Atomicorp – Mach37 Alumnae Interview with Michael Shinn

atomicorp-michael-shinn-army

Michael Shinn, Atomicorp CEO

What opportunity did you recognize that led to the founding of Atomicorp?

Michael Shinn: The security industry was being challenged by the widespread migration to the cloud and cloud-based technologies. To me, it seemed like a classic second mover opportunity caused by a fairly disruptive change to the market. A lot of the existing cybersecurity solutions either couldn’t be used in these cloud environments — appliances for example — or they didn’t provide the right value to the customer. The products weren’t designed for that world. They were being bolted on and the customers weren’t happy. We saw this as an opportunity to apply some unique technology and solve the cybersecurity problems in a cloud-friendly way.

What specific value does addressing that problem provide for your customers?

securitylarge-282x300Shinn: The value that customers have shared with us is a dramatic reduction in operating cost. We have been told 80% and the number has been shared with us repeatedly. That 80% is based on the fact that there are fewer security incidents they must address after installing Atomicorp. That seems like the obvious place to look for benefits for a security solution. The non-obvious benefit is the reduced dev ops costs because they don’t have to patch their systems so frequently. That has enabled dev ops to do their work without having to go through a lot of security gates.

Why aren’t current solutions addressing this problem effectively?

Shinn: For the traditional players what seems to be happening is this move to the cloud doesn’t work with their current business models. That is a substantial problem. When I talk with my peers at these companies, they are frustrated that their attempts to build cloud-based solutions have not gone well within their organizations in terms of culture, sales model, accounting and product. Cloud platforms are extremely heterogeneous. Solutions are sold by the hour. It’s not a traditional IT environment where you control the network and all of the components. The attack surface is completely different and more dynamic in a cloud environment than an on-prem environment. The problems are different. The solutions need to be different.

atomicorp-logoIt’s a more challenging environment for traditional cybersecurity companies to build products and more challenging to operate their business because they need to reinvent how they operate. Something as simple as how do you account for revenue in this new model when you are accustomed to selling enterprise licenses is an issue.

For the customers, the problem is exasperated by the fact that a lot of the security products are built for security experts which doesn’t help their dev ops teams. That is not what they are looking for. They need products that are easy for non-experts to use.

What makes your approach different and better from existing approaches?

Shinn: Atomicorp products are built for cloud environments from the ground up and they are designed to be easy to use.

What about your team’s background puts you in a unique position to succeed?

Shinn: Scott and I founded Plesk in 1999 which invented a lot of the technologies that cloud providers rely on today. So we have an intimate knowledge of the technologies that make cloud possible. After we sold that company, we put a lot of thought into what we were going to do next. The idea for this company came from what we learned building those products and serving those customers. The Atomicorp product was built from experience and designed specifically for cloud providers.

You just announced a $1 million seed round. What do you plan to do with the proceeds?

Shinn: Customer acquisition and product enhancements. Priority one through five is introducing more customers to Atomicorp. We have a proven product and a lot of customers, but we are looking to introduce Atomicorp to more.

What are some of the milestones you have passed since graduating from Mach37?

Shinn:

  • We have now earned more than we have spent
  • We crossed the 1,000 customer mark.
  • We have made some key executive hires such as VP of Sales.

 

You already had a product and customers when you entered the Mach37 program. What made Mach37 a good choice for you even though you already had some business momentum and customer traction?

michael-shinn-seatedShinn: The robustness of the educational program was tremendous. That education would cost a lot of money. It is unlikely that a startup could afford it. The Mach37 program is like a compressed MBA and it is tailored to you needs. It is not abstract learning. It is deliverable based. You need to develop your messaging. You have to put together a budget, recruit people and build a real business. Doing that while you are in the program is priceless. I’m not sure there is an MBA on earth that does that.

Secondarily, I would point out the relationships. Mach37 has done a wonderful job introducing us to good hires, advisors, investors, and service providers. It’s a very good network. Finally, it’s a very supportive environment. Building a business is hard work. They are good coaches.

Learn more about Atomicorp here.

Related Posts

Cyph: Mach37 Alumnae Interview with Ryan Lester and Josh Boehm

defcon-joshandryan

Ryan Lester and Josh Boehm, Cyph Co-Founders

What opportunity did you recognize that led to the founding of Cyph?

Ryan Lester & Josh Boehm: Back in AIM’s heyday, the two of us would often chat online using Pidgin with the OTR plugin (the end-to-end encryption setup du jour). This wasn’t because we’d had any particular need for that level of privacy, but more because it seemed cool and made us feel like secret agents.

cyph-purple-horizontalHowever, as “cool” as OTR seemed to us, we couldn’t get any of our other friends to start using it with us; it was just too much of a pain to download and set up a new application, install some third-party plugin, generate a key pair, verify friends’ public keys, learn enough crypto 101 to even understand what public key authentication meant/was/did, etc.

Years later, we were working at SpaceX together, where we repeatedly witnessed firsthand the critical need to protect trade secrets from powerful adversaries and to keep strict compliance with export controls such as ITAR. During this time, Edward Snowden’s leaks about the NSA’s extensive digital surveillance programs also came to light.

Instantly, it clicked for us that both business and consumer contexts faced an urgent unmet need for truly private communication. There were some tools and methods that existed, but from experience we’d learned that they would largely remain unadopted without a user experience that equalled or surpassed existing non-secure communication solutions.

What specific value does addressing that problem provide for your customers?

Lester and Boehm: We have no doubt that people want more security and privacy when it comes to their communication and data online — just not if it comes at the cost of their convenience or has a learning curve to it. By addressing this and making user experience second only to application security in our priorities, Cyph is making cutting-edge quantum-resistant cryptography more accessible and easier to use than ever before.

Instead of the traditional painful user experience, you don’t need to force anyone to sign up or install some software to communicate with them. When someone doesn’t already have a Cyph account, you can simply send them a link which will work on any device with a modern web browser.

On that note, the browser turned out to be a very interesting technical challenge for us. Due to the plethora of attack vectors which entirely undermine the security of web applications within the context of our threat model, initially it seemed like we wouldn’t be able to offer our desired UX (in good conscience, anyway) — which brings us to our next answer…

Why aren’t current solutions addressing this problem effectively?

Lester & Boehm: Before our talks at Black Hat 2016 and DEF CON 24 on the research that went into Cyph — more specifically on something we call WebSign — providing code signing (a standard practice in native apps, and an absolute prerequisite to secure communication) within a web application was considered by the security industry at large to be literally impossible. Given that we had to invent the solution to this daunting technical problem, it isn’t surprising that we’re the first to address it effectively.

Going forward, WebSign is an advantage that we’ll most likely retain uniquely to Cyph, as we have a patent pending on the technology.

What makes your approach different and better from existing approaches?

Lester & Boehm: First, as implied in our previous comment, Cyph is the only secure communication tool in the world that can run as a web app. This may sound minor, but it actually makes a huge impact on the user experience. Most people don’t want to have to download and install new software for something as simple as sending a text message or joining a video call — particularly your non-technical friends who may not fully understand your frenzied rants about NSA spying. To get started with Cyph, they can just click a link.

Second, Cyph is one of a tiny handful of solutions that are remotely trustworthy for secure communication — the other major one being Signal by Open Whisper Systems — among which Cyph is the only one to attempt to protect present-day communication from theoretical future quantum computing attacks. This may actually kind of matter, given the NSA’s recent announcement.

What about your team’s background puts you in a unique position to succeed?

Lester & Boehm: The two of us have worked together and known each other for the last 20 years or so. We know our strong suits and shortcomings, and each complement the other’s. We’ve worked on numerous cool projects and jobs together, but what generally defines our ethos to most people is the time we spent leading Software Quality Assurance at Elon Musk’s SpaceX (occasionally working on the same code with Tesla Motors). It was our responsibility to ensure that all of our internal software was free of bugs, defects, and vulnerabilities; downtime could potentially cost the company millions.

While our team was understaffed and we were overworked, our experience with SpaceX and Tesla was invaluable preparation for running a successful software product. We gained experience working directly with their CIOs, and of course with some of the brightest programmers in the world. While SpaceX was a large company, it retained a startup feel with open offices, flat reporting structures, and people “wearing many hats”; the whole environment was like a pressure cooker for entrepreneurship.

Plus, we’ve noticed that saying you’ve worked with Elon tends to open a few doors. :)

What are some of the milestones you have passed since graduating from Mach37’s fall 2014 cohort?

Lester & Boehm:

  • We closed our $500k seed funding round last fall, with the lead investors being Goel Fund and Mach37’s former parent company CIT
  • We’re now working to monetize on the enterprise side, while keeping Cyph completely free for individual end users
  • We had an extremely positive code audit report from the pentesting firm Cure53: “Cyph provides security from a broad range of cryptographic attacks and very strong client-side crypto. The general conclusion of the test is that no major issues in regards to application security or cryptographic implementations could be spotted in spite of a thorough audit.”
  • As mentioned, we recently gave a successful talk at Black Hat and DEF CON (the two largest hacker conferences in the world)

What one aspect of the Mach37 programs did you personally find most beneficial?

Lester & Boehm: Coming from pure software engineering backgrounds, Mach37 helped immensely in spinning us up on how to run a real startup — (“real” in the sense of being a full-time venture with external stakeholders and financial targets, rather than just a side project). A large portion of Mach37’s three-month program focuses on quickly getting founders up to speed on material you would expect to see in an MBA program — particularly as it pertains to startups, fundraising, and the cybersecurity industry.

What question should we have asked but didn’t?

Lester & Boehm:
“How are you going to make money?”

First of all, if you’re an individual (i.e. not using Cyph for business purposes), access to the core product will always be free. People aren’t used to paying to talk to their friends and family, nor do we believe they should have to just to ensure basic privacy. While we may eventually offer a premium tier for users who want to support us, something like that would only grant access to non-essential bonus features. The free tier of Cyph will never be less capable than paid options when it comes to privacy or security.

The money comes in from licensing our software to businesses and government, either to protect their internal communications or to allow for easy secure channels to their customers/clients. One of the first industries that we’ve noticed crying out for an answer is the telehealth space. By law their communication needs to meet HIPAA standards and yet for many older patients the solution for that must be easy to use and absolutely intuitive.

However, the biggest opportunity may very well turn out to not even be Cyph itself, but rather licensing out WebSign for entirely separate use cases. The potential utility of “secure websites” (in-browser code signing) is almost certainly broader than our narrow focus on end-to-end encrypted communication.

Learn more about Cyph here.

Related Posts

Virgil Security Raises a $4 Million Series A

virgil-co-founders-with-rick-gordon

Virgil Security Co-founders Michael Wellman (left) and Dmitri Dain (right) Ring the Mach37 Bell to Celebrate Reaching Escape Velocity; Rick Gordon Joins In the Celebration

 

On October 7th, Virgil Security closed a $4 million Series A investment, led by KEC Ventures. KEC is a venture firm founded by Jeff Citron, who also founded Island ECN, Datek Online and Vonage.  For those of you who are close to Mach37, you know I have been promising for many months that we have several companies ready for Series A investment. Virgil was one of them.

As I thought about using this blog to crow about our investment strategy (we actually hunted for a company that offers easy-to-implement encryption infrastructure) or in some way hype-up just how smart we are at Mach37, a conversation I had last week caused me to think better of it. Virgil’s CEO Michael Wellman offered the key insight. As I was verbally high-fiving Michael, he took a characteristically humble look at the company’s journey so far and remarked:

“You know Rick, it used to be that if you worked hard, had talent, OR got lucky, you could make it to the NFL (National Football League).  These days, to make it you need to work hard, have talent AND get lucky to even have a chance.”

And, so it is with technology start-ups.  The hidden truth is that entrepreneurs can have talent, make every right decision, and work their butts off, but if serendipity does not smile the company will fail.

In the case of Virgil, I can point to a handful of inflection points that relied heavily on just being in the right place at the right time.  I can say the same for Invincea and Lookingglass, two companies I was intimately involved with during their early struggles that have since achieved similar inflection points.  However, the truth is that all of these companies still have additional milestones to achieve before any of us can declare victory.

So, instead of trying to convince you that the Mach37 team is smarter than we really are, I’ll just say that we feel really fortunate to have had the opportunity to invest early in Virgil. It is a company that has the world class talent and drive required to be successful AND was able to create the necessary luck along the way to close its Series A.

Related Posts

 

Mach37 Alum Hill Top Security Wins Virginia Velocity Tour NoVA Award

hill-top-security-virginia-velocity-tour-winner-full

Hill Top Security CEO and Mach37 Alumnus Tom Gilmore, second from left, accepting the Virginia Velocity Tour Award for Northern Virginia, September 2016

The Mach37 family was busy last Thursday. We announced our Fall 2016 Cohort and a new Mach37 platinum sponsor, SAP National Security Services. On the same day, spring 2016 cohort alumnus Hill Top Security won the Virginia Velocity Tour Northern Virginia Region pitch competition and the $25,000 top prize. Hill Top CEO and Founder Tom Gilmore accepted the award at the Fall Cohort Introduction dinner Thursday evening in front of a crowd of more than 250 Mach37 supporters. We recently interviewed Tom on our Mach37 blog and it is clear that the company is already making an impact.

Mach37 Alumnae Represented Two-thirds of the NoVA Finalists

However, Hill Top wasn’t the only Mach37 standout in the pitch competition. Four of the six finalists in the cybersecurity and government technology category were Mach37 alumnae. Eunomic, SheVirah and Tensor Wrench all pitched alongside Hill Top. Two other companies focused on government technology SpotMyBus and J&F Alliance Group also competed. The competition judges came from the University of Virginia, Revolution Ventures, Amplifier Ventures and TandemNSI. It was great to see so many Mach37 alumnae getting recognition for their technology and business growth.

2016-09-22-va-velocity-tour-24-smaller

Hill Top Security CEO Tom Gilmore Presenting to Virginia Velocity Tour Judges

Virginia Velocity Tour Background

va-velocity-tour-logoThe Virginia Velocity Tour is overseen by the Virginia Secretary of Commerce and Trade and planned in partnership with our friends at Village Capital. We appreciate that Virginia Governor Terry McAuliffe, Secretary of Commerce and Trade Todd Haymore and Village Capital’s Ross Baird are so supportive of the start-up community across the state. Twenty-nine finalists competed for top honors in five regions.

At Mach37, we work with entrepreneurs from all over the world. Two of the five companies in our current cohort are from Europe and we also have entrepreneurs joining us from Nevada and North Carolina. We maintain a global outlook regarding cybersecurity, but we also appreciate introducing these companies to the business-friendly climate in Virginia. The Virginia Velocity Tour is another example of the start-up support that founders receive from the state and can access as part of the Mach37 family. Congratulations again to Tom and the entire Hill Top team.

Mach37 Spring Class 2016 Interview: Hilltop Security

 

2016-06-14 - M37 Demo Day - 08 - HTSI - DSC_3364

Tom Gilmore, Hill Top Security CEO

 

What opportunity did you recognize that led to the founding of Hill Top Security?


HTSITom Gilmore:
 We saw that most organizations were faced with a shortage of skilled security personnel and that any strategy built around creating more security analysts was not going to be effective. In addition, security personnel are overwhelmed with security alerts and spend too much time processing false-positive alerts. We also believed that the time to detect a breach which is on average 206 days is a direct result of these problems and that time could be dramatically decreased with automation and better tools.

What specific value does addressing that problem provide for your customers?

Gilmore: We provide customers with a security incident response platform that ingests data and performs complex event processing to save analysts time allowing them to move to detection and response activities faster.

Why aren’t current solutions addressing this problem effectively?

Gilmore: Most solutions on the market today are focused on prevention, or detection, or response. Our product is designed to do all three and also provides analysts with the ability to work in a single environment instead of having to login and operate every security tool independently.

What makes your approach different and better from existing approaches?

Gilmore: Solutions on the market now are very narrowly focused and fragmented creating more work and reducing efficiency. Our product is designed to enhance and improve the utility of our customer’s current resources. By interconnecting all the devices and systems that make up the security architecture, we are able to increase the value of the data being generated by enriching the data with such things as business impact analysis, business rules, and risk assessments.

What about your team’s background puts you in a unique position to succeed?

Gilmore: We have a team that has experience in national and military intelligence, cyber security, and industrial engineering. I personally have one start-up under my belt that made the Inc. 500 and exited. Neil Wright spent 7 years designing UPS’s global package handling system and Steve Baker has over 30 years of national security and intelligence experience working in such places as the White House National Security Council.

What one aspect of the Mach37 programs did you personally find most beneficial?

Gilmore: Learning the intricacies of being a successful product company. Having come from a government services background, making that transition can be very difficult and Mach37 helps you define what that will look like and develop a plan to get there.

Learn more about Hill Top Security here.

Mach37 Spring Class 2016 Interview: NormShield

 

2016-06-14 - M37 Demo Day - 05 - Norm Shield - DSC_3389

Mohamoud Jibrell, NormShield CEO

 

What opportunity did you recognize that led to the founding of NormShield?

ns-logo-transMohamoud Jibrell: Through our many years of experience in the cyber security industry we recognized that organizations rely on mostly manual methods to validate their security posture and they do not have visibility to existing vulnerabilities that hackers can exploit. We also recognized that most security tools are not designed for the mid-market. They assumed a greater sophistication of user and more manpower than is typically available to mid-market CIOs. So, we founded NormShield to fill those gaps: automate cyber security processes, provide visibility and services that are currently not available and align the solution with the needs of the mid-market.

What specific value does addressing that problem provide for your customers?

Jibrell: Visibility. That, in one word, is the specific value that we provide more of than any our competitors. NormShield provides better visibility to existing vulnerabilities and significantly reduces the risk of hacker exploitation. We do this by continuously gathering cyber threat data from multiple sources and by monitoring our customers’ assets. We then analyze and present the data and actionable information to our customers using our cloud platform. That visibility helps companies take action to reduce risk.

Why aren’t current solutions addressing this problem effectively?

Jibrell: Current products are designed for large enterprises and are narrowly focused. Mid-market businesses don’t have the financial or human resources to run dozens or even a handful of information security products to protect their assets. Current solutions assume large enterprise users with large staffs that can specialize in specific infosec tools. NormShield’s single, integrated solution provides the necessary security coverage while minimizing the human labor and skill requirements. I was a mid-market CIO and I understand the security needs, but also recognize the constraints. We built a tool to fit that user profile.

What makes your approach different and better from existing approaches?

Jibrell: We provide a unified single solution that addresses multiple needs. Competitors offer multiple products to address the same set of problems. But using multiple products is a lot more difficult to administer and it also brings a lot of management overhead. We commonly see security teams, IT teams and risk teams work independently with different agendas and metrics. Acquisition of multiple products is also more expensive and it is not something that most mid-market companies can afford. All of these factors combined lead to inefficient and ineffective processes that slow down the threat response and vulnerability management and expose companies to preventable cyber attacks.

What about your team’s background puts you in a unique position to succeed?

Jibrell: We have a diverse team with deep expertise in ethical hacking, enterprise software development and IT management. I myself have 16 years of CIO experience under my belt. Our combined experience in the industry gives us the network and knowledge we need to succeed.

What one aspect of the Mach37 programs did you personally find most beneficial?

Jibrell: The support we got with sales, marketing and product strategy was extremely beneficial. We were also introduced to many different potential customers through Mach37, which allowed us to expand our network and get a jumpstart on reaching our goals.

Learn more about Normshield here.

Mach37 Spring Class 2016 Interview: Unblinkr

 

Demo

Mancy Sanghavi, Unblinkr Founder

 

UnblinkrLogoTransparent

 

What opportunity did you recognize that led to the founding of Unblinkr?

Mancy Sanghavi: 250 million cars will join the Internet of Things by 2020. Cars are running millions of lines of code and are just as susceptible to hacking as any computer network. Advanced driver assistance and connectivity features increase threat vectors on the connected vehicle. We identified an opportunity to make cars secure.

What specific value does addressing that opportunity/problem provide for your customers?

Sanghavi: Automotive Industry insiders acknowledge connected cars need to be secure from outside hackers. Through the publicity car hacking has received recently, consumers want to know their vehicles are safe. There are plenty of discussions on how to secure the connected car. Our product provides an answer to that question. By using our solution, car manufacturers can stay competitive and offer more advanced connectivity features for consumers.

Why aren’t current solutions addressing this opportunity/problem effectively?

Sanghavi: Cars today are infinitely more complex than the Model T designed by Henry Ford in 1908. Automotive companies have never had to think like technology companies in the past, and they are having to play catch up. Their design times have to be more responsive. We don’t have to play catch up because our team has been dedicated to this problem for over 5 years.

What makes your approach different and better from existing approaches?

Sanghavi: The connected vehicle space is new and there is no clear leader in aftermarket automotive cybersecurity. Cybersecurity is crucial in order for the market to adopt driverless cars. There are a few startups offering point solutions whereas we are taking a holistic approach. We believe in intelligent data by bringing context to increase awareness of the situation, thereby enabling us to make better decisions.

What about your (team’s) background puts you in a unique position to succeed?

Sanghavi: Our team has done research on the security and privacy concerns of these types of advanced technologies. We have bid on and received research grants to examine connectivity and have spent time in labs researching internal car networks. We conduct black box testing and pen testing on cars.

What one aspect of the Mach37 programs did you personally find most beneficial?

Sanghavi: The Mach37 program is incredibly beneficial and I highly recommend it. The 14-week program gives startups a unique chance to interact with experts and learn how to run a business from start to exit. Startups hone their message and learn the building blocks to take a litmus test of whether their idea can succeed in the marketplace. Mach37 helps you build your boat before they launch you into the waters.

Are there any adjacent industries transformed by your solution?

Sanghavi: Imagine summoning a driverless car via smartphone, revolutionizing taxi and parking industries. Targeted in-car advertising creates revenue opportunities for telecom and marketing industries. Insurance is getting ready for the day of driverless cars and when people aren’t paying car insurance anymore. Our solution helps track history and prove whether a car has been hacked. This is valuable information for insurers.  However, these disruptions come with challenges. The FBI is concerned that driverless cars are a terrorist target. Centralization means more vulnerability and creates user privacy concerns.

What are the key market/economic forces in your industry?

Sanghavi: Over 35,000 people in the US die in road crashes each year. Driverless technology is the hope that the number will become zero. But we are replacing human error with a machine. If that machine becomes hacked, that is dangerous for the families riding in the car. One day anti-hacking software installed on a car will be mandatory, the way seatbelts and airbags are mandatory safety elements today.

An industry driver is that revenues from connectivity are expected to increase sixfold from approximately $30 billion in 2014 to approximately $170 billion in 2020. Possible legislative mandates like SPY Car Act may fuel demand for Unblinkr product. An Executive Order mandates all government vehicles to address threat vectors by 2017. The EU eCall law will drive demand for the product overseas.

Learn more about Unblinkr here.