WIN

Shaun Vlassis WINS by Innovating Threat Detection

May 20, 2024 Carrie Richardson

Send us a text

Shaun Vlassis Wins By Innovating Threat Detection

In this episode of "What's Important Now?" host Carrie Richardson sits down with Shaun Vlassis, founder of Illuminate Security, to explore the creation and impact of his innovative crowdsourced threat hunting platform, Blue Hat. Shaun shares his journey from working at top financial institutions to establishing his own business, tackling industry challenges, and leveraging crowdsourced expertise to enhance cybersecurity defenses.

Episode Highlights:

  • Shaun's background in detection and response over two decades.
  • Insights into the challenges faced by the cybersecurity industry.
  • The conception and development of the Blue Hat platform.
  • Advantages of crowdsourced threat hunting compared to traditional methods.
  • The balance between technology and expertise in security operations.
  • Shaun's transition from practitioner to entrepreneur.
  • Overcoming obstacles in investment and enterprise sales cycles.
  • The future of cybersecurity and the role of innovation in the industry.

Guest Quotes:

  1. "We've been doing the same approach to solving cybersecurity problems for decades, yet expecting different results." – Shaun Vlassis
  2. "The Blue Hat platform takes the same crowdsourced model from offensive security and applies it to the defensive side, making it more effective and scalable." – Shaun Vlassis
  3. "Starting a business requires making as many mistakes as quickly as possible to figure out what works." – Shaun Vlassis

Guest Information:

Name: Shaun Vlassis
Title: Founder of Illuminate Security
LinkedIn: Shaun Vlassis on LinkedIn
Company Website: Illuminate Security

Links and Resources Mentioned:


Carrie Richardson and Ian Richardson host the WIN Podcast - What's Important Now?

Serial entrepreneurs, life partners and business partners, they have successfully exited from multiple businesses (IT, call center, real estate, marketing) and they help other business owners create their own versions of success.

Ian is certified in Eagle Center For Leadership Making A Difference, Paterson StratOp, and LifePlan.

Carrie has helped create and execute successful outbound sales strategies for over 1200 technology-focused businesses including MSPs, manufacturers, distributors and SaaS firms.

Learn more at www.foxcrowgroup.com

Book time with either of them here: https://randr.consulting/connect

Be a guest on WIN! We host successful entrepreneurs who share advice with other entrepreneurs on how to build, grow or sell a business using examples from their own experience.

[00:00:00] Carrie Richardson: Good afternoon everybody. Thank you for joining me today. My name is Carrie Richardson and I am the host of win. What's important now? And today we're asking that question to Sean Vlassis who is the founder of illuminate security. Sean. Thank you for joining us today.

[00:00:17] Shaun Vlassis: Thank you for having me. 

[00:00:19] Carrie Richardson: I understand you were at RSA last week, debuting your new crowdsourced platform. Tell me about the journey to creating a crowdsourced threat hunting platform. 

[00:00:34] Shaun Vlassis: I've been in the detection and response space for close to 20 years now as a practitioner.

[00:00:41] Shaun Vlassis: Worked at some Australian financial institutions. I built out the detection capability at Salesforce, was Over at JP Morgan, just before striking out on my own with Illuminate Security. Over the last couple of decades, [00:01:00] we, as an industry, have been doing the same approach to trying to solve the problem of identifying compromise and hackers

[00:01:13] Shaun Vlassis: over and over again, yet expecting a different result. A lot of people at RSA or in our industry in general don't feel like we're winning, we haven't really moved the needle with regards to actually making things better.

[00:01:27] Shaun Vlassis: Many organizations are unable to attain and retain the key talent needed to actually make a difference. About a decade ago, you had companies like bug crowd and hacker one and others, In the offensive side of security, make a significant impact on the ability to identify vulnerabilities and do it in a cost effective fashion where a company now has access to the world's industry of pen testers and bounty hunters.

[00:01:59] Shaun Vlassis: And yet [00:02:00] we've not done the same thing on the blue team side. We could continue to just do it the way we've always done it. That is not why I started my business. And what we have done create what we call the blue hat platform where we will take customers anonymized log data.

[00:02:16] Shaun Vlassis: And tokenize usernames and basically make the data safe. And secured while still maintaining the value from a security perspective for a detection engineer, an Intel analyst, a threat hunter for logs to be able to do what they do best. So we take the same business model that was applied on the offensive side and apply it on the defensive side, where now, if you're a company or you're a SOC manager or a CISO, whatever have you.

[00:02:49] Shaun Vlassis: Do you want to settle for the people that you can either hire yourselves or what your vendor service provider can attain and retain, and hopefully they don't get poached in the [00:03:00] meantime, or get access to hundreds, one day thousands of hunters and detection engineers that can keep their day jobs and yet still make money on the side and be rewarded both reputationally and financially. 

[00:03:16] Shaun Vlassis: That's what led me to this point. We came out of stealth, in September of 2023 and busily, breaking into different markets and yeah, doing all the things an early stage startup does. 

[00:03:31] Carrie Richardson: You mentioned you worked in security prior to founding Illuminate. 

[00:03:36] Carrie Richardson: You said, I didn't start my business to do that. What did you start your business to do? 

[00:03:42] Shaun Vlassis: I like solving problems. In the majority of my career, I've been a builder. So whether it was at the Commonwealth Bank building their banking malware and phishing prevention platform. We built that in house.

[00:03:58] Shaun Vlassis: You know, into Salesforce being a [00:04:00] builder as well. We built out tech to solve a problem for the scale of one of the largest SAS providers.

[00:04:07] Shaun Vlassis: I built the detection engineering team there, which when I left was over 40 people, and that is very expensive, but doesn't solve the problem of actually going and making a significant difference in our ability to defend organizations. 

[00:04:28] Shaun Vlassis: Prior to this, I was at JPMorgan, um, in the, in a strategy and architecture role for their global security operation center.

[00:04:36] Shaun Vlassis: They've got a lot of people like in their security team and they are like one of the most important financial institutions on the planet, given their size and, critical infrastructure to support economies around the world. Budgets are not their concern in comparison to other organizations but it's still a challenge.

[00:04:57] Shaun Vlassis: And I would say that the [00:05:00] challenges that the biggest end of town face and the smallest end of town. Fundamentally thematically the same keep keeping talent attracting talent and delivering a security control that is a heavy mix of service ie people and technology. And how can you build anything that is going to last?

[00:05:29] Shaun Vlassis: You are trying to build a house on shifting sand because people get poached, technology gets shelved or vendors get acquired and whatnot. And so as a CISO or a CIO, CTO, whoever, you know, unlike buying a firewall technology, you buy it.

[00:05:48] Shaun Vlassis: It works. You know, they use it for the next period of time, but in the security operations space, it's as much an art form and [00:06:00] reliant on expertise as it is the technology that they need to do their job. And so back to being a builder or a problem solver, I want to solve this problem. I could try and hire talent and keep them. And I would be no different than the status quo today . And yet now I have more detection engineers and hunters on our platform and ecosystem than any company would ever hope to hire internally. By an order of magnitude and it grows daily, I look forward to seeing where it goes.

[00:06:36] Carrie Richardson: One of the things you pointed out was that you work for an organization that had as a quote all the budget in the world for security. What was it like starting a business? Where now it's coming out of your pocket. This is your problem. This is your spend. 

[00:06:58] Shaun Vlassis: It has been a [00:07:00] fun shift over to this model, , not something , walked into blind.

[00:07:06] Shaun Vlassis: I think, you know mentally that it's going to be a challenge, , build pipeline. value proposition, identify what your customer target profile is. And I think for us at least, and I'm sure many other founders, you want to make as many mistakes as quickly as possible to figure out what works for you.

[00:07:27] Shaun Vlassis: We've had those like all the others when trying to figure out. who is our, our target buyer. We thought it would be certain folks. It turns out it's not. We thought around different types of partnership opportunities only to realize, you know, beyond the value proposition, which is basically we can do, do it better and cheaper without the detriment to the better, um, you'd find out that, say, in the [00:08:00] reseller space or in a managed service provider space, the approach is to be a bundled extra SKU.

[00:08:07] Shaun Vlassis: Okay. Great. Versus trying to be a white labeled approach because the margins are so tight for what they're already selling us being a better way for an organization, an MSP to deliver threat hunting doesn't resonate versus, oh, it's just an extra SKU they can sell and pass those costs on directly to the customer.

[00:08:30] Shaun Vlassis: I think the main surprise for us and I'm guessing a timing thing was going when we started looking at the investment opportunities and last year was not a good time in general, starting to look better now. But, you know, that that was probably the main surprise going into it.

[00:08:50] Shaun Vlassis: And that's life. 

[00:08:52] Shaun Vlassis: You roll with the punches and we just keep going and focusing on the value prop and then tightening up what the [00:09:00] ideal target buyers look like and then going after that. 

[00:09:03] Carrie Richardson: What percentage of your time was spent looking for investment versus building and problem solving. 

[00:09:11] Shaun Vlassis: At that time, we had shifted onto the investment piece a bit more heavily.

[00:09:17] Shaun Vlassis: We've scaled that back now, we've been focused on a number of current customers that we have, on adding more features, both for the analyst side, but also on the platform piece itself. Not a surprise, but just a fail to realize how long the enterprise sales cycle can take.

[00:09:36] Shaun Vlassis: Depending on what it is, you think, Oh, this will be quick and quick is a relative term, like some of our larger customers in the middle right now of inking the paperwork, they took nine months just to get to trial because we had to go through the vendor assessments and the third party risk supplier channel process.

[00:09:59] Shaun Vlassis: [00:10:00] And then you got the legal contracts and all of that. Back to your question on budgets and costs, isn't cheap. And so thankfully knew that going in and we've got our runway to help us get to where we're up to.

[00:10:18] Shaun Vlassis: Definitely a shift going from a practitioner to an entrepreneur. 

[00:10:24] Carrie Richardson: It doesn't sound like the type of business where you can just chat GPT yourself a contract. 

[00:10:30] Shaun Vlassis: No, definitely not. Back to our Focus on product features. We ultimately deliver three ways a customer can use us.

[00:10:41] Shaun Vlassis: And so we have an open campaign where a customer can define the access criteria for an analyst. They can say, they need to be an American citizen. They need to be background check, signed an NDA, they need to be in the top 5 percent of the [00:11:00] community and focus on, Technic X, what have you.

[00:11:03] Shaun Vlassis: The customers get a lot of control. The second part was what you would actually provide and then reward. And so if a customer said, I'm going to give you all of my cloud trail logs for an Amazon account , and I care only about lateral movement and data exfiltration, they would have that flexibility.

[00:11:24] Shaun Vlassis: But the final part was how the analysts would interact with the data. The first way is the data is anonymized and prepared, but placed, where they could access it and do whatever it is they wanted, however, back to lawyers and contracts and fund things like GDPR and, and what the California privacy policy, they deem an analyst as a sub processor, and they would deem illuminate security as the processor.[00:12:00] 

[00:12:00] Shaun Vlassis: Which basically means that our organization would be held responsible for any actions malicious by an analyst and while we holistically, when you take into account all the background checks, and you know exactly who they are and all that stuff to reduce the risk, some organizations, departments will just say, no, what we do from the next steps is we have two other mechanisms where we do restricted access.

[00:12:29] Shaun Vlassis: So we'll provision the workspaces for the analysts inside the customer's instance of Blue Hat. So the data never leaves and they still don't need to know who the customer is. 

[00:12:40] Shaun Vlassis: And then the final one is we've built our own analytics platform where we will literally run the logic on behalf of An analyst or a hunter.

[00:12:50] Shaun Vlassis: And so if someone said I'm the best at identifying DNS tunneling, or they focus on an advanced persistent threat group [00:13:00] like the Lazarus group or whatnot, and they have five rules, we run it for them.

[00:13:05] Carrie Richardson: You have contractors who have to have fairly significant background clearance in order to do the job. How do you manage that remotely? 

[00:13:19] Shaun Vlassis: So we would put them as users because there's no contract. You can sign up, you can be a user, you find something, you get rewarded. What we do is use, the same technologies that online banks use that do the liveness and identity verification and background checks.

[00:13:37] Shaun Vlassis: Showing your driver's license or documents with your face and taking the screenshot. That's a fairly mature space.

[00:13:44] Shaun Vlassis: But what's interesting is we have customers that Don't need that, but there'll be ones that do. And so we try to cater for the broad spectrum of customers and their risk profiles, because we've had on one end of the spectrum, a crypto [00:14:00] company that says I don't care who the analysts are. I actually don't care if they know the name of our company and we're going to provide DNS logs and maybe our VPC flow logs out of their Amazon instance, because their reasoning is they get targeted constantly. 90 plus percent of their customer data is on the blockchain.

[00:14:30] Shaun Vlassis: And so some VPC flow logs, which are firewall logs or network logs, doesn't have anything in there that's not already publicly available. DNS data is not an impact on privacy at all, and their equation is we are significantly targeted and we want the expertise. 

[00:14:49] Shaun Vlassis: Yet, on the other end of the spectrum, you might have a financial institution that says, I want a private, non advertised, heavily restricted detection [00:15:00] campaign, and I want to approve every single person that joins.

[00:15:04] Shaun Vlassis: You can do both, and everything in between, so that it falls in line with the risk appetite of the customer. And I think that's been our challenges. How do you balance workforce slash capability and privacy concerns

[00:15:21] Shaun Vlassis: and ensuring that it stays within the appetite of a business. 

[00:15:25] Shaun Vlassis: That's been the fun. Like I mentioned earlier, make mistakes, figure out what works and just do it as quickly as possible. I think you can't do that unless you're in a startup or a smaller firm that's more agile and nimble where you can just make decisions and execute versus make a decision and then seek approval from insert large number of interested or, you know, impacted parties within a business.

[00:15:56] Carrie Richardson: You're describing your sales cycle right now. [00:16:00] That's your enterprise sales cycle. 

[00:16:03] Shaun Vlassis: Yes, it is. 

[00:16:04] Carrie Richardson: So one day you decide I'm going to do this. I'm going to do it differently. And who is hire number one after Sean? Who was that person? What was their role?

[00:16:17] Shaun Vlassis: Great question. 

[00:16:18] Shaun Vlassis: I did bring on several advisors to begin with to help round out either lacked experience and expertise that I would have. I'm a first time founder.

[00:16:32] Shaun Vlassis: If I had been in sales or in business development and running organizations for the last 20 years, I wouldn't have had the idea or the product now to actually go and do it. And so balancing out like what our gaps are from an expertise, knowledge and contacts in industry point of view.

[00:16:57] Shaun Vlassis: I would say right now [00:17:00] I do a mix of everything and I will be bringing on folks allowing me to safely hand over some of the more technical aspects of our platform and the actual delivery of it piece so I can then focus more of my time on the business development and, closing more customer deals.

[00:17:20] Shaun Vlassis: What do you think, what should be some of our first hires from your perspective? 

[00:17:26] Carrie Richardson: First thing I did was get rid of my accounting. I had no business experience. I don't have a college degree. And now I had a wayward youth. I didn't know how to run a business and all of a sudden I had a business.

[00:17:40] Shaun Vlassis: Going back to your, difference between working for an organization and being your own organization.

[00:17:46] Shaun Vlassis: Sure, I've hired staff and managed large teams. But that was a budget allocated from the business to then hire. And then when it's your own business, I think the responsibility, for other people's [00:18:00] livelihoods and the salaries that they rely upon is definitely a eyeopening experience that just makes it a lot more real at the end of the day, it's like what you're doing and, you know, Big rewards, but big risks at the same time for what you're doing.

[00:18:17] Shaun Vlassis: It's not for everyone.

[00:18:18] Carrie Richardson: You have a lot of people who've trusted you with their investment, right? All I had was my visa card. So if I racked that up and screwed visa over a little bit, I wasn't that concerned. But, you've got this responsibility now to provide a return on an investment and to grow at a specific pace and to put the right people in the right places at the right time and now you're a first time founder, it doesn't matter how many years of experience you had working for someone else.

[00:18:47] Carrie Richardson: Now it's like, hey, am I going to buy this thing or am I going to put my kids through college? Oh, I don't know. I'm not sure. 

[00:18:56] Shaun Vlassis: Yeah, definitely. I did a computer science degree. So [00:19:00] I've been that way inclined, you know, ever since then the industry, like the, the ability to go and go, so to go from an idea to an MVP product that you can then get people to use and see if it works or not.

[00:19:22] It feels so much easier today. You need an AWS account or a Google cloud account, and you could stitch together a business with HubSpot or Salesforce, Xero and then a platform provider and some coding. I mean, hell, everyone keeps telling me to use Copilot and, you know, like the, the Microsoft development suite to go and just say, I want you to write this function for me, which I just can never get my head around and never will.

[00:19:50] Shaun Vlassis: But 20 years ago, you had to build the servers. You had to do the networking, you had to do all of the. Foundational [00:20:00] building blocks, but now you just click in the, at your AWS console. It's like, oh yeah, I would like a database of this size. Click. Yes. I would like a near, you know, a very highly scalable set of lambdas and processing infrastructure and what's like click, click, and then you just got to write some code.

[00:20:20] Shaun Vlassis: Like it's so different now than what it was past. And we benefit from that ourselves. Like everything we do, we aim to be cloud native, because A, it lowers our cost to serve, but it also allows, you know, what our product, if organization one had 10, being fictitious, 100 staff members and organization two had 100, 000 staff members, I don't do anything different.

[00:20:49] Shaun Vlassis: Like I will provision them an instance of the software pack, like our product and the package exactly the same for both. The only thing that's going to be different is how it's [00:21:00] priced based on the volume and the activity , which is a massive difference today compared to what it's been in the past.

[00:21:07] Shaun Vlassis: And so you do see, it's, it's fun to see now that the technology is not the limitation. It's that product market fit and clearly identifying who is your target buyer and who will see the value in what you're doing and, you know, timing and luck and all those other parts come into it as well.

[00:21:31] Shaun Vlassis: Now it's a survival of the fittest. Because of the change in the venture capital space, the change in what the customers are going after and purchasing organizations out there have to sink, swim or find a buddy to go and continue to exist.

[00:21:46] Shaun Vlassis: It's going to be a very interesting next couple of years, and I just think we're positioned well, based on the fact that we're just doing it in a completely different way we'll see where it goes.

[00:21:56] Carrie Richardson: Doing something in a completely different way can be [00:22:00] challenging when it comes to the sales process.

[00:22:04] Carrie Richardson: What do you think the biggest objection to the way that you've approached this problem will be? 

[00:22:13] Shaun Vlassis: Oh, I can tell you what we've heard. You're a hundred percent right. Having to educate and sell is hard. Like it is such a challenge to get in front of folks that understand the value of what we do and our approach and also. in a position to do a trial or evaluate it, like you're already making it harder.

[00:22:41] Shaun Vlassis: I joke sometimes when I'm having a, after a hard day, I'll think if I was to do it again, I would just create another same product as like another XDR provider and say, Oh yeah, we are just better. It clearly is what the marketing needs to [00:23:00] be. And it probably. be more successful because there is a Gartner Quadrant.

[00:23:06] Shaun Vlassis: There is an accepted way to view what you're doing. However, that's not how I operate or think. Having to go and educate, As well as sell makes it a lot harder and yet we still stand behind it because we know and we've seen it with our design customers and earlier customers that we've had, there's an organization in Australia, in the defense space.

[00:23:35] Shaun Vlassis: They have more detection and threat coverage than any company in Australia, at least, and I would go as far as to say many in America and elsewhere by being a customer of ours, and we've helped them identify a lot of nasty things which you would expect in the industry they're in. The main things that we've seen over time, and we've had to [00:24:00] adjust and change our approach, has been the concerns around the data piece, which we went and addressed, and what we learned was there's this binary thought, when you use the word crowd, people think it has to be an all or nothing.

[00:24:21] Shaun Vlassis: As in, the only way I'm going to get the benefit is if I let everyone see my logs, and therefore you lose the control, or if you don't do that, you get no value. And that's not been the experience of the offensive side of security, and the 80 20 rule applies. But then, making it so that in our messaging, we can demonstrate that you have the control and the benefit.

[00:24:47] Shaun Vlassis: If your criteria was I only want Americans and they're very smart, like if those were your two things, you might take the hundreds down to 80 or a hundred. That's [00:25:00] still a hundred people that are specializing in identifying compromise that you would only pay when they found something.

[00:25:09] Shaun Vlassis: That's not a hundred lot of salaries that would have to be paid for. And we pass those costs on. that's been our biggest learnings over time is just how to position what we're doing and then just lean into the fact that we are doing something new. And we take that into account with how we're approaching, you know, prospective buyers, how we approach getting ourselves in different reseller channels.

[00:25:38] Shaun Vlassis: Some won't do it. Some will say, If you don't have a annual recurring revenue of 10 million, well, you're not turning up on this marketplace because that's how they go and prove that it's something they can sell. And so lots of fun as we keep going through it. 

[00:25:57] Carrie Richardson: Well, we're looking forward to seeing [00:26:00] your debut in the US, we'll be sure to raise a glass at one of the many IT conferences that I'm sure we will see you at over the course of the next five years.

[00:26:12] Shaun Vlassis: Thank you very much. I appreciate it. 

[00:26:14] Carrie Richardson: And thank you so much for being a guest on wind today. I really appreciate your time. 

[00:26:19] Shaun Vlassis: Thank you. It's been awesome. 

[00:26:22] Carrie Richardson: Well, have a great evening or I guess morning for you. 

[00:26:25] Shaun Vlassis: Morning for me and you too. It was great chatting.

People on this episode