January 14 2021
November 16 2020
During the 2020 Purple Team Summit, I had the opportunity to moderate a panel on how purple team technology and practices influences cybersecurity venture capital investments with a panel of experts. I'd like to thank Sid Trivedi, Greg Dracon, & Chris Steed for sharing their insights on purple team venture capital trends. Anyone interested in how cybersecurity startups raise capital should consider watching this entertaining and educational one hour video.
January 13 2019
September 25 2018
SCYTHE recently announced a $3m round led by Gula Tech Adventures and an experienced group of cyber investors and operators. SCYTHE enables organizations to emulate advanced malicious cyber activity and see how well their organization is at preventing, detecting and repelling these types of threats. In this blog, I ask SCYTHE founder and CEO, Bryson Bort, a variety of questions about the origin of SCYTHE and the platform’s use cases. Read More…
October 29 2017
The cyber industry continues to innovate and offer new ways to help organizations stay secure and compliant. Over the past few months I’ve observed analyst, media and pundit coverage of three new cyber product categories — software defined segmentation, threat intelligence gateways and automated breach simulation. All three offer many new ways to increase the effectiveness and efficiency of your security programs. I will discuss each briefly and reference relevant Gula Tech Adventures portfolio companies in these new categories.
May 14 2017
Note — I’ve known Marcus for a long time since he did “Dojosec” here in Maryland. I am an investor an adviser at ThreatCare. I like the ease of use it brings to testing and training your security staff and making sure your expensive array of security products is working as expected. Many security vendors are using it to demo their products and avoid a “Tanium” moment. I conducted the following interview with Marcus over email.
March 08 2017
February 08 2017
If you are going to RSA and walk the vendor floor, keep in mind that the vast majority the vendors you will meet are not designed to work together. You may be able to centralize their logs and even orchestrate a cohesive incident response to an event, but you won’t automatically know if you are PCI Compliant, if you have a gaping hole in your NIST Cyber Security Framework program or if your span port is down and all of your DLPs and IPSes are now blind. An answer to this is to look for solutions that can measure your defenses across all of your defensive technologies and identify gaps in your security specified by frameworks written in house, or by vetted industry experts and groups such as PCI, NIST and CIS.