Where can I listen to this podcast?

This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.

Cybersecurity Builders

Claim This Podcast

by Frontlines.io

68 episodes

Updated Daily

Accepts GuestsHas Sponsors

Podcast Overview

GTM conversations with founders building the future of cybersecurity technology.

Language

🇺🇲

Publishing Since

10/18/2022

Visit Website View on Apple Podcasts RSS Feed

Reach the team behind Cybersecurity Builders

Verified contact details for this show aren't on file yet — sign up to get notified when they land.

Recent Episodes

Episode thumbnail for How StackHawk repositioned runtime testing as the essential layer when AI-generated code made static analysis unmanageable

March 30, 2026

How StackHawk repositioned runtime testing as the essential layer when AI-generated code made static analysis unmanageable

<a href="https://www.linkedin.com/in/joniklippert/">Joni Klippert⁠</a> didn't come from security. She came from DevOps — two companies, including VictorOps, which she joined as the first non-engineering hire and helped bring to market. At conferences like DevOps Days Enterprise, she kept running into the same frustrated security teams: they knew they couldn't keep up with the pace of software delivery, but their only move was to act as a gate. That observation, paired with her co-founder Scott Gerlach's decade of practitioner experience — including CISO at <a href="https://www.stackhawk.com">⁠SendGrid⁠</a> through its acquisition by Twilio — became StackHawk: a dynamic application security testing platform that puts runtime vulnerability testing directly into the CI/CD pipeline, built for the engineers writing the code. In this episode, Joni breaks down how she abandoned her original PLG thesis when enterprise came knocking, how AI-accelerated software delivery has created a structural problem for static analysis tools that benefits StackHawk, and why category definition in AppSec is less about analyst quadrants and more about being precise about what you test and how.TOPICS DISCUSSED<ul><li>Why a DevOps founder built her third company in cybersecurity</li></ul><ul><li>The structural ceiling in engineering-led PLG deals — and what it signals about ICP</li></ul><ul><li>How StackHawk's first major enterprise logo arrived inbound and changed the GTM thesis</li></ul><ul><li>Rotating segment focus when market conditions compress SMB security budgets</li></ul><ul><li>Why AI-accelerated code delivery is a tailwind for runtime testing and a headwind for static analysis</li></ul><ul><li>Building a bridge product for aspirational enterprise buyers who aren't yet DevOps-native</li></ul><ul><li>Category definition when you don't fit cleanly into AppSec or API security</li></ul><ul><li>Working with analysts on emerging categories like DAST in the age of AI</li></ul><ul><li>The organizational misalignment between engineering velocity goals and AppSec team operating models</li></ul>// Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership.<a href="http://www.frontlines.io">⁠ www.FrontLines.io⁠</a>The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe.<a href="http://www.globaltalent.co">⁠ www.GlobalTalent.co⁠</a>//Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here:<a href="https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM">⁠ https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM⁠</a>

March 18, 2026

AI vs. AI: why Quantro Security is building defense for the era of AI-native offense

<a href="https://www.linkedin.com/in/mehul-revankar/">Mehul⁠</a> spent over 20 years building cybersecurity products, including early time at Tenable where he watched the company scale from a scrappy startup to a billion-dollar platform. Now he's co-founding <a href="https://quantro.security/">⁠Quantro Security⁠</a>, which just came out of stealth with an AI agent platform built specifically for cyber defense. The core thesis: AI has reduced the cost of building attacks to near zero, and static rules-based defense tools weren't built for what's coming. Topics Discussed:<ul><li>How AI reduced the cost of exploit development and what that means for defenders</li><li>Why Quantro Security rejects CTEM, risk-based VM, and every existing category</li><li>The "user interface of record" positioning vs. the "system of record" frame most AI companies chase</li><li>Three competitive buckets: hyperscalers, siloed point tools, and internal build teams</li><li>Why agents should be prompting humans, not the other way around</li><li>The vision for a small elite security team managing 50 to 100 purpose-built AI agents </li></ul>Key Insights:<ul><li>AI-native offense requires AI-native defense. Mehul's core thesis isn't speculative — it's built on what he watched happen to his own craft. Writing vulnerability exploits once required deep skill and months of work. AI collapsed that barrier. "So now an attacker can essentially build a functional exploit with just a prompt." The implication for defenders is direct: the tools built for the old pace won't be sufficient for the new one.</li><li>Rejecting every existing category. When Quantro came out of stealth, the obvious move was to slot into CTEM or risk-based vulnerability management. Mehul passed. "Are you a CTEM player? Are you a risk-based VM player? Are you VM player? Well, no, no, no, none of that." The existing categories imply replacing tools. Quantro's frame is different: become the connective layer on top of what customers already have.</li><li>User interface of record, not system of record. Most AI companies pitch replacing core platforms. Quantro's pitch is the opposite: "We don't replace the tools. We just make their existing tools much more, much more effective." Enterprises aren't ripping out entrenched infrastructure. They want ROI from what they've already bought.</li><li>The barbell competitive map. Mehul frames the landscape as a barbell: hyperscalers ("a mile wide, a millimeter deep") on one end, siloed point tools (deep in their own data, blind to organizational context) on the other. Quantro positions as the connective tissue between them.</li><li>The 50% false positive tax. When Mehul talks to security prospects, the same reality surfaces: "Almost 50 % of the time is triaging false positives, reaching out to the people." Asset ownership is unclear. Handoffs break down. None of it moves the risk needle. The agents absorb that work.</li></ul>// Sponsors:Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership.<a href="http://www.frontlines.io">⁠ www.FrontLines.io⁠</a>The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe.<a href="http://www.globaltalent.co">⁠ www.GlobalTalent.co⁠</a>//Topics Discussed:GTM Lessons For B2B Founders:Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here:<a href="https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM">⁠ https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM</a>

February 11, 2026

How Heka Global positioned web intelligence as a fourth fraud detection layer to avoid vendor comparison | Idan Bar-Dov

Identity fraud spiked 148% in 2025 as AI democratized identity fabrication. Financial institutions now face a fundamental question: Are you dealing with a real human? Heka Global is addressing this with web intelligence—analyzing digital footprints like connected applications rather than traditional signals. In this episode of BUILDERS, I sat down with <a href="https://www.linkedin.com/in/idan-bar-dov/">Idan Bar-Dov⁠</a>, Co-Founder & CEO of <a href="https://www.hekaglobal.com/">⁠Heka Global⁠</a>, to explore how his company created a fourth layer in the anti-fraud stack and why legacy identity verification systems are becoming liabilities rather than assets. Topics Discussed: <ul><li>The emergence of "fraud as a service" and why consumer-facing attacks replaced traditional enterprise breaches </li><li>How web intelligence works: validating identity through connected applications and digital footprints </li><li>The anti-fraud tech stack: credit bureaus, biometrics, transaction analytics, and web intelligence as distinct layers </li><li>Why heads of fraud expand budgets rather than replace vendors, and what causes solutions to get kicked out </li><li>The partnership sales model: navigating vendor management complexity and red tape in financial institutions </li><li>Why 10-person dinners and fraud simulations outperform traditional enterprise marketing </li><li>How Barclays and Cornerback backing solved the chicken-and-egg problem for a data product </li><li>Why specific fraud prevention messaging (account takeover, synthetic identities) beat investor credibility</li></ul> GTM Lessons For B2B Founders:<ul><li>Target ICP based on liability exposure, not just industry fit: Heka narrowed beyond "financial institutions" to lenders who bear immediate losses from fraud—companies like LendingPoint, Avant, and Upstart. These buyers feel the pain acutely versus institutions with reimbursement terms who can deflect liability. Idan's insight: "We need the client to feel the pain just as much as we see it. That means we want them to see the liability." </li><li>Frame your product as a new stack layer, not a competitive replacement: Heka positioned web intelligence as the fourth distinct layer after credit bureaus, biometrics, and transaction analytics. This became their second pitch deck slide, showing logos of each category. The result: buyers stopped comparing Heka to existing vendors and started evaluating complementary value. </li><li>Abandon spray-and-pray for sub-1,000 TAM markets: Heka tested Lemlist flows with targeted LLM personalization and saw zero pipeline from it. Idan's take: "When you're selling to maybe a thousand financial institutions, that's it. You can be super specific when you target them." For enterprise plays with small addressable markets, allocate zero budget to automated outbound. Focus entirely on warm introductions, relationship nurturing, and becoming known to every relevant buyer through content and community.</li><li>Leverage investor networks to break data product cold-starts: Data products face a critical barrier—you need customer data to prove value, but need proven value to get customers. Heka solved this by bringing on Barclays and Cornerback as investors who vouched for the team's capability to "do magic and create a new layer." Their backing convinced risk-averse financial institutions to pilot. </li></ul> // Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership.<a href="http://www.frontlines.io">⁠ www.FrontLines.io⁠</a>The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe.<a href="http://www.globaltalent.co">⁠ www.GlobalTalent.co⁠</a>//Don't Miss: New Podcast Series — How I Hire Senior GTM leaders share the tactical hiring frameworks they use to build winning revenue teams. Hosted by Andy Mowat, who scaled 4 unicorns from $10M to $100M+ ARR and launched Whispered to help executives find their next role. Subscribe here:<a href="https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM">⁠ https://open.spotify.com/show/53yCHlPfLSMFimtv0riPyM</a>

68 total episodes available

Deep-dive analytics for Cybersecurity Builders

Frequently asked questions

Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.

What is Cybersecurity Builders?: GTM conversations with founders building the future of cybersecurity technology.
How often does this podcast release new episodes?: This podcast updates daily.
Where can I listen to this podcast?: This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.
Does this podcast accept guests?: Information about guest appearances is not available.

Legal Disclaimer

Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.

All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.

We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.

While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.

By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.