How to Make Security Analysts' Lives Easier - An Interview with John Cassidy CEO and founder of King & Union
Interview with John Cassidy, CEO OF King & Union:
Cyber Security Dispatch: Season 1, Episode 14
On today’s episode of the Cyber Security Dispatch we welcome John Cassidy of King & Union to discuss their new product called Avalon. With some notable experience and success in the field of cyber security, this new project marks a leap forward for John and his team and we were eager to hear all about it. John explains what sort of market this product is aimed at and how it fits into the crowded field of security. He goes on to quickly show what sets Avalon apart from the rest of the products that offer a similar sort of service and how it could be integrated into already established systems and industries. Our guest also helpfully explains the mechanics behind Avalon and its situation in the cloud. We close out this punchy episode with a little information on John’s company, King & Union, with John sharing some insight into the process of running a start-up, creating a strong team and what they aim to achieve with their office space.
Key Points From This Episode:
- The latest product John and King & Union have launched called Avalon.
- Avalon’s target market and the space it occupies in security operations.
- What differentiates Avalon from other similar products.
- Entering a crowded market and integrating into existing systems.
- The architecture of securing information for a large company.
- Housing these systems and the cloud services Avalon uses.
- The experience of venture capitalism and the start-up game.
- Building the team at King & Union and the benefit of shared experience.
- The location of the company and its branding choices.
- And much more!
Links Mentioned in Today’s Episode:
King & Union — https://www.kingandunion.com/
King & Union on LinkedIn - https://www.linkedin.com/company/king-union-avalon/
John Cassidy on LinkedIn - https://www.linkedin.com/in/jcassidy49/
Avalon — https://www.kingandunion.com/avalon-analyst- platform.html
Google Docs — https://www.google.com/docs/about/
SaaS — https://searchcloudcomputing.techtarget.com/definition/Software-as-a-Service
Azure — https://azure.microsoft.com/en-us/
EINSTEIN 3 Accelerated — https://www.dhs.gov/publication/einstein-3-accelerated
CenturyLink — https://www.centurylink.com/
DHS — https://www.dhs.gov/
US-CERT — https://www.us-cert.gov/
Amit Yoran — https://www.tenable.com/profile/amit-yoran
Tenable — https://www.tenable.com/
Starbucks — http://www.starbucks.com
Welcome to another edition of Cyber Security Dispatch. This is your host, Andy Anderson. In this episode filtering the noise, we talk with John Cassidy, CEO of a startup cyber security firm, King & Union, about the challenges facing security analyst today and how tools are emerging to improve their daily work. We also touch on the process of launching a new security company.
[0:00:31.2] Andy Anderson: So John, just introduce yourself.
[0:00:33.2] John Cassidy: John Cassidy, the founder and CEO of King & Union.
[0:00:36.8] AA: So we had a chance to talk for a while before this, we to hit the record button. Tell me a little bit about sort of the product that you launched and kind of where it’s fitting in the market.
[0:00:48.2] JC: Yeah, absolutely. King & Union, we actually came up with a platform that we’ve been building since 2016 called Avalon. Think of it as a collaborative cyber intelligent system really focusing on the collaborative aspects of getting people together to work in one focused place on investigations and analysis of threats.
[0:01:06.7] AA: Yeah, you’re sitting in – For those who kind of don’t know the space as well, the security operations – that’s your target market, right? Analysts thinking about threats and whatnot.
[0:01:17.4] JC: Yeah, absolutely.
[0:01:18.7] AA: What’s that process like for them now and kind of where would you like to kind of take that?
[0:01:23.2] JC: Yeah, I think a lot of people are drowning in data. I mean, we see it all the time where there’s been purchased threat intelligence feeds, there’s been – Sims are spitting out alerts, alert queues with thousands of alerts going on. So they have to clear these alerts out. So what we’re able to do is make their life better and speed up a lot of that manual work for them and automate a lot of the process that are not great for those guys and they cause them to be worn out and they actually end up burning out and end up leaving and going and trying it somewhere else. We’re trying to really help up the employers for that as well.
[0:01:54.4] AA: Yeah, I mean, we’ve talked about this a lot on this podcast, the sort of the traction issue, getting good quality employees but also retaining them, because the job is often really stressful. Also, it’s a seller’s market, right? If you’re a security analyst, you’re probably getting like a dozen job offers a week or something.
[0:02:13.0] JC: Absolutely. Especially, if you get into the government space and you have some security clearances or classifications, it’s very hard to retain that talent.
[0:02:21.4] AA: Yeah. You’re like a unicorn.
[0:02:22.4] JC: Yeah, you got it. You got it.
[0:02:24.4] AA: How do you guys – let’s talk a little bit about kind of what makes your product different from like some of the other solutions that are out there?
[0:02:30.7] JC: Yeah. I think one of the biggest things that we’ve been focusing on since we’ve built the platform is having this 10 to 12 years of background in building information sharing systems is in watching ISACs and watching what they’re doing. We are not a data wrangler, right? We’re not just tons and tons of data feeds and the pain of actually just going out and buying data. We’re actually making people - the ability to come in to a platform, collaborate, and we like to save meaning into the data, they can actually get in to a collaborative workspace in a Google Docs environment and actually work together on a problem and a focus to the area.
[0:03:08.1] AA: Yeah. I think obviously – the venture is new, right? You’re launching this summer, right?
How do you think about kind of most of the places that you’ll get plugged into already have a lot of existing technology and a lot of existing solutions. How do you think about: from a strategic perspective as you built the product and also as you talk to customers, how you drop into that ecosystem?
[0:03:29.6] JC: Yeah. One thing that we’ve been conscious about during this whole process of building up the company is around the ability to easily integrate with - whether it’s a large bank or a large healthcare organization or an energy company that we’ve worked within the past - is being able to easily get in to their infrastructure and then look for the analyst. If you have a deployed threat intelligence platform, if you do purchase certain data feeds today, we have the mechanisms with our open framework to be able to easily drop in and integrate with that.
The real play for us is getting these socks that are overwhelmed and these teams that can’t hire the right people the ability to quickly get to a point of going through this analysis process, giving them more insight, context and enrichment around a particular threat. Then if they so choose, they could actually reach out to peers within their vertical or their segment, say, an energy company who could want to reach out to another energy company or a bank who could actually form very quickly a small information sharing a collaboration group. They can stand it up in seconds and then tear it down if they wanted to, but it allows them very quick flexibility to work on a threat.
[0:04:35.8] AA: I’m curious, it’s partly the other hat that I wear, how do you think about the architecture of doing that? Where do you actually put your data in a way that, “Hey, I’m a large bank. You’re a large bank. Where are putting it that we feel –” I mean, this is some of our most critical, sensitive stuff. How are you architecting that?
[0:04:56.0] JC: Well, one big thing for us that’s different is we don’t want data that’s internal to an organization. So it’s a very clear differentiator - we’re not like a sim that’s taking in log data; we’re not examining emails; we’re not looking at email content; or DNS (Domain Name System) queries. We really think of us as a way that you can throw in pieces of information and we’ll spit you back facts that we know from all the datasets that we have in a very quick way enabling you to make a faster, more informed decision. We’re not going to tell you that this is the greatest threat, but we’re going to give you context that are enrichment about something that you’re looking for that could cause you to be able to take action much faster.
[0:05:34.9] AA: It’s like essentially the – It’s like read only essentially from your system down to somebody? Where is your stack actually sitting? Is it on the cloud or –”
[0:05:45.3] JC: Yes. We’ve got it in one of the leading cloud providers. So it’s a SaaS based model. We are exploring, moving into different cloud environments and we’ve also been –
[0:05:55.6] AA: I’m just curious about this most where you guys are native, is it Azure.
[0:05:58.3] JC: We’re in US and we’re using Google.
[0:06:00.5] AA: Okay.
[0:06:01.1] JC: Yup, and it’s worked up very well for us. We’re very happy with – We’re security guys and the guys are building system are very happy with it.
[0:06:08.5] AA: I can’t remember if Google Cloud, FedRAMP compliant yet or they’re sort of in their way.
[0:06:13.9] JC: They just sort of announced that they’re headed that way. It’s actually a timely thing for us. Some of the things that we’re being asked to do from some of our backgrounds in federal government, in defense department, in intelligence community support that we did work on was being able to take our code base and make sure that it was in a FedRAMP tied cloud environment.
So now that Google is sort of launching that effort, we’re very comfortable for two years building our platform in Google. We’re excited about that, but we’re also looking at options in Amazon’s cloud. It’s been requested. Some of the other things asked, actually, to build a dedicated instance in private government cloud spaces.
[0:06:54.0] AA: On-prem. On-premises. I could define stuff myself.
[0:06:57.6] JC: Yeah.
[0:06:58.2] AA: Yeah. I violated my own rules.
Let’s talk a little bit about what the environment has been like through you, because you’re out fundraising, you’re talking to VCs. I think some of our listeners would love to hear what that experience has been like and what’s been surprising?
[0:07:12.8] JC: I think that one of the most challenging aspects of that as an entrepreneur has been – You’re trying to build up your platform. You’re trying to build up your revenue base, but then you also are trying to fundraise at the same time, and it is like a full-time job doing the fundraising. So there’s as many meetings as you have with customers, multiply that times two. It’s been very eye-opening to me with different investor sets and I've learned an incredible amount from each one of them. So every single meeting you feedback, whether it’s positive or negative and you’re constantly refining the message. So it’s exciting, and when the money comes, it will be even better.
[0:07:49.5] AA: I’m sure, you’re waiting for those checks and it’s stressful, right? But it’s also – Make sure you get smart money, because it’s easy to get dumb money, but getting smart money is –
[0:08:00.2] JC: That’s the thing. We’ve been blessed by current investors that have been with us from day one and they’re still behind our mission, and I think that the people that we have been talking to, whether it’s west coast VCs, east coast VCs, we’ve learned a lot from each of those meetings.
So we’ve learned from talking to all these different people that there’s different engagement levels from different VCs.
Do you want somebody that’s going to be an active participant or do you want a silent participant with a company? I think it really depends on who that firm is. Are they technically competent? Have they done this successfully multiple times over the course of their career? Who they invested in? Are they new investors? So many questions come to mind, but it’s a fun process. We’re enjoying it.
[0:08:45.1] AA: Yeah. How about building the team? I think that’s always kind of fun with a new company like yourself. Talk about kind of like some of your cofounders or some of the early team members.
[0:08:53.9] JC: Absolutely. My cofounder is Brent Wrisley. He’s actually a guy that I’ve worked with and know, which has helped. I think, when you’re starting a business, which is very high intensity and very stressful, to be working with a friend. Brent and I have known each other for five to six years, originally at one of my government programs. I built up the EINSTEIN 3 Accelerated program through CenturyLink on behalf of DHS (Department of Homeland Security), which supports two million end users. It’s a pretty intense system.
So Brent and I met during that time when I was building up that team. So we had actually built that team from two, less up to a hundred person team to a classified business. Brent, I bought him to because he had started a services company that was some of the top threat analysts that were out there.
So Brent and I have known each other and have been comfortable working together. We saw some of these very direct operational background in security starting up in the US. He’s one of the original guys to startup US-CERT back in the day with Amit Yoran. He’s over at Tenable now. So he’s seeing the security pain and he’s lived it. I think from his operational background and sort of my more business side and the sales segment of building up teams and didn’t know what to do, but we have a pretty good synergy together.
[0:10:07.5] AA: Yeah. How about the talent that you’re looking for? Kind of those people, the talent that he’s brought on? What’s that been like? And you’re based where?
[0:10:17.2] JC: We’re at Alexander, Virginia, kind at the corner of King and Union. That’s where the old town. So we’re actually in one of the oldest buildings in all of Alexander right there on the river, above the Starbucks.
There’s a real history of the building. We really did not want to get lost in the mix of the world of cyber that we know and love with thousands with thousands of companies with the name cyber and threat and the color red. We really want to change it up. Everything from our colors and color scheme to making security feel like more comfortable and less risk-averse we’ve been trying to sort of implement from day one.
[0:10:53.3] AA: Yeah, awesome. Anything you kind of want to cover before we close?
[0:10:58.8] JC: No. We’re just excited as a company that kind of take this next step forward and looking forward to closing our next pay round in the end of Q2 and launching the company more formally through a PR and launch and we’ve got some great customers under our belt now and we’ve got some more right around the corner.
But we’re having fun. If we’re not having fun, we wouldn’t be doing this.
[0:11:20.6] AA: Yeah. I mean, in this space, there needs so much energy and new solutions and stuff, because the threat is really big and it’s nice to see – I mean, I’m from DC, so it’s nice to see kind of like new companies jumping up in that space particularly.
[0:11:33.7] JC: Cool.
[0:11:33.9] AA: Thanks.
[0:11:35.7] JC: Great, thank you.