USVP: http://www.usvp.com

Jacques Benkoski: https://www.linkedin.com/in/jacques-benkoski-ab9133/

The Market Entry Strategy: https://a.co/d/0b1W3euC

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini interviews Jacques Benkoski, a general partner at US Venture Partners, discussing his extensive background in engineering and venture capital. They explore the evolution of cybersecurity innovations, the impact of AI on software development, and the intricacies of due diligence in venture capital investments. Jacques shares insights on the challenges entrepreneurs face, the changing landscape of technology, and the importance of understanding customer needs in the investment process. In this conversation, Jacques Benkoski and Justin Somaini discuss critical aspects of startup growth, particularly in the cybersecurity sector. They emphasize the importance of understanding unique value propositions, navigating market entry strategies, and recognizing valuation traps that can hinder a startup's success. The discussion also highlights the need for founders to be disciplined in their approach to funding and market differentiation, ensuring they target the right customers and avoid unnecessary pitfalls in their growth journey.

Chapters

00:00 Introduction to Jacques Benkoski and His Journey

08:04 Transitioning from Engineering to Venture Capital

12:09 The Evolution of Cybersecurity Innovations

19:59 AI's Impact on Software Development and Security

30:03 Due Diligence in Venture Capital Investments

34:57 Understanding Unique Value Propositions

46:11 Navigating Market Entry Strategies

55:14 Valuation Traps and Their Implications

62:44 Key Takeaways for Founders and Security Leaders

Keywords

venture capital, cybersecurity, AI, software development, market entry strategy, entrepreneurship, innovation, investment strategies, technology trends, business growth unique value proposition, market entry strategy, valuation traps, cybersecurity, startup funding, founder-led sales, go-to-market strategy, customer differentiation, venture capital, business growth

Opal: opal.dev

Howard Ting: https://www.linkedin.com/in/howardting/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Howard Ting, CEO of Opal, discusses the evolution of identity and access management, sharing insights from his extensive career in cybersecurity. He highlights the challenges of managing access and authorization, particularly in the context of modern development practices and the rise of non-human identities. Ting emphasizes the need for a unified access platform that can handle both human and agent identities, advocating for just-in-time access management and fine-grained authorization to enhance security and efficiency in organizations. In this conversation, Justin Somaini discusses the evolving landscape of identity and access management, emphasizing the importance of automation, AI integration, and continuous auditing. He highlights the shift towards just-in-time access models and the need for organizations to adapt to the increasing complexity of managing both human and non-human identities. The discussion also touches on the challenges of delegating authority to agents and the future of company building in a rapidly changing technological environment.

Chapters

00:00 Introduction to Identity Management Challenges

03:13 Howard Ting's Journey in Identity and Cybersecurity

05:55 The Evolution of Authorization and Identity Solutions

09:04 The Shift Towards Just-in-Time Access Management

11:49 Understanding the Role of Agents in Identity Management

15:02 The Future of Authorization: Fine-Grained Control

17:53 Building a Unified Access Platform

21:07 Integrating Identity Solutions in Modern Enterprises

23:56 Automating Access Management Processes

29:27 Automating Access Management Workflows

33:29 Just-in-Time Access and AI Integration

36:17 Continuous Auditing and Risk Management

39:40 The Evolution of Identity and Access Management

42:52 AI's Role in Identity Management

47:12 Navigating Non-Human Identities

51:57 Delegating Authority to Agents

56:06 The Future of Company Building and Identity Management

Keywords

identity management, access control, authorization, cybersecurity, just-in-time access, identity governance, cloud security, fine-grained permissions, automation, identity solutions identity management, access control, AI integration, just-in-time access, continuous auditing, non-human identities, agentic identities, automation, risk management, security innovation

Verizon DBIR: https://www.verizon.com/business/resources/reports/dbir/

Alex Pinto: https://www.linkedin.com/in/alexcpsec/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini speaks with Alex Pinto, the Associate Director of Threat Intelligence at Verizon, about the Verizon Data Breach Investigations Report (DBIR). They discuss Alex's background in cybersecurity, the importance of the DBIR in guiding security programs, and the extensive data collection process that informs the report. The conversation also delves into current trends in cybersecurity, particularly the rise in exploitation of vulnerabilities and the challenges of vulnerability management. Alex emphasizes the need for collaboration and data sharing in the cybersecurity community to effectively combat threats. In this conversation, Justin Somaini discusses the evolving landscape of cybersecurity, focusing on the distinctions between phishing and pretexting, the rise of social engineering attacks, and the impact of AI on cyber threats. He emphasizes the importance of understanding human factors in security processes and the necessity of robust controls like MFA and effective backup strategies. The discussion also highlights the need for innovation in defensive measures and the importance of community collaboration in addressing cybersecurity challenges.

Chapters

00:00 Introduction to Trust Issues and Guest Background

09:46 The Verizon DBIR Report: Overview and Importance

19:45 Data Collection and Collaboration for the DBIR

29:52 Trends in Cybersecurity: Vulnerability Management and Exploitation

37:47 Initial Access Vectors: Credential Theft and Pretexting

40:09 Understanding Phishing and Pretexting

43:04 The Evolution of Social Engineering Attacks

48:44 The Role of AI in Cybersecurity Threats

55:44 Innovations in Cyber Defense

61:45 Key Controls for Effective Cyber Defense

69:40 The Future of Cybersecurity and Community Collaboration

Keywords

cybersecurity, Verizon DBIR, threat intelligence, vulnerability management, data analysis, initial access, credential theft, pretexting, machine learning, security trends phishing, pretexting, social engineering, AI in cybersecurity, cyber defense, ransomware, MFA, vulnerability management, cybersecurity trends, community collaboration

Opti: https://opti.ai

Barak Perelman: https://www.linkedin.com/in/barakperelman/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini and Barak Perelman discuss the evolving landscape of Identity and Access Management (IAM) and the founding of Opti, a company aimed at revolutionizing this space. They explore the challenges and opportunities within the cybersecurity market, particularly focusing on critical infrastructure vulnerabilities and the role of AI in enhancing security solutions. The discussion highlights the importance of understanding authorization, the need for entitlement intelligence, and the unique approach Opti takes to streamline identity management processes. In this conversation, Justin Somaini discusses the complexities of identity and access management, focusing on the challenges of navigating various authorization models and the role of automation in streamlining processes. He emphasizes the importance of context in access reviews and the need for robust AI infrastructure to enhance security measures. The discussion also touches on real-world outcomes of implementing identity solutions and how to differentiate in a competitive landscape, ultimately highlighting the future of identity management as a critical area for organizations to address.

Chapters

00:00 The Evolving Landscape of Identity and Access Management

10:05 Founding Opti: A Journey Through Cybersecurity

19:59 Understanding the Identity and Access Management Market

29:54 Opti's Approach to Identity and Access Management

30:23 Navigating Authorization Models

35:08 The Role of Automation in Identity Management

39:18 Challenges of Access Management

43:13 The Importance of Context in Access Reviews

47:54 Building AI Infrastructure for Identity Management

52:16 Real-World Outcomes of Identity Solutions

55:38 Differentiating in a Competitive Landscape

60:00 The Future of Identity and Access Management

Keywords

Identity Management, Access Management, Cybersecurity, AI Security, Opti, Authorization, Compliance, Technology, Critical Infrastructure, Automation identity management, access control, automation, security, AI, authorization models, compliance, risk management, enterprise security, user access reviews

Spectrum Security: https://spectrum.security

Meny Har: https://www.linkedin.com/in/meny-har/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini speaks with Meny Har, CEO and co-founder of Spectrum, about the challenges and evolution of detection tools in cybersecurity. They discuss the importance of expecting more from detection tools, the journey of founding startups, and the lessons learned along the way. Meny shares insights on navigating the VC landscape, the mission of Spectrum in detection engineering, and the challenges organizations face in maintaining effective detection and response systems. The conversation emphasizes the need for proactive detection and the future of cybersecurity. In this conversation, Justin Somaini discusses the complexities and challenges of detection engineering in cybersecurity. He emphasizes the importance of contextual understanding, integration, and automation in improving detection capabilities. The conversation also touches on the need for organizations to expect more from their detection tools and the potential for convergence in the SOC space. Somaini highlights the role of AI in enhancing detection processes and reducing false positives, ultimately aiming for a more efficient and effective security landscape.

Chapters

00:00 Expecting More from Detection Tools

03:05 Meny Har's Journey in Cybersecurity

05:53 Lessons Learned from Founding Startups

09:14 The Importance of Problem Validation

12:09 Navigating the VC Landscape

14:59 Spectrum's Mission in Detection Engineering

17:49 Challenges in Detection and Response

21:05 The Future of Detection in Cybersecurity

26:43 Understanding Detection Engineering Challenges

29:03 Integration and Automation in Detection

32:57 Contextual Understanding for Effective Detection

36:17 Reducing False Positives and Improving Confidence

41:28 The Future of Detection and SOC Convergence

46:13 Surprises in Detection Engineering

52:08 Expecting More from Detection Tools

Keywords

detection tools, cybersecurity, startup journey, AI in security, VC funding, problem validation, detection engineering, Spectrum, cybersecurity challenges, proactive detection detection engineering, automation, integration, false positives, SOC convergence, contextual understanding, AI in security, detection tools, risk management, cybersecurity

Hitch Partners: https://www.hitchpartners.com/

Michael Piacente: https://www.linkedin.com/in/moderncisosearch/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini and Michael Piacente discuss the evolving role of the Chief Information Security Officer (CISO) and the importance of community and storytelling in the cybersecurity field. They explore the journey of a CISO, the challenges faced in recruiting for these roles, and the changing expectations of organizations regarding security leadership. The discussion highlights the need for CISOs to adapt to new technologies, particularly AI, and to understand their role as influencers within their organizations. In this conversation, Justin Somaini discusses the evolving landscape of Chief Information Security Officers (CISOs) and the challenges they face in the current job market. He highlights the importance of understanding different CISO personas, the impact of COVID-19 on hiring trends, and the rise of shadow intelligence as a significant factor in security. Somaini emphasizes the need for CISOs to improve their storytelling abilities during interviews and the importance of community engagement. He also addresses the significance of D&O insurance for security leaders and the complexities surrounding field CISO roles.

Chapters

00:00 Building Community and Storytelling

02:34 The Journey of a CISO: Origin Stories

09:14 The Evolution of the CISO Role

17:34 Understanding the CISO's Role in Organizations

25:10 Interviewing the Interviewers: Finding the Right CISO

31:39 Understanding CISO Personas and Market Dynamics

35:56 The Evolving CISO Landscape Post-COVID

39:40 The Rise of Shadow Intelligence and Security Challenges

43:51 Interviewing Strategies for CISOs

51:52 Navigating D&O Insurance and Job Security

56:34 Field CISO Roles: Opportunities and Challenges

60:53 The Importance of Community and Storytelling

Keywords

CISO, executive search, community, storytelling, recruiting, cybersecurity, AI, business enablement, security leadership, organizational change CISO, cybersecurity, job market, shadow intelligence, interviewing, D&O insurance, field CISO, storytelling, community, security leadership

Venice: https://venice.io

Rotem Lurie: https://www.linkedin.com/in/rotem-lurie/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Rotem Lurie, co-founder and CEO of Venice, shares her journey from a technology-driven upbringing in Israel to her military service in an elite intelligence unit, and then to significant roles at Microsoft and Access. She discusses the challenges of product management in startups, the evolution of cybersecurity, and the unique approach Venice takes in addressing Privileged Access Management (PAM) challenges. Rotem emphasizes the importance of understanding business impact in technology and the need for dynamic solutions in a rapidly changing environment. In this conversation, Rotem discusses the challenges and solutions in managing secrets and privileged access within organizations. She emphasizes the importance of integrating with existing systems, adapting to customer needs, and leveraging AI to streamline access management. The discussion also touches on the shift towards zero standing privileges and the need for dynamic solutions that reduce friction in access requests. Rotem highlights the unique aspects of their platform, including its hybrid nature and focus on user experience, while addressing the competitive landscape in the identity management space.

Chapters

00:00 Introduction to Rotem Lurie and her Background

02:52 Military Experience and Transition to Microsoft

06:04 From Microsoft to Access: Learning in Startups

09:09 The Challenges of Product Management in Startups

11:52 Identifying Opportunities in Cybersecurity

14:53 The Birth of Venice: Addressing PAM Challenges

18:08 Understanding Venice's Unique Approach to PAM

21:03 Integration and Implementation of Venice

24:01 The Future of PAM and Non-Human Identities

27:35 Identifying and Managing Secrets

29:08 Integrating with Homegrown Services

32:10 Adapting to Customer Needs

34:31 The Role of Privileged Access Management

38:56 Reducing Friction in Access Management

40:44 Leveraging AI for Dynamic Access Control

44:22 Towards Zero Standing Privileges

48:07 Differentiating in a Competitive Landscape

50:05 Final Thoughts and Takeaways

keywords

Rotem Lurie, Venice, PAM market, cybersecurity, product management, Microsoft, Access, startup experience, identity management, AI in cybersecurity, secrets management, privileged access management, AI in security, integration, zero standing privileges, access control, cybersecurity, identity management, customer needs, reducing friction

Novee: https://novee.security

Ido Geffen: https://www.linkedin.com/in/ido-geffen/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Ido Geffen, co-founder and CEO of Novee, shares his unique journey from military service in an elite engineering combat unit to becoming a leader in cybersecurity innovation. He discusses the origins of Novee, the challenges faced in the penetration testing landscape, and the integration of AI in cybersecurity solutions. Geffen emphasizes the importance of understanding the real pain points in cybersecurity and how his team aims to revolutionize penetration testing through continuous and automated solutions. In this conversation, Ido Geffen discusses the innovative approach of Novee in the realm of cybersecurity, emphasizing the integration of AI to detect vulnerabilities and personalize defense mechanisms. The discussion covers the ease of integration for new customers, the importance of continuous security testing, and the unique capabilities of Novee in identifying zero-day vulnerabilities. Geffen also highlights the competitive landscape of cybersecurity, the changing economics of offensive cyber, and the need for a proactive approach to security.

Chapters

00:00 The Journey Begins: Ido Geffen's Origin Story

05:59 From Military to Cybersecurity: Building Expertise

11:58 Founding Novi: The Vision and Initial Steps

18:02 Navigating the Penetration Testing Landscape

24:05 Building the AI-Powered Solution

30:08 Challenges and Innovations in Cybersecurity

29:07 Introducing Novi: The AI Defender

30:08 Integration Process for New Customers

31:59 Continuous Integration and Security Testing

33:12 Personalized Defense Mechanisms

35:08 Linking Code Repositories with Security Scans

37:49 The Reality of Zero-Day Vulnerabilities

38:35 Comparing AI Tools to Human Pen Testers

43:47 Surprises in Vulnerability Discovery

46:42 Differentiating Novi in a Competitive Landscape

48:01 The Changing Economics of Cybersecurity

keywords

cybersecurity, AI, penetration testing, innovation, startup, Ido Geffen, Novi, vulnerability, technology, Israeli Security Agency, AI, cybersecurity, vulnerability detection, penetration testing, Novi, integration, defense mechanisms, zero-day vulnerabilities, automated tools, security testing

AirMDR: https://airmdr.com

Kumar Saurabh: https://www.linkedin.com/in/kumar1729/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini interviews Kumar Saurabh, the CEO and co-founder of AirMDR, who shares his journey in the cybersecurity field, the evolution of managed detection and response (MDR) technologies, and the impact of AI on security operations. Kumar discusses his experiences at ArcSight and Sumo Logic, the challenges of building new solutions, and the importance of effective go-to-market strategies. He emphasizes the transformative potential of AI in enhancing SOC capabilities and the need for organizations to adapt to these advancements. In this conversation, Justin Somaini discusses the integration of AI in detection engineering, emphasizing the importance of operationalizing AI for effective security operations. He highlights the role of human oversight in automation, the challenges of integration, and the need for quality metrics in security operations. The discussion also covers behavioral detection techniques, customer insights, and how to differentiate in the competitive AI security market.

Chapters

00:00 The Arrival of Agentic MDR

02:47 Kumar Saurabh's Journey in Cybersecurity

06:04 Lessons from ArcSight and Sumo Logic

08:59 The Transition to Building New Solutions

11:48 Navigating the Go-to-Market Challenges

15:03 The Evolution of SOC and AI Integration

17:53 Understanding AirMDR and Its Impact

32:34 AI in Detection Engineering

34:24 Operationalizing AI for Security

39:05 Human in the Loop Automation

42:21 Integration and Implementation Challenges

47:11 Quality Metrics in Security Operations

50:46 Behavioral Detection Techniques

54:37 Customer Insights and Unexpected Outcomes

60:18 Differentiation in the AI Security Market

Keywords

Agentic MDR, cybersecurity, AI, SOC, SumoLogic, ArcSight, threat detection, managed detection and response, go-to-market strategy, innovation AI, detection engineering, security operations, human in the loop, automation, integration, quality metrics, behavioral detection, customer insights, market differentiation

Native Security: https://native.security/

Amit Megiddo: https://www.linkedin.com/in/amit-megiddo/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini discusses the evolution of cloud security, his personal journey from military service to entrepreneurship, and the challenges faced in multi-cloud security environments. He emphasizes the need for operationalizing security measures and the importance of having the right team and timing when starting a new venture. In this conversation, Justin Somaini discusses the integration of security in multi-cloud environments, emphasizing the importance of onboarding, identifying security gaps, and the role of AI in enhancing security measures. He highlights the need for operationalizing security policies and the significance of strategic partnerships with cloud providers. The discussion also touches on transformational moments in customer experiences and the evolving landscape of cloud security.

Chapters

00:00 The Evolution of Cloud Security

10:05 Personal Journey and Military Influence

19:59 Transitioning to Entrepreneurship

30:11 Challenges in Multi-Cloud Security

32:25 Onboarding in Multi-Cloud Environments

36:45 Identifying Security Gaps and Recommendations

39:42 Driving Change in Security Policies

43:58 Operationalizing Security Policies

48:42 The Role of AI in Security

54:57 Strategic Partnerships with Cloud Providers

60:16 Transformational Moments and Use Cases

Keywords

cloud security, entrepreneurship, military experience, AWS, multi-cloud, security challenges, startup journey, policy enforcement, technology innovation, cybersecurity multi-cloud, security architecture, onboarding, AI in security, cloud providers, security policies, operational efficiency, customer experience, cloud security, integration

Beacon Security: https://beacon.security

Gal Tal-Hochberg: https://www.linkedin.com/in/galhochberg/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini shares his journey from a tech-savvy child to a successful entrepreneur in the cybersecurity space. He discusses his early experiences in technology, the challenges and lessons learned from various startups, and the founding of Beacon, a company focused on revolutionizing security telemetry. Justin emphasizes the importance of team dynamics, innovative solutions, and the seamless integration process that Beacon offers to its clients, aiming to simplify cybersecurity challenges and improve overall security outcomes. In this conversation, Justin Somaini discusses the innovative approaches Beacon is taking to optimize data processing and management in security operations. He emphasizes the importance of efficient data reduction techniques, cost-effective solutions for data storage, and the integration of in-stream analytics to enhance user experience. Somaini also highlights Beacon's unique position in the competitive landscape, focusing on their ability to provide tailored solutions that meet the diverse needs of their clients. He concludes with a vision for the future of security telemetry, emphasizing the opportunities for growth and improvement in the field.

Chapters

00:00 The Genesis of a Tech Entrepreneur

09:26 Navigating the Startup Landscape

20:16 The Birth of Beacon: A New Vision in Cybersecurity

26:46 Understanding Beacon's Unique Approach

37:13 Seamless Integration and Onboarding Process

39:56 Accelerating Data Processing and Optimization

42:47 Data Reduction Techniques and Efficiency

46:50 Cost-Effective Data Management Solutions

50:55 In-Stream Analytics and User Experience

54:09 Integrating with Security Operations

60:09 Differentiating Beacon in a Competitive Landscape

66:47 Future Vision for Security Telemetry

78:41 Embracing Opportunities in Security Technology

Keywords

cybersecurity, startup, technology, entrepreneurship, telemetry, logs, Beacon, integration, AI, data management data processing, optimization, data reduction, cost-effective solutions, in-stream analytics, security operations, competitive landscape, security telemetry, technology opportunities

Prime Security: https://www.primesec.ai/

Michael Nov: https://www.linkedin.com/in/michael-nov/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini speaks with Michael Nov, CEO and co-founder of Prime Security, about the rapid advancements in AI and its impact on engineering and application security. They discuss the challenges faced in integrating security into the engineering process, the importance of automation, and the cultural shifts needed to prioritize security in fast-paced development environments. Michael shares his journey from backup recovery to founding Prime Security, highlighting the need for innovative solutions to bridge the gap between security and engineering teams. In this conversation, Justin Somaini discusses the architecture of AI solutions in security, focusing on outcomes for security teams, identifying gaps in security standards, defining and quantifying risk, and the evolving role of security in engineering. He emphasizes the importance of context in AI applications and how it can enhance engineering processes. The discussion also touches on the competitive landscape in the AppSec market and the challenges of building a company in this space.

Chapters

00:00 The Acceleration of AI in Engineering

01:13 Introduction to Prime Security and Its Innovations

02:33 Michael Nov's Background and Journey

06:13 Transitioning from Backup Recovery to Application Security

08:34 The Motivation Behind Starting Prime Security

11:55 Identifying Problems in Security and Engineering Collaboration

15:46 The Impact of Agile Development on Security

18:37 Cultural Challenges in Security Integration

20:59 Automating Security Processes

23:52 Understanding Customer Environments and Integration

27:51 The Future of Engineering and Security with AI

34:03 Understanding the Architecture of AI Solutions

37:04 Outcomes for Security Teams

40:21 Identifying Gaps in Security Standards

46:04 Defining and Quantifying Risk

51:45 The Role of Security in Engineering

56:13 Differentiating in the AppSec Market

61:04 Building a Company in the Security Space

Keywords

AI, engineering, application security, automation, Prime Security, security architecture, Agile development, collaboration, security tools, software development AI, security, SaaS, risk management, engineering, architecture, outcomes, AppSec, automation, differentiation

Aegis: https://aegisai.ai/

Cy Khormaee: https://www.linkedin.com/in/cykho/

Ryan Luo: https://www.linkedin.com/in/rllluo/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini speaks with Sy Cormé and Ryan Liu, co-founders of Aegis Security, about the rapid evolution of AI threats, particularly in the realm of email security. They discuss their backgrounds, the inception of Aegis, and the persistent challenges of email security, especially with the rise of AI-powered phishing attacks. The conversation highlights the need for innovative solutions in cybersecurity and the unique approach Aegis is taking to address these challenges. In this conversation, Justin Somaini discusses the evolving landscape of email security, focusing on the challenges posed by malicious hosts, the importance of active learning in detection systems, and the need for effective email authentication. He highlights the significant improvements in detection efficacy that can be achieved through innovative methodologies and the importance of understanding the context of attacks. The discussion also touches on the acceleration of AI threats and the need for better integration of security solutions across different platforms.

Chapters

00:00 The Rise of AI Threats

01:08 Founders' Background and Journey

07:38 Inception of Aegis Security

10:00 The Persistent Email Security Problem

12:21 AI-Powered Phishing: A New Era

19:17 The Evolution of Cyber Attacks

27:18 Introducing Aegis Security

31:08 Understanding Malicious Hosts and Attack Patterns

34:02 Active Learning and Contextual Decision Making

37:44 Customer Experience and Detection Efficacy

40:36 Email Authentication Challenges and Solutions

45:43 The Evolution of Email Attacks

48:55 Future Needs in Email Security

51:42 Behavioral Controls and Identity Management

54:54 The Acceleration of AI Threats

58:07 Differentiation in the Security Market

Keywords

AI threats, email security, phishing, Aegis Security, cybersecurity, AI-powered attacks, founders' journey, email vector, machine learning, threat intelligence email security, AI threats, malicious hosts, detection efficacy, authentication, active learning, customer experience, identity management, phishing, cybersecurity

Prophet Security: https://prophetsecurity.ai/

Kamal Shah: https://www.linkedin.com/in/kdshah/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini interviews Kamal Shah, CEO of Profit, discussing the transformative role of agentic AI in security operations. They explore Kamal's journey from Mumbai to Silicon Valley, his experiences at FedEx and various startups, and the challenges faced in the cybersecurity landscape. The discussion highlights the importance of automation in addressing alert fatigue, the unique approach of Profit in leveraging AI for security, and the need for transparency and documentation in AI solutions. In this conversation, Justin Somaini discusses the transformative impact of agentic AI on cybersecurity operations, emphasizing its role in expediting communication, enhancing incident response, and minimizing false positives. He highlights the importance of customization and context in security alerts, the future of threat hunting, and the need to address burnout in security teams. The discussion also covers the efficacy of AI solutions, differentiation in a competitive market, and the overall promise of AI in improving security operations.

Chapters

00:00 The Rise of Agentic AI in Security Operations

03:06 Kamal Shah's Journey: From Mumbai to Silicon Valley

05:53 Career Path: From FedEx to Startups

09:08 Navigating the Tech Landscape: Lessons from Startups

11:59 The Genesis of Profit: Addressing Security Challenges

14:53 Leveraging AI to Combat Alert Fatigue

18:08 Profit's Unique Approach to Security Automation

21:03 Operationalizing Profit: Integration with Existing Systems

23:49 Transparency and Explainability in AI Solutions

26:48 Building Trust: The Role of Documentation in Security

30:07 The Future of Security Operations: AI and Human Collaboration

35:39 Expediting Communication in Security Operations

38:04 The Role of Agentic AI in Incident Response

39:57 Minimizing Hallucinations in AI Solutions

41:51 Customization and Context in Security Alerts

44:38 Future of Threat Hunting with AI

46:32 Real-World Impact of AI on Security Teams

49:15 Role Elevation vs. Elimination in Cybersecurity

52:07 Addressing Burnout in Security Operations

55:57 Efficacy and Implementation of AI Solutions

60:18 Differentiating in a Competitive Market

64:30 The Promise of AI in Security Operations

Keywords

Agentic AI, Security Operations, Automation, Cybersecurity, Alert Fatigue, AI Solutions, SOC, Technology Startups, Innovation AI, cybersecurity, incident response, security operations, threat hunting, automation, security alerts

Pixee: https://pixee.ai/

Surag Patel: https://www.linkedin.com/in/suragpatel/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Surag Patel shares his journey from growing up in San Jose to becoming a key player in the cybersecurity and application security space. He discusses his early entrepreneurial ventures, his experiences at Comscore and Contrast Security, and the challenges faced in the application security domain. Surag emphasizes the need for a balanced control model in security practices and introduces his latest venture, Pixie, which aims to streamline the remediation process in application security by leveraging AI and LLMs. The discussion highlights the importance of contextualization and the need for solutions that address the manual workload of developers and security teams. In this conversation, Justin Somaini and Surag Patel discuss the evolving landscape of application security, focusing on the integration of AI in vulnerability management and remediation processes. They explore the importance of quality and accuracy in triage, the role of human judgment in fixing vulnerabilities, and the metrics that define success in developer engagement. The discussion also touches on the competitive landscape of application security solutions and the future of AI in enhancing security processes. Ultimately, they emphasize the need for practical experience with these technologies to truly understand their value.

Chapters

00:00 Surag Patel's Journey: From Kansas to Silicon Valley

02:58 Building a Business in High School: The PC Venture

05:55 Career Path: From Comscore to Cybersecurity

09:02 Transitioning to AppSec: Lessons from Contrast Security

11:50 The Challenges of Application Security

15:11 The Need for a Balanced Control Model

17:49 Founding Pixie: Addressing Manual Work in AppSec

20:51 Implementing Pixie: Time to Value and Contextualization

23:51 Leveraging LLMs: The Future of AppSec Solutions

37:19 Triage and Remediation in Application Security

40:40 Quality and Accuracy in Vulnerability Management

43:31 Fixing Vulnerabilities: The Role of AI and Human Judgment

46:08 Measuring Success: Merge Rates and Developer Engagement

49:09 Mean Time to Remediation: Automation and Efficiency

53:54 Competitive Landscape in Application Security

61:43 The Future of AI in Security Processes

66:33 Final Thoughts: Experience Over Theory

Keywords
Waymo, application security, cybersecurity, developer experience, Pixie, remediation, technology, confidence, Saurabh Patel, Contrast Security AI, application security, model selection, quality assurance, developer adoption, merge rates, competitive landscape, automation, remediation, security processes

Minimus: https://minimus.io/

John Morello: https://www.linkedin.com/in/john-morello/

Support the show and Donate to NCMEC: https://give.missingkids.org/TrustIssues

Summary

In this conversation, Justin Somaini interviews John Morello, CTO and co-founder of Minimus, discussing the importance of container security and the innovative approaches Minimus is taking to reduce vulnerabilities in software. They explore Morello's career journey, lessons learned from his time at Microsoft, and the evolution of security practices in the tech industry. The discussion highlights the challenges faced by security professionals and the need for a proactive approach to managing vulnerabilities in cloud environments. In this conversation, Justin Somaini discusses the complexities of building secure software at scale, emphasizing the importance of balancing security with developer flexibility. He explains how their product allows for customization while maintaining security standards, and shares insights on deployment strategies and customer experiences. The discussion also covers navigating compliance and security standards, differentiating in a competitive market, and the realities of adoption and deployment in organizations.

Chapters

00:00 Introduction to Minimus and Container Security

09:50 Career Journey and Lessons from Microsoft

19:59 The Evolution of Security Practices

29:47 Innovations in Container Image Management

39:55 The Future of Security in Cloud Environments

32:04 Balancing Security and Developer Flexibility

36:11 Deployment Strategies and Customer Experiences

42:16 Navigating Compliance and Security Standards

45:53 Differentiating in a Competitive Market

50:23 Realities of Adoption and Deployment

Keywords

Minimus, container security, cybersecurity, John Morello, software vulnerabilities, cloud security, image management, security practices, technology innovation, startup journey software security, deployment strategies, compliance, developer flexibility, container images, vulnerability management, software engineering, customer experience, market differentiation, operational efficiency