Secure Ventures with Kyle McNulty

Brian Pontarelli is co-founder and CEO of FusionAuth. FusionAuth helps companies easily roll authentication workflows for their public facing applications. For example, FusionAuth is an alternative to writing custom code for user creation and multi-factor authentication login for a new web application. FusionAuth is entirely bootstrapped, and the company has successfully become a legitimate enterprise option for customer identity. Before FusionAuth, Brian started CleanSpeak, one of the original companies for profanity filters in chat interfaces. Brian is still the CEO of both businesses, and he tells the story of how the two tie together in our conversation.Website

Kamal is co-founder and CTO at Andromeda, which is building an identity management solution to help companies better understand their identity footprint and manage excessive permissions across disparate platforms. Kamal uses the term "digital incarnation" which resonated with me given the number of accounts a single human may have across different platforms. Kamal worked as an engineer and engineering leader for two decades across Oracle, Ebay, and Paypal before starting Andromeda in 2023. In the episode, we start by discussing his experience working as an offshore developer in India and how that influences his own perspective on leveraging offshore teams today. We also cover the cultural differences at eBay and Paypal, how that influenced his security mindset, the origin story of Andromeda, and the future of identity.

This episode was recorded live at the Dreamit Cyber Founders Summit during RSA. Huge thanks to the Dreamit team for including me during their inaugural event!David Cass is the CISO at GSR, which is a cryptocurrency market maker. For the finance uninitiated, that basically means they buy and sell cryptocurrencies in large volumes to then buy and sell to other parties. As a result, David's role entails a lot more than the average CISO. As he will mention, it is his job to secure GSR's corporate IT like any CISO, but he also has to sign off that the cryptocurrencies they are trading are secure enough to hold a financial position without undue risk to the company. David therefore has one of the most advanced perspectives on the cybersecurity controls for cryptocurrencies. In the conversation we discussed his views on the productization of web3 security, cryptocurrency regulation, and the successes behind his CISO community CISOs connect.GSRDreamit

Rehan is CEO and founder of Securiti AI, which is providing a data command center to help organizations secure and enable their data for AI use cases. Rehan as an incredible track record which we discuss in more detail on the episode. He sold his first company for $180 million, and his second company for $280 million. Securiti AI has already raised $180 million to date from top tier investors, and they are geared up for an even bigger number. I was incredibly impressed with his track record identifying landmark technology trends and then building differentiated businesses with tailwinds from those trends. In the episode we walk through how each of these experiences built on one another, the rationale for each business, and how Securiti AI is positioned at the intersection of three of the most pivotal technology growth areas: data, AI, and cybersecurity.

Raj is CEO and co-founder of Blueflag, which helps ensure developers only have the access permissions needed for their roles, reducing risk of excess exposure. Raj started his career as an engineer and then in marketing at Adobe and VMware before taking on a COO role at Cloudknox, which they later sold to Microsoft. Raj took his lessons from working with identity at Cloudknox and applied them to designing Blueflag while paying attention to the nuanced differences for the development lifecycle. In the episode we discuss his core tenets of successful marketing in cybersecurity, the promise and challenges of cloud infrastructure entitlements management, the value of his time as an entrepreneur in residence, and how he has constantly reevaluated strategy at Blueflag informed by his previous experience.Website

Luke is Chief Product Officer and co-founder at Semgrep. Semgrep performs static application security testing, a form of code analysis, and has grown to become one of the mainstay application security tools on the market over the last eight years. Luke started Semgrep after three years at Palantir as a software engineer and product manager, and this episode really helped drive home the supportive community amongst former Palantir employees. In the discussion we cover his early entrepreneurial efforts such as modifying Xboxes, the 17 different product variations they tried before the current form of Semgrep, and how he thinks about the innovator's dilemma as a growth-stage company in a vertical being disrupted by AI.Website

Rick Howard, former Chief Security Officer at Palo Alto Networks, shares his extensive insights on cybersecurity. He discusses the shift from corporate to startup perspectives and the essential themes for entrepreneurs and investors. Howard critiques traditional risk assessment methods and advocates for a dual approach in managing cybersecurity risks. He also highlights the transformative role of artificial intelligence and emphasizes the importance of curated cybersecurity literature, including key reads like 'The Phoenix Project,' for professionals in the field.

This episode is a recording of a live interview held on stage at Blu Ventures' Cyber Venture Forum in February. A huge shoutout and thank you to the Blu Ventures team for putting together an awesome event. Bricklayer is building an AI-based agent to assist with security operations workflows. Before Bricklayer, Adam founded ThreatConnect which he led for over a decade. In the conversation we discuss his learnings from his experience at ThreatConnect, acquiring vs. building a new capability, and how he thinks about competition in the AI SOC space.Website: bricklayer.aiSponsor: VulnCheck

Amir is co-founder and CEO at Vorlon Security, which provides visibility and monitoring for SaaS app connections within an enterprise. For example, Vorlon can detect what other applications are connected to your Salesforce instance along with what data is flowing between each relationship. This helps security teams detect data exfiltration, data leakage, improper configuration, and more. Before Vorlon, Amir worked his way from a software developer into progressively more customer-facing roles, most recently as a Director at Palo Alto Networks. We kick off the episode talking about his early motivation to become a founder and how he led a decade of his career in pursuit of preparing himself for that role. Now, the team is continuing to focus on product and growth after raising $15 million last year from Accel and Shield Capital.WebsiteSponsor: VulnCheck

Josh Kamdjou is CEO and Founder of Sublime Security. Josh started Sublime after realizing just how easy it was for him to break into companies with phishing emails. He wanted to build a solution that better addressed the tailored environment of each organization such as historical data. Now the company has raised over $80 million from leading VCs such as IVP, Index Ventures, and Decibel. Before Sublime, Josh worked as a DoD hacker for 9 years.In the episode we discuss his emphasis on leveraging the attacker perspective, the fundamental difficulties of email security, his conviction in product-led growth, and more.Website: https://sublime.security/Sponsor: VulnCheck