I’ve been thinking about this for a while. I have a fantastic job working with Cisco Talos and hope to keep doing it for a while. My team is great and the work is fulfilling, challenging, fun, and satisfies my passions to help make cybersecurity better for a lot of people and organizations.
I also want to enable small businesses, non-profits, and even individuals to better secure themselves against malicious activity. Almost all my research is me trying to build tools that can be used by smaller organizations, but none of it is really a ‘product’ yet. I am working towards building various products and services that can be provided on a sliding scale price. Hopefully I can find customers for some of these, and then can use any money that’s made to fund scaling up the security of places that either can’t afford or don’t even think about security.
Large organizations have the resources to hire threat researchers, security engineers, build SOCs, and more, but the smaller ones are left to purchase (often) sub-par services that don’t deliver the same quality. We hear about breaches or ransomware or some other attack on large organizations where the initial attack vector was through a smaller contracted organization. So we have resource-heavy organizations who have the security defenses they need to protect themselves, but then we have small businesses with few or any resources handling some part of their business. It’s a major gap in security and needs to be dealt with.
I believe large security organizations should be providing the same amazing services they charge a lot for to these smaller organizations for sliding-scale fees, and in some cases, completely free of charge.
So my goal/dream is to build an organization where enterprise-level services are provided at enterprise prices to paying customers, but the money flows down to those that can’t afford it. Large organizations would benefit from a wider security net across industries and smaller organizations will be more secure.
I don’t yet know when it will happen, but I hope to eventually be able to turn Pyosec into a security company while funneling all low cost and free services through a non-profit. This would likely require me not having a regular day job, but for now I have a lot more work to do with my team and don’t intend to leave any time soon. In the meantime, I will continue thinking and strategizing how this will eventually come to fruition while doing what I can in my free time to continue research, giving presentations, and educating/working with non-profits and small businesses.
If you’ve found this site and are interested in having a chat about your organization or security posture, please reach out via the contact page. This isn’t me trying to sell something/build sales leads. I have skills and knowledge and want to help.