Breaking News

This hacker's startup just raised $20 million to cyberattack its own customers — and the money will go towards hiring people who agree 'breaking into things is an addiction'

  • David "Moose" Wolpoff is the CTO and cofounder of Randori, a company that attacks its clients to find their cybersecurity weaknesses. 
  • Wolpoff, a former government contractor who worked with the military on issues such as "hard drives that got shot," says he can break into any company.
  • Randori just landed a $20 million Series A funding round led by Harmony Partners, investors in E-Trade, Priceline, and Spotify. A person close to the company says that it was an "up round," valuing Randori at some $60 million.
  • The money will go towards hiring, with the company looking for hackers who agree that 'breaking into things is an addiction.'
  • The startup's human hackers and automated attack platform find vulnerabilities, provide insights, and save money for customers like athenahealth and the ACLU. 
  • Visit Business Insider's homepage for more stories.
David "Moose" Wolpoff is an intimidating guy. The chief technical officer and cofounder of the cybersecurity startup Randori likes to talk about attacking his customers – by which he means breaking into their computer systems.
"My worldview is maybe a little cocky," Wolpoff says, "but given enough time, I'm going to breach you. You're not going to keep me out."
Randori is a Japanese martial arts term meaning "random attack," and Fortune 500 companies pay Wolpoff and team to come at them. That's it. He doesn't stick around later to help clean up and fix "bugs," vulnerabilities in their computer systems. "I have never facilitated fixing a bug," says the bald, bearded, and frequently scowling Wolpoff, a former government contractor who worked with the military on issues like "hard drives that got shot."
People like to hire Wolpoff and give him money – perhaps because it's good to have someone like him on your side. Case in point: The $20 million Series A funding Randori just landed – in the middle of a pandemic – led by New York boutique venture capital firm Harmony Partners, which also invested in companies like E-Trade, Priceline, and Spotify.
The 20-person startup with offices in Boston and Denver is using its new funding round to hire people who agree with Wolpoff that "breaking into things is an addiction," and to build out its automated attack system. Their goal, says Wolpoff, is "real attacks, real infrastructure, real assets. Nothing is simulated." The only difference between Randori and criminals is: "We're not going to steal the assets and then sell them."
"Randori is uniquely positioned to help organizations build resilience into their cybersecurity programs," says Mark Lotke, Harmony's founder and managing partner. (Investors close to the deal confirm this was an "up round," increasing Randori's valuation to around $60 million — about three times the investment.)
Randori's CEO, Brian Hazzard, wanted to start a company with Wolpoff after watching him attack the cybersecurity company Hazzard worked for at the time, Carbon Black (which has since been acquired by VMware).
"As soon as Moose lands in your system," Hazzard says with admiration, "he's got home court advantage. He heads right to where your crown jewels are. Our job is to get to your crown jewels. We're a trusted adversary."

How Wolpoff gets in

If an adversary like moose Wolpoff sounds like the last person you want to hire or pay in these difficult times, consider: There were more than 5,000 data breaches last year, at an average cost of more than $8 million for US companies, according to IBM. Many companies now take the attitude that it's not a matter of if they will be hacked, but when.
Wolpoff starts with just an email address from the organization he is hacking. That email address is fed into Randori's automated attack platform, which finds any associated accounts and gleans data that can be used to find vulnerabilities. Wolpoff and his growing team of hackers, and the combination of humans and machine learning beat up your company all day, every day, until they get into your system. 
The goal is to identify gaps in security defenses, provide the insight security teams need to understand and promptly respond to threats, and save companies money by addressing their security needs rather than layering on defensive systems they don't need. Customers include athenahealth, the Center for Strategic and International Studies, and the ACLU.
"Red team" exercises are old hat in the cybersecurity industry, where hacking simulations have been used to test companies' systems for decades. But those kinds of controlled drills may not  prepare companies for real-world threats.
"I really wanted to go further and test all our existing defenses," says Randori customer John Shaffer, chief information officer of Greenhill, a NYC investment banking firm.
"You don't know if you're ready to fight until you fight a couple of times," Wolpoff says – and suddenly it becomes clear that he is not the mugger in the parking lot, but the self-defense teacher who shows you how to fight off muggers.
The success rate of moose breaking into customers' computer systems? 100%.
Join the conversation about this story »
NOW WATCH: We tested a machine that brews beer at the push of a button

* This article was originally published here

Press Release Distribution

No comments