CyberWire Daily Special Edition: Microsoft for Startups - The Benefits of the Cyber Startup Ecosystem

Host: Dave Buettner
Guests: Kevin McGee (Microsoft), FC (Entrepreneur), Matt Chiode (Serbi), Travis Howerton (RegScale), Carl Mattson (Endor Labs)
Release Date: April 27, 2025

Introduction to Microsoft for Startups Founders Hub

In this special edition of CyberWire Daily, host Dave Buettner shines a spotlight on the Microsoft for Startups Founders Hub, a platform designed to empower cybersecurity startups with essential resources. Kevin McGee from Microsoft and FC, a renowned hacker-turned-entrepreneur, kick off the discussion by highlighting the program's offerings, which include:

• Free Access to Cutting-Edge AI Tools: Startups receive access to advanced AI technologies like GPT-4.
• Azure Credits: Up to $150,000 in Azure credits to support scalable growth.
• Expert Guidance: Personalized mentorship to transform innovative ideas into robust solutions.

Dave emphasizes that the episode will feature founders from three standout startups—Serbi, RegScale, and Endor Labs—each addressing significant challenges with groundbreaking ideas.

Microsoft’s Ecosystem Advantage

Kevin McGee (Microsoft) elaborates on Microsoft's commitment to fostering innovation within the startup ecosystem:

"We're not just providing technology; we're offering access to enterprise customers, leveraging the trust built over years, and utilizing our extensive marketing reach to give founders the attention they deserve."
[02:34]

Kevin reflects on his personal journey, noting how his early experiences with Microsoft’s ecosystem accelerated his ventures, a benefit he now aims to extend to new startups.

From Hacker to Entrepreneur: FC’s Journey

FC shares his transition from a defense contractor and head of offensive cybersecurity at Raytheon to founding his own company, Sygenta. His narrative underscores the challenges of self-funding and the steep learning curve of running a business:

"People just think, oh, I can just be an entrepreneur. I'll start a company, make money, and get clients. There's lots of administrative stuff that you have to learn that you didn't realize when you were just an employee."
[05:30]

FC emphasizes the importance of adaptability and a hacker mindset in overcoming these obstacles, a perspective echoed by Kevin:

"The hacker mindset is very much in tune with the entrepreneur mindset. It's experimental, it's adaptable, but it's also mission-focused."
[07:04]

Serbi: Revolutionizing Identity Security with AI

Matt Chiode, Chief Trust Officer at Serbi, delves into the company's mission to secure disconnected applications within enterprise identity ecosystems. Serbi addresses the widespread issue of applications lacking essential security standards, such as SAML and SCIM:

"Our platform allows us to combine Microsoft's capabilities with Serbi's precision to enforce zero trust principles across all applications, not just the integrated ones."
[25:29]

Key Highlights:

• Origin Story: Serbi was founded in response to the recurring challenge startups faced when IT teams blocked SaaS tools lacking standard security protocols.
• AI Integration: Serbi leverages agentic AI—AI trained on specific problem sets to autonomously take actions based on its training.
• Safety and Auditability: Implementing structured decision logging and policy enforcement ensures AI decisions are both safe and transparent.

Matt discusses the integration with Microsoft Entra, enhancing Serbi's ability to extend governance policies to all enterprise applications:

"Serbi integrates with Entra to apply governance policies to disconnected apps, ensuring comprehensive security coverage."
[24:21]

Kevin remarks on the strategic value of such integrations:

"Building an open identity ecosystem strengthens our approach, allowing customers to protect the secure edge of their identity attack surface."
[25:36]

RegScale: Transforming GRC with Continuous Controls Monitoring

Travis Howerton, Co-Founder and CEO of RegScale, introduces Continuous Controls Monitoring (CCM), a platform aimed at making Governance, Risk, and Compliance (GRC) processes real-time and scalable:

"We're turning what used to be a static, slow-moving GRC process into something real-time, scalable, and cloud-native."
[30:45]

Key Insights:

• Market Need: Despite advancements, only 6% of organizations have fully integrated compliance into their CI/CD pipelines, highlighting a significant gap.
• AI and Automation: RegScale leverages AI to automate evidence collection and compliance assessments, drastically reducing time and costs.
• ROI Impact: Automating compliance tasks can save organizations hundreds of thousands of dollars, allowing CISOs to redirect resources towards enhancing security measures.

Travis emphasizes the impending transformation driven by AI:

"Compliance is going to be eaten by automation and AI over the next five years. This is the most exciting time to be in the field."
[44:26]

Kevin underscores the strategic advantage of real-time compliance:

"Knowing your control posture today, not just in the past, provides clarity and allows CISOs to act proactively as markets and geopolitical landscapes evolve."
[38:37]

Endor Labs: Securing the Software Supply Chain with AI

Carl Mattson, CISO at Endor Labs, discusses the startup's focus on securing the software supply chain through innovative AI-driven solutions:

"We've reinvented the scanner and the way we analyze software vulnerabilities, focusing on reducing noise and providing actionable insights."
[52:06]

Key Features:

• AI Utilization: Endor Labs employs generative and agentic AI to enhance vulnerability scanning, reducing false positives, and prioritizing risks based on context.
• Integration with Development Workflows: By embedding security directly into developers' tools and CI/CD pipelines, Endor Labs ensures that security measures complement, rather than hinder, development velocity.
• Comprehensive Risk Assessment: Beyond software vulnerabilities, Endor Labs addresses legal, intellectual property, and operational risks, offering a holistic approach to software security.

Carl highlights the importance of integrating security seamlessly into development processes:

"By embedding our scanning activities into developer workflows, we ensure that security becomes an accelerator rather than a bottleneck."
[63:56]

Kevin praises Endor Labs for their approach:

"Making security a multiplier and embedding it into workflows ensures that security becomes the easy choice for developers, fostering better compliance and safer products."
[65:26]

The Pivotal Role of AI in Cybersecurity Startups

Across discussions with Serbi, RegScale, and Endor Labs, AI emerges as a transformative force in cybersecurity:

• Agentic AI: Specialized AI models trained to perform specific tasks autonomously, enhancing efficiency and accuracy in security operations.
• Continuous Monitoring: Real-time data synthesis and analysis enable proactive risk management and compliance.
• Automation of Manual Processes: Reducing the reliance on manual checklists and human intervention lowers costs and minimizes errors.

Travis notes the imminent shift towards AI-driven GRC processes:

"AI will commoditize risk and compliance, allowing organizations to focus on strategic risk reduction rather than manual paperwork."
[54:39]

Matt adds that AI not only automates tedious tasks but also enriches data analysis, providing clearer insights:

"Reducing false positives and providing detailed contextual analysis frees up valuable resources and enhances decision-making."
[60:07]

Empowering the Cybersecurity Workforce

The integration of AI into cybersecurity also reshapes workforce dynamics:

• Upskilling and Training: As AI tools become integral, professionals must acquire new skills to manage and leverage these technologies effectively.
• Enhanced Job Satisfaction: Automating mundane tasks allows cybersecurity experts to focus on more strategic and fulfilling work.
• Talent Incubation: Startups provide environments where employees can gain hands-on experience with cutting-edge AI technologies, enhancing their professional growth.

Kevin emphasizes the role of startups in talent development:

"Startups are becoming talent incubators, offering hands-on AI security experience and enabling employees to contribute to scalable, innovative solutions."
[58:46]

Conclusion: A Future Fueled by Innovation and Collaboration

The episode culminates with reflections on the synergy between Microsoft’s support and the innovative spirit of startups:

• Community Trust and Collaboration: Building a robust startup ecosystem thrives on trust and collaborative efforts between large enterprises and nimble startups.
• Strategic Partnerships: Integrations with Microsoft’s platforms, such as Azure and Entra, amplify the capabilities of startups, enabling them to deliver comprehensive security solutions.
• Vision for the Future: With AI at the forefront, the cybersecurity landscape is poised for significant advancements, making organizations more secure and efficient.

Dave Buettner wraps up by thanking the guests and highlighting the transformative work of the featured startups:

"From tackling software supply chain risks and redefining GRC to hacking for good and building global startup ecosystems, these founders are proof that innovation thrives when community trust and cutting-edge technology come together."
[67:24]

He encourages startup founders to leverage the Microsoft for Startups Founders Hub to access essential resources and support, reinforcing the message that the future starts here.

Key Takeaways:

1. Microsoft for Startups Founders Hub provides invaluable resources for cybersecurity startups, including AI tools, Azure credits, and expert mentorship.
2. AI Integration is revolutionizing cybersecurity by automating compliance, enhancing vulnerability management, and streamlining security operations.
3. Startups like Serbi, RegScale, and Endor Labs are at the forefront of addressing critical security challenges through innovative, AI-driven solutions.
4. Workforce Transformation: The adoption of AI in cybersecurity necessitates upskilling but ultimately leads to more strategic and fulfilling roles for professionals.
5. Collaborative Ecosystem: Partnerships between large enterprises and startups foster innovation, trust, and comprehensive security strategies.

This episode underscores the pivotal role of innovation, supported by robust ecosystems like Microsoft’s, in shaping the future of cybersecurity. Whether you’re a startup founder or a cybersecurity enthusiast, the insights shared provide a roadmap for leveraging technology and collaboration to build smarter, more secure solutions.