Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Learn all about the technical ins and outs of HP SureClick Enterprise with HP expert Dan Allen and discover how SureClick Enterprise can help improve security efforts in your organization.
Dan Allen – VP, Enterprise Security Solutions at HP Inc.
With over 20 years of experience in technology and delivery of software services with a focus on virtualization, security, and application delivery, Dan Allen has a proven track record of delivering customer success. Dan joined HP as part of the Bromium acquisition in September 2019. Dan joined Bromium in 2015 where he had responsibility for all worldwide customer services. Prior to joining Bromium, Dan spent 13+ years at Citrix Systems as a lead architect and director on their Consulting Services team. Dan is still active writing technical whitepapers, blogs, and speaking at conferences on the subject of security and virtualization.
Director of Product Management at Tenchi Security
Sr. Product Marketing Manager at Axonius
CMO at JupiterOne
2. State of the Market With a VC – 03:30 PM-04:00 PM
Join Paul Asadoorian and Rich Mogull on May 4th to learn how to choose the right architecture for your application. Live attendees at this webcast will have the chance to win a $100 Hacker Warehouse gift card! Register at securityweekly.com/webcasts. Don’t forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
This is a recurring segment, in which we bring on a VC to provide an investor’s point-of-view on all this activity. It’s hard to imagine a better investor to join us than Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups!
We’re very excited to have Will back on and are looking forward to discussing:
– Huge valuations and potential pricing/market resets and corrections
– Interesting new security categories: DSPM, SaaS Security, Enterprise Browsers
– Why security startups seem to be more resilient than in other markets (for reference: https://www.cbinsights.com/research/biggest-startup-failures/)
Will Lin – Managing Director & Co-Founder at Forgepoint Capital
William (“Will”) Lin is a Managing Director and Founding Member at Forgepoint.
Will is also a Co-Founder & President of the Security Tinkerers, a non-profit organization that brings together information security professionals to share learnings, provide mentorship, and generate opportunities for the security community and its next generation of leaders. He is a Visiting Fellow at the National Security Institute at George Mason University’s Antonin Scalia Law School. He also is a regular contributor to SecurityWeek, was named a Venture Capital Journal Rising Star, and is an avid connector in the cybersecurity entrepreneur, investor, and practitioner ecosystems.
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
This week in the Enterprise Security News: Fortress InfoSec raises $125M to help critical infrastructure improve security, ThreatLocker raises $100M, thanks in part to Kaseya’s breach, Obsidian raises $90M to secure SaaS use, DoControl raises $30M to possibly compete with Obsidian, Blueshift raises a seed round to bring SOC and XDR to SMBs, Strike Security raises a seed round to take a different approach to pen testing, Thoma Bravo is still working on an Imprivata exit, The biggest startup failures of all time – how many security vendors are on the list?
Is the SEC forcing CISOs into the boardroom, Better, but harder to collect, security metrics, & more!
Another side project is a ‘library’ of 40,000+ completed product and vendor assessments aiming to cut down on the work necessary for TPRM processes. The company seems almost entirely focused on utilities, particularly electric utilities in the US.
With a raise this large, I figure the plan is either to expand the ideal customer to other verticals, or to stay within the utility/manufacturing niche and expand globally. My money is on the latter.
How have I not heard of them and they’re in 23000 orgs? Perhaps some kind of whitelabeling agreement? Kaseya is mentioned as a partner… Ah, yep: https://www.crn.com/slide-shows/security/kaseya-ransomware-attack-has-led-to-a-windfall-for-threatlocker-ceo-danny-jenkins
“ThreatLocker co-founder and CEO Danny Jenkins says his company experienced record sales growth in July in the wake of the Kaseya ransomware attack and is adding 60,000 new seats a month to its application whitelisting solution.”
If folks aren’t thinking about this threat vector, I’m thinking, it might be tougher to sell it.
This is an interesting approach. Regardless of what they call it, this is essentially CASB 2.0. Both the use cases (threat detection, account compromise, etc) and the method (API ingestion) existed with CASB 1.0. As with CASB 1.0, one of the primary challenges is whether it will work out-of-the-box with the SaaS apps you use.
FUNDING: Surance.io Closes US$4M Series A Funding Round – $4M Series A, led by Tech Mahindra. Israel-based “InsurTech” startup intends to offer some form of cyber insurance (likely whitelabel) for consumers, which includes an app and live support to assist with personal security incidents.
This backs up what I’ve been observing for years – cybersecurity defies the startup failure rate present in nearly every other market. It’s perhaps worth some thinking and discussion on why security startups seem to be so much more resilient.
REGULATION: The SEC Is About To Force CISOs Into America’s Boardrooms – The title and most of the article misrepresents what’s actually in the SEC proposal. It drew attention to it and it’s something that should be discussed, so I suppose we can forgive Forbes on this one.
– The proposed item is a requirement to DISCLOSE any cybersecurity expertise at the board level, not to require it (though admittedly, a second order effect could be that public companies are pressured to then add cybersecurity expertise to their boards)
– It goes on to say that “the proposed item… would not define what constitutes ‘cybersecurity expertise'”
– but it does “include the following non-exclusive list of criteria that a registrant should consider” (followed by the three bullet points that the article misinterpreted)
INTERVIEWS: Security Voices – Startup Straight Talk with Serial Entrepreneur Alfred Huger – For us to recommend a competing podcast, it’s going to be a good one. I wasn’t familiar with Alfred Huger or his background, but this discussion was a whirlwind of nostalgia as the hosts take him through his multi-decade career. The real meat of the conversation is towards the end, however, when he shares his thoughts about what works and doesn’t work in the world of cybersecurity startups.
SQUIRREL: Binah.ai Health Data Platform – I often run across some weird stuff, but I’m having a hard time with this one. Using nothing but a camera as a sensor, Binah claims its software can accurately measure “blood pressure, heart rate, heart rate variability (HRV SDNN and RRI raw data), oxygen saturation, respiration rate, sympathetic stress, parasympathetic activity, and pulse-respiration quotient (PRQ)”