Email impersonation isn’t as flashy as other threat vectors.And yet, it’s one of the most abused attack vectors in the world.

In this episode of Scaling Cyber, I sat down with Sacha Matulovich, Co-Founder and Chief Strategy Officer of Sendmarc, to unpack how a company born in South Africa built a global business around one of cybersecurity’s most overlooked — and most critical — problems: email domain impersonation and DMARC compliance.

This conversation isn’t just about email security.It’s about distribution, go-to-market discipline, and what it really takes to scale a cybersecurity company from outside the usual power hubs.

🎧 Listen to the full conversation on Scaling Cyber: 👉 YouTube | Spotify | Apple Podcasts

From Email Marketing to Cyber Defense

Sendmarc didn’t start as a “cybersecurity idea” in the traditional sense.

Its founders came from the email marketing world, where delivering billions of legitimate emails forces you to deeply understand how email infrastructure actually works.

That background created a unique perspective:

If you truly understand how email is delivered, you also understand how it’s abused.

When Sacha’s co-founders discovered DMARC — the global standard that prevents email domain spoofing — they saw both a security gap and a market gap.

The problem?DMARC is powerful, but painfully complex.

“The world doesn’t need to understand all the acronyms,” Sacha explains.“They just need their domain to not be weaponized.”

That insight became Sendmarc’s core strategy:Do the dirty dishes so customers don’t have to.

Building from South Africa

Unlike many startups, Sendmarc didn’t begin with a grand vision of global domination.

They started local:

* Talking to customers they could meet face-to-face

* Selling on day two

* Getting immediate feedback on value, pricing, and pain

Only later did reality hit:This wasn’t a regional problem.

Within the first year, Sendmarc had customers in more than 10 countries.

“Whether we liked it or not, we had built a global business.”

South Africa, often seen as a disadvantage, became an unexpected strength:

* Founders used to solving hard problems

* Limited local market forcing early efficiency

* A global diaspora that helped open doors abroad

Education Before Enforcement

Sendmarc entered the market before DMARC became mandatory.

That meant years of:

* Explaining why the problem existed

* Proving that impersonation was real

* Convincing buyers before Google, Microsoft, and Yahoo forced compliance

One early GTM trick?They demonstrated the attack.

“If I can send an email pretending to be you — and it lands — the value becomes obvious immediately.”

Later, when big tech enforced DMARC, the conversation shifted:From education to execution.

And Sendmarc was ready.

Distribution as a Strategy

One of the most valuable parts of this conversation is Sendmarc’s channel journey.

They didn’t chase every route at once.

They layered it deliberately:

* Direct sales to validate value and pricing

* MSPs and resellers to scale reach

* Distributors — once GTM maturity existed

* OEM partnerships for massive distribution leverage

Crucially, Sendmarc made a hard decision early:They would be partner-first, even if it meant giving up margin.

“We chose trust over short-term revenue.”

That clarity allowed partners to invest confidently — and helped Sendmarc scale without building a massive direct sales force for a relatively low-ACV product.

Why Some Distributors Work — and Others Don’t

Sacha is refreshingly honest about distribution:

* Big distributors aren’t always the answer

* If you don’t matter to their revenue, you don’t matter at all

* Commitment must go both ways

One of Sendmarc’s most successful partnerships started with a simple rule:Skin in the game on both sides.

A funded head.A minimum commitment.Shared accountability.

The result?Focus, execution, and growth.

DMARC as a GTM Superpower

DMARC has a unique property most cybersecurity sectors don’t:Everything is visible in DNS.

That means Sendmarc (and its partners) can:

* See which domains are vulnerable

* Know which competitors are in place

* Track failures and history over time

This turns security telemetry into a go-to-market engine.

Instead of cold outreach:

“We can see your problem… and we can fix it.”

For Sendmarc, DMARC isn’t just a security control.It’s a sales accelerator.

OEM Partnerships and Earning a Seat at the Table

Landing OEM partnerships with global vendors — including Sophos — didn’t happen overnight.

Sacha’s explanation is simple, and brutally honest:

* They worked harder than competitors

* They were flexible

* They over-delivered

* They showed up in person

“What we lacked in brand, we made up for in effort.”

In cybersecurity, trust still happens face-to-face.Flights, conferences, awkward first meetings — all part of the cost of scale.

Focus Over Expansion

Despite growth, Sendmarc has resisted the temptation to become “everything email security.”

Their strategy is clear:

* Be the best in anti-email impersonation

* Expand carefully into adjacent problems

* Solve distribution, not just technology

As Sacha puts it:

“DMARC isn’t a technology problem anymore. It’s a distribution problem.”

The Real Lesson: Get Out of Your Comfort Zone

One of the most human moments in the episode comes when Sacha describes attending his first cyber conference in London.

No friends.No recognition.No shortcuts.

“It felt like standing alone at a bar, hoping someone would talk to you.”

Years later, those same conferences feel very different.

The lesson?Community matters.Relationships compound.And growth is uncomfortable — until it isn’t.

Final Takeaways for Cyber Founders

* Not all important problems are sexy but they can be massive

* Distribution is a strategy, not a checkbox

* Partner trust beats short-term margin

* Being early means educating; being ready means executing

* If you’re building outside the big hubs, effort is your unfair advantage

Thanks for reading Scaling Cyber! Subscribe for free to receive new posts and support my work.

🎙️ About the Episode This conversation is part of Season 1 of Scaling Cyber — the show where founders and leaders from outside the US and Israel share how they’re building global cybersecurity companies.

Host: Ignacio Sbampato — cybersecurity executive, former Chief Business Officer at ESET, and founder of BridgerWise. Guest: Sacha Matulovich, CEO & Co-Founder of BforeAI.

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com

The cloud promised speed, scale, and efficiency.

What it didn’t promise — but absolutely delivered — is complexity. And inside that complexity hide the blind spots that attackers love more than anything else.

Most companies think they’re secure.

They have a CSPM. They have a CNAPP. They follow compliance.

Their dashboards are green.

And yet, they still get hacked.

In this episode of Scaling Cyber, we sat down with Kennedy Torkura and Nils Karn from Mitigant, a Berlin-based startup built around a simple, uncomfortable truth:

Security tools often overestimate how safe you really are.

Mitigant exists to validate whether they’re actually working.

🎧 Listen to the full conversation on Scaling Cyber: YouTube | Spotify | Apple Podcasts

From Academia to Builders: How Mitigant Was Born

Mitigant wasn’t born in a boardroom.

It started inside the Hasso Plattner Institute, one of Germany’s most respected engineering and tech research centers.

Kennedy and his co-founders spent years researching security chaos engineering, cloud risk modeling, and adversarial testing. Nils approached the space through a different lens: understanding how sensitive data, especially in education systems, required real-proof security, not assumptions.

When they compared their findings with what real companies were doing, the gap was striking:

What companies should be doing in the cloud versus what they actually do was nowhere close.

That gap became their mission.

Why the Cloud Is Full of Blind Spots

Cloud security today is dominated by CSPMs and CNAPPs. Powerful tools, but limited by their perspective. They analyze configurations. They enforce policies. They show you a static picture.

What they don’t do is test whether their findings hold up in reality.

As Kennedy put it:

“Defenders remain biased by their own systems. Attackers aren’t.

Their job is to find the gaps — the things you never thought about.”

Mitigant flips the model:

Instead of asking “Are we compliant?”

They ask: “If an attacker tried today, would they succeed?”

This shift in mindset — from defensive to adversarial — is what they call Cloud Attack Emulation, a category they had to create because nothing in the market truly fit what they were doing.

Continuous Cloud Attack Emulation: More Than BAS, More Than CNAPP

Mitigant performs continuous, automated attack scenarios inside your cloud or Kubernetes environment. Safely and in controlled conditions.

It’s not BAS.

It’s not CSPM.

It’s not red teaming.

It’s the glue between them, validating all of them.

Think of it as the missing half of your cloud security program:

* CSPM tells you what looks wrong.

* Mitigant tells you if attackers can actually exploit it.

* CNAPP shows potential attack paths.

* Mitigant tests if those paths are real and whether detection works.

* Your SOC thinks alerts are configured correctly.

* Mitigant proves whether the alert actually fires.

The term the founders love is “assumed breach mentality.”

Nils described it well:

“German companies especially think: ‘We have processes, we have guardrails, nothing can go wrong.’

And then you run our tests… and four or five attacks still make it through.”

Why European Enterprises Take So Long to Try New Security Tech

This episode also highlights a huge difference between the US and Europe.

In the US:

Companies buy the vision, try it fast, measure, and move on.

In Europe:

Companies want proof: upfront, extensive, and from multiple stakeholders.

Mitigant learned this early.

They didn’t want to run POCs at first, but it became unavoidable.

A German company buying a new security tool usually means:

* 3–6 month POC

* 12 months buying process

* Multiple internal stakeholders

* A long chain of technical validation

As Nils put it bluntly:

“German companies invest billions into cybersecurity —

but almost zero into cybersecurity startups.”

Yet Mitigant found its momentum anyway.

Scaling From Berlin: Japan, the Gulf, and What Comes Next

One of the most surprising decisions in Mitigant’s growth has been their choice of expansion markets.

Instead of jumping straight to the US, they went to:

* Japan, partnering with Future Spirits

* The Gulf region, especially around emerging AI security initiatives

Why Japan?

Quality. Detail. Service-oriented thinking.

It mirrors German engineering culture.

Why the Gulf?

A race to build the world’s fastest AI-driven digital economies — with massive investments in cloud, new datacenters, and AI safety.

Mitigant’s continuous validation fits perfectly into both worlds.

AI Attack Emulation: The Next Frontier

Perhaps the most exciting part: Mitigant is now applying its methodology to AI systems.

As companies deploy LLMs, fine-tune models, or adopt managed AI services like Amazon Bedrock, new vulnerabilities emerge:

* Data poisoning

* Prompt manipulation

* Unauthorized model access

* Data exfiltration through AI workflows

Most AI security tools claim full visibility.

But as Kennedy explains, the gap between marketing claims and technical reality is… big.

Mitigant is injecting adversarial tests directly into AI pipelines — bringing “assumed breach” into the world of machine learning.

What Success Looks Like for Mitigant

The next year is all about:

* Growing their enterprise customer base

* Solidifying their category

* Deepening AI security capabilities

* Strengthening partnerships (MSPs, global integrators, cloud-native consultancies)

* And getting Series A ready

Their biggest technical ambition?

Building an offensive security IDE: a platform where companies can craft their own cloud or AI attack scenarios with ease.

Democratized red teaming, continuous validation, real-world resilience.

Key Takeaways for Cyber Founders & Leaders

1. Tools don’t guarantee security — validation does.

Dashboards lie. Adversaries don’t.

2. Blind spots grow in complexity.

Cloud, Kubernetes, microservices, and AI multiply attack surfaces.

3. Europe’s GTM path is longer — but not impossible.

Mitigant is proving cyber companies can scale from the DACH region.

4. Assumed breach is not a slogan — it’s a mindset shift.

Real security leaders think like attackers, not auditors.

5. AI security will be the next great frontier.

And the winners will be those who treat AI like a dynamic system, not a static asset.

About the Episode

This interview is part of Season 1 of Scaling Cyber — the show spotlighting cybersecurity founders and innovators outside the US and Israel, where global growth stories often go untold.

Host: Ignacio Sbampato — cybersecurity executive and founder of BridgerWise

Guests: Kennedy Torkura & Nils Karn — Co-Founders of Mitigant

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com

When organizations talk about cybersecurity, they usually talk about the tools: EDR, SIEM, AI detection, automation.But behind nearly every breach, one constant remains: people still click.

For decades, the industry has tried to fix that with templated phishing simulations that are often outdated, unrealistic, and far removed from the real attacks employees receive daily.

But what if cyber security awareness could finally match reality?

That’s the thinking behind OutKept, the Belgian startup reinventing human risk management through a global community of ethical phishers: people competing to create the most effective, local, and credible phishing emails possible.

In this episode of Scaling Cyber, Simon Bauwens shares the journey behind this unconventional approach, the impact of hyper-local content, and why community + incentives may be the missing piece in cybersecurity awareness.

🎧 Listen to the full conversation on Scaling Cyber: YouTube | Spotify | Apple Podcasts

The Problem No One Talks About: “Bad Awareness Creates Bad Reflexes”

Simon puts it simply:

“If you do phishing simulations poorly, you’re actually making people worse at spotting attacks.”

Most platforms rely on generic templates:

* outdated brands

* broken language

* AI-translated content

* little connection to local culture

* scenarios attackers stopped using years ago

Employees learn to spot these emails, not the ones that actually hit their inbox.

OutKept’s answer?👉 Create a system where phishing emails evolve as fast as attackers do.

Not through algorithms.Not through templates.But through a community of humans competing — and getting paid — to craft the most credible phishing campaigns possible.

Inside the Ethical Phishing Community

The idea sounds bold because it is. Inspired by bug bounty logic, OutKept built a marketplace where:

* ethical “phishers” submit phishing emails

* emails are ranked by real-world success

* high-performing ones get paid more

* the best content survives, like natural selection

Local specificity is the superpower.Phishers create content tied to regional storms, elections, strikes, banks, slang, holidays, and all the cultural nuance attackers exploit.

The result is training that looks dangerously real because it’s created by the same kind of minds who would write real phishing campaigns, just operating ethically.

Europe’s Linguistic Chaos: A Hidden Advantage

One of the biggest complaints about phishing platforms?Language quality.

In Europe alone:

* Belgium has three official languages

* Flemish ≠ Dutch (Netherlands)

* Walloon French ≠ France French

* Baltic languages have tiny populations

* AI still misses regional nuance and tone

Big vendors don’t prioritize small languages.Communities do.

That’s why OutKept’s model resonates from Poland to Spain to the Baltics — markets where cyber vendors often deliver poor localized training.

Sometimes, being born in fragmented Europe is actually an advantage.It forces you to build global-first from the start.

Building a Cyber Startup in Belgium’s Rising Tech Ecosystem

Simon didn’t start in cybersecurity.His background spans sociology, automation, and consulting.He wanted a product, a co-founder, and a big problem to solve.

COVID brought him together with Dieter, who had a cybersecurity background.Their brainstorming sessions blended ideas on community, automation, and human behavior, eventually converging into what became OutKept.

Belgium wasn’t the reason they started in cyber, but being in Ghent helped them grow.A vibrant tech ecosystem, increasing attention to cybersecurity, and proximity to European markets made expansion easier.

Today, OutKept already delivers simulations in 86 countries — proof that European cyber companies can scale far beyond their borders.

Competing in a Red-Ocean Market

Human risk is one of the noisiest cybersecurity categories.Huge incumbents.Aggressive competitors.Crowded feature sets.

Simon learned quickly:

* competitors get hostile when they feel threatened

* legal letters and targeted ads are part of the game

* “thicker skin” is a necessary founder trait

* but collaboration still exists — and matters

At industry events, founders take selfies and share insights.Behind closed doors, they battle for market share.

OutKept’s differentiation — community, gamification, local realism — gives them a unique angle in a market crowded with commoditized products.

AI vs Human Creativity: What Happens Next?

Everyone in cybersecurity is asking the same question:Will AI disrupt awareness training?

Simon’s view is pragmatic:

* Real attackers already use AI.

* So do OutKept’s phishers.

* AI can generate content, but not context.

* The future belongs to humans using AI as a tool, not the other way around.

Instead of building one “AI phishing engine,” OutKept enables hundreds of people to use AI creatively, competing to outsmart each other.

Community beats templates — and may beat pure AI too.

Scaling OutKept Across Europe (and Beyond)

OutKept is expanding thoughtfully:

* Partners in Belgium and Poland (including a distributor assigning dedicated account managers)

* Early traction in Spain

* Growing interest across the Baltics, Central Europe, and Ukraine

* Preparing to cover more of Southern Europe & the Netherlands

Their strategy is clear:Awareness alone rarely works as a standalone tool.Strong channel partners integrate OutKept into a broader security service offering — combining local relationships with OutKept’s global platform.

Advice to Other Cyber Founders

Simon’s message to other founders is one that many overlook:

“Get out of your office. Go to events.The conversations give you energy and the best market intelligence.”

When the bank account looks scary…When competitors send legal threats…When a deal is lost at the last minute…

Meeting real people who believe in what you’re building gives you the momentum to keep going.

That psychological fuel often matters more than strategy frameworks or pitch decks.

The Opportunity Europe Shouldn’t Miss

Europe loves regulations — sometimes too much.But Simon sees a silver lining:

* NIS2 is pushing organizations toward real cybersecurity maturity

* Regulation creates opportunity for startups that can help companies comply

* Just like GDPR became a global benchmark, NIS2 may shape global awareness standards

The challenge?Europe regulates faster than it innovates and invests.To truly compete with the US and China, it needs both.

About the Episode

This conversation is part of Season 1 of Scaling Cyber — the show spotlighting founders and leaders building cybersecurity companies outside the US/Israel bubble.

Host: Ignacio Sbampato — cybersecurity executive, former Chief Business Officer at ESET, and founder of BridgerWise.Guest: Simon Bauwens, CEO & Co-Founder of OutKept.

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com

Most cybersecurity companies build for enterprises. Some build for governments. Very few build for telcos — and even fewer manage to transform telco networks into massive cybersecurity distribution engines.

Whalebone did exactly that.

Founded in Brno almost a decade ago, Whalebone spent years growing steadily — 100% YoY, every year, for nine years straight — before hitting a global inflection point. Today, the company is on track to reach a milestone that only a handful of cybersecurity players have ever touched:

👉 Protecting one billion people through network-level security.

In this episode of Scaling Cyber, Richard Malovic shares how a mix of “productive naivety,” relentless ambition, and obsessive customer listening turned Whalebone into one of Europe’s most globally scaled cybersecurity vendors.

🎧 Listen to the full conversation on Scaling Cyber: YouTube | Spotify | Apple Podcasts

The Origin Story: When Not Knowing the Rules Becomes an Advantage

Richard is the first to admit something unusual:

He entered cybersecurity without a cybersecurity background.His co-founder, Robert, brought the technical expertise, but Richard came from an entirely different world — steam and gas turbines at Siemens, selling machinery across continents.

That outsider mindset became a superpower.

Where many cyber founders look at industry norms as constraints, Richard simply didn’t know those constraints existed — and therefore ignored them.

“I didn’t know the traditional schemes. I didn’t ask too much around.That naivety was the key.”

Instead of following industry playbooks, Whalebone followed its customers.

The Telco Pivot That Changed Everything

Whalebone started by offering threat intelligence. They could have stayed there — consulting, selling data, or building a firewall or endpoint product.

But conversations changed the trajectory.

Small ISPs told them:👉 “Take your threat intelligence and filter my DNS traffic.”Large telcos like Telefónica and América Móvil told them:👉 “Your technology could power security for every SIM card and every household.”

That feedback sparked the model Whalebone is famous for today:

DNS-level protection delivered through telcos — not as cost, but as a revenue-generating service.

This shift also transformed their business model from licenses into consumption-based economics, perfectly aligned with how telcos operate.

Few cybersecurity companies have ever achieved this level of integration and adoption in telco infrastructure.

Scaling to 1 Billion: The Vision Becoming a Mission

Whalebone’s core idea is simple but audacious:

Protect everyone connected to a network — without installing anything.

Because the protection sits at the DNS and network layer, Whalebone can shield:

* Consumers

* Small businesses

* Enterprises

* Government users

* Entire populations

Richard reveals that within months, Whalebone’s customer telcos will collectively serve 1 billion people — meaning the infrastructure will be in place to protect them all.

Not all will be activated on day one. Penetration happens progressively.But the vision has officially transitioned into an execution mission.

Why Growing Up in Czechia Helped — But Not How You Think

Czechia is known for cybersecurity successes — AVG, Avast, ESET (where Ignacio built a major part of his career). But Richard doesn’t attribute Whalebone’s growth to that legacy.

He attributes it to ambition and confidence.

Technical founders in Europe often self-limit, he says, but US and Israeli founders don’t — and neither did Whalebone.

“Positive examples are the most important.Europe needs ambition and confidence more than anything else.”

Being from Czechia helped in one meaningful way:Brno has a long tradition of international trade, and Richard simply treated cybersecurity the way he treated turbines — no borders, no hesitation, no fear.

“We’re Not Selling Cybersecurity — We’re Selling Business”

One of Whalebone’s biggest differentiators is their high-touch engagement with telcos.

Telcos asked thousands of questions. Whalebone answered — then answered better by building a robust customer success engine dedicated to helping telcos expand user adoption.

This is rare in cybersecurity. Many vendors stop at product delivery.

Whalebone goes further:✔ Helps telcos increase penetration✔ Provides commercialization playbooks✔ Aligns around new revenue streams✔ Builds long-term partnerships instead of transactions

Product excellence + service excellence = the winning formula.

DNS4EU: A European Project with Business DNA

The EU’s DNS4EU initiative is one of the most ambitious public cybersecurity efforts in recent years.

But Whalebone didn’t join because of public funding.

They joined because — uniquely — economic viability was a requirement.The program was structured as a Public-Private Partnership where profitability mattered as much as protection.

For Richard, this turned a public project into a business challenge worth tackling.

Going Global Early — And What Happens at 150 Employees

Whalebone has people across Latin America, India, Lithuania, Spain, Latvia, and more.

Richard makes it sound deceptively simple:

“It’s not that difficult. People are just in another place.”

But the real challenge wasn’t global reach — it was the transition from 80 to 150 people.

Communication complexity increases.Alignment becomes harder.More people doesn’t always mean more output.

Richard describes it as walking through a snowy valley with normal boots — you know you’ll reach the other side, but it takes effort.

This phase is where many European cyber companies stall.Whalebone is pushing through.

What’s Next: New Protection Layers & a Global Distribution Engine

Whalebone will continue to add layers of protection that don’t depend on installing software — identity protection, network-centric security, and more.

But the bigger opportunity?

Leaning into what Richard calls their “go-to-market omnipresence.”

In other words:

👉 A global sales machine capable of absorbing and scaling additional cybersecurity technologies.

This echoes the Palo Alto Networks model — leveraging GTM strength as a multiplier for product expansion.

Few European companies have ever attempted it.Whalebone wants to be one of them.

The Founder Mindset: Focus on the Next Match

When asked about future milestones, Richard shares a story:

A few weeks ago, he celebrated a personal milestone — reducing his direct reports down to five. For a founder who once had 15–20 people reporting to him, it was a sign of a maturing organization.

But for what comes next?

“I’m focused on the next match.One match after another — and hopefully at the end of the season, there will be success.”

This grounded approach is what keeps Whalebone moving fast without losing direction.

About the Episode

This conversation is part of Season 1 of Scaling Cyber — the show where founders and leaders from outside the US and Israel share how they’re building global cybersecurity companies.

Host: Ignacio Sbampato — cybersecurity executive, former Chief Business Officer at ESET, and founder of BridgerWise.Guest: Richard Malovic, CEO & Co-Founder of Whalebone.

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com

For more than a decade, SecOps teams have been overwhelmed by alerts, data gaps, fragmented tooling, and the limits of human capacity. Even the most advanced SOCs still operate with a simple truth: humans can’t investigate everything — and many threats never trigger an alert at all.

But what if that limitation disappeared?

In this episode of Scaling Cyber, Almog Ohayon shares how TandemTrace is pioneering autonomous threat hunting — not automation, not copilots, but AI agents fully capable of investigating, hypothesizing, correlating, and validating threats 24/7.

This isn’t a future promise.Almog and his team are already shipping it.

🎧 Listen to the full conversation on Scaling Cyber: YouTube | Spotify | Apple Podcasts

From Co-Pilot to Pilot: A Paradigm Shift in SecOps

When Almog co-founded Javelin Networks in 2014, cloud adoption was still debated and SaaS was barely a known concept. A decade later, he sees the same trust gap repeating — but this time with AI.

Yet the difference is profound:Today, AI can outperform humans in many SecOps workflows, especially alert triage and threat hunting.

Almog describes a fundamental mindset shift in his journey building TandemTrace:

* Early on, he thought AI would “assist” analysts.

* Two years later, he believes AI agents will lead — and analysts will supervise.

This shift isn’t just philosophical.It changes how products should be designed, how telemetry is ingested, how hypotheses are generated, and how investigations scale.

What Makes TandemTrace Different

While many vendors claim to offer “AI SOC” solutions, Almog explains that most still operate as glorified copilots or alert-enhancers.

TandemTrace, instead, focuses on:

1. Autonomous Threat Hunting

Agents build hypotheses on their own. They correlate threat intel with environment context. They re-analyze events without waiting for alerts. And they operate 24/7 without human fatigue.

The result:Every alert gets investigated — and so does everything that didn’t generate an alert.

2. Intelligent Telemetry Slicing

Instead of ingesting full data streams (too expensive for LLMs), TandemTrace slices only what’s relevant:

* 10 seconds from this host

* 20 seconds from that process

* Targeted correlations across sources

This precision turns overwhelming logs into actionable micro-snapshots.

3. Blind Spot Detection

The platform doesn’t just run agents — it tells you what visibility you’re missing and how that impacts false positives, threat coverage, and confidence.

For analysts, this is gold.

4. On-Prem Ready from Day One

Particularly critical in Europe, where data sovereignty is a blocker.Almog built for on-prem early after customer feedback — something most AI SOC vendors still haven’t addressed.

A Founder Who Builds Fast, Very Fast

Almog’s speed comes from a combination of:

* Domain expertise from Javelin Networks

* A willingness to pivot

* The use of Claude code and AI agents to accelerate development

* A product mindset shaped by real customer feedback

As he says:

“What used to take 50 developers can now be done by 5.”

For early-stage founders, this episode is a masterclass in building quickly, listening deeply, and iterating relentlessly.

The Market Response (and Curiosity)

Enterprises know AI will transform SecOps — they’re just unsure how.

TandemTrace benefits from:

* Widespread positive experiences with new AI tools

* Curiosity to test AI-native solutions

* A growing desire to reduce manual workload in SOCs

* Pressure to do more with less staff

Almog sees a trend:

Customers want to test immediately. Not read whitepapers. Not run slow evaluations. See the agents work in their environment.

And once they do, the value appears instantly.

“The Best Time Ever to Build”

Almog ends with a message to founders:

* Barriers to building have collapsed

* Claude code + AI tools make small teams unstoppable

* Domain expertise is the real differentiator

* Problems, not competition, should guide product choices

If you’re starting something in cyber — this is your moment.

About This Episode

Part of Season 1 of Scaling Cyber — the series spotlighting cyber founders and leaders building global companies outside the US/Israel hubs.

Host: Ignacio Sbampato — cybersecurity executive, former Chief Business Officer at ESET, founder of BridgerWise.Guest: Almog Ohayon, CEO & Co-Founder, TandemTrace.

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com

Cybercriminals have long felt like they hold all the power.

But what if defenders could flip the script, turning the attackers into the confused ones, lost in a web of fake systems and dead ends?

That’s exactly what Labyrinth is doing.

Born in Ukraine, built in Poland, and expanding worldwide, the company is leading the new wave of cyber deception, a strategy that lures intruders into decoys, keeps them busy, and buys defenders the time they need to respond.

🎧 Listen to the full conversation on Scaling Cyber: YouTube | Spotify | Apple Podcasts

Turning Defense into Deception

Deception isn’t new — honeypots have existed for decades.

But Labyrinth’s approach is different. Instead of complex setups that require extra headcount, their platform deploys in minutes and starts catching real threats instantly.

Their promise is simple yet radical:

* Zero false positives.

* Instant visibility.

* Built for real-world teams, not research labs.

As Pawel puts it:

“Deception is the most reliable early-warning system you can have.Nobody should be touching fake systems. If they do, you know.”

Pre-Emptive Cybersecurity: From Reaction to Prevention

For years, the cybersecurity industry has been stuck in a reactive mindset: “detect and respond.”

Now, even Gartner - who has been a strong proponent of Detection and Response - is pushing a new category: Pre-Emptive Security.

Labyrinth fits perfectly into this shift.

By trapping intruders before they can do harm, it embodies a new defensive philosophy: proactive, psychological, and smart.

“It’s not about fear. It’s about changing the game.” — Pawel

Built in Europe. Battle-Tested in Ukraine.

Labyrinth’s technology has been proven in one of the toughest environments on Earth: Ukraine.

As Anastasiia Dorosh, one of the company’s technical leads, shared:

“Unfortunately, the war is still happening.But the least we got from it is advancement in cybersecurity.We see real attacks every day — and that makes our solutions real.”

In a world where “battle-tested” is more than a buzzword, Labyrinth’s origins matter.Their platform is refined against real adversaries — not just simulated ones.

Made in Europe, Scaling Beyond Borders

Labyrinth is also part of a growing movement: European-made cybersecurity.

Pawel is one of the most vocal advocates of promoting local innovation, not because it’s patriotic, but because it’s quality.

“We don’t want people to buy European just because it’s European.We want them to buy it because it’s great.”

Their growth strategy is all about partnerships.

Instead of selling directly, Labyrinth works with channel partners, MSSPs, and distributors, building trust and reach from Poland to Mexico to Australia.

“Our DNA is partner-first. It’s how we scale globally.”

Key Takeaways for Cyber Founders

* Deception is innovation. If everyone’s chasing detection, go where the attackers least expect you.

* Validation beats hype. Let your product prove itself. No marketing needed.

* Partnerships scale faster. Global reach doesn’t have to mean huge teams.

* Quality is a narrative. “Made in Europe” can stand for technical excellence.

* Test in reality. The best cybersecurity products are the ones tested under fire.

About This Episode

This episode is part of Season 1 of Scaling Cyber — the show where founders and leaders from outside the US and Israel share how they’re building global cybersecurity companies.

Host: Ignacio Sbampato — cybersecurity executive, former Chief Business Officer at ESET, and founder of BridgerWise.Guests: Pawel Rybczyk & Anastasiia Dorosh, from Labyrinth

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com

For decades, cybersecurity was about protecting networks and devices.

Now, the battlefield has expanded to our screens, our feeds, and our minds.

In this episode of Scaling Cyber, we explore how LetsData, a Ukrainian startup born out of real conflict, is helping governments and enterprises detect information operations and disinformation campaigns to prevent and mitigate the harm they cause.

🎧 Listen to the full conversation on Scaling Cyber: YouTube | Spotify | Apple Podcasts

From AI Research to Information Defense

When Andriy Kusyy left his role leading the machine learning platform at Grammarly, he didn’t plan to become a cybersecurity founder.

But growing up in Ukraine — a country that’s been on the frontline of information warfare for over a decade — he saw the problem firsthand.

What began as a social project with his co-founder Ksenia turned into something much bigger: a platform that analyzes millions of media and social posts across 35 languages, spotting coordinated manipulation and disinformation before it spreads.

“We realized there was a gap in the market. Everyone was focused on detecting malware. No one was detecting narratives.”

The Rise of “Disinformation Security”

Until recently, disinformation was seen as a political or media problem. LetsData is showing it’s now a cybersecurity one.

Modern attacks combine AI-generated content, deepfakes, and brand impersonation to harm companies, markets, and reputations.

A single false rumor about a bank’s stability can wipe billions from its valuation, or trigger a stock shorting scheme.

“These operations used to be run by states. Now, disinformation is for hire. It’s a business.”

LetsData’s system translates those signals into actionable intelligence for SOC and threat intel teams, turning chaotic information into structured alerts they can actually respond to.

Andriy calls it the bridge between media monitoring and threat intelligence. A new category: Disinformation Security.

Why Local Intelligence Matters

Unlike traditional threat intel platforms that mostly track English-language data, LetsData’s approach is multilingual-first.

The company’s system monitors narratives in 35+ languages, detecting how a campaign may start in Romanian, move through Russian, and eventually hit Spanish-speaking markets.

“Disinformation doesn’t respect borders. What starts in one country today can target your customers tomorrow.”

This distributed intelligence gives LetsData a unique edge and a mission to defend globally connected organizations before the story becomes the threat.

Scaling from Ukraine to the World

LetsData’s journey mirrors the resilience of its home country. They started by helping governments like Moldova protect elections, sending over 700 alerts on coordinated disinformation campaigns in just two years.

Now, after joining Google’s AI for Startups Accelerator, the company is expanding into the enterprise market, working with banks, telcos, and defense organizations across Europe.

Their insights are being integrated into major threat intelligence platforms, and according to Gartner, disinformation management tools could grow from 5% adoption today to 50% by 2028. An entirely new cybersecurity frontier.

Key Takeaways for Cyber Founders & Leaders

* Create a category when the problem evolves.LetsData didn’t fit neatly into “media monitoring” or “cybersecurity”, so they created a new space: disinformation security.

* Build from experience, not theory.Operating in a country that’s been ground zero for information warfare gave the founders credibility and urgency few others have.

* Prove value through visibility.LetsData often wins customers by simply showing them what’s already happening, using public data to reveal threats they didn’t know existed.

* Simplify action.The company’s focus on actionable alerts (not alert fatigue) gives analysts confidence and builds trust, a cornerstone for any early-stage security vendor.

* Trust and credibility scale faster than marketing.Being endorsed by Google and global security forums like Munich Security Conference has helped LetsData open doors that most early-stage companies can’t.

About the Episode

This conversation is part of Season 1 of Scaling Cyber — the show where founders and leaders from outside the US and Israel share how they’re building global cybersecurity companies.

Host: Ignacio Sbampato — cybersecurity executive, former Chief Business Officer at ESET, and founder of BridgerWise.Guest: Andriy Kusyy, CEO & Co-Founder of LetsData.

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com

When the entire cybersecurity industry started chanting “assume breach,” Luigi Lenguito refused to accept that being a victim was inevitable.

After nearly two decades at Dell, he left the corporate world to build something radically different — a company that could predict and prevent attacks before they happen.

🎧 Listen to the full conversation on Scaling Cyber: YouTube | Spotify | Apple Podcasts

From Reaction to Prediction

Luigi’s vision for BforeAI was born from a frustration shared by many in cybersecurity: Why are we still reacting to breaches instead of stopping them before they start?

Instead of detection and response, BforeAI focuses on pre-crime intelligence — anticipating malicious infrastructure before it’s weaponized.

Their promise is so bold, they literally back it with a “Pre-Crime Guarantee”: if an attack slips through, the company refunds 10x the contract value.

That’s not just marketing. It’s a mindset shift — from fear-based cybersecurity to trust-based prevention.

Thanks for reading Scaling Cyber! Subscribe for free to receive new posts and support my work.

Scaling from Europe to the World

BforeAI’s growth story is equally unconventional.

While most European startups scale locally before dreaming of the US, Luigi did the opposite — he went straight for the global stage.

“70% of the cybersecurity market is in the US.If you want to be a global leader, there’s no other way than being a leader there first.”

His approach borrows from the Israeli playbook: start global, not regional.

That mindset — paired with relentless travel and strategic partnerships — has helped BforeAI secure Gartner recognition in 39 reports in just 36 months and protect over 40 million people daily.

Building Distributed, Diverse, and Decisive Teams

BforeAI was born during COVID — fully distributed from day one.

But for Luigi, it’s not just about remote work; it’s about meritocracy and access to global talent.

“Intelligence is equally distributed around the world — opportunity is not.”

His teams span continents, time zones, and backgrounds.

And diversity, especially gender diversity, isn’t a checkbox — it’s a competitive advantage.

As an ambassador for Women4Cyber, Luigi actively champions bringing more women into technical and leadership roles in security.

A KPI Like No Other

Here’s a metric you won’t find on any investor dashboard:

100% of BforeAI’s buyers have been promoted within six months of deploying the product.

Luigi calls it his “CEO KPI.”

Because at the end of the day, the real measure of success isn’t just protecting organizations — it’s empowering the people who make bold decisions.

Key Takeaways for Cyber Founders

* Challenge industry dogma. If everyone “assumes breach,” maybe the opportunity lies in preventing it.

* Go where the market is. If your ambition is global, start with the biggest stage.

* Diversity is strategy. Different perspectives mean better defense and innovation.

* Build with trust. Back your promise — literally — and watch the market respond.

* Lead with conviction. Predictive security sounded like sci-fi until someone built it.

About the Episode

This conversation is part of Season 1 of Scaling Cyber — the show where founders and leaders from outside the US and Israel share how they’re building global cybersecurity companies.

Host: Ignacio Sbampato — cybersecurity executive, former Chief Business Officer at ESET, and founder of BridgerWise.Guest: Luigi Lenguito, CEO & Co-Founder of BforeAI.

Thanks for reading Scaling Cyber! Subscribe for free to receive new posts and support my work.

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com

Welcome to Scaling Cyber, the podcast that shines a spotlight on cybersecurity founders and leaders outside the US and Israel — from Europe, LATAM, Africa, APAC, and beyond.

Hosted by Ignacio Sbampato — cybersecurity executive, entrepreneur, investor, and former Chief Business Officer at ESET — this show brings you authentic, founder-led stories of how ambitious startups are scaling globally, overcoming go-to-market challenges, and breaking into international markets.

👉 In this teaser episode, Ignacio shares why Scaling Cyber exists, who it’s for, and what you can expect from Season 1.

If you’re a founder, operator, investor, security leader, or just passionate about cyber innovation, this podcast will give you insights into the next generation of global cyber leaders.

🔔 Subscribe now so you don’t miss the first season of episodes featuring inspiring founders from Spain, South Africa, Poland, Belgium, Germany, Czech Republic, Ukraine, France, and beyond.

📌 Learn more at: https://scalingcyber.bridgerwise.com

Thanks for visiting Scaling Cyber! Subscribe for free to receive new posts and episodes.

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com

More coming to this space in just a couple of weeks

This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com