Founded in New York in 2018, we are a small research-focused cybersecurity startup working on bleeding-edge innovations. One of the subjects that we focus on and often return to is security visibility and ease-of-use. It does us no good to build some cool security things that people will never use. Making high quality, zero-touch security a reality is the pipe dream we chase the most. To accomplish that, we've assembled a small and diverse team who have experience building scalable, reliable software to solve contemporary security problems.
A lot of our recent research has involved interaction with external companies, mostly in the form of vulnerability disclosure. If you're one of them, hi! We hope you're doing well. Thank you for checking out our homepage.
We follow the cowboy rules: be rootin', be tootin', and by God be shootin', but most of all, be kind.
There's more we're working on privately, but aren't ready to show off yet. We're shy. Don't tap on the glass. You'll startle us.
ElasticSearch is easy to set up without security - the FOSS version, as of writing, does not include encrypted communication and has limited authentication options (which are not enabled by default in many deployment scenarios). At this point, we think it's going to be the next MongoDB of accidentally-exposed data, and to tackle that before it happens in bulk, we're going to see if we can scan the internet for open data stores, use a little NLP magic to understand the severity of the data exposed, and automatically triage for human intervention.
Some ding ding thought mapping the internet was a cool project in college, then thought it would be pretty cool to FOSS it, then couldn't figure out how to fairly compensate FOSS contributors, then took it to a conference, then took it private again, and started from scratch alongside people more talented than he.
Owing to an extremely difficult-to-exploit vulnerability one of our staff discovered, we're going to see what the least likely XSS vector we can come up with is. It's a fun exercise in tracking the flow of information on the internet.
Annina Van Riper - COO (email),
Business and business affairs specialist. Agile evangelist. Stand-in scrum master. Concerningly good axe thrower.
Rachel Ratte - Software Engineer
Practical AI/ML engineer who specializes in NLP and spending 8 hours training the wrong model. r/illegallysmolcats frequenter.
Gregory Huba - Software Engineer
We've seen this guy make memes out of water bottles more than one time, and then post them in Slack channels of ~1,800 people.