RSA Innovation Sandbox Finalist: Rad Security with CEO, Brooke Motta

[00:00:00] Hey, it's Andrew. Just quickly before we start this episode, I want to tell you about one of my

[00:00:03] favorite podcasts, the Secure Ventures podcast. The host Kyle McNulty interviews cybersecurity

[00:00:09] founders about what they are building. I enjoy it because Kyle focuses on their technology,

[00:00:14] what it solves, why they build it, where it fits in the market. Also listeners can understand

[00:00:19] the why of these startups. In some ways is a great compliment to my own podcast where I

[00:00:23] focus on the go-to-market side, not the technology side. He set some great guests on

[00:00:27] recently. For example, the CEO of Reality Defender when they talked about the ins and

[00:00:32] outs of deep fate detection. He's had the co-founder and CEO of Go Security and also

[00:00:37] the co-founder radical Chris Peterson who was incidentally a founder of LogRhythm.

[00:00:42] They talk about the role of AI in the sock. This is not a paid promotion. I just simply

[00:00:46] enjoy what Kyle is doing with his interviews and get a lot out of them. Check it out. It's

[00:00:51] Secure Ventures podcast. Now on with this episode.

[00:01:04] Welcome to the Cybersecurity Go-To-Market podcast for a special showcase episode where

[00:01:10] we are talking to leaders of the companies selected for the 2024 RSA Conference Innovation

[00:01:16] Sandbox. These are the very, very few, in fact only 10 companies out of the hundreds,

[00:01:22] not over a thousand that applied that the judges have selected as the most innovative

[00:01:27] startups in cybersecurity today. I am your host, Andrew Monahan and today we're talking with

[00:01:32] Brooke Motta, the co-founder and CEO at RadSecurity. Brooke, welcome to the podcast.

[00:01:38] Thank you so much. Thanks for having me, Andrew.

[00:01:40] I'm looking forward to our discussion here, Brooke. It's the second time for you and the

[00:01:44] company, you and your co-founders, which are actually recording this two weeks before RSA.

[00:01:49] We're getting done to the last few days before we're all going to be there in San Francisco

[00:01:53] and we want to learn more about what Rad is up to. Let's learn a little bit more about you

[00:01:58] first. How did you first make money as a kid, Brooke?

[00:02:04] You threw allowance but also I lived directly across the street from a swimming pond where

[00:02:10] people would come every day in the summer in Massachusetts. I had the traditional lemonade

[00:02:17] stand, so nothing too wild and too crazy. But at the time I thought it was the craziest thing

[00:02:23] because no one else did it and it was a great spot to do it.

[00:02:27] Well, you must be one of the few people that actually made money with a lemonade stand.

[00:02:31] I did just have people coming and going from the swimming pond.

[00:02:36] Location, location, location when it comes to retail, right?

[00:02:39] All right, next question is what's an embarrassing or funny moment in your

[00:02:43] sales or startup career? I just feel like I'm always

[00:02:47] embarrassing, at least to my 13-year-old daughter. I'm the most embarrassing person

[00:02:51] alive. But one time when I worked at Bug Crowd, I was about to go on stage for a presentation

[00:02:58] and two minutes before going on stage, I changed an image in my deck and it was

[00:03:06] picture of King Kong but he was holding paraphernalia and they shouldn't have put

[00:03:12] that picture in a presentation and I didn't even know it until I was on stage presenting it.

[00:03:17] And so that's why embarrassing is so funny. Did you just look at the image and take a double

[00:03:21] take and go, what the heck is that? Oh yeah, a woman named Peyton who I

[00:03:25] worked with was sitting in the front row and she's mortified. So yeah,

[00:03:29] don't change your images two seconds before walking on stage.

[00:03:32] Oh, love it. All right, final question. What is the story behind you getting your first

[00:03:37] job in cybersecurity? So my first job in cybersecurity was at a company called Rapid

[00:03:42] Seven, which is based in Boston where I'm from. I actually applied off of Craigslist

[00:03:50] ad because that was a legitimate way to get a job back in those days.

[00:03:55] So I was one of the first employees at Rapid Seven where I worked for 10 years. But yeah,

[00:04:02] I applied off of Craigslist. So it was a really interesting opportunity and really exciting place

[00:04:10] to be. I was on Newbury Street in Boston so if anybody's ever been there, it's the best

[00:04:15] shopping area in downtown Boston. So every 20 something year old girl dreamed of working

[00:04:22] around there. So it was great. Yeah. Where in the world did you have your

[00:04:26] first sandbox, Brooke? So I'm from Massachusetts originally. And if you mean where did I grow up,

[00:04:35] I can explain that. So I grew up in a really small town called Lakeville, Massachusetts.

[00:04:40] We didn't even have stoplights, I don't think when I grew up. There was a local barber named

[00:04:45] Fred who cut everyone's hair. Same guy. We didn't have a grocery store. The only place

[00:04:50] to buy food was at Savas Plaza, which my friend Katie Savas, her family owned. And that's where

[00:04:56] you'd buy milk or eggs or something you needed urgently. But it was a really lovely way to

[00:05:01] grow up in the woods where we could have adventures without cell phones. We'd ride

[00:05:08] bikes for hours until all hours when we had to come home. But yeah, that's sort of where I

[00:05:14] grew up. And then I moved to Boston as I got older since I really wanted that city life

[00:05:19] experience with accessibility. And I haven't left city life since then. What happened to your accent

[00:05:25] though? The Massachusetts accent. Oh, my accent. Oh, oh, I mean, I can go into it if you want me

[00:05:32] to and talk about getting wicked hammered and going to the packy. But I feel like that's not

[00:05:37] for the her viewers. Maybe we should edit that out. All right. What's the story, the fun story

[00:05:44] about the founding of Rad Security? Take us back to that moment in time when you and your

[00:05:48] co-founder said, you know, I think we might just start a company. So there are two sort of

[00:05:54] moments in time that serve as like the foundational moments of our of us starting

[00:06:00] this company. So the first is was actually created before my time. So Jimmy Mesta,

[00:06:05] my co-founder was working at a telecom in Denmark. And while there, he discovered an

[00:06:14] attack path through Kubernetes that had it been properly exploited would have shut down

[00:06:20] the entire country's 911 operations. So no one in the country would have been able to use

[00:06:26] their equivalent of 911. And so he said, gosh, there's probably a better way to

[00:06:32] solve for this problem than just having consultants like me coming on site and helping them

[00:06:37] to secure their Kubernetes infrastructure. And so he said, let's come up with an idea for a

[00:06:44] product. He then reached out to me soon after that aha moment had happened. And we joined

[00:06:52] forces with my sales and go to market background with his CISO background leadership and security

[00:07:00] background. And then we started the company. Very good. So that was the second moment of him

[00:07:05] making a phone call to me. We actually went on a hike in Flagstaff where he's from and

[00:07:10] talked about how we would run a company if we were to start a business, whether

[00:07:14] market readiness was there, where we would go to start. And so that's how we joined forces.

[00:07:20] So you're out of breath in the mountains outside of Flagstaff at whatever four or

[00:07:25] five thousand feet that is, right? Yeah, that's exactly what it was like. We have a picture of

[00:07:30] the exact moment too where we said, okay, let's do this. Let's start a company and leave

[00:07:35] corporate America in the sense of typical corporate America. Well, what's the problem

[00:07:40] you're looking to solve at RadSecurity and who cares about it inside the organizations

[00:07:45] you're selling to? Yeah, sure. So today in cloud security, the way that most vendors

[00:07:53] are identifying issues, for example, the XZ vulnerability that recently came out is to look

[00:08:00] at signatures and CVEs. That's the way we did it at Rapid7. That's the way it's always worked.

[00:08:05] And since then, we discovered what if we instead of just identifying signatures and looking

[00:08:12] for CVEs, we were fingerprinting an environment for known good behavior and then started to

[00:08:19] identify drift from known good behavior so that we could identify anomalous activity ahead of

[00:08:25] a signature being created or CVE. And so this unique approach has awarded us the

[00:08:33] finalist selection at RSA, but it's also helped us get some really nice customer attraction.

[00:08:39] And to fully answer your question, the people who are interested are detection and

[00:08:44] response teams, infrastructure security teams, cloud security teams, those sorts of people.

[00:08:50] I would imagine with the cloud being ephemeral changing all the time, people using it in

[00:08:56] different ways all the time, getting some sort of fingerprint must be quite difficult to do

[00:09:00] that you rely on, but it seems like you must have cracked a way to do it that is

[00:09:04] trustworthy. Yeah. So just long story short, we maintain a master fingerprint for

[00:09:12] applications in the environments that we scan and can help identify behavior that's in drift from

[00:09:24] those faster fingerprints as they evolve. Okay, very good. So what's the big goals for

[00:09:31] the company for 2024, Brooke? Yeah. So we are in process of raising at the moment. And so

[00:09:38] soon we will be announcing what's happening there and who are partners on that journey.

[00:09:47] We from there are going to be hiring some talented sales and marketing people,

[00:09:53] some product leadership, some researchers to help us identify zero days and those sorts of

[00:10:02] things. And so we're really excited to expand the team as we grow in 2024.

[00:10:08] Well, you got two exciting things happening then you got the innovation sandbox, which is one

[00:10:12] thing and then you get the chance to go and grow and try and create the dream that you

[00:10:17] and your co-founder be working on. Exactly right. And for the week of RSA,

[00:10:21] except for wild exuberant celebrations for winning the sandbox, what else you got planned

[00:10:26] for that week? Any events or parties or briefings, things like that?

[00:10:30] So on Sunday I'm doing a founder round table that is being organized by Leaf Dreisler.

[00:10:38] And we're going to be at B-Sides doing that. And then soon after we are co-sponsoring a dinner

[00:10:46] at Fang restaurant right next to Moscone. It's owned by Caleb Sema's wife. And so

[00:10:54] it's a restaurant that a lot of people in security really like and want to support.

[00:10:59] And so yeah, we're really excited about that dinner. So if you'd like an invite,

[00:11:03] you're welcome to join. And yeah, and then otherwise we'll be around. There's lots of

[00:11:08] different parties that we're headed to. But yeah, that's a party that we're hosting on

[00:11:12] Sunday night. Awesome. That sounds like a lot of fun. Well, listen, I wish you every success

[00:11:17] and luck for the innovation sandbox itself and also for all the plans for the year as

[00:11:22] you get the next round in and go away and build the company. Thank you so much, Andrew. I

[00:11:27] appreciate it. It will mean a lot to me and to the continued growth of the show if you'd help

[00:11:44] get the word out. So how do you do that easily? There are two ways. Firstly, just simply send

[00:11:50] a link to a friend, send a link to the show, to this episode. You can email it, text it,

[00:11:56] Slack it, whatever works for you. And it's easy for you. The second way is to leave a super

[00:12:02] quick rating. And sometimes that can seem complicated. So I've made it as easy for you

[00:12:06] as I can. You simply have to go to rate this podcast.com slash cyber that's rate this podcast

[00:12:14] dot com slash cyber and explains exactly how to do it. Either of these ways will take you less

[00:12:20] than 30 seconds to do, and it will mean the world to me. So thank you.