BlackHat Innovators & Investors Quick Hits
Notes from this year's I&I summit
Welcome to The Cybersecurity Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀
GM! 🚀
While BlackHat 2024 officially kicks off today, yesterday was a jam-packed day with 1-day summits for CISOs, AI, Analysts, and Innovators & Investors (I&I).
I had the opportunity to spend time at the I&I summit (thanks, Coleen!) and was impressed by the programming, presenters, attendees, and the startup pitch competition.
While it’s 440am here and I still haven’t had my dbl shot espresso, I’ll attempt to put together my key takeaways and quick hits from the summit before going off and throwing iron around with some friends at the Lair 🐉
Before moving on though, why the f*ck is there not a spot serving coffee 24/7 in the Mandalay Bay towers!?!?!?!??
Anyway.. I&I quick hits.
Quick Hits
George Kurtz & Resilience 🛡️
Even after all the Crowdstrike-caused outages, threats, $10 gift cards, and lawsuits, George Kurtz still pulled through on his Blackhat commitments and faced the music with his head high and chest out. This is not something most people would do today, but its exemplary leadership and how Crowdstrike has handled it will be under the microscope for years to come. Kudos to Mr. Kurtz for taking this straight on.
The star-studded panel covered how to get your startup acquired + how to approach IPO. Industry staples like Barmak Meftah, Chenxi Wang, and Andrew Peterson also shared many gems for builders and investors.
Building Trust w/ CISOs 🫱🏽🫲🏻
This is the one I had been looking forward to the most and it did not disappoint! Fredrick Lee aka “Flee”, CISO at Reddit, John Flynn aka “Four” VP of Security at Google Deepmind, and Christina Cacioppo, Founder & CEO at Vanta had tremendous amounts of gems for founders, investors, and GTM teams.
Disclaimer: While I’ll share detailed notes from talks and panels, statements can’t be officially attributed to anyone given that I don’t record who said what. This is on purpose.
Anyhow, below are my raw notes from the panel:
Get deep into problems and platformize them; too many tools in security stack
Software supply chain is a massive burning pain point for enterprises today
Open source + 3rd party
Security startups should prioritize transparency and not BS about where they are in their security journey
Security startups should understand that bringing them on as a vendor is expanding their attack surface
"We want to be a partner; not a vendor"
Help build and extend their security team
Building something WITH you; not for YOU
They appreciate founders who are passionate about the problem and not just the money
Establish and chase your north star; don't just hunt down customer requests
Saying "Yes" too much is a real problem from a product perspective
"Internalize the problem you are solving; take it personally"
Security is rarely a technical problem; it is more of a workflow/biz ops/people problem
Identifying & Attracting the Right Investors💰
This was the panel after lunch but it still delivered. How could it not? Look at the panelists. Anyhow, my notes aren’t as detailed for this one but here you go:
“Bootstrapping is not as hard as ppl make it seem. Put your head down and build for as long as you financially can without outside help”
Counter: There aren't a lot of bootstrappers that do FedRAMP or other expensive problems to solve.
Security categories are becoming meaningless. Marketing BS. Thanks, Gartner!!!!
Majority of companies coming out are 1 feature companies.
Overlapping telemetry and functionality across tools.
Risk reduction + prioritization > Visibility
THE INDUSTRY DOES NOT NEED MORE VISIBILITY
On doing discovery: Ask buyers where their biggest problems are; don't tell them what you're building and if that would work for them.. Don't even tell them what you're building. Just listen to what’s plaguing them the most at the moment.
There were many other amazing, star-studded panels throughout the day but I didn’t capture any notes for those. Suffice it to say the summit was a hit. Now onto the Startup Spotlight!
Startup Competition 🏆
While Knostic brings the hardware home, the other 3 startups, which I wrote about here, delivered amazing pitches and are solving truly hard problems. Kudos to the other finalists and congratulations to Sounil and Gadi for the big W!
Knostic
Leadership: Sounil Yu, Co-Founder & CTO; Gadi Evron, Co-Founder & CEO
Problem Space: GenAI Security
Solution: Need-to-know based access control for LLMs to prevent oversharing of sensitive information. Their product analyzes existing permissions and roles to derive need-to-know levels across organizations, guiding employees and customers to the information they need while preventing access to unnecessary details.
One key area of focus for them seems to be Microsoft Copilots which are a privacy mess in and of themselves.
Founded in: 2023
HQ: Tel Aviv, IL
Total raised: $3.3M USD pre-seed
Website: Knostic.ai
Bye For Now!
I’ll be back next week with TCP #56 encapsulating all key product and feature releases for the week. Until then, if you see me in LV, say hello! And if you’re not here, thank the heavens and keep it cool.
Hasta la proxima! ✈️
Excellent TL;DRs for those of us stuck at home!