Casey Ellis is the founder of BugCrowd, the first open marketplace for vulnerability disclosure and commercial bug bounties. On today’s episode, Jon Sakoda speaks with Casey on the early economics of paying people to hack companies, why ethical hackers are an amazing source of criminal creativity, and why every founder needs to ultimately fix their known vulnerabilities:

• Why the Economics of Bug Bounties are 20x the Status Quo [11:23-14:42] - Casey had global access to talent around the world and saw that there was a huge opportunity to empower the best and brightest hackers to be paid for finding vulnerabilities. This was a 20x improvement on traditional pen testing and opened the floodgates on bringing traditional hacking out of the dark and into the light.
• How the Best Hackers and Companies Find Success Together [15:04-24:30] - Bugcrowd early on attracted some of the best hackers onto its platform, but ultimately needed to teach companies how to engage. Setting the right reward incentives, the right targets, and offering responsive feedback were key to getting the right level of engagement on the marketplace in the early innings. Now, most high value tech companies have successful programs.
• Why Prioritizing Health Fixes is Life or Death [32:45-39:18] - Like many founders, Casey prioritized his startup ahead of other important health issues, which ultimately led to a cardiac emergency requiring open heart surgery. He is now back in action but has an important lesson to share with founders on the importance of taking care of your known vulnerabilities and investing in proactive and preventative care in advance of real issues.

Yaron Singer is the Founder and CEO of Robust Intelligence, the early leader in AI security that was recently acquired by Cisco. On today’s episode, Jon Sakoda speaks with Yaron on how academics need to decide on the right time to start a company, why the capabilities and risks of AI for many industries need to be approached end to end, and why startups should seek to dispel many of the myths of being acquired:

• Why Skateboarding Prepared Me Well for Entrepreneurship [4:10 - 5:45] - Yaron early on picked up skateboarding as one of his first hobbies. He realized that in order to improve in skateboarding, you need to learn both physical and mental resilience. Your body has to endure quite a bit to get better! He was also inspired by those who pushed the sport by creating new tricks and techniques. This ultimately inspired him to chart his own course as a founder.
• Why AI Has an Inconvenient Truth [15:25 - 17:15] - Yaron was a PHD student at Berkeley and ultimately became a professor of computer science at Harvard. Along the way, he learned the great power and also the great limitations of using machine learning and AI for many applications. As much as we would like to move quickly to embrace the power of AI, we don’t always understand how to do so safely. Yaron has ultimately dedicated his career to helping people step into the fear of the unknown by using his products.
• Dispelling the Myths of Getting Acquired [17:30 - 22:50] - Many founders told Yaron that partnering with a large company like Cisco would be a risk. Perhaps they would steal his intellectual property or compete with him directly? Yaron believes strongly that the benefits of partnering have outweighed the risk, and that every founder must make the most of partnership opportunities with large companies that can ultimately lead to successful M&A events.

Dmitri Alperovitch is the Co-Founder and former CTO of Crowdstrike, one of the most valuable cybersecurity companies founded in the modern era that defined the Endpoint Detection and Response (EDR) category. On today’s episode, Jon Sakoda speaks with Dmitri on why email security was one of the best places to learn cybersecurity, the hardest parts of finding product-market fit in a new category, and how all of his learnings inside of larger companies ultimately inspired him to start Crowdstrike:

• Why E-Mail Security Was the Best Place to Learn About Adversaries [7:15 - 14:32] - Dmitri’s early career at CipherTrust put him on the front lines of stopping email spam. This was a rapidly changing field that taught him that adversaries could make changes in hours, not days or weeks. This mindset taught him that there are no silver bullets and that our defenses must always adapt quickly to ever changing threats.
• Building a Services and Software Company Together to Own the Category [33:53 - 39:34] - In the early days of Crowdstrike, the team built an elite services team that gave them insight into how nation state adversaries were breaching customers. This gave them unique lead generation and IP that helped them build their endpoint security solution which ultimately became the category leader in EDR.
• How Targeting Existing Budgets Unlocked Revenue Growth [39:35 - 45:15] - Crowdstrike early on complemented existing AV solutions with an advanced EDR and IR offering, primarily targeting companies who understood nation state attacks. Their revenue growth accelerated when they offered to replace traditional anti-virus and could access existing budgets for endpoint security. This move ultimately gave them a much larger TAM leading up to their IPO.

Chris Wysopal is the Founder and CTO of Veracode, a $2.5 billion software supply chain security company that pioneered the field of application security and was one of the first companies to embrace software as a service. On today’s episode, Jon Sakoda speaks with Chris on his early fame as a cybersecurity researcher and the highs and lows of building Veracode across three decades:

• How a Hacking Group Became Celebrities [11:50 - 15:35] - Chris was a member of the famous “L0pht” hacker group who became famous for discovering vulnerabilities in Lotus and Microsoft software. Shining a light on the issue ultimately gave the group widespread media attention and internet fame, drawing much needed attention to security issues in commercial software.
• Launching a Cloud Product in the Desktop Era [27:55 - 32:50] - In 2006, Veracode was one of the first companies in the security industry to pioneer “software as a service” which is widely used today. Chris relives the journey of convincing customers of the benefit of leveraging the cloud during the era of client / server code repositories.
• Surviving and Thriving Through Cycles [38:51 - 40:10] - Veracode has been a wildly successful company, but has had to survive many moments of crisis that might have killed weaker startups. The company had a broken financing in the first financial crisis and has been through numerous cycles through the years.

Kevin Mandia is the Founder and CEO of Mandiant, the widely recognized leader in cybersecurity incident response which was recently acquired by Google for $5.4 Billion. On today’s episode, Jon Sakoda speaks with Kevin on why he founded Mandiant, and his personal journey to create a company to defend companies against cyber surveillance advanced persistent threats from Russia, China, and North Korea:

• Seeing the Future of Inevitable Breaches  [15:32- 16:05] - Kevin started Mandiant after seeing the most advanced cyber surveillance attacks against this country. His big bet was that even the very best companies would struggle to protect themselves against nation states and that the uneven playing field would create opportunities for a firm that specialized in responding to breaches.   
• Why Mandiant Went Public to Expose Chinese Military Attacks [26:52- 30:44]  - In 2013, Mandiant was the first company to go public with an advanced persistent attack (APT-1) that was traced to a Chinese military facility, PLA Unit 61398. Kevin retells the story about how nobody believed him until the New York Times broke the news after 9 years of recorded attacks.
• How Services Companies Can Become Software Companies [36:24-37:58] - Kevin created his products as a software company by automating the most advanced and sophisticated workflows of his security researchers. Mandiant was built on the premise that great services are the foundation to great software. 

Shay Banon is the Founder and CTO of Elastic (NYSE: ESTC) the open source leader platform that enables enterprise search, observability, and cybersecurity. On today’s episode, Jon Sakoda speaks with Shay on his path to starting Elastic, and his success building a commercial open source company in the era of cloud providers:

• Learn To Overcome Fear and Embrace the Future  [6:10- 8:43] - Shay was diagnosed with a rare and incurable kidney disease at a very young age. He was told he might not live a normal life and his condition could change at any moment. He has learned to overcome day to day fear and to embrace the future. 
• Why Google Didn’t Win in Enterprise Search  [17:24- 19:50]  - In 2010, Google was a public company and everyone assumed they would win the war for search. But the enterprise market was different, and Elastic ended up being successful due to their focus on unlocking knowledge from diverse data stores. Google eventually exited the market and transitioned customers to products built on Elastic. 
• How to Compete with Cloud Providers [27:50-33:16] - Amazon famously copied Elastic’s search service and launched a competing cloud offering called Amazon ElasticSearch. Elastic fought back by changing its open source licensing to defend its IP, and is now a partner to Amazon. This form of licensing is now commonly used by open source companies. 

HD Moore is the founder and CEO of Metasploit and runZero, two cybersecurity companies that are widely used to identify assets and vulnerabilities in corporate environments. On today’s episode, Jon Sakoda speaks with HD on growing up as one of the most famous cybersecurity hackers who had the courage to publish software vulnerabilities on the internet:

• Need to Necessity - Diving in Dumpsters for Computer Parts  [1:20-2:24] - HD Moore grew up poor and had to scrounge for computer parts in dumpsters. This motivated him to build his own computers and teach himself to code. Listen to how HD found his way into his first job as a DOD researcher as a teenager.
• Open Source Keeps Me Out of Jail [09:12-12:54]  - Metasploit was the first tool to publish exploits and vulnerabilities in public as an open source tool. This was very unpopular and controversial and HD’s wife maintained a “Get HD out of Jail” fund in case he was arrested or prosecuted. Listen to how HD’s resiliency and belief that sunlight is the best disinfectant ultimately led to a safer internet.
• Creating Balance and Intensity as a Founder [23:16-26:58] - HD reflects on moments of health and personal challenges throughout his career as a founder. He now is very intentional about taking the needed time for himself. Listen to his words of wisdom and specific ways to carve out time for health and wellness.

Follow Jon Sakoda https://twitter.com/jonsakoda
Follow HD Moore https://infosec.exchange/@hdm
Follow Decibel https://twitter.com/DecibelVC

Bipul Sinha is the founder and CEO of Rubrik, a leader in zero-trust data security used by enterprises to defend against ransomware and to create global cyber resiliency. On today’s episode, Jon Sakoda speaks with Bipul Sinha on his unusual path from India to Silicon Valley and his unique mindset as a startup founder:

• Don’t Be Afraid to Drop Everything  [4:30-6:50] - Bipul dropped out of school in order to study for his college entrance exams in India. Growing up in a lower middle class household, Bipul needed to excel on the exams to escape poverty. Listen to the advice Bipul received from his father on the value of learning from failure and never constraining your self belief in what you can achieve.
• How to Engineer Hypergrowth from Day One  [20:46-24:19]  - Rubrik’s success in its early days was incredible, achieving $50 M in sales in its first year. Many founders approach product-market fit through serial steps, while Rubrik was engineered for faster growth from the very beginning. Listen to how Bipul approaches product-market fit through a parallel process in order to create more explosive growth.
• Avoiding Psychological Safety and Accepting Conflict [33:55-39:00] - Bipul believes that conflict is a part of every great startup, but it is human nature to try to create psychological safety. He strongly believes that every founder needs to embrace, and find joy, in pushing a company to its limits which is often in conflict with being satisfied. Listen to how he instills this culture in his company.

Follow Jon Sakoda https://twitter.com/jonsakoda

Follow Bipul Sinha https://twitter.com/bipulsinha

Follow Decibel https://twitter.com/DecibelVC