With me in this episode is Ed Bellis, co-founder and CEO of Empirical Security. Empirical uses a scoring system informed by customer data to create tailored risk prioritization models. Ed started Empirical in 2024 after leaving Cisco, three years after they acquired his previous company Kenna. Kenna was a vulnerability management and prioritization tool that aggregated data from an organization's scanners and enriched that data with threat intelligence to better prioritize risk. In many ways, Kenna helped lead the way in modern vulnerability management by creating an abstraction layer over the scanners themselves. Empirical is now further pushing the bounds following advances in machine learning and AI to go beyond Kenna's limitations. In the episode we discuss the alluring sales pitfalls for new founders, the importance of a "fast no", Cisco's acquisition strategy and execution, modern VM in light of AI penetration testing, and more.

Empirical Website

Andrew Rubin is co-founder and CEO of Illumio. Illumio is a breach containment and network segmentation company that has become a mainstay in the cybersecurity market over the last decade. Illumio was last valued at almost $3 billion dollars and is now on the verge of going public as we discuss in the episode. Before Illumio, Andrew grew his career in sales at VoiceNet in the late 90s and early 2000s before moving to Cymtec, where he was VP of Sales for two years before taking over as CEO. That led him to love the CEO role and then start Illumio. In the episode, we discuss everything from redefining sales goals, meeting a co-founder (spoiler: in Andrew's case it was a lot of luck), preparing to IPO, including why the "IPO window" concept is silly, and more.

Website

With me in this episode is John Ackerly, co-founder and CEO of Virtru. John started Virtru with his brother Will over a decade ago to make data security more pervasive across mediums such as emails and files. Virtru has raised over $150 million to this point from investors such as ICONIQ and Bessemer and built a very healthy business on one of the core pillars of cybersecurity. John has an atypical background in business well-complemented by his brother's technical experience at NSA. One of my favorite lines from the episode: he always thought he would start a business with his other brother. In the episode we discuss pricing strategy, which is certainly not all science, the founder outlook when starting a company, founding with family, and more.

Website: https://www.virtru.com/

Kris Kamber is CEO of SPLX AI. SPLX performs security testing and red teaming for AI agents, helping organizations detect vulnerabilities in their constantly expanding agent deployments. Before SPLX, Kris worked a handful of sales jobs, starting in telecom before hustling his way into Zscaler. I enjoyed asking him about the specific lessons from working in sales such as setting metrics and compensation. He's the first person who has described to me a workplace filled with arrogant and cocky people and also illustrated why he was attracted to that environment. We also touched on how he met his co-founder through a conversation on a plane and what compelled him to build a company at the intersection of AI and cybersecurity given his background.

SPLX Website

Mariano founded Onapsis back in 2009 to address the challenges securing a growing new class of technology: ERP systems. After working at CYBSEC for 5 years doing offensive security research, he discovered just how vulnerable SAP applications could be. Onapsis is sneakily a juggernaut, having raised a $55 million Series D in 2020. And while they started focused on SAP, they have since expanded into related tools such as Oracle. They have certainly established themselves as core to securing an often overlooked component of IT infrastructure. In the conversation we discuss the founding story, why SAP couldn't do this themselves, and how he has thought about growth opportunities over the last 16 years.

Website

Vrajesh is co-founder and CEO at Operant AI. Operant AI is a holistic AI security platform, helping organizations discover, detect, and defend AI deployments. Operant raised a $10 million dollar Series A last fall from Felicis and SineWave, and the company continues to expand its offerings within AI security. Before Operant, Vrajesh worked at Apple, Qualcomm, Arm, and Scaled Inference, rounding out an exceptionally technical background with several quality technology companies. In the episode we discuss his career transition from extremely technical, kernel-level engineering to management, how he thinks about timing a market, and how the vision for Operant's product was cemented from day one rather than bolted together over time.

Website

With me in this episode is Rishi Bhargava, co-founder of Descope. Rishi has a standout background having founded Demisto in 2015 and then selling to Palo Alto Networks in 2019 for over $500 million dollars. Before Demisto, he was a VP at McAfee and Intel. Rishi is extremely knowledgable about go-to-market in the cyber domain, and we dove into his lessons learned over his career and how he has applied those to Descope for customer identity.

Website

Brian Pontarelli is co-founder and CTO of FusionAuth. FusionAuth helps companies easily roll authentication workflows for their public facing applications. For example, FusionAuth is an alternative to writing custom code for user creation and multi-factor authentication login for a new web application. FusionAuth is entirely bootstrapped, and the company has successfully become a legitimate enterprise option for customer identity. Before FusionAuth, Brian started CleanSpeak, one of the original companies for profanity filters in chat interfaces. Brian is still the CEO of both businesses, and he tells the story of how the two tie together in our conversation.

Website

Kamal is co-founder and CTO at Andromeda, which is building an identity management solution to help companies better understand their identity footprint and manage excessive permissions across disparate platforms. Kamal uses the term "digital incarnation" which resonated with me given the number of accounts a single human may have across different platforms. Kamal worked as an engineer and engineering leader for two decades across Oracle, Ebay, and Paypal before starting Andromeda in 2023. In the episode, we start by discussing his experience working as an offshore developer in India and how that influences his own perspective on leveraging offshore teams today. We also cover the cultural differences at eBay and Paypal, how that influenced his security mindset, the origin story of Andromeda, and the future of identity.

This episode was recorded live at the Dreamit Cyber Founders Summit during RSA. Huge thanks to the Dreamit team for including me during their inaugural event!

David Cass is the CISO at GSR, which is a cryptocurrency market maker. For the finance uninitiated, that basically means they buy and sell cryptocurrencies in large volumes to then buy and sell to other parties. As a result, David's role entails a lot more than the average CISO. As he will mention, it is his job to secure GSR's corporate IT like any CISO, but he also has to sign off that the cryptocurrencies they are trading are secure enough to hold a financial position without undue risk to the company. David therefore has one of the most advanced perspectives on the cybersecurity controls for cryptocurrencies. In the conversation we discussed his views on the productization of web3 security, cryptocurrency regulation, and the successes behind his CISO community CISOs connect.

GSR

Dreamit