Guest Blog by Michael Wellman: Virgil Security’s $4 Million Series A Round Is About More Than Just Fundraising

Michael Wellman and Dmitry Dain, founders of Virgil Security

Dmitry Dain and Michael W. Wellman, founders of Virgil Security

Last month, DCInno’s Eric Hal Schwartz, in his DC’s Cybersecurity Startup Scene Is Hot. Can It Get Hotter? article gave Virgil Security (and Mach37) the following shout out:

If venture investors are on fire for cybersecurity opportunities, a group of D.C.-based accelerators are cropping up to supply the fuel. Mach37 graduates around half a dozen startups from its program twice a year, with notable successes like Virgil Security, which partnered with Twilio, one of the fastest-growing cloud computing companies around, in April.

Last week, Virgil Security closed a $4 million Series A investment. I’ve long contended that funding news isn’t really news, but what makes it interesting this time is that we’re a Mach37 company – the first Mach37 company to close a Series A round. And that is news! Let me explain why…

Our lead investor was KEC Ventures out of NYC. Oher institutional investors included Charge Ventures in NYC, Bloomberg Beta out of San Francisco, Sparkland Capital from both Silicon Valley and China, plus NextGen Venture Partners which, while originally DC-based, now has a national footprint. Notable individual investors included Ray Rothrock and Matt Grimm. Ray Rothrock is practically the godfather of West Coast cybersecurity investing; he led the Series A and Series B investments in PGP Corporation back in the day, and, more recently, led the Series A investments in CloudFlare. Matt Grimm was, until recently, a partner at the San Francisco-based Mithril Capital Management.

Our ability to draw national and international funding to a Northern Virginia startup further validates Virginia’s investment-driven model for economic development. The combined vision of former CIT leader Pete Jobse, Delegate Tag Greason, and the Northern Virginia Technology Council (NVTC), plus the sustained support offered by Governor Terry McAuliffe, the Virginia’s Secretary of Technology Karen Jackson, and the Center for Innovative Technology (CIT) brought Mach37 into existence. Without the opportunity that Mach37 provided us to distill our underlying business case, Virgil Security would potentially simply not exist today. Because of all of their efforts, the $50,000 that Mach37 invested in Virgil in the fall of 2014 just drew 80 times that in private investment – with most of it coming from outside the DC area but with much of it to be spent in the DC area!

Our ability to draw this investment into the greater DC area also helps demonstrate that Virginia’s recent focus on cybersecurity is aligned with the future we need to create. And we’re trying hard to do our part.

Our mission at Virgil Security is to #SecureTheFuture. For Virgil, that means ensuring that the future is cryptographically secure, but, for all of us, that means ensuring that the future is economically secure. To help further both goals, Virgil Security is working with the University of Virginia’s College at Wise to create a curriculum which will better enable Virginia graduates to find and fill the tens of thousands of unfilled cybersecurity jobs in Virginia, the hundreds of thousands in the United States, and the million plus around the world.

So, while funding news isn’t normally news, I think this particular bit of funding news represents something bigger. And in our view, it’s a story worth sharing.

– Michael W. Wellman

Virgil Security Raises a $4 Million Series A


Virgil Security Co-founders Michael Wellman (left) and Dmitri Dain (right) Ring the Mach37 Bell to Celebrate Reaching Escape Velocity; Rick Gordon Joins In the Celebration


On October 7th, Virgil Security closed a $4 million Series A investment, led by KEC Ventures. KEC is a venture firm founded by Jeff Citron, who also founded Island ECN, Datek Online and Vonage.  For those of you who are close to Mach37, you know I have been promising for many months that we have several companies ready for Series A investment. Virgil was one of them.

As I thought about using this blog to crow about our investment strategy (we actually hunted for a company that offers easy-to-implement encryption infrastructure) or in some way hype-up just how smart we are at Mach37, a conversation I had last week caused me to think better of it. Virgil’s CEO Michael Wellman offered the key insight. As I was verbally high-fiving Michael, he took a characteristically humble look at the company’s journey so far and remarked:

“You know Rick, it used to be that if you worked hard, had talent, OR got lucky, you could make it to the NFL (National Football League).  These days, to make it you need to work hard, have talent AND get lucky to even have a chance.”

And, so it is with technology start-ups.  The hidden truth is that entrepreneurs can have talent, make every right decision, and work their butts off, but if serendipity does not smile the company will fail.

In the case of Virgil, I can point to a handful of inflection points that relied heavily on just being in the right place at the right time.  I can say the same for Invincea and Lookingglass, two companies I was intimately involved with during their early struggles that have since achieved similar inflection points.  However, the truth is that all of these companies still have additional milestones to achieve before any of us can declare victory.

So, instead of trying to convince you that the Mach37 team is smarter than we really are, I’ll just say that we feel really fortunate to have had the opportunity to invest early in Virgil. It is a company that has the world class talent and drive required to be successful AND was able to create the necessary luck along the way to close its Series A.

Related Posts


Mach37 Alum Hill Top Security Wins Virginia Velocity Tour NoVA Award


Hill Top Security CEO and Mach37 Alumnus Tom Gilmore, second from left, accepting the Virginia Velocity Tour Award for Northern Virginia, September 2016

The Mach37 family was busy last Thursday. We announced our Fall 2016 Cohort and a new Mach37 platinum sponsor, SAP National Security Services. On the same day, spring 2016 cohort alumnus Hill Top Security won the Virginia Velocity Tour Northern Virginia Region pitch competition and the $25,000 top prize. Hill Top CEO and Founder Tom Gilmore accepted the award at the Fall Cohort Introduction dinner Thursday evening in front of a crowd of more than 250 Mach37 supporters. We recently interviewed Tom on our Mach37 blog and it is clear that the company is already making an impact.

Mach37 Alumnae Represented Two-thirds of the NoVA Finalists

However, Hill Top wasn’t the only Mach37 standout in the pitch competition. Four of the six finalists in the cybersecurity and government technology category were Mach37 alumnae. Eunomic, SheVirah and Tensor Wrench all pitched alongside Hill Top. Two other companies focused on government technology SpotMyBus and J&F Alliance Group also competed. The competition judges came from the University of Virginia, Revolution Ventures, Amplifier Ventures and TandemNSI. It was great to see so many Mach37 alumnae getting recognition for their technology and business growth.


Hill Top Security CEO Tom Gilmore Presenting to Virginia Velocity Tour Judges

Virginia Velocity Tour Background

va-velocity-tour-logoThe Virginia Velocity Tour is overseen by the Virginia Secretary of Commerce and Trade and planned in partnership with our friends at Village Capital. We appreciate that Virginia Governor Terry McAuliffe, Secretary of Commerce and Trade Todd Haymore and Village Capital’s Ross Baird are so supportive of the start-up community across the state. Twenty-nine finalists competed for top honors in five regions.

At Mach37, we work with entrepreneurs from all over the world. Two of the five companies in our current cohort are from Europe and we also have entrepreneurs joining us from Nevada and North Carolina. We maintain a global outlook regarding cybersecurity, but we also appreciate introducing these companies to the business-friendly climate in Virginia. The Virginia Velocity Tour is another example of the start-up support that founders receive from the state and can access as part of the Mach37 family. Congratulations again to Tom and the entire Hill Top team.

PierceMatrix: Mach37 Alumnae Interview with Roy Stephan


Roy Stephan, PierceMatrix CEO and Founder

What opportunity did you recognize that led to the founding of PierceMatrix?

pierce-matrix-logo-whiteRoy Stephan: The opportunity for small and medium businesses to understand security on a global level. Large companies and governments can throw thousands of security professionals at a problem, and most security tools are designed for those organizations. With PierceMatrix we provide a unique workflow that offer SMBs a more comprehensive view of their security, including helping them identify malicious actors on their network and remove them.

What specific value does addressing that problem provide for your customers?

Stephan: By understanding how global threats are affecting them, PierceMatrix users can lower their security risk and lower their liability. Any business that is not reviewing its log files is carrying excess liability because the firewall logs (and other security devices) are documenting suspected attacks. PierceMatrix helps companies reduce that liability by automatically reading logs and helping with prioritization and remediation.

Why aren’t current solutions addressing this problem effectively?

Stephan: Most of the products in security are focused on solving niche problems for large businesses. There are very few that recognize the importance of educating and assisting small and medium businesses. Gartner selected us a Cool Vendor because of our unique approach to reducing data and helping small businesses focus their efforts. The industry standard is generating large volumes of new data for the user to sift through internally. This is just not an option for small and medium sized businesses that don’t have skilled resources available.

What makes your approach different and better from existing approaches?

Stephan: Our approach is to bring SMBs a cloud-based security model that bridges several capabilities including SIEM, TIP, Incident response and remediation. In particular, we provide an understanding of threats already present in your log files, as well as incident tracking and remediation through an automatable button.

What about your team’s background puts you in a unique position to succeed?

Stephan: The PierceMatrix team combines Artificial Intelligence and security expertise. These are two separate fields of study, but an essential combination to address today’s information security challenges. The CEO has 20 years of experience in building companies and divisions in the security world, and the CTO has 20 years of experience building artificial intelligence for the US military, FAA, and AT&T.

What are some of the milestones you have passed since graduating from Mach37?

Roy Stephan, PierceMatrix CEO

Roy Stephan, PierceMatrix CEO

Stephan: When we graduated M37 we had an early beta product. Now we have a functioning system with customers in the ISP, MSP, Finance, and Defense Industrial Base markets. We were recently selected as a Gartner Cool Vendor, as well as being selected as one of the top 6 emerging technologies for FinTech by the Partnership for New York City.

What one aspect of the Mach37 programs did you personally find most beneficial?

Stephan: Helping me run a business. I have built products, divisions, even companies as a technologist, but M37 taught me how to build out the non-tech aspects such as finance, HR, sales, legal, etc.

Learn more about PierceMatrix here.

Related Posts

Mach37 Spring Class 2016 Interview: Hilltop Security


2016-06-14 - M37 Demo Day - 08 - HTSI - DSC_3364

Tom Gilmore, Hill Top Security CEO


What opportunity did you recognize that led to the founding of Hill Top Security?

HTSITom Gilmore:
 We saw that most organizations were faced with a shortage of skilled security personnel and that any strategy built around creating more security analysts was not going to be effective. In addition, security personnel are overwhelmed with security alerts and spend too much time processing false-positive alerts. We also believed that the time to detect a breach which is on average 206 days is a direct result of these problems and that time could be dramatically decreased with automation and better tools.

What specific value does addressing that problem provide for your customers?

Gilmore: We provide customers with a security incident response platform that ingests data and performs complex event processing to save analysts time allowing them to move to detection and response activities faster.

Why aren’t current solutions addressing this problem effectively?

Gilmore: Most solutions on the market today are focused on prevention, or detection, or response. Our product is designed to do all three and also provides analysts with the ability to work in a single environment instead of having to login and operate every security tool independently.

What makes your approach different and better from existing approaches?

Gilmore: Solutions on the market now are very narrowly focused and fragmented creating more work and reducing efficiency. Our product is designed to enhance and improve the utility of our customer’s current resources. By interconnecting all the devices and systems that make up the security architecture, we are able to increase the value of the data being generated by enriching the data with such things as business impact analysis, business rules, and risk assessments.

What about your team’s background puts you in a unique position to succeed?

Gilmore: We have a team that has experience in national and military intelligence, cyber security, and industrial engineering. I personally have one start-up under my belt that made the Inc. 500 and exited. Neil Wright spent 7 years designing UPS’s global package handling system and Steve Baker has over 30 years of national security and intelligence experience working in such places as the White House National Security Council.

What one aspect of the Mach37 programs did you personally find most beneficial?

Gilmore: Learning the intricacies of being a successful product company. Having come from a government services background, making that transition can be very difficult and Mach37 helps you define what that will look like and develop a plan to get there.

Learn more about Hill Top Security here.

Mach37 Spring Class 2016 Interview: NormShield


2016-06-14 - M37 Demo Day - 05 - Norm Shield - DSC_3389

Mohamoud Jibrell, NormShield CEO


What opportunity did you recognize that led to the founding of NormShield?

ns-logo-transMohamoud Jibrell: Through our many years of experience in the cyber security industry we recognized that organizations rely on mostly manual methods to validate their security posture and they do not have visibility to existing vulnerabilities that hackers can exploit. We also recognized that most security tools are not designed for the mid-market. They assumed a greater sophistication of user and more manpower than is typically available to mid-market CIOs. So, we founded NormShield to fill those gaps: automate cyber security processes, provide visibility and services that are currently not available and align the solution with the needs of the mid-market.

What specific value does addressing that problem provide for your customers?

Jibrell: Visibility. That, in one word, is the specific value that we provide more of than any our competitors. NormShield provides better visibility to existing vulnerabilities and significantly reduces the risk of hacker exploitation. We do this by continuously gathering cyber threat data from multiple sources and by monitoring our customers’ assets. We then analyze and present the data and actionable information to our customers using our cloud platform. That visibility helps companies take action to reduce risk.

Why aren’t current solutions addressing this problem effectively?

Jibrell: Current products are designed for large enterprises and are narrowly focused. Mid-market businesses don’t have the financial or human resources to run dozens or even a handful of information security products to protect their assets. Current solutions assume large enterprise users with large staffs that can specialize in specific infosec tools. NormShield’s single, integrated solution provides the necessary security coverage while minimizing the human labor and skill requirements. I was a mid-market CIO and I understand the security needs, but also recognize the constraints. We built a tool to fit that user profile.

What makes your approach different and better from existing approaches?

Jibrell: We provide a unified single solution that addresses multiple needs. Competitors offer multiple products to address the same set of problems. But using multiple products is a lot more difficult to administer and it also brings a lot of management overhead. We commonly see security teams, IT teams and risk teams work independently with different agendas and metrics. Acquisition of multiple products is also more expensive and it is not something that most mid-market companies can afford. All of these factors combined lead to inefficient and ineffective processes that slow down the threat response and vulnerability management and expose companies to preventable cyber attacks.

What about your team’s background puts you in a unique position to succeed?

Jibrell: We have a diverse team with deep expertise in ethical hacking, enterprise software development and IT management. I myself have 16 years of CIO experience under my belt. Our combined experience in the industry gives us the network and knowledge we need to succeed.

What one aspect of the Mach37 programs did you personally find most beneficial?

Jibrell: The support we got with sales, marketing and product strategy was extremely beneficial. We were also introduced to many different potential customers through Mach37, which allowed us to expand our network and get a jumpstart on reaching our goals.

Learn more about Normshield here.

Mach37 Spring Class 2016 Interview: Unblinkr



Mancy Sanghavi, Unblinkr Founder




What opportunity did you recognize that led to the founding of Unblinkr?

Mancy Sanghavi: 250 million cars will join the Internet of Things by 2020. Cars are running millions of lines of code and are just as susceptible to hacking as any computer network. Advanced driver assistance and connectivity features increase threat vectors on the connected vehicle. We identified an opportunity to make cars secure.

What specific value does addressing that opportunity/problem provide for your customers?

Sanghavi: Automotive Industry insiders acknowledge connected cars need to be secure from outside hackers. Through the publicity car hacking has received recently, consumers want to know their vehicles are safe. There are plenty of discussions on how to secure the connected car. Our product provides an answer to that question. By using our solution, car manufacturers can stay competitive and offer more advanced connectivity features for consumers.

Why aren’t current solutions addressing this opportunity/problem effectively?

Sanghavi: Cars today are infinitely more complex than the Model T designed by Henry Ford in 1908. Automotive companies have never had to think like technology companies in the past, and they are having to play catch up. Their design times have to be more responsive. We don’t have to play catch up because our team has been dedicated to this problem for over 5 years.

What makes your approach different and better from existing approaches?

Sanghavi: The connected vehicle space is new and there is no clear leader in aftermarket automotive cybersecurity. Cybersecurity is crucial in order for the market to adopt driverless cars. There are a few startups offering point solutions whereas we are taking a holistic approach. We believe in intelligent data by bringing context to increase awareness of the situation, thereby enabling us to make better decisions.

What about your (team’s) background puts you in a unique position to succeed?

Sanghavi: Our team has done research on the security and privacy concerns of these types of advanced technologies. We have bid on and received research grants to examine connectivity and have spent time in labs researching internal car networks. We conduct black box testing and pen testing on cars.

What one aspect of the Mach37 programs did you personally find most beneficial?

Sanghavi: The Mach37 program is incredibly beneficial and I highly recommend it. The 14-week program gives startups a unique chance to interact with experts and learn how to run a business from start to exit. Startups hone their message and learn the building blocks to take a litmus test of whether their idea can succeed in the marketplace. Mach37 helps you build your boat before they launch you into the waters.

Are there any adjacent industries transformed by your solution?

Sanghavi: Imagine summoning a driverless car via smartphone, revolutionizing taxi and parking industries. Targeted in-car advertising creates revenue opportunities for telecom and marketing industries. Insurance is getting ready for the day of driverless cars and when people aren’t paying car insurance anymore. Our solution helps track history and prove whether a car has been hacked. This is valuable information for insurers.  However, these disruptions come with challenges. The FBI is concerned that driverless cars are a terrorist target. Centralization means more vulnerability and creates user privacy concerns.

What are the key market/economic forces in your industry?

Sanghavi: Over 35,000 people in the US die in road crashes each year. Driverless technology is the hope that the number will become zero. But we are replacing human error with a machine. If that machine becomes hacked, that is dangerous for the families riding in the car. One day anti-hacking software installed on a car will be mandatory, the way seatbelts and airbags are mandatory safety elements today.

An industry driver is that revenues from connectivity are expected to increase sixfold from approximately $30 billion in 2014 to approximately $170 billion in 2020. Possible legislative mandates like SPY Car Act may fuel demand for Unblinkr product. An Executive Order mandates all government vehicles to address threat vectors by 2017. The EU eCall law will drive demand for the product overseas.

Learn more about Unblinkr here.