Atomicorp – Mach37 Alumnae Interview with Michael Shinn

atomicorp-michael-shinn-army

Michael Shinn, Atomicorp CEO

What opportunity did you recognize that led to the founding of Atomicorp?

Michael Shinn: The security industry was being challenged by the widespread migration to the cloud and cloud-based technologies. To me, it seemed like a classic second mover opportunity caused by a fairly disruptive change to the market. A lot of the existing cybersecurity solutions either couldn’t be used in these cloud environments — appliances for example — or they didn’t provide the right value to the customer. The products weren’t designed for that world. They were being bolted on and the customers weren’t happy. We saw this as an opportunity to apply some unique technology and solve the cybersecurity problems in a cloud-friendly way.

What specific value does addressing that problem provide for your customers?

securitylarge-282x300Shinn: The value that customers have shared with us is a dramatic reduction in operating cost. We have been told 80% and the number has been shared with us repeatedly. That 80% is based on the fact that there are fewer security incidents they must address after installing Atomicorp. That seems like the obvious place to look for benefits for a security solution. The non-obvious benefit is the reduced dev ops costs because they don’t have to patch their systems so frequently. That has enabled dev ops to do their work without having to go through a lot of security gates.

Why aren’t current solutions addressing this problem effectively?

Shinn: For the traditional players what seems to be happening is this move to the cloud doesn’t work with their current business models. That is a substantial problem. When I talk with my peers at these companies, they are frustrated that their attempts to build cloud-based solutions have not gone well within their organizations in terms of culture, sales model, accounting and product. Cloud platforms are extremely heterogeneous. Solutions are sold by the hour. It’s not a traditional IT environment where you control the network and all of the components. The attack surface is completely different and more dynamic in a cloud environment than an on-prem environment. The problems are different. The solutions need to be different.

atomicorp-logoIt’s a more challenging environment for traditional cybersecurity companies to build products and more challenging to operate their business because they need to reinvent how they operate. Something as simple as how do you account for revenue in this new model when you are accustomed to selling enterprise licenses is an issue.

For the customers, the problem is exasperated by the fact that a lot of the security products are built for security experts which doesn’t help their dev ops teams. That is not what they are looking for. They need products that are easy for non-experts to use.

What makes your approach different and better from existing approaches?

Shinn: Atomicorp products are built for cloud environments from the ground up and they are designed to be easy to use.

What about your team’s background puts you in a unique position to succeed?

Shinn: Scott and I founded Plesk in 1999 which invented a lot of the technologies that cloud providers rely on today. So we have an intimate knowledge of the technologies that make cloud possible. After we sold that company, we put a lot of thought into what we were going to do next. The idea for this company came from what we learned building those products and serving those customers. The Atomicorp product was built from experience and designed specifically for cloud providers.

You just announced a $1 million seed round. What do you plan to do with the proceeds?

Shinn: Customer acquisition and product enhancements. Priority one through five is introducing more customers to Atomicorp. We have a proven product and a lot of customers, but we are looking to introduce Atomicorp to more.

What are some of the milestones you have passed since graduating from Mach37?

Shinn:

  • We have now earned more than we have spent
  • We crossed the 1,000 customer mark.
  • We have made some key executive hires such as VP of Sales.

 

You already had a product and customers when you entered the Mach37 program. What made Mach37 a good choice for you even though you already had some business momentum and customer traction?

michael-shinn-seatedShinn: The robustness of the educational program was tremendous. That education would cost a lot of money. It is unlikely that a startup could afford it. The Mach37 program is like a compressed MBA and it is tailored to you needs. It is not abstract learning. It is deliverable based. You need to develop your messaging. You have to put together a budget, recruit people and build a real business. Doing that while you are in the program is priceless. I’m not sure there is an MBA on earth that does that.

Secondarily, I would point out the relationships. Mach37 has done a wonderful job introducing us to good hires, advisors, investors, and service providers. It’s a very good network. Finally, it’s a very supportive environment. Building a business is hard work. They are good coaches.

Learn more about Atomicorp here.

Related Posts

Cyph: Mach37 Alumnae Interview with Ryan Lester and Josh Boehm

defcon-joshandryan

Ryan Lester and Josh Boehm, Cyph Co-Founders

What opportunity did you recognize that led to the founding of Cyph?

Ryan Lester & Josh Boehm: Back in AIM’s heyday, the two of us would often chat online using Pidgin with the OTR plugin (the end-to-end encryption setup du jour). This wasn’t because we’d had any particular need for that level of privacy, but more because it seemed cool and made us feel like secret agents.

cyph-purple-horizontalHowever, as “cool” as OTR seemed to us, we couldn’t get any of our other friends to start using it with us; it was just too much of a pain to download and set up a new application, install some third-party plugin, generate a key pair, verify friends’ public keys, learn enough crypto 101 to even understand what public key authentication meant/was/did, etc.

Years later, we were working at SpaceX together, where we repeatedly witnessed firsthand the critical need to protect trade secrets from powerful adversaries and to keep strict compliance with export controls such as ITAR. During this time, Edward Snowden’s leaks about the NSA’s extensive digital surveillance programs also came to light.

Instantly, it clicked for us that both business and consumer contexts faced an urgent unmet need for truly private communication. There were some tools and methods that existed, but from experience we’d learned that they would largely remain unadopted without a user experience that equalled or surpassed existing non-secure communication solutions.

What specific value does addressing that problem provide for your customers?

Lester and Boehm: We have no doubt that people want more security and privacy when it comes to their communication and data online — just not if it comes at the cost of their convenience or has a learning curve to it. By addressing this and making user experience second only to application security in our priorities, Cyph is making cutting-edge quantum-resistant cryptography more accessible and easier to use than ever before.

Instead of the traditional painful user experience, you don’t need to force anyone to sign up or install some software to communicate with them. When someone doesn’t already have a Cyph account, you can simply send them a link which will work on any device with a modern web browser.

On that note, the browser turned out to be a very interesting technical challenge for us. Due to the plethora of attack vectors which entirely undermine the security of web applications within the context of our threat model, initially it seemed like we wouldn’t be able to offer our desired UX (in good conscience, anyway) — which brings us to our next answer…

Why aren’t current solutions addressing this problem effectively?

Lester & Boehm: Before our talks at Black Hat 2016 and DEF CON 24 on the research that went into Cyph — more specifically on something we call WebSign — providing code signing (a standard practice in native apps, and an absolute prerequisite to secure communication) within a web application was considered by the security industry at large to be literally impossible. Given that we had to invent the solution to this daunting technical problem, it isn’t surprising that we’re the first to address it effectively.

Going forward, WebSign is an advantage that we’ll most likely retain uniquely to Cyph, as we have a patent pending on the technology.

What makes your approach different and better from existing approaches?

Lester & Boehm: First, as implied in our previous comment, Cyph is the only secure communication tool in the world that can run as a web app. This may sound minor, but it actually makes a huge impact on the user experience. Most people don’t want to have to download and install new software for something as simple as sending a text message or joining a video call — particularly your non-technical friends who may not fully understand your frenzied rants about NSA spying. To get started with Cyph, they can just click a link.

Second, Cyph is one of a tiny handful of solutions that are remotely trustworthy for secure communication — the other major one being Signal by Open Whisper Systems — among which Cyph is the only one to attempt to protect present-day communication from theoretical future quantum computing attacks. This may actually kind of matter, given the NSA’s recent announcement.

What about your team’s background puts you in a unique position to succeed?

Lester & Boehm: The two of us have worked together and known each other for the last 20 years or so. We know our strong suits and shortcomings, and each complement the other’s. We’ve worked on numerous cool projects and jobs together, but what generally defines our ethos to most people is the time we spent leading Software Quality Assurance at Elon Musk’s SpaceX (occasionally working on the same code with Tesla Motors). It was our responsibility to ensure that all of our internal software was free of bugs, defects, and vulnerabilities; downtime could potentially cost the company millions.

While our team was understaffed and we were overworked, our experience with SpaceX and Tesla was invaluable preparation for running a successful software product. We gained experience working directly with their CIOs, and of course with some of the brightest programmers in the world. While SpaceX was a large company, it retained a startup feel with open offices, flat reporting structures, and people “wearing many hats”; the whole environment was like a pressure cooker for entrepreneurship.

Plus, we’ve noticed that saying you’ve worked with Elon tends to open a few doors. :)

What are some of the milestones you have passed since graduating from Mach37’s fall 2014 cohort?

Lester & Boehm:

  • We closed our $500k seed funding round last fall, with the lead investors being Goel Fund and Mach37’s former parent company CIT
  • We’re now working to monetize on the enterprise side, while keeping Cyph completely free for individual end users
  • We had an extremely positive code audit report from the pentesting firm Cure53: “Cyph provides security from a broad range of cryptographic attacks and very strong client-side crypto. The general conclusion of the test is that no major issues in regards to application security or cryptographic implementations could be spotted in spite of a thorough audit.”
  • As mentioned, we recently gave a successful talk at Black Hat and DEF CON (the two largest hacker conferences in the world)

What one aspect of the Mach37 programs did you personally find most beneficial?

Lester & Boehm: Coming from pure software engineering backgrounds, Mach37 helped immensely in spinning us up on how to run a real startup — (“real” in the sense of being a full-time venture with external stakeholders and financial targets, rather than just a side project). A large portion of Mach37’s three-month program focuses on quickly getting founders up to speed on material you would expect to see in an MBA program — particularly as it pertains to startups, fundraising, and the cybersecurity industry.

What question should we have asked but didn’t?

Lester & Boehm:
“How are you going to make money?”

First of all, if you’re an individual (i.e. not using Cyph for business purposes), access to the core product will always be free. People aren’t used to paying to talk to their friends and family, nor do we believe they should have to just to ensure basic privacy. While we may eventually offer a premium tier for users who want to support us, something like that would only grant access to non-essential bonus features. The free tier of Cyph will never be less capable than paid options when it comes to privacy or security.

The money comes in from licensing our software to businesses and government, either to protect their internal communications or to allow for easy secure channels to their customers/clients. One of the first industries that we’ve noticed crying out for an answer is the telehealth space. By law their communication needs to meet HIPAA standards and yet for many older patients the solution for that must be easy to use and absolutely intuitive.

However, the biggest opportunity may very well turn out to not even be Cyph itself, but rather licensing out WebSign for entirely separate use cases. The potential utility of “secure websites” (in-browser code signing) is almost certainly broader than our narrow focus on end-to-end encrypted communication.

Learn more about Cyph here.

Related Posts

Mach37 Alum Hill Top Security Wins Virginia Velocity Tour NoVA Award

hill-top-security-virginia-velocity-tour-winner-full

Hill Top Security CEO and Mach37 Alumnus Tom Gilmore, second from left, accepting the Virginia Velocity Tour Award for Northern Virginia, September 2016

The Mach37 family was busy last Thursday. We announced our Fall 2016 Cohort and a new Mach37 platinum sponsor, SAP National Security Services. On the same day, spring 2016 cohort alumnus Hill Top Security won the Virginia Velocity Tour Northern Virginia Region pitch competition and the $25,000 top prize. Hill Top CEO and Founder Tom Gilmore accepted the award at the Fall Cohort Introduction dinner Thursday evening in front of a crowd of more than 250 Mach37 supporters. We recently interviewed Tom on our Mach37 blog and it is clear that the company is already making an impact.

Mach37 Alumnae Represented Two-thirds of the NoVA Finalists

However, Hill Top wasn’t the only Mach37 standout in the pitch competition. Four of the six finalists in the cybersecurity and government technology category were Mach37 alumnae. Eunomic, SheVirah and Tensor Wrench all pitched alongside Hill Top. Two other companies focused on government technology SpotMyBus and J&F Alliance Group also competed. The competition judges came from the University of Virginia, Revolution Ventures, Amplifier Ventures and TandemNSI. It was great to see so many Mach37 alumnae getting recognition for their technology and business growth.

2016-09-22-va-velocity-tour-24-smaller

Hill Top Security CEO Tom Gilmore Presenting to Virginia Velocity Tour Judges

Virginia Velocity Tour Background

va-velocity-tour-logoThe Virginia Velocity Tour is overseen by the Virginia Secretary of Commerce and Trade and planned in partnership with our friends at Village Capital. We appreciate that Virginia Governor Terry McAuliffe, Secretary of Commerce and Trade Todd Haymore and Village Capital’s Ross Baird are so supportive of the start-up community across the state. Twenty-nine finalists competed for top honors in five regions.

At Mach37, we work with entrepreneurs from all over the world. Two of the five companies in our current cohort are from Europe and we also have entrepreneurs joining us from Nevada and North Carolina. We maintain a global outlook regarding cybersecurity, but we also appreciate introducing these companies to the business-friendly climate in Virginia. The Virginia Velocity Tour is another example of the start-up support that founders receive from the state and can access as part of the Mach37 family. Congratulations again to Tom and the entire Hill Top team.

Mach37 Spring Class 2016 Interview: Unblinkr

 

Demo

Mancy Sanghavi, Unblinkr Founder

 

UnblinkrLogoTransparent

 

What opportunity did you recognize that led to the founding of Unblinkr?

Mancy Sanghavi: 250 million cars will join the Internet of Things by 2020. Cars are running millions of lines of code and are just as susceptible to hacking as any computer network. Advanced driver assistance and connectivity features increase threat vectors on the connected vehicle. We identified an opportunity to make cars secure.

What specific value does addressing that opportunity/problem provide for your customers?

Sanghavi: Automotive Industry insiders acknowledge connected cars need to be secure from outside hackers. Through the publicity car hacking has received recently, consumers want to know their vehicles are safe. There are plenty of discussions on how to secure the connected car. Our product provides an answer to that question. By using our solution, car manufacturers can stay competitive and offer more advanced connectivity features for consumers.

Why aren’t current solutions addressing this opportunity/problem effectively?

Sanghavi: Cars today are infinitely more complex than the Model T designed by Henry Ford in 1908. Automotive companies have never had to think like technology companies in the past, and they are having to play catch up. Their design times have to be more responsive. We don’t have to play catch up because our team has been dedicated to this problem for over 5 years.

What makes your approach different and better from existing approaches?

Sanghavi: The connected vehicle space is new and there is no clear leader in aftermarket automotive cybersecurity. Cybersecurity is crucial in order for the market to adopt driverless cars. There are a few startups offering point solutions whereas we are taking a holistic approach. We believe in intelligent data by bringing context to increase awareness of the situation, thereby enabling us to make better decisions.

What about your (team’s) background puts you in a unique position to succeed?

Sanghavi: Our team has done research on the security and privacy concerns of these types of advanced technologies. We have bid on and received research grants to examine connectivity and have spent time in labs researching internal car networks. We conduct black box testing and pen testing on cars.

What one aspect of the Mach37 programs did you personally find most beneficial?

Sanghavi: The Mach37 program is incredibly beneficial and I highly recommend it. The 14-week program gives startups a unique chance to interact with experts and learn how to run a business from start to exit. Startups hone their message and learn the building blocks to take a litmus test of whether their idea can succeed in the marketplace. Mach37 helps you build your boat before they launch you into the waters.

Are there any adjacent industries transformed by your solution?

Sanghavi: Imagine summoning a driverless car via smartphone, revolutionizing taxi and parking industries. Targeted in-car advertising creates revenue opportunities for telecom and marketing industries. Insurance is getting ready for the day of driverless cars and when people aren’t paying car insurance anymore. Our solution helps track history and prove whether a car has been hacked. This is valuable information for insurers.  However, these disruptions come with challenges. The FBI is concerned that driverless cars are a terrorist target. Centralization means more vulnerability and creates user privacy concerns.

What are the key market/economic forces in your industry?

Sanghavi: Over 35,000 people in the US die in road crashes each year. Driverless technology is the hope that the number will become zero. But we are replacing human error with a machine. If that machine becomes hacked, that is dangerous for the families riding in the car. One day anti-hacking software installed on a car will be mandatory, the way seatbelts and airbags are mandatory safety elements today.

An industry driver is that revenues from connectivity are expected to increase sixfold from approximately $30 billion in 2014 to approximately $170 billion in 2020. Possible legislative mandates like SPY Car Act may fuel demand for Unblinkr product. An Executive Order mandates all government vehicles to address threat vectors by 2017. The EU eCall law will drive demand for the product overseas.

Learn more about Unblinkr here.

Mach37 Spring ’16 Class Interview: PCPursuit

2016-04-20 - DC CSCS Mt Up - 06 - DSC_0282

Robert Walker

CEO and founder

PCPursuit

 

What opportunity did you recognize that led to the founding of PCPursuit?

Robert Walker: There are a couple of things going on in information security that are really important. Too many information security products only tell you there is a problem after your data has already been stolen. I have seen a few things in my career that are technologies that can prevent problems from happening in the first place, but they are not easy to use and are typically expensive. We recognized that we could make physical systems and digital systems more secure if they could just talk to each other. It’s really never been done before and that’s what we are changing by providing a proactive security solution that is inexpensive and easy to deploy.

 

What makes your approach different and better from existing approaches?

Walker: Simplicity. You don’t have to roll this out to every asset in your enterprise. You can deploy one tiny piece of software on your Active Directory domain controller and it can protect your entire enterprise. This uses the exact same framework that Microsoft uses themselves. Most solutions don’t do it this way because it’s extremely hard to do.

One specific thing our technology doesn’t do is require you to deploy agents to each PC in your enterprise. We have a server that sits between your physical control systems and your Windows Active Directory domain controllers. That PCPursuit software asks if a user badges in and if so, when and where. We report that back and based on what the enterprise administrator wants, we can log it, we can send an email to their manager or restrict access.

 

 

What specific value does addressing that opportunity/problem provide for your customers?

Walker: PCPursuit enables enterprises to get considerably better security out of the assets they already own. We make the stuff they have better and we do it very inexpensively. It’s a massive improvement for a very low cost.

 

Why aren’t current solutions addressing this problem effectively?

Walker: Because they are not thinking outside their own boxes. Physical security solutions only think about the physical side. Digital security only considers their own boxes. We took it up a level to look at both pieces.  However, there is another dimension to consider. The technology is really hard to build. The concept is simple, but the execution isn’t easy.

 

What about your (team’s) background puts you in a unique position to succeed?

Walker: Both my co-founder and I worked at Microsoft. I was there as a full-time employee for 13 years. My co-founder has worked at Microsoft for many years as a consultant. So we both have very deep exposure to Microsoft technology and we know how to implement it in a way that very few people understand. It’s not that no one else can do this. It’s that few people understand as well as we do how Windows was designed.

 

What makes this an exciting opportunity for you?

Walker: The thing that I think is most exciting about what we are doing is that we are one of those really rare solutions that can help make your enterprise tremendously more secure than it presently is and at a very low cost. By putting these two pieces of technology together, PCPursuit delivers two key benefits that address two intractable problems:

  • It discourages employees from tailgating into buildings. If you can’t get any work done because your login won’t authenticate, you won’t tailgate to get in. If we change the psychology in an office to “always badge in” instead of “avoid it,” it changes behavior. Then not badging in becomes the anomaly.
  • We also make physical presence another factor for authentication. Passwords aren’t secure. Even if you have to change them every several weeks. People forget them. They write them down so they don’t forget them making them easier to steal. With PCPursuit, if you didn’t badge in, you can’t get access. If your password got phished, that hacker in Russia won’t be physically in your building and can’t get access from inside your enterprise network. If someone found your password, they can’t use it. And we can do it for one-tenth of the cost of other tools in the market. You don’t have to buy tokens or other tools, just install our software on a single server and connect it to Active Directory and your enterprise is immediately more secure.

PCPursuit represents the first example of a simple approach to pairing physical security with digital security. It will have the biggest impact on securing the enterprise since automatic Windows updates. This is the kind of stuff that actually works. Stuff that’s really simple. You just make a little tweak and people don’t have to change the way they work, but it still makes a big difference. It turns out that the technology is hard, but the implementation is simple and effective.

 

What one aspect of the Mach37 programs did you personally find most beneficial?

Mach37 is really well-connected and is the only accelerator focused solely on information security. Their specialization in information security means everything they do is geared to this field and that is very valuable. In addition, they understand selling to the enterprise. There is a big emphasis in the program on selling and that is not a natural skill for engineers which is the background of most of the founders.