Threat Hunting & Windows 95 | The Cybrary Podcast Ep. 34

podcast default

In this episode of the Cybrary Podcast we sit down with Kyle Hanslovan and Chris Bisnett, the CEO, Chief Architect and Co-Founders of Huntress Labs. Speaking with Ryan Corey and Mike Gruen from Cybrary, Kyle and Chris explain the early issues they ran into when starting Huntress Labs and the Windows 95 problems they are still solving.

Hosted by: Mike Gruen, Ryan Corey, Kyle Hanslovan, Chris Bisnett
Length: 51 minutes
Released on: September 2nd, 2020
Listen to the Audio
Watch the Video
Enjoyed this podcast?
Share it with friends now!

Hackers are regularly developing, exploiting new vulnerabilities, and staying in small business environments. In this interesting Cybrary Podcast episode 34, Ryan Corey and Mike Gruen from Cybrary are speaking with Kyle Hanslovan and Chris Bisnett, the CEO, Chief Architect, and Co-Founders of Huntress Labs. They talk about Huntress Labs, and how it is powering the managed detection and response backed by ThreatOps. They also discuss the early problems they encountered when starting Huntress Labs and how they are still solving Windows 95 problems.


Ryan: Welcome everybody to uh, Cybrary's podcast. We are super pumped today to have good, old friends of ours on the, uh, on the podcast here. Uh, Kyle Hanslovan, Chris Bisnett from Huntress. Welcome boys.

Kyle: Hey.

Chris: A huge thanks for having us.

Ryan: Yeah, thank you. So, um, my name is Ryan. I'm the CEO and co-founder of Cybrary. Want to go around the horn and get some introductions from you guys? So, Kyle, let me start with you,

Kyle: Kyle CEO of Huntress, Chief Janitor, and, uh, great sounding voice right.

Ryan: I get it

Kyle: Top that Chris.

Ryan: Chris, how about you?

Chris: I'm Chris Bisnett, I'm the, uh, one of the co-founders, chief architect here at Huntress. Uh my job is to build stuff and figure out how we take some of these business ideas and make them actually happen.

Ryan: That's fun, I'm sure we'll be talking about that today. Mike.

Mike: Yep and Mike Gruen, uh, VP of Engineering and uh CSO, so Head of Security and Head of Technology um basically a lot of stuff just rolls up into me.

Ryan: Yeah, that's Cybrary.

Mike: That's Cybrary, yes

Ryan: You didn't just like leave and go to Huntress all of a sudden, did yah? Yeah.

Mike: Yeah, yeah, yeah.

Kyle: We haven't told you yet, Ryan.

Chris: That's why we're doing this.

Ryan: Surprise. Right, right well, so, um, guys, I think we did our first content together when Cybrary, like you said, was probably eight people. Um, if that. Uh, it was back at our old office in Greenbelt, which is right up the street from here. We're we're in college park now. Um, but why don't you give us a little bit of a background story on the company? It was called Huntress labs at the time. Right? Um, but give us a little bit of a background story on the company, how it came together, how it got started, that kind of thing.

Kyle: Chris, you want me to take that?

Chris: Sure.

Kyle: So uh, you know all good stories especially with technical founders usually are a uh, a solution in search of a problem instead of the other way around. Nobody ever likes to admit it but uh Chris and I's background was offensive Cyber Security, our other co-founder, John, same type of background worked at NSA with us. You know, we've kind of been married now 10 plus years. Uh, and the handle that we had at the time was look, we knew anything and everything about breaking into systems and it kind of started to wear on us that we weren't doing enough to give back, uh, fast forward now to 2020, we've got 23,000 businesses using our software. So when they have an incident, we can quickly discover it, help them respond, remediate more importantly, recover, just kind of commoditize when an incident happens and it turns out that was just a huge gap that in 2015, we had an inkling it was a problem, had no clue that it was going to be such a, uh, you know, wild roller coaster between success and then obviously pivoting as we went along the way to kind of really tailor our offering to what people really had for problems instead of what we thought was the problem.

Ryan: Got it, got it. Like every company that starts out or every startup out there it's, it's never entirely up into the right. Right? But you guys have had a lot of success in recent, you know, in the, in the recent, what year and a half, two years. Um, what was it like in those early days to kind of, you know, keep going and try to get over the hump that that was the inflection point that you need.

Chris: It was uh, it was a slow burn for us. You know, some people are like, they, they get their idea, they make something, they, you know, they post it to the internet and then people just start showing up and it goes gangbusters, right? Like that's like the typical startup dream for us it was a very slow burn. Um, Initially, we decided we were going to go after the small and medium market, because there was, when you go to the enterprise level, you got to really have all of these features already ironed out. You gotta be fairly feature complete. Um, and when we looked at it, there were a lot of players there with tons of money, throwing around a lot of marinade doing marketing, and we said like, it's going to be really tough to compete with them without having a lot of money so is there some other way we can do it? And we realized there were just tons of these small and medium businesses who were completely underserved like they just didn't have products, um, that could either fit their budget, uh, fit their skill set, right? Like if they don't have a sock, if they don't have security experts, a lot of these tools are out of their, you know, range for them to be able to use. Uh, and it didn't fit their workflow, right. They couldn't, they couldn't just pick up the tool and use it and have it, tell them what they needed to do. You had to put in all this effort and do all this analysis and stuff so it just didn't really work for them, so we started going after the small and medium business, but as what was surprising to us is we went to a lot of these investors and said, Hey, look, we're having this traction or getting these people they're signing up, you know, we'd like some investment and everybody was kind of like, ah, I don't know about the small and medium businesses. We know a lot about enterprise if you want to sell the enterprise, we can talk small medium business,I don't really know. So for a long time it was bootstrapped. We got a little bit of money from some angels early. Um, but there was a lot of, a lot of grinding. Would you say count for like two years, three years?

Kyle: Yeah, yeah. We can be asked about that a little bit more later, but I mean, Ryan, maybe, maybe some of the most impactful moments are even us hanging with you all where you're talking about where Cybrary was figuring out where their fit was obviously understanding there was some knowledge gaps. Hey, we need to help people train learn better. Can we help provide content? Can we be that learning management system and continuing to pivot and grow for us was. Yeah, cool. Congrats our technology worked, but how do you really wrap the messaging around it? How do you get better at marketing? Um, and so our success really didn't start till two and a half years into it where we saw any success, let alone, this was truly going to be month over month, solid growth.

Ryan: Gotcha, gotcha. For us. Um, some of the key inflection points in our company came via, um, product discovery. So a product person who's trained in product. You know, they think about concepts like, uh, jobs to be done, Clay Christensen thing. And, um, some of our best inflection points or our greatest inflection points came on the heels of real value discovery. Right. So we, we were kind of the opposite of you guys. We were, we were pretty good at marketing, not so great at product. And it took us to kind of get good product people in here before the inflection points hit. So it sounds like it's kind of a reverse thing. You guys are great product guys, you know the heck out of your craft and then it took, it took some of that messaging and everything to get to the right audience, right?

Kyle: Yeah, oh gosh, uh, you know, everybody talks about the successes. I think the failures are much more fun. I mean, I was literally calling the small businesses initially and they were like, listen, we don't even have an IT department who should call these people we outsource to like, there's nothing worse than when you think you're calling you a customer and not only have you gotten, the persona so wrong, there's nobody at the business that does what you do like that's just about the biggest sing and miss you can get.

Ryan: You did a lot of it in the first couple of years huh?

Kyle: I mean, but you become an expert, right? I mean, that's how you get good. Right? Isn't it knowing the basics. So.

Chris: Yeah, that led us to a lot of discoveries like you're talking about that helped us get to product market fit, you know where we were talking with these people saying like, hey, you have this thing like, what are the problems that you have? What are you doing? What works? What doesn't work? You know, all that kind of stuff. Like I'm more interested in, what's not working for you. Um, and then, so we just kind of kept having those conversations and we would talk about it and say, Hey, look, we got all these people here who are having the same problem. Can we help them solve that? And so we just kinda went that way.

Mike: I think one of the challenges for companies is so knowing when to say no, like things, yeah, we can definitely help you with that problem. I can't tell you how many companies I've worked at, where we end up chasing the problem because we know we can solve it, but it's not that it's tangential and I'm curious what your experiences were with that.

Kyle: So we got pretty good at saying no.

Mike: That's good.

Kyle: Uh, I don't know if it's that we were all founders that had kids or what it was, but, uh, we, we have heard some horror stories, especially in the enterprise space where people are like, look, I just lo, you know, landed one of the top three banks but now I'm more or less shackled to their needs and their requirements and I'm gonna have to tailor my product to exactly what they need to be able to survive this thing and we got really good at saying, like, we generally knew what we wanted to be like. I like Ryan hit the nail on the head was saying, hey, not, not the best at marketing what we did want to be, even though we knew what we wanted to be.

Mike: Makes sense.

Ryan: So who are those buyers? And, and, and if you want, maybe we can get a little more, look deep into the technical side of the, of the product, which obviously I would defer to Mike for the questions there. But, um, yeah. Why don't you tell us who the buyers are right now?

Kyle: Yeah, so, uh, talking about getting nerdy, right. We obviously all think about, uh, you know, when you're talking about securing Wiindows computers in the SMB market, like 95% of them are Windows. I'll bet Chris is right now on the Zoom on a Linux machine. Uh, I've always got a virtual machine running something, right or most of our companies on Mac OS uh, we had to really first understand, like, where is that center mass? Alright. We've got to cover Windows at minimum. The next part of it was alright, h, where are hackers getting in that we can make the biggest difference and show quickest proof of value. Right? That was one of those things of, so what if you're able to make the big difference if you can't make anybody realize that in that typical elevator speech or quick moment? That was going to make or break us is what our belief was in 2015 and so we've put all of our effort into this like self service, super easy, click a button and kind of show yourself, Hey, can we find a hacker on that windows, computer that's already has access despite you running like awesome preventive tools and this was based on Chris's background at NSA where our jobs weren't necessarily initial access, but we were there to be long-term persistent access. Right, so if you think about that acronym, advanced, persistent threat or apt, we were kind of going after the P or the persistence part, and that was it. That was our whole bread and butter when we initially got started was, how do we find somebody dwelling in your network that's already in there? Not on like a test VM, not like a, you know, with a malware sample, but truly in your network and then that was kind of the recipe. We, we, we put all our eggs in that basket that if we could show you something, it would make a difference. And Chris, while we're still at like high, you know, high seventies, low eighties percent of our trials, we're able to show that. So that was kind of key.

Chris: Yeah. I think when we were having a lot of these early sales conversations where we were getting trials in, and this was like, you know, back in the day before we really had like a whole sales team when it was like Kyle and myself, and then we hired one sales guy and, you know, we, we were trials were coming in and we'd have these like high touch. We'd call them, we'd have these long calls with them, trying to figure out what was going on. And it wasn't long after that, where we kind of realized like, Hey, some of these trials, they would go the full trial period. They'd go 21 days. They'd go 30 days and at the end there was still this, they weren't sure we'd still have to have this conversation to convince them that was the thing they wanted but then we also had these trials, they would like come in, they would love it and it was like slam dunk and like they would sign up and they would buy and so we really had to step back and say like, well, what's the difference between these two trials and at the end of the day, like Kyle said, it was that proof of value for those people who signed up and actually went through the process of like using the product they deployed it out. I think at one point we had some stat where it was like, if you sign up for Huntress and you deploy a hundred agents or more, the chance of that finding something was like 80, almost 90%. Um, and it made closing those deals real easy. So for us, that became that, that was like the North star. How do we get a trial in and how do we get them past that hundred and point mark? Because it just made the deal so much easier to convert, like there was so much less effort that we had to put into convincing somebody that this was a thing they needed. We'd shown them, Hey, this is what you need. And here's why.

Kyle: You're right. I'd tell the story to my like punk teenage kids and ironically, one of them told me, you know, they're like, Oh yeah, dad, didn't, you know, seeing is believing and I was like, okay, Yeah, yeah, yeah, I got that. It's a little bit harder in real life, but it is sometimes that simple. You just don't. I mean, you got all the technical chops, uh, you know, Chris and I's probably coolest technical accolade as we want one Defcon's Capture the Flag and now that's like an old accolade for us. Cause it's you know, eight years ago we won the darn thing or something like that. Uh, so you know, our skills are starting to atrophy a bit. Um, but keeping up the technical excellence as you, you bring on other people to do that for you has been something we were also big about. So, um, not to reverse the question on you, Mike or Ryan, but when you guys started out, obviously content was huge, but you've scaled big time too. How are you guys keeping up with, uh, making sure the people you're bringing on board are technical, um, you know and handling that without your own skills atrophied

Ryan: Yeah, sure. Well, for us, we did a really great job of, you know, building a community. So it kind of started with that so in that community, you have, um, you have everything from CSOs, all, you know, all the way down, the food chain in cybersecurity. So the, um, so when we built that community, we, we now have a team called the content and community team, and so the content community team, um, they bring in people into what we have a creator network, so these people are like intentionally there to create and so they get highly vetted before they go in. Um, and then the content team also deploys rubrics of quality standards to these people and we actually have an instructional coach that coaches subject matter experts on how to teach a great online course or how to create a great lab or how to create a CTF challenge or whatever right, an assessment, that kind of thing. So it started with building a community and then you just put processes in place and, um, and coaching and that's, that's where we are today so that that's kinda how we got there, but that didn't come about until what like a year and a half ago.

Mike: Yeah, something like that and then also on the sales side, I think we do a great job. The content community team does a great job of talking to them, uh, talking to them about what the courses are, what the point is, and sort of working hand in hand on these engagements, um, there's even, um, you know, a resource or two that's dedicated to helping onboard customers and then with regard to the content uh, and similarly product has those same conversations with that team. So, um, we don't necessarily have to bring in the most technical sales teams. We just have to bring in, people are open minded, capable of learning and, um, can really sort of process it and then talk to talk to our customers about what we have to offer.

Kyle: Gosh, it's crazy. What a little motivation, right? You bring on the right person that wants to learn, that wants to make a difference, and you know, sometimes make a much bigger difference than your, your rock stars that, you know, have the name recognition. So that's cool that you guys are figuring that out too.

Mike: Yeah,

Ryan: Yeah, for sure. So we're gonna jump into the technical side a little bit there.

Kyle: Yeah. Chris, I mean your chief architect, you want to, want to explain where we were and how we got to where we're at and what some of the shadiness under the hood was.

Chris: Yeah. So, uh, I guess to take it all the way back so Kyle had been kicking around this idea for a while of like finding attackers through persistence. Um, and so we, we, we had all these conversations when we were working at NSA, like, Hey, how come know, how come we're able to get by? Like, how come AV's, not catching us, like how come we're not getting caught more. Um, and when we really like looked at it and knowing, and understanding the technical workings of like how AV works, they have a really hard job of like, how do they detect something they've never seen before? Right. Um, and so for us, we said, okay, if you've never seen it, how can you tell if it's good or bad? Is there a way that you can look at this differently? Um, and then can we approach it from that standpoint and say, Hey, we're going to look at it through a different lens basically, or from a different perspective.Um, so whereas AV is looking at a file to say, what do I know of this file? Is it a known good file or the known bad file?

Kyle: Is the behaviour going to be something shady, is it going to do something malicious? Right? There's all, whether it's behavior heuristics. I mean we're kind of at the point in the game where you're not trying to figure out the, you know, the 20 or 30 or 40% problem, you're at the point where you've got it, 90, 95% solved and now, you know, that's an 80 20 rule, right? The last 20% takes 80% of your time. That's where AV is at trying to solve these things. So that, uh, how do we do something different with super core. So, um, yeah. How do I convince you, Chris? It was blackout one year and I managed to get you on, what was it?

Chris: Um, I don't know. I think it was FOMO to be, to be completely, entirely honest, like it was FOMO, right? Like I, like Kyle had asked me this a couple of times and I was like, I don't know, man. Like, it seems obvious, like now that I'm thinking about it, like, why isn't AV doing it there's gotta be something we don't know like there's dragons lurking there that we don't know about and that's, what's going to make it hard and then, uh, you, you and, um, and John and Mark had, uh, submitted and were accepted to mock 37 and you told me about that, and he told me about all this stuff, and I just had this FOMO I had to, I had to be part of it. And I think I, I asked you guys if I could join and be a founder.

Kyle: So Mike, are you early Windows guy by any chance ever play like Windows 3.1 or, you know, Windows NT4

Mike: Yeah, no, uh, yeah I’m that old so definitely use those systems.

Kyle: Yeah, I looked at my last, uh, you know, video here with Cybrary and I had no gray and I looked you up and there's no wrinkles, and this is what five years will do to you. Um, but what was, you know, getting down to the real technical, what we're looking at, if you think about like, you know, let's take Windows 95. I remember powering on Windows 95 and instead of Skype, automatically launching which Microsoft now owns, it was like MSN messenger that would come up right or AIM, uh right automatically launch and come up and so what was really bothersome is like back in those days, uh those applications automatically launched with an entry in your registry called a run key and there's on windows, right, there's like 200 different ways - services, drivers, scheduled tasks, uh, startup folder, you name it, all kinds of provider DLLs. There's just a 'bajillion' ways to launch things on Windows, and Microsoft is all about let's have backwards compatibility forever.

Mike: Right.

Kyle: So here we are in 2015 and I'm like, Chris, I'm seeing malware. That's still using the persistence mechanisms from like Windows 95 days and we're like, gosh, this is like 20 years old. This couldn't possibly still be the thing, but that's what our data was showing and so we did, we went out there and just started like let's collect this in mass and let's see what we could find and it turns out, you know, this morning, our team found once again, run keys in ma, malware, still working here in 2020. So we're talking

Mike: Wow

Kyle: 25 years ago, but these same exact persistence mechanisms, and it turns out most of the community had rallied behind let's find the advanced part. Right,advanced process injection techniques inadvanced, maybe exploits, right? Or how are they, you know, staging their command and control, doing crazy stuff with like DNS records to be able to maybe even exfiltrate DNS and it turns out there was a gap that, well, everybody looked at the advanced side and then you had other vendors that looked at the threat actors, the T, right, right. We skipped over that persistence piece there and nobody looked at it. So now I'm, you know, five years into it we kind of know this data set better than anybody and it's a bit, I won't be as egotistical or to say it's like shooting fish in a barrel because hackers don't work that way, they don't make it easy. There's humans on the other end of it. Um, but we've gotten so good now. We're actually expanding beyond just persistence. Right? Expanding just beyond what we were doing and now opening up new cans of worms where we're finding hackers, you know, just like the pea was unaddressed the first five years of our business. It turns out there's a whole lot of other acronyms that don't fit in apt where people are focusing on.

Mike: Right. In terms of, so, yeah, I mean, I definitely remember that stuff from Windows days. Um, it's just funny you bring it up because this weekend I was doing something somewhere with my Mac, I feel like, um, back in the day, one of the big pulls for me to switch from Windows was, I fell in love with next machines back in the nineties and so OSX is just the next machine.

Kyle: Yep.

Mike: Um, and so, but this weekend there was something, one of my, so we have multiple accounts for our kids. Something was definitely slowing down his account and I could not figure out what was automatically starting up somewhere and I feel like they've gone from this nice, like, Hey, if you want to uninstall something, just delete it to, you know, just take it out of the applications, put them in the trash now it's, it's almost exactly what Windows used to be, where you have to like run Unix commands to find all the different places this thing may have inserted itself. Um, I guess it's just funny that it just doesn't seem to ever, it's never going to go away. Yeah.

Kyle: Well, when I think about like the Cybrary's content creators, I've definitely seen some, whether it is in some of the older forums or even just some of the newer content talking about like, you know, Windows has some tooling called the SIS internal suite. There are all kinds of ways to be able to do basic system administration, monitor processes, look at places in the registry, you name it. There's a feature for it. Well, it turns out like those things don't even exist on Mac until recently, ironically, a former coworker of ours at NSA named Patrick Wartell is uh currently building these as part of their project. It's an open source project called Objective C, which it's meant for providing all these like diagnostics what's automatically starting, what is injecting into what, what's calling out to these websites, so while Windows right is still 25 years into it, still getting beat up or even longer, um, Mac, obviously has a similar rich background, but we're just starting to get like the introspection tools.

Mike: Right

Kyle: And the reason for it is there's just starting to be a real need where we're clearly seeing, I mean, our team, Chris, do you recall of our team? Is it, is it 80, 90% of our teams using Mac?

Chris: Yeah, a lot. All the marketing, all the sales. We tried to get them on Chromebooks cause they were like Duo was using them and they were super secure and we're like, we're going to get you guys Chromebooks and they kind of rebelled a little bit. They, uh, they pretty much said like, guys, this is,

Kyle: that was not a little bit, they had pitchforks

Mike: That is not a place I went to work. Yeah we briefly tried to do something similar with iPad pros and then we talked and then we were like, maybe we should do something with Chromebooks then we decided,no, we'll just let them all use Macnook airs and be done with it.

Kyle: But that's it right?Like, look at between just our two companies. How many folks actually, in a situation where Mac is becoming the norm and as a result, hackers are going to go where opportunity. It's like really corny nineties Field of the Dreams reference. Like if you build it, they will come. Right.

Mike: Right.

Kyle: They've built Macs and people are using them. And now that we're there, malware authors will come, right and they'll come and come with malware, unfortunately. So, um, we're even in that situation now where it was initially let's get out, let's be, you know, get a platform in place. Let's be viable. But one of the number one things that we're cranking away at right now is better support and expanding from proof of concept to a full on Mac agent, which is uh, I mean, it's cool. It's cool that we're, you know, the hackers are pivoting to, and it's cool that all of us are playing with these new tools, but that also means the attack services like hotter too.

Mike: My last company, we were doing a, um, user entity, behavioral analytics and so we were also working on, you know, influence on laptops and um, you know, we had Windows was wherever you're focused and, you know, we'd partner with someone who they had like an app, you know, a Mac OS endpoint but I would say it wasn't, wasn't nearly as rich as the Windows one is because, you know, most enterprises still not using, we're using Mac as much. Um, but yeah, as that continues to penetrate the market, obviously that's gonna create more, um, more demands, you know, more, more people gonna have interest in, in, uh, attacking those right, cause larger percentage, um.

Chris: As a CSO, how do you deal with all of these different and unique like environments, right? Macs, Windows. I'm sure some of your developers probably have like Linux machines.

Mike: No so I roll with an iron fist. Um, and so everybody's on a Mac, there's only a couple of Windows machines. Um, I usually don't talk about it, but our finance team rebels if I try and force them onto anything other than them.

Chris: Same thing.

Kyle: It's because. So I actually had one, I said, show me like, what, what can you do in Office 365 or, you know, office and it turns out Excel is not, as good outside of, uh.

Chris: We hired a VP of finance. We were going to order my Mac and he was like, no.

Mike: No. Right. Right. You can put a virtual machine on it, running Windows for me. That's right. Um, so I'm actually, it's funny. I just got off a call with a different company and they were telling me that they got their finance guy, not just using a Mac, but using G-suite. So, um, yeah, I don't know. I guess mind blowing for me cause Excel.

Ryan: I get it because I'm jealous of that guy.

Mike: Exactly, Excel was amazing. Um, But, yeah, so we, um, so yeah, for the most part, everything's running on Windows. Um, and then we have, um, you know, we use MDM and other things to sort of manage them. Um, and then, uh, everything we're doing is cloud-based so there's very little, um, in fact, one of our, somebody was down today, um, got locked out of their laptop. I won't get into the bugs and Mac OS um, but got locked out and so wiped her laptop and got her up and running very, very quickly cause nothing's stored locally. So we can, there's a fair bit of, of, um, security that comes from that as well. We just don't really have almost everything that needs to be protected is protected somewhere. Elsewhere it's easier to sort of manage and monitor.

Chris: Nice.

Kyle: Now we get that. I mean, for, you know, I, I'm always thinking about the audio that's right. We get a chance to do a lot of like podcasts, a lot of education and training. I think about Cybrary's audience right. Which is a lot of learners. Um, and you know, for those folks that are upcoming and stuff like A-plus or security plus, or CCNA, or any of those, you know, common foundations that we think of, um, I'm always, you know, reminiscent of like when I learned those and I got my certifications forever ago, the environment was completely different. So when I thought about like, how would I architect, you know, a network, for instance, proper segmentation and things back in the day, it looked nothing like this. For instance, we have some of the even startups in the, that are, uh, you know, in the market where we're at that use appliances and that's the only way they can provide security and the day that work from home happened with COVID-19 those appliances protected nobody, everybody there weren't VPNing back into the network to get it and so it's cool about learning some of these foundational skills nowadays that I'd argue you have a huge leg up on a lot of the people that came from the old world where everything was, you know, I had a firewall and it was protected just like a castle, right.It's got a moat and high walls and archers and you know, but nowadays everybody's everywhere. You know, look, we're working from four different locations right now for this podcast.

Mike: Right, the other thing is like, as things move towards server-less, like, what is, what is security look when there is no server and how do you secure that and how do you monitor that? Um, intrusion detection? What's that look like? Um, if the machine is only for, you know, for a few minutes to, uh, or the, you know, the instances running for a few minutes to run a function and then shuts down again,

Kyle: Chris uses Lambda, right? For milliseconds. It builds at the 100 millisecond level, yeah.

Mike: Right.

Kyle: What are you going to find when it's up that quick? And if there is something going on, do you have introspection into that? Probably not.

Mike: Right. Um, and yeah, so I think, I think it's, it's interesting that we at Cybrary uh, very lucky in that, you know, um, early on, we were able to sort of go that whole DevSecOps infrastructure's code really adopt the cloud, um, way of doing things so it makes all of that a lot easier. Um, other places, you know, they just, especially the larger organizations or even small ones that don't have the team don't have the ability to hire those, those people. I think it's getting to that level, um, is very difficult. I think there's so much, that's still old world and I forget about that. I get spoiled sometimes when I talk to my team and then, you know, I go and talk to someone else. I was like, Oh you're, yeah, I forgot about that. That's a, that's a real thing. Isn't it? You know, whatever it is. Um, so.

Kyle: So Ryan, you get huge kudos for doing good job at hirig Mike here, because the people who aren't adopting this type of like infrastructure or service or the idea of infastructure as code are, uh, in for a rude awakening. I mean, we're talking about it's becoming so mainstream for us is so, uh, for our CRM, right? Where we store, obviously all our applicants, things, um, you could go through the UI and point and click and create a whole bunch of these objects but we're talking about Chris' engineering team the other day, actually provisions how the CRM works through code now.

Chris: Yeah.

Kyle: It's a hundred percent, so it's repeatable, it's done in a standard and, you know, even if it goes down or somebody blows it away by accident, they can, reprovision not only from backups, but the actual objects noe and you would, when you think of infrastructure as code, you think of like, maybe I provisioned a server or a firewall or something along those lines. You don't think about tables in your CRM, but that's where it's going. So hats off to you, Mike, for embracing that stuff early on.

Mike: Oh, thanks. Yeah, no, we, um, yeah, we, same thing. Anything, uh, whenever somebody requests access to anything, it's all pull requests, it gets reviewed. Um, which gives you that also not just the infrastructure's code from the perspective of, Oh, if everything were to shut down, can we just stand it back up, but the audit trails that come along with that by following good software engineering practices of like, Hey, we need two approvers to, to approve a pull request, it means that there's nobody getting access without someone saying, you know, without someone else's eyes on it. Um, so there's always that audit trail. There's always, you know, there's a lot of controls in place and it's just a natural, the, the, I think the key to making it work is that, um, It's just a natural flow. It's just a part of the workflow, especially for the software developers, as you start getting into their workflows and inserting security to that, I think it's important to recognize how they work and make sure that what you're doing just sort of aligns with that fairly well. Um, so it just looks like another unit test if it's the case of like, Hey, there's this dependency check that just failed. Um, the library you're using is that a data has a CVE. Like how do I remediate that? But as a software developer, without having to know really all of the minutia that goes with that, it's like just update the library,test this branch and, uh, and you know, issue a pull request, done.

Kyle: Yeah, I got you and, uh, you know, definitely not getting political at all, but in the woke atmosphere that we're at, right. It's sometimes it's hard to get rid of, you know, old legacy things, old legacy habits and I can't, but help think about some of our partners that, you know, um, they've been doing it this way for 20 some years and it's worked in the, IT person has been around whether guy or gal, right, has been doing it this way and breaking those habits is hard uh, and so like the idea of people investing in this constant, like, you know, whether education and training, um, I think we're, we're all kind of lucky that our companies are only a couple of years old, right? Five, six years old that we get to build on all this like rockstar development, where we look and we're purely in the cloud and we have all this functionality. Meanwhile, guaranteed go knock on the accountant or law firms you know, door closest to you and you'll see like the most, you know, ratchet beat up network you've ever seen because they've never iterated. Maybe they've got better at like they're their law firm or how they're keeping up with the most modern laws but it's definitely not that way in IT.

Ryan: Yeah. Um, the other thing, what did you walk into at Cybrary?

Mike: So, uh, so when I first got here, everything was running on WordPress, which not exactly a scalable extensible solution. Um, and, uh, but we were, uh, again, on the last conversation I was having, we were joking that like our monitoring solution was Twitter. Uh, so that's, uh, frequently how we found out the site was down was because users were like, I can't log in. Um, my first week I think we, um, I think in my first week or two weeks, I think the site went down four times. Um, so I knew like this needs to be addressed. So one of the first people I hired, I stole from my last organization, um, brought them in as a contractor to do infrastructure and originally the intent was like, Hey, let's rearchitect. And then it was like, Hey, let's just stabilize so that we can work on these other things so stabilize and scale. Um, and we, we moved pretty quickly through that quickly, you know, nine months worth of work to get to the point where we were finally launching our new architecture. There's a lot of work to sort of just stabilize WordPress and securing is a whole nother.

Ryan: Go ahead Chris.

Chris: I'll just say kudos to you for, for, uh, you know, making that decision and kind of not just saying like, okay, we have this thing, let's just keep going with it because that's like, that's the easy thing.

Mike: Well, I was hired specifically to kudos to Ryan and Trevor and the, and the founders cause that's what I was hired.

Chris: Okay, right.

Mike: There was this recognition of this thing isn't going to scale. We need, we need a better solution here and let's find someone to help us do that and so, um, I was, um, I was very excited. It was one of the few times, um, where I was coming in and it was sort of this like weird place of like certain amount of brownfield, but also a ton of greenfield because I knew we were going to be able to do all this new infrastructure stuff. So, yes.

Chris: Super hard though. I mean, if you look at like Netflix, right? Netflix was shipping DVDs, they were making money.

Mike: Right.

Chris: They were making a bunch of money and they said, you know what? This DVD thing is cool, but this is not the future. Like, we're going to shed this whole, like shipping DVD business and we're going to streaming and a lot of people were like, you're crazy. Like you're taking this business that is making money that is growing and you're going to throw it away for this unknown thing. Like you're crazy. Look where they are now.

Mike: Right.

Chris: Imagine if they were still shipping DVDs, they'd be done. Hulu and Amazon streaming and all of a sudden they'd killed them long time ago.

Mike: Yeah.

Ryan: Mike you walked into more of a firestorm also from how we were running our own internal network, right. Windows server boxes.

Mike: Yeah. I mean, everything was, uh, yeah, I mean, there was, there was a lot going on, um, Uh, was right. We were using Office 365. We were on, uh, we had a contractor who she also contracted with other uh, sister companies and so, um, there were some shared resources, data, things like that. Yeah. Uh, you know, there was a firewall, but I didn't have control over it. Uh, this other company did stuff like that. So, um, again the same, uh, it's why I've hired Jonathan. The first person I've brought in as a contractor was originally to, uh, help me solve all of those things cause he'd helped me in the past with solving them. But yeah. Um, yeah, there was a number of those, um, Yeah, fun times, you know, you look at, you know, um, you know, and getting everybody to, um, you know, putting in more processes right now. Uh, like I remember everybody had admin access to everything. The notion of least privilege was like, what, why would I, why would we not have admin access? And you know, there's still, you know, my job is to say, yes, my job is to figure out a way to get someone what they need. It's not to block them, but at the same time, you know, making sure that we're not just saying yes to everything and that you don't over privilege. Um

Kyle: On a daily basis, we look at over a half million computers. We can generally tell within the first handful of minutes, based on like the sanding, uh, almost the sanity, your network, we'll say hygiene right of your network, whether or not you're implementing least privilege. It's that crystal clear to us so, um, you know, I know it's one thing to read about it in the books it's a whole nother thing to actually do it. Uh, maybe that's the biggest takeaway on some of this stuff is like, look, we're talking about it. It's been around for 20 years that we should do this.

Mike: Right. Yeah, no, I mean, just getting multi-factor authentication or any of those types of things. Right. We all know that it's good things to do, trying to roll that stuff out or um on the IT front. Right? Um, there was no MBM, there was no DP. We like, um, our CEO would just go to the Apple store and buy a Mac, um, whatever, you know, for whatever new employee, there was no standardization of what those things even looked like. Um, so getting a lot of that under control, um, and now, you know, despite not really having an IT team, you know, moving more and more towards, um, you know, what are we going to do from an MDM to make sure that, you know, people don't, who don't need admin access on their laptop, don't have admin access on their laptop, um, which when you only have, you know, one and a half people, um, and one of those people's me doing IT. Um, it's, it's, it's pretty tough to, to, you know, to figure out how to make that work. Um, but yeah, it's and again, it was, it's easier when you started a company when there's 19 people and you can sort of, um, you know, there's a lot of buy-in from people that everybody understood the importance of the cybersecurity, cybersecurity space. People understand it. There was, there was, um, I never got a lot of resistance, which was great. I can't imagine. What's it like at other organizations where there, where that isn't the case. I remember, um, one of the companies I worked at where, um, was actually the company that really sort of started shifting me from software development into security and I remember talking to the CSO and just, I didn't envy the guy, like, he was just like at every turn everybody was..

Kyle: Broken soul.

Mike: Yeah. I mean, everybody was just trying to figure out how to work around his policies and all of his policies were like, yeah, completely reasonable. Like, yeah. You know what? That's a segregated network. Don't plug it in. Like, don't just change the ethernet cable.

Chris: Yeah.

Mike: So, um, but yeah, so I, you know, that's a tough job and, um, I'm sort of blessed that, you know, where I work and the people that, again, it's, it's fairly straight forward.

Chris: It's interesting how similar we are. I mean, from the, from the same standpoint of like hire somebody, go order a Mac, go to, you know, the Apple store, just order a Mac ship it to their house. We don't have an IT team either. It's like me and like, you know, we got kind of like an ad hoc volunteer based IT team

Mike: Right.

Chris: And so it's like, we're, we're in the same, like MDM trying to lock stuff down. But like, to your point, I want to say yes, I don't want to be the no guy. I don't want to be that CSO or the person who's making the policies that everybody hates and everybody's trying to go around.

Mike: Right.


Chris: But I got to balance that with like security

Mike: Yeah I get it.

Chris: I need to enable productivity.

Mike: Well the thing is, one of the things I learned at my last job, which was great, I was also, uh, for a little while, um, um, uh, Product, VP of product and platform. So what I, one of the things that was driving me nuts was there were some, some people, uh, on the, what would say is on the other side, so on the professional services side are sort of, uh, customer success side who were constantly going around me to get information from the engineers and one of the first lessons I learned was, um, well, if I have an 8:30 meeting with this guy every day, uh, to talk about, to go through all of the priorities um, he's not going to do that and what I learned was, if you can, the reason why people work around you is because of what you're trying to do makes their life harder. If you can, if you can figure out how to make it so that's just natural and fits into what they want to do nobody wants to work around you. Everybody wants to follow the rules. It's just when those rules are preventing them from being productive. Um, and so just sort of recognizing that and just figuring out a way and saying like, okay, cool. Let's let's, you know, maybe I have to make a change. Maybe I have to get up early every morning to talk to you or maybe we have to set up some new administrative like privilege that doesn't, you know some role that doesn't exist, just so that we can make sure that we're satisfying what you need. Um, but yeah, it's definitely, uh, a lesson.

Kyle: So Ryan, we geeked out hardcore over here, getting all kinds of nerdy. We miss, we miss anything here though.

Ryan: Mike, what do you think? Did you have a good discussion there?

Mike: I think we had a good discussion.

Ryan: Yeah

Mike: Yeah, yeah.

Ryan: Good. Why don't we, uh, why don't we pivot then? Let's hear, what is the, uh, what's the future holding for, for, for Huntress? What's uh, what are the next kind of 12 months look like? And then where do you think this thing is going?

Kyle: Yeah, I'll get, I'll give away some cool secrets here. So, um, one of the things that we always imagined was our product was probably a platform from the early get-go, but didn't know what that meant, right. It just meant we had a bigger vision for what we wanted to do and there was a lot of things we wanted to do. Um, But you've got to start somewhere. That's that's always the problem. Like even these security incidents we talked about or taken away, admin privileges, you got to start somewhere and so we did, we started with persistence. Um, nut during our race, when we started talking with investors, investors, like this is going to be huge, especially when you're going after, you know, most recent census shows over 30 million small businesses and medium businesses in just the U.S so they're like, look, you're going after a market that's just huge. Why stop at just persistence? And we're like, Oh, we got some real tricks up our sleeves so the next 12 months, actually the next 12 days, um, we're uh, we're going to take this vision that we've had for the last four and a half years and we're going to more or less not tell our customers they're going to come in and they're going to have a platform instead of a product which has multiple products within this platform at no cost. It's one of the benefits for us that when we looked at like what the economy needs right now, what we needed to be able to show and give back, um, that's huge. So literally they don't know, we're not planning to make an announcement til it's time. We're going to spring this on them as a just huge thanks for being with us, um, with the no adjustments to the finance side but what that actually is doing is it's self serving. For us we've always had more than just like hacker persistence for like, look, people have a hard time tweaking those group policies to be able to set least privilege on admin or set these really sharp ideas like let's not allow multiple failed password attempts within a certain amount of time. Let's lock it out, like we know these basics, so we're going to start adding many more, whether we can call them products or services, that's kind of still up in the air, but many more services and it's just part of the Huntress platform. Once again, feel free. So, pretty good about that. Um, the big problems that we're looking to slay right away is ransomware so, if you're thinking about the Canary in the coal mine conversation, this is going to be like our own Canary that as soon as you, you know, the Canary dies, you know, you got to get out of that coal mine. This is going to be, you know, Oh crap we have ransomware Sunday night, let's start restoring from backups now instead of seven o'clock in the morning when that customer's PO they're down, right? Because productivity is out, kind of giving the IT team a, you know, a leg up on hackers in this cat and mouse game. But, uh, I would say the next 12 months are heavily involved around expanding that platform and the products offered on it. Chris is, you'd say that's accurate.

Chris: Yeah. Yeah, I think so. I mean, the only thing I would add to that is for, I know the, the Cybrary audience is a lot of people, you know, trying to get into security, learning and stuff from a founder perspective. Um, it's real easy to think big in the very beginning and say like, we're gonna make this huge platform, uh, but you, you can't be sort of, kind of okay. In a bunch of things, you're not gonna, you're not gonna really do well, you gotta be focused and so for us, we were super focused on persistence, like laser focus that was all we did. Um, and to some of the points that were made earlier, we had to say no to a lot of things. There were a lot of ideas that we had that we toyed around with. We were like, Oh, we could do this cool thing. Now we need a persistence. We need to get this. We need to show people value. It's not trying to go too broad, too early. Um, and so, you know, we did that. We went for awhile and we said, okay, with this raise, we're going to bring in money. We're going to expand the team. And at that same time, we're going to go big on this whole platform thing and show that it's like, MDR was cool. That was how we got here. Um, But there's so many other problems that small and medium businesses face with their security and implementing it and monitoring it. How do we help them with? Yeah.

Kyle: The next one, right is the, the bigger vision more than 12 months, right but the, the visions that you can dream of, um, what's funny is once again, as a, as a founder, everybody asks you, especially investors, the same couple of questions that sometimes you want to, I, you know, roll your eyes at. What are you going to do in the future? And the answer, there's only three answers, right? I'm going to IPO the sucker and go public. I am going to get bought, or I'm going to die trying, that's your only three outcomes in startup life, period. Um, and after you answer that a thousand times, you kind of want to yell that, but what's funny is even for us as founders, we, um, we knew we were making differences. We knew we were growing very quick. I mean, we're talking about 24 months of 10% month over month growth, you know, that we had in a row and still growing on this trend. Um, even during the, COVID-19 seeing a little bit less of the growth, but we're talking about solid growth, never a low month. Um, but I would say it's only been in the last probably 12 months for sure that we went from, I think we're going to be able to do something big to, I know we're going to be able to make something huge and so I would say, you know, taking a vulnerable moment. You know IPO is now something where, when we say we're going to do it, it's not just a pitch to investors, but investors are not, we know how we're going to get there. We know what we're going to do. We know we're going to have to adapt to and release product sooner or later, we didn't see COVID-19 coming right? We didn't see the economy going to trash, but we did see, you know, the ability to make a bigger difference and so I would say for the first time, in five years, It's no longer a question of like, you know, some people ask, like, how do you become a unicorn or how do you be, you know, that effectively means how do you become worth a billion dollars, right? The three comma club or trace commons club for anybody that watches a Silicon Valley. Right. Um, you have, um, but the long story short is it's now pretty, uh, pretty evident we're going to be able to get there. It's just going to be a lot of time, a lot of effort. Um, a lot of what Chris mentioned, which is not being the master at everything, but getting really good at some very specific basics and then hopefully be where Chris and I are not, uh, are now at our, in our security career where you could throw any security problem at us we can now solve it. It's just taken us 20 years to get there. Right. 20 years of being terrible at a lot of things, but being good at one or two to come full circle. So I would say that was, that would be my five year of, you know, we're going to continue doubling revenue every year. We're going to continue doubling or tripling what our products can do for our partners showing more value. Um, and I'm gonna encourage maybe anybody else listening to this thing as you're kind of soul searching um, you know, that's the small investments you make in your technical acumen now are pay the dividends that where you can go and you know, if you would ask 2000 Kyle, right when I was on Windows 98 or Emmy, uh, right that nobody talks about, I would have never guessed, I could have been at this level, but it was a whole bunch of those small investments that are paid off. Chris, am I, am I smoking something in my, out of it?

Chris: No. I mean, I think, like you said, like it's the thing you had to say for a long time for us, it was the thing that we had to say and it took a while for us to really believe in that bigger vision. I remember I'm going to be, I dunno, some of the greatest things, but I'm going to be completely honest and say like in the beginning, yeah, there were a lot of times where I was like, and I don't want to IPO, but that just seems like too much work, it seems terrible. Like let's just grow the company and sell it and move on to the next thing. Um, and so there was a lot of time for like founders where we were saying these things, telling people. I don't know that at least from my myself, I didn't fully believe it for a long time, but, um, you know, I do now, like there's a lot of stuff now that like, once we kind of hit that inflection point and we went from like, just MVR to like, here's all of the things that we can do in security. Here's all the things that we can make better for people. It was like, Oh, okay. Well, like. I'm not locked into this one thing forever. Like I have this massive playground now where I can go and play and make products and generate solutions for all these problems and it just really like made it much more amenable to me to say like, Oh, I could work on this thing for 10 more years, okay

Ryan: Cool. That's good to hear. So, um, guys, where can people find you? Where can they get information?

Kyle: You kind of mentioned it in the very first intro, right? We used to be called We still own, but now that we've updated and graduated good old fashioned, you can find us at, right, Chris and I are both super active on social media. You can find me at Kyle Hanslovan, and I think you're @cbisnett

Chris: @chrisbisnett

Kyle: You look at you upgraded too, so, um, You know, so we're, we're active there. Um, you know, obviously find us there. Um, once a month we do a thing called TradecraftTuesday, which is where we talk about hacker trade graphics, non pitch related, it's just a hundred percent what are the latest, you know, shady hacker things that's going on and how are they getting by the preventive products? Um, that's our one chance a month to still be hardcore geeks and dive into the nitty gritty. So if you love those intricate details, I think it's, you can find a link to the webinar.

Ryan: Yep. I would definitely highly recommend people check that out. I remember doing that with you guys a few times back in the day. So, uh, great. This was really awesome, guys. I appreciate the time. Is there anything else that we need to get out on the table? We good to go?

Kyle: No, I think this should probably be uh, you know, it shouldn't be the last right? We shouldn't have every five years catching up with the Cybrary team, so uh we'll have to find a follow on for sure. Maybe we'll do a TradecraftTuesday or something together.

Chris: Yeah, that’s right.

Ryan: Thanks guys. This was awesome.