Welcome to The Cybersecurity Pulse (TCP)! I'm Darwin Salazar, Head of Growth + Marketing at Monad and former detection engineer in big tech. Each week, I dig through all the major headlines to bring you the latest security product innovation and industry news. Subscribe below for weekly updates! 📧

Security Teams Need Outcomes, Not More Alerts

While other solutions drown you in findings, Varonis delivers actionable and automated outcomes that practitioners can trust.

Varonis’ data-centric platform continuously discovers critical risks, applies intelligent prevention, and provides proactive detection across your entire environment—multi-cloud, on-premise, SaaS, and third-party applications.

See for yourself with our free data risk assessment. In less than 24 hours, we'll provide you with a clear, risk-based view of your data and a clear path to automated remediation.

Request a free assessment

What’s up y’all!👋🏽

We’re officially within a month of RSA. I’ll be there, will you? Shoot me a DM if you’d like to grab a coffee ☕

Anyhow, lots to cover this week. Few highlights below:

• 🧬23AndMe files for Chapter 11 bankruptcy. Data privacy nightmare?

• 🤯5 ingress-nginx vulnerabilities being dubbed “IngressNightmare” (CVSS 9.8)

• 🎯Gili Raanan’s Cyberstarts investment playbook

• 💰Wiz’s $32B GTM Playbook

• 🐙Key Chainguard Assemble Product Launches

• 🏃🏽‍♂️RunZero brings to market the most comprehensive exposure management solution

Let’s cyber 🕺🏽

⚒️ Picks of the Week ⚒️

Extend Your SOC Team with AI-Powered Security Operations

Tired of an endless alert backlog and too many false positives?

Intezer's Autonomous SOC solution automates investigations and triage decisions, freeing up your team to focus on what matters most. Discover how enterprise teams and top MSSPs are using AI-powered alert triage to cut through the noise, enhancing their SOC analysts' efficiency and accuracy.

👉 See Intezer in action – Book a demo

23andMe Just Filed for Bankruptcy. You Should Delete Your Data Now.

The DNA testing company announced on Sunday that they filed for Chapter 11 bankruptcy and is looking for a buyer. This comes after a significant data breach in 2023. Apparently most of DNA testing companies are not subject to HIPAA laws so this could turn into a pretty big data privacy nightmare. DNA testing tech has become ubiquitous, but the true prize for whoever acquires the company's assets will be the DNA or rather the "IP".

The NY Times published a small guide here on how to delete your data if you're 23AndMe customer.

Wiz’s $32B GTM Playbook: Unpacking the Formula (Part I)

I recently kicked off a series dissecting Wiz's Go-To-Market (GTM) playbook. Following first principles, the first part focuses on their early days, finding Product-Market Fit and how they nailed branding.

To me, Wiz had one of the best GTM runs of any B2B companies in recent history so it's worth analyzing their tactics and strategies to see what the rest of us can learn and apply. Part II landing within the next week, subscribe to make sure you don't miss it!

IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX

The Wiz research team recently discovered a series of unauthenticated Remote Code Execution (RCE) vulnerabilities in Ingress NGINX Controller for Kubernetes (K8s). Exploitation of the vulns lead to unauthorized access to all secrets across all namespaces in the K8s cluster which could result in a cluster takeover. The severity of the vulns landed it a 9.8 CVSS score.

Wiz has an awesome, in-depth report on the end-to-end lifecycle of the 5 vulns here. If you're org. runs any k8s, I'd recommend sharing the report to ensure the latest ingress-nginx version are running, if at all. In the best case, they already patched, but never hurts to make sure :)

Side note: These are the very type of research reports and vuln discoveries that has brought Wiz lots of respect and notoriety in the security community.

Tensions and opportunities for cybersecurity founders: considerations when building a security company

This masterpiece by

• Differentiation vs. speed to market

• Time to value vs. moat

• Platform vs. best of breed

• And more

Certainly worth a read if you're building something in cyber! 💎

🎙️ Gili's Investment Playbook

Great pod that dives into Gili's investment thesis and 'Sunrise' playbook with Cyberstarts. If you don't know Gili, he's a legend in the VC space (i.e., $6.4M -> $1.3B in recent Wiz deal) and has been pivotal in building some of the biggest cyber startups in recent years.

What stood out to me most is that the average Cyberstarts portfolio company spends about $100M in R&D budget over 3 years 🤯🤯🤯🤯 (~Min. 29 on Spotify)

🔮 The Future of Security 🔮

Application Security

Key Chainguard Assemble Announcements

Chainguard just had their first annual user conference, Assemble, and made more than a few significant announcements. Their flagship product is Chainguard Containers and is loved by many dev teams across the globe including Snowflake, Anduril, Canva etc. Simply put, they provide secure-by-design container images which removes so much of the toil AppSec + Dev teams face in hardening open-source images.

At Assemble, they introduced two more product offerings:

• Chainguard VM - Minimal, zero-CVE virtual machine images built from source, designed for modern, ephemeral cloud workloads. They serve as secure container host images, offering a cloud-agnostic, threat-resistant environment to deploy and run containers.

• Chainguard Libraries - Guarded catalog of language libraries, focusing on protecting against supply chain attacks by providing developers with secure, vulnerability-free libraries for their apps.

Kudos to the Chainguard team👏. They've built a product and an approach to software supply chain security that circumvents a lot of traditional threat vectors and in turn, make their customer's lives much easier.

More AppSec news ⬇️

• JFrog’s Conan introduces Conan Audit to strengthen C/C++ dependency security

• Hunted Labs lands $3M to find suspicious open source contributors

• Pulumi Extends Security Reach to Include Managing Secrets and Policy-as-Code

Browser Security

Island Raises $250M in Series E; Valued Nearly $5 Billion

Island, a leader in the Enterprise Browser space, has raised a $250M Series E bringing it's total valuation to $5B. Round was led by Coatue Management. Company came out of stealth in Feb. '22 and is a rocketship. Existing investors include Canapi Ventures, Capital One Ventures, Cisco Investments, Citi Ventures, Coatue Management, Cyberstarts, EDBI, Georgian, Insight Partners, Prysm Capital, Sequoia Capital, ServiceNow Ventures, and Stripes.

Cloud Security

ARMO launches Behavioral CADR

ARMO recently launched their Behavioral Cloud Application Detection and Response (CADR) solution that unifies runtime security from code to cloud. It's a novel approach in that it provides a full, explainable and traceable runtime security story/context spanning the entire stack. My friend, James Berthoty explains the significance best:

Governance, Risk, and Compliance

Vanta launches Vanta Exchange

The feature is meant to simplify vendor security reviews by supporting direct collab between security teams and 3rd party vendors. Think TPRM questionnaires, evidence gathering, and automating follow-ups.

The launch comes on the heels of Drata's acquisition of SafeBase which played squarely in this space.

Identity Security

GetReal Security Raises $17.5M in Series A Funding

GetReal Security, which focuses on detecting + mitigating malicious GenAI threats including deepfakes and impersonation attacks, has raised a $17.5M Series A round. The round was led by Forgepoint Capital with participation from Baliistic, Evolution Equity, the K2 Access Fund, In-Q-Tel, Cisco Investments, and CapitalOne Ventures.

GenAI has gotten very good and will only continue improving. The deepfake threat is real and can have material impact if exploited against VIPs. Great to see companies in the space getting the proper funding.

More Identity Security news ⬇️

• SailPoint Harbor Pilot automates identity security tasks

Security Operations

Microsoft Gives Security Copilot Some Autonomy

Haven't dug too much into this announcement, but it seems like these releases give it some feature parity with the leading AI for SecOps tools like Intezer and Prophet Security.

More Security Operations news ⬇️

• D3 Security Unveils Morpheus, its AI-Powered Autonomous SOC

• Blumira introduces Microsoft 365 threat response feature

Vulnerability Management

RunZero Introduces a New Era for Exposure Management

RunZero, founded by HD Moore (founder of Metasploit), recently launched their exposure management solution and in my opinion, it's the most comprehensive CASM/EASM solution on the market by a mile. Watch this video to get a gist of what they're up to:

Interested in sponsoring TCP?

Sponsoring TCP not only helps me continue to bring you the latest in security innovation, but it also connects you to a dedicated audience of ~6,000 CISOs, practitioners, founders, and investors across 100+ countries 🌎

Find out more here!

That’s all for this week… ¡Nos vemos la próxima semana! 👋🏽