BSides Toronto 2022

Controlled Flight into Terrain: How [NOT] to Succeed at Cybersecurity Startups.
10-08, 10:00–10:25 (Canada/Eastern), ENG-103

Have you ever gotten off the plane at BlackHat or RSA and seen the security vendor ads lining the corridors? Or made your way through a crowded vendor hall with the multistory booths larger and more elaborate than a typical city apartment and thought to yourself, that could be me? Then this talk is for you. Are you ready to never work again and enter the privileged world of successful entrepreneurs permanently on vacation? Just kidding! Are you ready to work so hard any potential reward will come out to well below minimum wage when you calculate the hours, blood/sweat/tears, and mental health crises that went into it? Then maybe it is time to start a cybersecurity startup. In this talk we will take a dive into the exciting world of turning your hacking tool into a successful product company and how to avoid the common pitfalls encountered by the speaker and her merry band of startup world survivors. We will cover exciting topics such as venture capital funding, startup accelerators, and making your first sale. We will also discuss not as exciting but equally important topics as corporate structures, hiring a CEO, and board meetings. Filled with info and direct quotes from real security practitioners turned startup founders, venture capital investors, and serial expert advisors, this talk will get you ready to start down the path of your own startup journey, or run screaming in the other direction.

Georgia Weidman is a serial entrepreneur, penetration tester, security researcher, speaker, trainer, and author. She is a member of the National CyberWatch Center's National Visiting Committee and an Adjunct Professor. Georgia was previously a New America Cybersecurity Policy Fellow. She presents or conducts training around the world and is regularly featured internationally in media. She authored Penetration Testing: A Hands-On Introduction to Hacking. Georgia founded the security consulting firm Bulb Security and was awarded a DARPA Cyber Fast Track grant for her work in mobile device security culminating in the release of the Smartphone Pentest Framework. She founded Shevirah, a graduate of Virginia’s Mach37 cybersecurity accelerator, whose products assess and manage the risk of mobile devices in the enterprise. Georgia was the 2015 Women’s Society of CyberJutsu Pentest Ninja. She holds a MS in computer science; CISSP, Pentest+, and OSCP certifications; and U.S. Patents #10,432,656 and #11,089,044 which are foundational to simulated phishing. Georgia is a software engineer in security at Aiven.