Mach37 Alum Hill Top Security Wins Virginia Velocity Tour NoVA Award

hill-top-security-virginia-velocity-tour-winner-full

Hill Top Security CEO and Mach37 Alumnus Tom Gilmore, second from left, accepting the Virginia Velocity Tour Award for Northern Virginia, September 2016

The Mach37 family was busy last Thursday. We announced our Fall 2016 Cohort and a new Mach37 platinum sponsor, SAP National Security Services. On the same day, spring 2016 cohort alumnus Hill Top Security won the Virginia Velocity Tour Northern Virginia Region pitch competition and the $25,000 top prize. Hill Top CEO and Founder Tom Gilmore accepted the award at the Fall Cohort Introduction dinner Thursday evening in front of a crowd of more than 250 Mach37 supporters. We recently interviewed Tom on our Mach37 blog and it is clear that the company is already making an impact.

Mach37 Alumnae Represented Two-thirds of the NoVA Finalists

However, Hill Top wasn’t the only Mach37 standout in the pitch competition. Four of the six finalists in the cybersecurity and government technology category were Mach37 alumnae. Eunomic, SheVirah and Tensor Wrench all pitched alongside Hill Top. Two other companies focused on government technology SpotMyBus and J&F Alliance Group also competed. The competition judges came from the University of Virginia, Revolution Ventures, Amplifier Ventures and TandemNSI. It was great to see so many Mach37 alumnae getting recognition for their technology and business growth.

2016-09-22-va-velocity-tour-24-smaller

Hill Top Security CEO Tom Gilmore Presenting to Virginia Velocity Tour Judges

Virginia Velocity Tour Background

va-velocity-tour-logoThe Virginia Velocity Tour is overseen by the Virginia Secretary of Commerce and Trade and planned in partnership with our friends at Village Capital. We appreciate that Virginia Governor Terry McAuliffe, Secretary of Commerce and Trade Todd Haymore and Village Capital’s Ross Baird are so supportive of the start-up community across the state. Twenty-nine finalists competed for top honors in five regions.

At Mach37, we work with entrepreneurs from all over the world. Two of the five companies in our current cohort are from Europe and we also have entrepreneurs joining us from Nevada and North Carolina. We maintain a global outlook regarding cybersecurity, but we also appreciate introducing these companies to the business-friendly climate in Virginia. The Virginia Velocity Tour is another example of the start-up support that founders receive from the state and can access as part of the Mach37 family. Congratulations again to Tom and the entire Hill Top team.

PierceMatrix: Mach37 Alumnae Interview with Roy Stephan

roy-stephen-presenting

Roy Stephan, PierceMatrix CEO and Founder

What opportunity did you recognize that led to the founding of PierceMatrix?

pierce-matrix-logo-whiteRoy Stephan: The opportunity for small and medium businesses to understand security on a global level. Large companies and governments can throw thousands of security professionals at a problem, and most security tools are designed for those organizations. With PierceMatrix we provide a unique workflow that offer SMBs a more comprehensive view of their security, including helping them identify malicious actors on their network and remove them.

What specific value does addressing that problem provide for your customers?

Stephan: By understanding how global threats are affecting them, PierceMatrix users can lower their security risk and lower their liability. Any business that is not reviewing its log files is carrying excess liability because the firewall logs (and other security devices) are documenting suspected attacks. PierceMatrix helps companies reduce that liability by automatically reading logs and helping with prioritization and remediation.

Why aren’t current solutions addressing this problem effectively?

Stephan: Most of the products in security are focused on solving niche problems for large businesses. There are very few that recognize the importance of educating and assisting small and medium businesses. Gartner selected us a Cool Vendor because of our unique approach to reducing data and helping small businesses focus their efforts. The industry standard is generating large volumes of new data for the user to sift through internally. This is just not an option for small and medium sized businesses that don’t have skilled resources available.

What makes your approach different and better from existing approaches?

Stephan: Our approach is to bring SMBs a cloud-based security model that bridges several capabilities including SIEM, TIP, Incident response and remediation. In particular, we provide an understanding of threats already present in your log files, as well as incident tracking and remediation through an automatable button.

What about your team’s background puts you in a unique position to succeed?

Stephan: The PierceMatrix team combines Artificial Intelligence and security expertise. These are two separate fields of study, but an essential combination to address today’s information security challenges. The CEO has 20 years of experience in building companies and divisions in the security world, and the CTO has 20 years of experience building artificial intelligence for the US military, FAA, and AT&T.

What are some of the milestones you have passed since graduating from Mach37?

Roy Stephan, PierceMatrix CEO

Roy Stephan, PierceMatrix CEO

Stephan: When we graduated M37 we had an early beta product. Now we have a functioning system with customers in the ISP, MSP, Finance, and Defense Industrial Base markets. We were recently selected as a Gartner Cool Vendor, as well as being selected as one of the top 6 emerging technologies for FinTech by the Partnership for New York City.

What one aspect of the Mach37 programs did you personally find most beneficial?

Stephan: Helping me run a business. I have built products, divisions, even companies as a technologist, but M37 taught me how to build out the non-tech aspects such as finance, HR, sales, legal, etc.

Learn more about PierceMatrix here.

Related Posts

Mach37 Spring Class 2016 Interview: Hilltop Security

 

2016-06-14 - M37 Demo Day - 08 - HTSI - DSC_3364

Tom Gilmore, Hill Top Security CEO

 

What opportunity did you recognize that led to the founding of Hill Top Security?


HTSITom Gilmore:
 We saw that most organizations were faced with a shortage of skilled security personnel and that any strategy built around creating more security analysts was not going to be effective. In addition, security personnel are overwhelmed with security alerts and spend too much time processing false-positive alerts. We also believed that the time to detect a breach which is on average 206 days is a direct result of these problems and that time could be dramatically decreased with automation and better tools.

What specific value does addressing that problem provide for your customers?

Gilmore: We provide customers with a security incident response platform that ingests data and performs complex event processing to save analysts time allowing them to move to detection and response activities faster.

Why aren’t current solutions addressing this problem effectively?

Gilmore: Most solutions on the market today are focused on prevention, or detection, or response. Our product is designed to do all three and also provides analysts with the ability to work in a single environment instead of having to login and operate every security tool independently.

What makes your approach different and better from existing approaches?

Gilmore: Solutions on the market now are very narrowly focused and fragmented creating more work and reducing efficiency. Our product is designed to enhance and improve the utility of our customer’s current resources. By interconnecting all the devices and systems that make up the security architecture, we are able to increase the value of the data being generated by enriching the data with such things as business impact analysis, business rules, and risk assessments.

What about your team’s background puts you in a unique position to succeed?

Gilmore: We have a team that has experience in national and military intelligence, cyber security, and industrial engineering. I personally have one start-up under my belt that made the Inc. 500 and exited. Neil Wright spent 7 years designing UPS’s global package handling system and Steve Baker has over 30 years of national security and intelligence experience working in such places as the White House National Security Council.

What one aspect of the Mach37 programs did you personally find most beneficial?

Gilmore: Learning the intricacies of being a successful product company. Having come from a government services background, making that transition can be very difficult and Mach37 helps you define what that will look like and develop a plan to get there.

Learn more about Hill Top Security here.

Mach37 Spring Class 2016 Interview: NormShield

 

2016-06-14 - M37 Demo Day - 05 - Norm Shield - DSC_3389

Mohamoud Jibrell, NormShield CEO

 

What opportunity did you recognize that led to the founding of NormShield?

ns-logo-transMohamoud Jibrell: Through our many years of experience in the cyber security industry we recognized that organizations rely on mostly manual methods to validate their security posture and they do not have visibility to existing vulnerabilities that hackers can exploit. We also recognized that most security tools are not designed for the mid-market. They assumed a greater sophistication of user and more manpower than is typically available to mid-market CIOs. So, we founded NormShield to fill those gaps: automate cyber security processes, provide visibility and services that are currently not available and align the solution with the needs of the mid-market.

What specific value does addressing that problem provide for your customers?

Jibrell: Visibility. That, in one word, is the specific value that we provide more of than any our competitors. NormShield provides better visibility to existing vulnerabilities and significantly reduces the risk of hacker exploitation. We do this by continuously gathering cyber threat data from multiple sources and by monitoring our customers’ assets. We then analyze and present the data and actionable information to our customers using our cloud platform. That visibility helps companies take action to reduce risk.

Why aren’t current solutions addressing this problem effectively?

Jibrell: Current products are designed for large enterprises and are narrowly focused. Mid-market businesses don’t have the financial or human resources to run dozens or even a handful of information security products to protect their assets. Current solutions assume large enterprise users with large staffs that can specialize in specific infosec tools. NormShield’s single, integrated solution provides the necessary security coverage while minimizing the human labor and skill requirements. I was a mid-market CIO and I understand the security needs, but also recognize the constraints. We built a tool to fit that user profile.

What makes your approach different and better from existing approaches?

Jibrell: We provide a unified single solution that addresses multiple needs. Competitors offer multiple products to address the same set of problems. But using multiple products is a lot more difficult to administer and it also brings a lot of management overhead. We commonly see security teams, IT teams and risk teams work independently with different agendas and metrics. Acquisition of multiple products is also more expensive and it is not something that most mid-market companies can afford. All of these factors combined lead to inefficient and ineffective processes that slow down the threat response and vulnerability management and expose companies to preventable cyber attacks.

What about your team’s background puts you in a unique position to succeed?

Jibrell: We have a diverse team with deep expertise in ethical hacking, enterprise software development and IT management. I myself have 16 years of CIO experience under my belt. Our combined experience in the industry gives us the network and knowledge we need to succeed.

What one aspect of the Mach37 programs did you personally find most beneficial?

Jibrell: The support we got with sales, marketing and product strategy was extremely beneficial. We were also introduced to many different potential customers through Mach37, which allowed us to expand our network and get a jumpstart on reaching our goals.

Learn more about Normshield here.

Mach37 Spring Class 2016 Interview: Unblinkr

 

Demo

Mancy Sanghavi, Unblinkr Founder

 

UnblinkrLogoTransparent

 

What opportunity did you recognize that led to the founding of Unblinkr?

Mancy Sanghavi: 250 million cars will join the Internet of Things by 2020. Cars are running millions of lines of code and are just as susceptible to hacking as any computer network. Advanced driver assistance and connectivity features increase threat vectors on the connected vehicle. We identified an opportunity to make cars secure.

What specific value does addressing that opportunity/problem provide for your customers?

Sanghavi: Automotive Industry insiders acknowledge connected cars need to be secure from outside hackers. Through the publicity car hacking has received recently, consumers want to know their vehicles are safe. There are plenty of discussions on how to secure the connected car. Our product provides an answer to that question. By using our solution, car manufacturers can stay competitive and offer more advanced connectivity features for consumers.

Why aren’t current solutions addressing this opportunity/problem effectively?

Sanghavi: Cars today are infinitely more complex than the Model T designed by Henry Ford in 1908. Automotive companies have never had to think like technology companies in the past, and they are having to play catch up. Their design times have to be more responsive. We don’t have to play catch up because our team has been dedicated to this problem for over 5 years.

What makes your approach different and better from existing approaches?

Sanghavi: The connected vehicle space is new and there is no clear leader in aftermarket automotive cybersecurity. Cybersecurity is crucial in order for the market to adopt driverless cars. There are a few startups offering point solutions whereas we are taking a holistic approach. We believe in intelligent data by bringing context to increase awareness of the situation, thereby enabling us to make better decisions.

What about your (team’s) background puts you in a unique position to succeed?

Sanghavi: Our team has done research on the security and privacy concerns of these types of advanced technologies. We have bid on and received research grants to examine connectivity and have spent time in labs researching internal car networks. We conduct black box testing and pen testing on cars.

What one aspect of the Mach37 programs did you personally find most beneficial?

Sanghavi: The Mach37 program is incredibly beneficial and I highly recommend it. The 14-week program gives startups a unique chance to interact with experts and learn how to run a business from start to exit. Startups hone their message and learn the building blocks to take a litmus test of whether their idea can succeed in the marketplace. Mach37 helps you build your boat before they launch you into the waters.

Are there any adjacent industries transformed by your solution?

Sanghavi: Imagine summoning a driverless car via smartphone, revolutionizing taxi and parking industries. Targeted in-car advertising creates revenue opportunities for telecom and marketing industries. Insurance is getting ready for the day of driverless cars and when people aren’t paying car insurance anymore. Our solution helps track history and prove whether a car has been hacked. This is valuable information for insurers.  However, these disruptions come with challenges. The FBI is concerned that driverless cars are a terrorist target. Centralization means more vulnerability and creates user privacy concerns.

What are the key market/economic forces in your industry?

Sanghavi: Over 35,000 people in the US die in road crashes each year. Driverless technology is the hope that the number will become zero. But we are replacing human error with a machine. If that machine becomes hacked, that is dangerous for the families riding in the car. One day anti-hacking software installed on a car will be mandatory, the way seatbelts and airbags are mandatory safety elements today.

An industry driver is that revenues from connectivity are expected to increase sixfold from approximately $30 billion in 2014 to approximately $170 billion in 2020. Possible legislative mandates like SPY Car Act may fuel demand for Unblinkr product. An Executive Order mandates all government vehicles to address threat vectors by 2017. The EU eCall law will drive demand for the product overseas.

Learn more about Unblinkr here.

MACH37blog3years

Three-Year Update: Lessons Learned (So Far) From The Mach37 Experiment

When we launched Mach37 three years ago, we acknowledged at the time that we were essentially running an experiment. At our inception, we believed that an accelerator could effectively harness the rich cybersecurity talent pool in the DC-Maryland-Virginia region (DMV) to create an ecosystem capable of supporting large-scale commercially-focused cybersecurity product companies. There were plenty of skeptics, including many in the institutional venture community, who believe you can’t scale a cybersecurity product company in the DMV. At the time, I privately admitted that we had no idea if we would succeed, and anticipated it would take us at least five years to really know if we are any good at this.

Three years later, I am confident that I have burned through any goodwill I had with my friends in the community and that I am deeply indebted to just about every person I know in the industry. But, it seems like our modest experiment is working out way better than most people ever expected, including us. Our small $50,000 investment in each of our 35 companies has been leveraged over eight times on average by private seed investors. What started out as one or two person companies have grown into ten and twenty person companies. Currently, our portfolio employs over 100 full-time equivalent employees, and we expect that number to increase dramatically over the next year as they receive institutional venture funding.

To be certain, all of us here at Mach37 know that there is still a lot of work left to do to transform what has been a government-centric business ecosystem into a thriving commercially-focused cybersecurity business epicenter. However, now I believe that this transformation is inevitable.

As we pass through the three-year milestone, I wanted to share a few important lessons we have learned from the experience:

Lesson #1: Accelerators can effect major changes to business ecosystems. Part of Mach37’s mandate was to cultivate an ecosystem that could transform the cybersecurity intellectual capital native to the DMV into a conveyor belt of successful security product companies. The conventional wisdom in 2013 was that we didn’t have a critical mass of talented individuals in our region that understood how to build security product companies. However, it looks like our brute force approach is working.

We started by building a mentor network of security professionals one mentor at a time. (Thank you George Schu for leading the way as Mach37’s first mentor.) What began as a small group of believers evolved into an unmatched 240+ person network of security business experts – all committed to our mission to launch the next generation of security product companies.

From there, the momentum increased. Since 2013, over 80 security and software business experts volunteered to teach our entrepreneurs critical skills that will enable them to be successful. Over 70 seed investors have fueled our companies, allowing them to mature and finally begin capturing the attention of the institutional venture community.   And, the vital leadership and financial support offered by our sponsors at Amazon Web Services and General Dynamics has been humbling and validates the demand for security innovation from some of the most successful companies in our region.

Perhaps the skeptics were right that the DMV doesn’t have as many talented security product business experts as other more established regions. But, what I have learned to value much more than the quantity of experts is that members of the security community in our region rarely say “No.”

Lesson #2: The DMV has an unmatched volume of technical security innovation that is driven by government-centric missions. However, security innovation also comes from diverse populations around the world. As most people recognize, there are more talented security technology professionals in the DMV than any place else on Earth. In general, the security ecosystems supported by the DoD, Department of Homeland Security, and the Intelligence Community are driving significant demand for security innovation. Mach37 has been able to effectively leverage this regional asset. Founders from Huntress, Atomicorp, Disrupt6, Fast Orientation, Tensor Wrench, Eunomic, Cyber Algorithms, Anatrope, vThreat, and Hilltop all have been operating at the leading edge of security within this ecosystem for many years.

However, we failed to anticipate the large volume of high-quality security entrepreneurs that would come to the DMV from many diverse ecosystems. To date, of our portfolio of 35 companies, over 40% came from outside the DMV. Notably, Mach37 has received applications from 24 different countries (and counting) and we expect to increase our volume of investments in entrepreneurs from outside of the United States in coming cohorts. Additionally, since inception, Mach37 has funded 17 of 35 companies (nearly 50%) with a founder that is either from an ethnically underrepresented group, from the LGBT community, a woman, or a service disabled veteran.

Lesson #3: You CAN raise seed capital in the DMV. To be honest, three years ago, we were concerned about the limited volume of seed capital available to product companies in our region.   We just weren’t sure it would support the volume of innovative product companies we intended to launch.   However, about 70% of our graduates consistently raise capital beyond our initial investment.   To be sure, we have reached out to seed investors from other geographies and, thankfully, their appetite to fund security companies in the DMV exceeded our expectations.

Further, the often-publicized concerns around the impending “winter” in security investment appear to me to be overwrought, at least in the DMV. Maybe it’s because we have never been spoiled with an abundance of early-stage capital and “winter” doesn’t feel any different to us. Perhaps it’s because the uninitiated investors who are fleeing the sector were never investing in our region to begin with. Or, maybe it’s because investors who understand security continue to invest in the DMV, in spite of the emergence of “winter” in other regions. Whatever the reason, the rate at which Mach37 companies continue to receive funding is increasing and it still feels pretty warm to us.

 

Mach37 Spring ’16 Class Interview: PCPursuit

2016-04-20 - DC CSCS Mt Up - 06 - DSC_0282

Robert Walker

CEO and founder

PCPursuit

 

What opportunity did you recognize that led to the founding of PCPursuit?

Robert Walker: There are a couple of things going on in information security that are really important. Too many information security products only tell you there is a problem after your data has already been stolen. I have seen a few things in my career that are technologies that can prevent problems from happening in the first place, but they are not easy to use and are typically expensive. We recognized that we could make physical systems and digital systems more secure if they could just talk to each other. It’s really never been done before and that’s what we are changing by providing a proactive security solution that is inexpensive and easy to deploy.

 

What makes your approach different and better from existing approaches?

Walker: Simplicity. You don’t have to roll this out to every asset in your enterprise. You can deploy one tiny piece of software on your Active Directory domain controller and it can protect your entire enterprise. This uses the exact same framework that Microsoft uses themselves. Most solutions don’t do it this way because it’s extremely hard to do.

One specific thing our technology doesn’t do is require you to deploy agents to each PC in your enterprise. We have a server that sits between your physical control systems and your Windows Active Directory domain controllers. That PCPursuit software asks if a user badges in and if so, when and where. We report that back and based on what the enterprise administrator wants, we can log it, we can send an email to their manager or restrict access.

 

 

What specific value does addressing that opportunity/problem provide for your customers?

Walker: PCPursuit enables enterprises to get considerably better security out of the assets they already own. We make the stuff they have better and we do it very inexpensively. It’s a massive improvement for a very low cost.

 

Why aren’t current solutions addressing this problem effectively?

Walker: Because they are not thinking outside their own boxes. Physical security solutions only think about the physical side. Digital security only considers their own boxes. We took it up a level to look at both pieces.  However, there is another dimension to consider. The technology is really hard to build. The concept is simple, but the execution isn’t easy.

 

What about your (team’s) background puts you in a unique position to succeed?

Walker: Both my co-founder and I worked at Microsoft. I was there as a full-time employee for 13 years. My co-founder has worked at Microsoft for many years as a consultant. So we both have very deep exposure to Microsoft technology and we know how to implement it in a way that very few people understand. It’s not that no one else can do this. It’s that few people understand as well as we do how Windows was designed.

 

What makes this an exciting opportunity for you?

Walker: The thing that I think is most exciting about what we are doing is that we are one of those really rare solutions that can help make your enterprise tremendously more secure than it presently is and at a very low cost. By putting these two pieces of technology together, PCPursuit delivers two key benefits that address two intractable problems:

  • It discourages employees from tailgating into buildings. If you can’t get any work done because your login won’t authenticate, you won’t tailgate to get in. If we change the psychology in an office to “always badge in” instead of “avoid it,” it changes behavior. Then not badging in becomes the anomaly.
  • We also make physical presence another factor for authentication. Passwords aren’t secure. Even if you have to change them every several weeks. People forget them. They write them down so they don’t forget them making them easier to steal. With PCPursuit, if you didn’t badge in, you can’t get access. If your password got phished, that hacker in Russia won’t be physically in your building and can’t get access from inside your enterprise network. If someone found your password, they can’t use it. And we can do it for one-tenth of the cost of other tools in the market. You don’t have to buy tokens or other tools, just install our software on a single server and connect it to Active Directory and your enterprise is immediately more secure.

PCPursuit represents the first example of a simple approach to pairing physical security with digital security. It will have the biggest impact on securing the enterprise since automatic Windows updates. This is the kind of stuff that actually works. Stuff that’s really simple. You just make a little tweak and people don’t have to change the way they work, but it still makes a big difference. It turns out that the technology is hard, but the implementation is simple and effective.

 

What one aspect of the Mach37 programs did you personally find most beneficial?

Mach37 is really well-connected and is the only accelerator focused solely on information security. Their specialization in information security means everything they do is geared to this field and that is very valuable. In addition, they understand selling to the enterprise. There is a big emphasis in the program on selling and that is not a natural skill for engineers which is the background of most of the founders.