diana Kelley is the Chief Information Security Officer (CISO) for ProtectAI. She also serves on the boards of Women in Cybersecurity, The Executive Women's Forum, InfoSec World, CyberFuture Foundation, TechTarget Security Editorial, and DevNet AI/ML. Diana was Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), a Manager at KPMG, CTO and co-founder of SecurityCurve, and Chief vCISO at SaltCybersecurity.In the episode, we talk about her involvement with all of these different groups and how that has changed over time, plus how and why she arrived at ProtectAI. She also talks about the ProtectAI product strategy and how their different products play into their broader vision for AI security. Website: protect.ai Sponsor: VulnCheck - vulncheck.com

Ben is a serial entrepreneur, and his latest company is right in the middle of an exciting battle between the progress of AI and the defense capabilities to ensure its unethical uses are limited. Ben is CEO and co-founder of RealityDefender, which provides deepfake detection capabilities to determine if visual and audio media is AI generated. This is incredibly relevant right now, as there are news headlines every week with exploits featuring deepfake content. Before RealityDefender, Ben founded Covertix, a data protection company he sold after just a year. Before that, he had experience in banking and with another startup which leveraged blockchain for voting. In the episode we dive into the current world of deepfakes and deepfake detection, along with how RealityDefender is positioned in this space.

Greg is CEO and co-founder of Ghost Security, which is an API and application security platform providing contextualized risk awareness of a company's cloud application profile. Ghost is Greg's third company. He previously founded JASK, a SOC automation tool, which he sold to Sumo Logic in 2019. Before JASK, he founded Anomali, which was an early threat intelligence platform. The company is still alive and strong today, and he still sits as an advisor. In the episode we discuss some of the key inflection points with each of his companies, the challenges inherent with being a category creator, and the value resulting from his role as an angel investor in the ecosystem. https://ghost.security/

Chris: Co-founder, CEO, and CTO of RADICL, which is building an AI SOC analyst Was co-founder of LogRhythm, which sold to Thoma Bravo in a rumored billion dollar deal Check out the episode for our discussion on building with friends and family, collecting enough data to develop an effective AI SOC analyst, and what it took for him to take the leap to start his first company.

Walter: Founder and CEO of StackAware, which started as a vulnerability management tool and is now an AI risk consulting company Creator of the popular security blog "Deploy Securely" that started his entrepreneurial journey Worked in the National Counterterrorism Center for two years Check out the episode for our discussion on his pivot away from the initial product to a services model, why that might change in the future, and the role of his security blog Deploy Securely in growing StackAware. blog.stackaware.com stackaware.com

Rick is CEO of Tidal Cyber, which delivers threat-informed defense to enable security teams to protect against the threats most relevant for them. In the episode we discuss his journey from MITRE, the value of design partners, and how their teams thinks about classifying threats. This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team! https://www.tidalcyber.com/

Brian is CEO of Kion, which provides centralized cloud management including compliance, financials, and setup. In the episode we discuss Brian's transition from consulting and how the team thinks about security as just one portion of their solution. This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team! https://kion.io/

Marcos is CFO of Huntress Labs, which provides managed EDR services for SMBs. In the episode we discuss Marcos's role as CFO and why Huntress decided to focus on SMBs.This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team! https://www.huntress.com/

Mike is CEO of SecureG, which is building cryptography solutions for communications infrastructure. In the episode we discuss their work with root of trust solutions and how the company is evolving towards more unique technology in building a PKI trust infrastructure for wireless.This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team! https://secureg.io/

Robert is CEO of Adlumin, which sells a suite of cybersecurity tools designed to be more accessible for SMBs. In the episode we discuss his story building Adlumin while he was getting his MBA and how he navigates channel partners.This episode was recorded live at Blu Ventures' Cyber Venture Forum event in October. Thank you again to the Blu team! https://adlumin.com/

Eitan: CEO and co-founder of Mobb, applying automatic code remediation fixes for vulnerabilities from static code scans Previously head of product for HCL AppScan (spun out of IBM) Worked at IBM for 12 years despite previously deciding to avoid working at a big company https://mobb.ai/

Henry: Partner at Dawn Capital, which recently raised the largest early stage tech fund in Europe at $700M Previously worked at the Ministry of Justice in the UK Started his career as a consultant with Farsight Consulting Check out the episode for our discussion on regional differences between European cybersecurity markets, expansion overseas, and more.

Mariana: Co-founder and CEO of Kikrr, providing on-demand opportunities for cybersecurity practitioners to try new products Previously founded a digital marketing agency Started her career working as a teacher Check out the episode for our discussion on transitioning to a cybersecurity founder from teaching, building a two-sided marketplace, and monetizing sales teams as opposed to cybersecurity practitioners.https://kikrr.io/

Snehal: Co-founder and CEO of Horizon3, providing autonomous penetration testing capabilities Ex-CTO of Joint Special Operations Command (JSOC) Ex-CTO of Splunk Worked under CIO at GE Capital Worked under CTO at IBM Check out the episode for our conversation about veterans in cybersecurity, how Snehal applied lessons from JSOC to Horizon3, how Snehal thinks about being a late-career founder, and more!horizon3.ai

Kunal: Founder and CEO of dope.security, building a secure web gateway solution that makes security practitioners say "that's dope" Previously worked in product management at Symantec and then Forcepoint Produces animated videos on Youtube which have gained over 60M views Check out the episode for our conversation on co-founder compatibility, secure web gateways vs. secure browsers, what it means to build a "dope" product, and more.https://dope.security/

Andrew: CEO and founder of Greynoise, providing threat intelligence classifying standard internet noise Previously worked on the R&D team at the cyber intelligence company Endgame (later acquired by Elastic in 2019) Dropped out of high school and never finished or attended college Check out the episode for our conversation on the cybersecurity equivalent of waiting tables, the merits of a high school diploma, and the mechanisms behind the Greynoise threat intelligence model. https://www.greynoise.io/

Anthony: CEO and founder of VulnCheck, going beyond just vulnerabilities to share exploit intelligence Previously founded FlawCheck, one of the original container security companies, which he sold to Tenable Previously founded Appthority, an early mobile app security company, which was acquired by Symantec Check out the episode for our conversation on his lessons and themes after founding three companies and why he completely ignores the competitive landscape.https://vulncheck.com/

AJ: Director of the Geopolitics, Technology, and Governance program at the Stanford Cyber policy center Previously Senior Director for Cybersecurity Policy at the White House from 2015 to 2017, covering two administrations Was an adviser for Secretary of Commerce Penny Pritzker on cybersecurity measures Senior staff on the Senate Intelligence Committee overseeing budget and operations for NSA Started his career as a National Security Analyst at the Center for American Progress in 2003 In the episode we discuss everything from the effectiveness of our legislators in addressing high tech areas, partisan dynamics of cybersecurity, key focus areas for policy, and the effectiveness of recent policy like the Cyber Trust Mark and the CSRB review of Microsoft. Cyber Trust Mark Cybersecurity Review Board Review of Microsoft:

Brian: Principal at TLV Partners focusing on enterprise software and cybersecurity, joined when the fund first started in 2015 Previously worked at Square Peg Capital also in Israel Born in South Africa and worked in Australia for Grant Thornton before moving to Israel for Square Peg In this episode Brian and I discuss the Israeli cybersecurity startup ecosystem. Given the number of founders I interview from Israel, I thought it would be valuable for the audience and myself to dive deeper. We discuss everything from the importance of Hebrew to the revolving door between government and the commercial sector. https://www.tlv.partners/

Neatsun: CEO and founder of Ox Security, providing prioritization insights for software supply chain vulnerability management Previously VP at Checkpoint for a decade Founded Vanadium, an EDR company, which he ran for 8 years Check out the episode for our discussion on his lessons from Vanadium applied to Ox and how threat modeling applies to the software supply chain. Links: https://www.ox.security/ https://pbom.dev/

This is a rerun of an episode recorded in July 2021. In the episode, Bruce and I discuss his views on AI and how it may fundamentally change the security landscape for attackers and defenders. He mentions the key steps we need to take as a society to best guide AI innovation. Two years later, it is interesting to reflect on how we have performed according to his guidelines.

Tom: CEO and Founder of NetRise, identifying vulnerabilities in firmware through building SBOMs Ex-VP at Blackberry after the Cylance acquisition Previously worked as a cyber analyst at the US Strategic Petroleum Reserve where he first learned about the gaps in IoT security solutions Check out the episode for our discussion on software vs. firmware SBOMs, whether tools are valuable if there are no clear remediation steps, and how IoT is addressed differently than other device types. https://www.netrise.io/