Secure Ventures with Kyle McNulty

With me in this episode is Ed Bellis, co-founder and CEO of Empirical Security. Empirical uses a scoring system informed by customer data to create tailored risk prioritization models. Ed started Empirical in 2024 after leaving Cisco, three years after they acquired his previous company Kenna. Kenna was a vulnerability management and prioritization tool that aggregated data from an organization's scanners and enriched that data with threat intelligence to better prioritize risk. In many ways, Kenna helped lead the way in modern vulnerability management by creating an abstraction layer over the scanners themselves. Empirical is now further pushing the bounds following advances in machine learning and AI to go beyond Kenna's limitations. In the episode we discuss the alluring sales pitfalls for new founders, the importance of a "fast no", Cisco's acquisition strategy and execution, modern VM in light of AI penetration testing, and more.

Empirical Website

Andrew Rubin is co-founder and CEO of Illumio. Illumio is a breach containment and network segmentation company that has become a mainstay in the cybersecurity market over the last decade. Illumio was last valued at almost $3 billion dollars and is now on the verge of going public as we discuss in the episode. Before Illumio, Andrew grew his career in sales at VoiceNet in the late 90s and early 2000s before moving to Cymtec, where he was VP of Sales for two years before taking over as CEO. That led him to love the CEO role and then start Illumio. In the episode, we discuss everything from redefining sales goals, meeting a co-founder (spoiler: in Andrew's case it was a lot of luck), preparing to IPO, including why the "IPO window" concept is silly, and more.

Website

With me in this episode is John Ackerly, co-founder and CEO of Virtru. John started Virtru with his brother Will over a decade ago to make data security more pervasive across mediums such as emails and files. Virtru has raised over $150 million to this point from investors such as ICONIQ and Bessemer and built a very healthy business on one of the core pillars of cybersecurity. John has an atypical background in business well-complemented by his brother's technical experience at NSA. One of my favorite lines from the episode: he always thought he would start a business with his other brother. In the episode we discuss pricing strategy, which is certainly not all science, the founder outlook when starting a company, founding with family, and more.

Website: https://www.virtru.com/

Kris Kamber is CEO of SPLX AI. SPLX performs security testing and red teaming for AI agents, helping organizations detect vulnerabilities in their constantly expanding agent deployments. Before SPLX, Kris worked a handful of sales jobs, starting in telecom before hustling his way into Zscaler. I enjoyed asking him about the specific lessons from working in sales such as setting metrics and compensation. He's the first person who has described to me a workplace filled with arrogant and cocky people and also illustrated why he was attracted to that environment. We also touched on how he met his co-founder through a conversation on a plane and what compelled him to build a company at the intersection of AI and cybersecurity given his background.

SPLX Website

Mariano founded Onapsis back in 2009 to address the challenges securing a growing new class of technology: ERP systems. After working at CYBSEC for 5 years doing offensive security research, he discovered just how vulnerable SAP applications could be. Onapsis is sneakily a juggernaut, having raised a $55 million Series D in 2020. And while they started focused on SAP, they have since expanded into related tools such as Oracle. They have certainly established themselves as core to securing an often overlooked component of IT infrastructure. In the conversation we discuss the founding story, why SAP couldn't do this themselves, and how he has thought about growth opportunities over the last 16 years.

Website