During the years Joe Donahue spent running Microsoft’s cybersecurity threat detection team, he observed a recurring problem.
The team helped Microsoft customers respond to cyber attacks, which often involved guesswork to try to determine where the breach occurred. Frequently, the victims of hacking had to completely rebuild their systems. Hackers could see a company’s vulnerabilities and exploit them, but the companies themselves had no way to foresee where they might be hit.
“We asked ourselves, if attackers know this information, then the defenders should have it as well,” Donahue said. “There has to be a way to provide defenders with the same information as attackers.”
He set out to build that solution with fellow Microsoft vet Adam Larson. Together they launched Seklarity, a startup that helps companies understand how and where they are vulnerable to attacks from hackers.
“We built a prototype, deployed it with a few local customers, and the feedback was very positive,” said Larson. “We weren’t sure that the smaller organizations we worked with initially would get the benefit of the large orgs we were targeting, but once they had the information they couldn’t sleep at night without it.”
Seklarity’s tools include a “Credential Score,” “Attack Maps,” and other capabilities that let companies search and visualize the credentials of users in their networks.
“Most cyber attacks are about credentials, but organizations have no way of knowing their risk,” Donahue said. “They don’t know where their credentials are in the network, who has access to them, or what how attackers can use them to move around their network.”
Donahue shared more about Seklarity for this Startup Spotlight, a regular GeekWire feature. Continue reading for his answers to our questionnaire.
Explain what you do so our parents can understand it: “We enable companies to understand exactly what their risk is to the most common hacker attacks.”
Inspiration hit us when: “The idea for Seklarity came from my experience with organizations struggling to respond to cybersecurity attacks. I was running the Microsoft Threat Detection team and then in the engineering team for Microsoft Advanced Threat Analytics and repeatedly saw that organizations didn’t know as much about their network as the attackers did. I had known Adam Larson while we worked together in Microsoft in what is now the Operating System’s Group. Last summer, while chatting in the bars and coffee shops of Capitol Hill, we came up with the core idea for Seklarity.”
VC, Angel or Bootstrap: “Angel. We decided to go through the fundraising process early and raise a relatively small amount with local investors. We are looking to add Angels and VCs in the next round and have fantastic interactions with the Seattle investor community, and even Sand Hill Road in the valley.
In the security space, there is a lot of start-up competition. Not necessarily delivering the same value we are, but definitely competing for meeting time and mind-share. We think working with VCs will give us the resources we need to scale up to the organizations on the cutting edge of cybersecurity.”
Our ‘secret sauce’ is: “Secret.”
The smartest move we’ve made so far: “Deciding to go for it!”
The biggest mistake we’ve made so far: “I would say we have made lots of little mistakes more than any single big ones. We made a few classic first-time founder mistakes like waffling on convertible debt or equity financing, or over analyzing the ideal future office location.”
Would you rather have Gates, Zuckerberg or Bezos in your corner: “Maybe this dates me, but I have to say Gates for his success as a technical and product leader from programming languages, operating systems, enterprise, and bringing in Ray Ozzie to incubate Azure. Bezos has done some really neat things, but not sure about the culture he projects at the workplace. I don’t have enough info on Zuckerberg, but don’t think he would move to Seattle.”
Our favorite team-building activity is: “We crossed Saratoga Passage from Whidbey to Camano with three-to-four-foot seas in a 20-foot open wood boat. We learned quickly about working together, trusting each other, and offering each other stability.
We also try to include team building in our everyday activities. We love to walk-and-talk for meetings and have found ourselves making important decisions on a bench on Capitol Hill or a trail in Woodinville.”
The biggest thing we look for when hiring is: “Last year I saw a Warren Buffett speech on YouTube where he talked about the things he looks for when evaluating people: are they smart, do they work hard, and are they trustworthy? Two out of three doesn’t cut it. Smart and lazy, and they will take shortcuts and under-perform; trustworthy and working hard, but not smart, produces the wrong outcomes; and the worst is someone smart and hardworking who you can’t trust! We recently hired our CTO, Devdatta Waghdhare where we certainly got someone who has all three attributes.”
What’s the one piece of advice you’d give to other entrepreneurs just starting out: “First-time founders need a working version of the product or core experience. Not so much that you need to prove that you can build software or technology, but that you can prove that people will use it. Whether you are targeting consumer or enterprise, in most cases early stage investors will want to see proof that what you have is valuable.”
