Adam Torres and Scott McCrady discuss SolCyber.
Subscribe: iTunes / Spotify
Apply to be a guest on our podcast here
Show Notes:
SolCyber is solving security problems for startups. In this episode, Adam Torres and Scott McCrady, CEO at SolCyber. Explore SolCyber and what entrepreneurs need to know about security.
Watch Full Interview:
About Scott McCrady
Scott McCrady is an accomplished international executive with broad experience in sales, business development, and operations within cloud-based and information security businesses. He has a proven ability to drive results across sales, operations, revenue generation, and customer satisfaction. His background includes extensive work in sales, business development, information and cyber security, operations, and management. He brings significant global experience, having led teams across Asia, the Pacific, Japan, and Europe, and maintains strong relationships with C-level executives throughout these regions.
About SolCyber
SolCyber, backed by Forgepoint, is the first modern MSSP to offer a carefully curated suite of enterprise-grade security tools and services that are simplified, accessible, and cost-effective for organizations of any size. They’re redefining the traditional managed security model by minimizing cyber risk, reducing complexity, and eliminating waste. SolCyber is driven by the belief that every organization deserves a secure digital environment.
Full Unedited Transcript
Hey, I’d like to welcome you to another episode of Mission Matters. My name is Adam Torres, and if you’d like to apply to be a guest in the show, just head on over to mission matters.com and click on Be Our Guest to Apply. All right, so today I have Scott McCrady on the line, and he’s CEO over at SolCyber.
Scott, welcome to the show. Hey, Adam. Good to see you. Thanks for having me on. All right Scott. So we got a lot to talk about today. So we’re gonna definitely talk about ways that, so cyber is helping to solve the two part security problem for tech startups. I wanna get into your background, you know, how you got started in the industry and a whole lot more.
But before we do that, we’ll start this episode the way that we start them all with what we like to call our mission matters minute. So Scott, at Mission Matters, our aim and our goal is to amplify stories for entrepreneurs, executives and experts. That’s our mission. Scott, what mission matters to you? For SolCyber?
There’s something around the security space and then obviously there’s something on the personal side too. So I’ve been in the tech world for almost my entire career, but relatively early. I got into cybersecurity and the reason was tech was interesting from a. Cerebral standpoint. You know, making computers talk to each other is, was just fascinating.
But cyber had this mission of making a difference in protecting organizations. Mm-hmm. And so when you, when I got into cyber, it took this concept of how do you make tech interesting and sort of put in a little bit of this helping others aspect to it. There there are a few things that’s satisfying as seeing something sort of horrible happening and be able to see it and then stop it.
Respond to it and allow that customer to say, wow, you know, that’s really great that we had this really minimal thing that could have been this really big problem. That’s a, it’s just a very satisfying aspect and I think it ties into sort of just a broader ethos for Scott, which is I. I’ve always been a big my dad was a minister.
Mm-hmm. So like being healthy I used to do a lot of work with teens on like how to be, how to be successful and how to, you know, get into your career and what are the most important things in life. And so for whatever reason, it just seemed like a natural fit between sort of how do you keep yourself healthy, both physically and mentally, and how do you progress your life.
And so in the cyberspace and obviously with SolCyber, this ability to. To keep customers healthy and sort of focused on their mission mm-hmm. Their mission. Not like dealing with bad actors really makes a difference. Yeah, I wanna, and thank you for sharing that. Love bringing mission-based individuals on the line to share, you know, why they do what they do, how they do it, and really what we can all learn from that so we all benefit and grow together.
So, great stuff there. I wanna, I wanna go back to some, to your earlier days. You mentioned when you got started, like, like how long have you been in the business and, and what was your, what was your entrance? So I’ve been in the business, I’ve been in tech my whole life. Yeah, my, I got an. I think one of my very first jobs, my my best friend’s parents owned a janitorial company.
And they had, for anybody who’s been around a minute, they actually had this like Nobel server in a closet that they would use to do a variety of things. And it was having problems. And I went in there and, and fixed it and got some print jobs working and all this other jazz. So on that, on the tech side, it’s been, you know, almost my whole life.
But when it comes to, you know, specifically in, in Jobs, cyber was something I sort of fell into. And so coming outta university, I was just a network engineer, so I was building networks. But one of the things was in the university I went to, they mandated speech courses. Now I am as typical as it comes when it comes to, you know, public speaking.
I was a, I was a nerdy introvert. I don, I make a joke consistently, which is the only thing that kept me from getting stuffed in lockers in high school was I was a pretty decent basketball player. Yeah. But yeah, I’m, I was like an introverted nerd. Speech courses were terrifying. And so, but they were mandatory and it was sort of like Toastmasters.
And so over your four years at university, you had to go through these speech courses. So when I got out. I was doing a lot of networking work, but I kept getting sent to customers. So I was one of the few engineers where they felt comfortable putting me in front of a customer and to be able to talk about the things that we were building.
So I was with a very, very large consulting organization, but generally speaking, I was building stuff on the back end. Mm-hmm. And because of that, when cyber started becoming a thing, I got moved into the cyber organization and relatively quickly my job morphed into this weird job of delivery. Like building the network, building the cyber, but then also getting sent out to customers just to talk about why, why cyber matters in this new world of web hosting.
So you can imagine, you know, 20 years ago maybe I got sent like UK gov or something like that. So big company. Yeah. They’re trying to get online, they’re trying to make, you know, services available online and security. Around. That was sort of a new and nascent thing, so it was like, why do we need that?
Why do we need firewalls? Why do we need intrusion detect detection systems? Wow. And that was sort of how I got on this journey. That was the, that was the early days. Like if you’re thinking about it very early, when I think about, like, I, I had a, I had somebody on the show and they were talking about when they first, when Google was first run, they were first like buying advertising or keywords and like mm-hmm.
He one of the fir one of them, I, I don’t, you know, Quicken Loans, right? Yeah, of course. He was talking about, he was so large. For everybody that’s listening, I’m sure everybody knows Largest one of the largest, not the largest mortgage broker in the, in the country. And, and he was talking about buying the keyword mortgage for them, and he was telling me the price that he’d get it from.
And I, this was on an interview by the way. Mm-hmm. And I would just think about like, wow, they were printing money and they just didn’t, you know what I mean? Like you didn’t know it was so early on, but on the other side, as a service provider. To explain a firewall to explain all these things. There wasn’t a CIO was there.
I don’t know if there was a CIO type position. I, I don’t even know if those were around yet, but like, was like, how did you, it was like, how did you sell it? Like, I gotta know, like, how did you sell it? And that, because that relates to new technologies or new things. There’s people out there right now trying to sell new with ai.
They’re trying to sell new, I’ll use your word novel, you know. Things. Mm-hmm. Like how did you sell it? Like in those early days, if you remember? I know it’s a while ago, but No, so the, it was just funny because there were, there was always somebody in charge of tech at the company. Mm-hmm. Yeah. So, you know, obviously networks had been around since, you know, before I went to college.
So there’s always somebody that was buying the desktops and connecting them in these large companies or organizations, web hosting, so this is like the very early days. And then, and then most of these companies. Had a web presence, but it was literally like, you know, SolCyber.com and it was just a webpage of like, Hey, we’re the FBI, these are the things FBI does landing.
Yeah, it was a landing page. Perfect. There were no services delivered, and so this was the beginning of service delivery through the web. I mean, this was, God bless, I really hate sounding this old, but I mean this was like. Like you still called your broker to buy like a stock. There was no E-Trade, right?
Yeah. Or Robinhood or whatever. Everybody’s, yeah. I mean, so this concept of delivering services through the web was what everybody was like, okay, we’ve seen it being done. We need to get on that train. Mm-hmm. And so you would, you would go in and talk to them about that and invariably they’d be like, well, if we’re going to deliver this thing, how do we make sure that.
This piece of data you know, whatever that whoever’s supposed to have access to it has access to it. And back then it was so simple, which was you’ve got a firewall that allows only a certain stuff, you know, it’s just a segmenting device, right? It allows, it allows this thing in and doesn’t allow that other thing.
And so this, this can go out and this can’t go out. Right? And so, so that made sense to people. Like it’s, it is just a front door, right? And, and it’s got some level of saying who can come and who can go. And then we had these things called, and these were brand new, by the way, intrusion detection systems.
And we were like, okay, so, so obviously. People can get in that shouldn’t be getting into your front door. Maybe you let the wrong person in. And so now you have to have like your alarm system, right? So you need to be able to know that if somebody’s moving around the house or the building, and that was like, it, like, and they’re like, oh, okay.
I sort of get it, you know? And, and, and sometimes that meeting would take an hour, but basically we just regurgitate the same like story because everybody really got the, it was a very simple analogy around, you know, a front door a locked front door, and some sort of alarming system, right? Man, that’s a, that’s a great one.
That’s great. Yeah, I get it instantly. That’s still great to to explain it that way. Honestly, if you think about it, it’s more, it’s still a great one. Well, now when, but now we’re like, now think of it like a, like a marine base or a military base, right? Mm-hmm. You’ve got, you know, ditches and you got walls, and you got perimeters, and you got lasers.
And so anyway, it’s, it’s a lot more complicated now, but the, the, the, the physical to digital analogy still works. Hmm. Let’s let’s switch it up a bit here, Scott. I wanted to get into, into SolCyber a bit more. So first off, let maybe tell us a little bit more about the company and where you’re at present day.
Perfect. So, managed Security Services is where I spent most of my career. So once I sort of got out of building stuff, we went into delivering services. Mm-hmm. Customers. Most of that was to very large companies, global one thousands type thing. You know, I was talking to Ja, your, your producer, and we, I lived in Asia for a while.
I lived in Europe for a while, so I’ve had a really great career. But like all things, it’s been around for 20 years. And the old model of essentially saying, Hey, there’s some data coming from your company that’s security data. We’re gonna run it through a system and we’re just gonna send you alerts.
Based on like IP addresses is very long in the tooth. It is a very old and outdated system. And so we were like, does the world need another MSSP? And the fundamental idea was identity is going to become the new battleground. And so an identity based MSSP from a technical standpoint, so the ability to find bad actors through the abuse of identity is a game changer.
It’s, it’s where everybody needs to go and so. That’s the first thing. And then the second thing was how do we have a more comprehensive capability around service, but delivered in a price point that people could consume? Mm-hmm. Because most customers have to talk to five, eight, or 10 different vendors, and then they have to sort of stitch together the problem.
So let’s just imagine that. This stream stopped working, right? Yeah. Is that a problem with the internet? Is it a problem with the computers? Is it, is it a security? Do you have a piece of security on your system? Mm-hmm. And so you have to go troubleshoot all that? Yeah. And so cyber’s view was we can sit in the middle of some of that and make your life easier by skinnying down the number of people you need to call.
And so mm-hmm. We had this amazing situation the other day where. A customer had a problem. They, they had failed to offboard a person and they were doing some insider threat and causing a lot of problems, and it was on systems that we don’t monitor. And so the customer called us and said, Hey, I like I’m overseas.
I’m succeeding this data. Can you help me? And we said, yeah, this isn’t a system we monitor, but we’ll look at the data. And ironically, we were able to say, okay, you have a threat actor that looks internal, and they’re based in this location in the uk. And do you have this piece of technology? It’s called a CDN, right?
They were like, yes. They’re like, turned that off and then reset this password and then knock ’em off the network. Mm-hmm. And so we were able to help this customer, even though it wasn’t really something specific around things that we are doing. So this combination of really advanced security capabilities around identity bad actors log in today.
They don’t break in. They that, so that matters a lot. But candidly, customers love us because of the second thing, like when you find somebody who’s broken in using identity, they’re crazy happy, but that if we’re doing our job right, that doesn’t happen super often. Hmm. They, they love the fact that they can call us for a variety of problems.
Hmm. What, what are the type of companies that you work with? Like who do you find gets the most value outta working with you and your team? Whether it’s size or industry or like, give, give us a little bit of that. We tend to do more business. We have two primary offerings. One is made for small medium businesses.
Mm-hmm. And this is about called a thousand employees and fewer. So a lot of customers in the 500 employee range. That’s one product offering we have. It’s, it’s just basically like a drop in security program. Mm-hmm. Usually these customers are high tech. Oftentimes they totally get it. They’re like, I don’t wanna build this.
I’m building. And we’re, we’re talking to like an AI trucking company, like, or whatever. So these companies are high tech. They really get outsourcing a program. Mm-hmm. Then the other offering we have is for larger customers, think 10,000 employees. 20,000 employees. Yeah. And they don’t need a whole program.
They already have a lot of stuff. They just need somebody to stitch certain pieces together. Mm-hmm. And so we don’t tend to lo, we don’t right now anyway, don’t tend to focus on like, you know, fortune 100 too much. We tend to focus sort of below that level with two different service offerings. Hmm. And in terms of and I know this is gonna vary by the way, this is gonna vary based on, on size of the company, based on complexity, what they need.
But can you just give us an overview of maybe the process of what it looks like to work with your company? So somebody picks up the phone pro, do they normally come to you when they already have a threat or something that’s happening? Or like, give us an idea of just the process and how, how that works.
There’s almost always a prod That sort of starts the conversation. That’s a good word. In smaller prod. I like that. Prod. I said threat. You said prod. Yeah. Okay, go ahead. So there’s a prod. There’s a prod. Well, and so the funny part is obviously a threat can be a prod, but Yeah. In the smaller space, it’s complete.
It’s been, especially in the last couple years, most of our customers come to us and use us because. They are getting pressure from their customer. Hmm. So if you imagine that you’re a 300 person development like you do Yeah. Coding and development or you’re an HR company or you deliver Yeah.
Next generation power sources, you’re selling to governments or large automotive or whomever. And they come and say, what is your security program? Tell us about that. And they’re like we don’t really have one. So in the small and medium space, a lot of what we do, we call supply chain compliance, they’re part of the supply chain of a larger, more sophisticated company that makes a lot of, and they’re getting pressure.
Yeah, that makes a lot of sense. And one of the benefits, and again, one of the reasons why customers love us is we’ll help them with those. Mm-hmm. So if they go to almost any other MSSP, they’ll be like, Hey, send us your data and we’ll send you alerts if something bad happens. You will get on the phone and help them with these compliant questionnaires.
So super common. So imagine that you’re the CIO at 300 seats and all of a sudden Ford says, Hey, tell us about your, here’s, here’s our questionnaire on security, and it’s, it’s a hundred questions. We’ll be like, Hey, we, we support you across these 40 questions and we’ll give you some boilerplate to stick in there.
Mm-hmm. That makes their life like that is a game changer. Sure, sure. They don’t wanna be breached, but this is a very tangible thing, so. On that side. On the smaller customers, it almost is really around supply chain compliance or some sort of they wanna get nist or soc sar SOC two, type two or ISO certified or something like that.
On the larger customers, it soon be security driven, so no, not necessarily a breach. A lot of times they have a provider they’re not happy with. Mm. They’re looking to uplevel their capabilities. They know identity matters. Yeah. So they’re looking at something more comprehensive. Or the big one again, when we talked to a 20,000 seat company you know, a day or two ago, and he’s just like, exactly what we described.
’cause I talked to so many vendors, every time there’s a problem and they all point to other vendors, he goes, and some of ’em I can’t even call. So, you know, if, if, if there’s a multi elemented problem, I need my security company to get on the phone with me. And a lot of the. Traditional providers don’t do that.
They just say, Hey, that that’s not our job. Like, send us your data, we’ll send you an alert. You know, helping you figure out whether or not there’s a security issue somewhere in your ecosystem isn’t really what we do. Yeah. So we get a, we get a lot of that into larger end of town. Hmm. What kind of trends are you following right now in your space?
What kind of trends are interesting to you? What kind of trends are you been, I mean, you’ve been doing this since I, I’m gonna say since the beginning of many of this industry. Like what, what are you following right now? What’s interesting? I. I, that is the question I really love because I actually don’t get asked it.
I get to ask this other question, which is, tell me about ai. So I’m really happy that you asked it this way and not this other way. So I’m gonna not talk about AI just yet. There’s a couple of trends that I think are really meaningful. The first one is around mobile security. Hmm. So, mobile security has been a relatively.
Background set of concerns and noise for a lot of companies. Hmm. With the transparency around how Pegasus works for your, for your listeners. Your phone, including iPhones can be breached without you doing anything. You don’t have to click on anything. You don’t have to tell it to do anything. You don’t act, I mean, you know, the old days of like, I failed my phishing, or I clicked on my Yeah.
On something. Yeah. With, with the really advanced source, like Pegasus, you’d actually, they can zero touch your and, and break your phone. On top of that though, smishing, which is SMS phishing, so the, the, the ability to use what we’ve seen in email around SMS is. Becoming a primary vector for bad actors to get ahold of, username and password.
So imagine that. Wow. Hey, hey Adam. Here’s a text message from you know, your HR company. Your bonus is gonna be paid. You know, please log in and validate the where you wanna send it. So you log in, they get, now they have their username and password. They log in as you, and now they’re in the network and there’s no malicious code that’s been dropped.
So how do you know that somebody who’s not Adam is logged in as Adam? Well, they do it via smishing. So mobile threats I think are gonna be. Very on the rise. We recently launched a mobile threat offering service offering because we had so many customers saying, we need to get our arms around this and nobody can help us.
So mm-hmm. I think mobile’s gonna be something that, you know, a year from now you’re gonna be like, wow, I remember Scott talking about that. And you’re gonna see it on the radar. The other thing I think you’re going to see is most organizations, even large ones with whom we speak mm-hmm. Are still focused on the endpoint, the desktop, the laptop.
Right. They are still not clear that identity is the primary vector of the threat. So it’s, so of course you’d have to have good endpoint detection on your laptop. I mean, that’s, it’s, it’s, it’s not like, or it’s, and so you have to have good detection and, and prevention capabilities on the laptop. But most of the breaches that we see are a misconfiguration.
Leveraging of credentials that they stole from some other location. Mm-hmm. And they are logged in now as an individual, and then they use that to move around the network until they can escalate their privileges to admin. Yeah. Steal, steal, MFA fe session, whatever they need to do. And now they’re logged in as admin and then they can do whatever they want.
They can sit and look at inboxes. They can steal data, they can ransom, they can lock everything up using scripts. So everyone’s like, well, I’ve got. Endpoint technology, they don’t, they don’t need to launch malware to lock up a bunch of your data. They can do that via scripts. So I think this, this realization that identity is massively overlooked it’s really hard for organizations to keep their identities, you know, well structured.
Mm-hmm. So when you, you know, if you’re a big company, you got 20,000 employees, like how good is your offboarding? Like if you’re offboarding a, a network admin, can you forget something? I mean, those credentials are still out there. Even though the human may not technically be an employee, you’re not paying them a salary, right?
Yeah. So identity is, I think, going to be the next big is, is going to be, it is a thing right now. I think it’s gonna become more realized as a thing over the next and then last I have to mention it we don’t really know ai where that impacts everything. We know it’s gonna help the bad actors be faster.
We already know that. So we know that their ability to take advantage of problems vulnerabilities is gonna be better. So let’s just separate that because everybody sort of gets that. I think the really interesting part is how does it come to the defensive side? So like us, like we’re a very people heavy business.
Is there a way to have SOC agents that are AI based that look at what my people do on a regular basis and consolidate that? Mm-hmm. So the first step that we’re seeing. Is the knowledge and getting that in front of, you know, the security analysts in a more easy and transparent manner. So, so we all know Google, right?
You go and you type in your search, but if you want a multi elemented answer or a multi elemented search, we’re all using chat GPT Orrock right now. I mean, and so the same thing is now happening on the security side, which is instead of having to go to seven locations and then having the analyst piece the data together, they could say, these are the.
TTP, the, the tools, the techniques, and the processes I’m seeing, you know, have you seen this anywhere else? Mm. And AI will spit back answers and say, well, this is, we’ve seen this outta this organization, this government entity that’s a, you know, a threat actor. We’ve seen this over here. Yeah. So the first, the first cut of this is similar to the LLMs on the personal side, is we’re starting to try to get the data in front of the analysts in a more clean and efficient manner.
Hmm. Well, Scott, you ga you gave me a lot to think about. Man, this is all, this is good stuff. I’ll tell you whenever I get into the security side of things, and we ha and I have these types of interviews, I learn something new every time. When you’re talking about mobile and what that is, I know there’s gonna be a lot of other individuals listening that had some aha moments as you were speaking as well.
So that’s all good stuff. That being said, what’s next? I mean, what’s next for you? What’s next for the company? What’s next? Yeah. So the biggest thing is really trying to, for us, we’re really trying get out to the industry that they really need to understand identity and, and take it much less for granted.
Mm-hmm. We know it’s complicated. We know it’s unpleasant. It’s like keeping your house clean. It’s not really fun, at least not for me. I don’t enjoy it, but you sort of have to do it. And so we’re really focused on saying, Hey, everybody, you like. Identity is a real big problem. Mm-hmm. And you, you need to understand it and you need to put your arms around it.
And of course we’re happy to help organizations do that. So we really think from our side, a big push around that. And then we’re seeing. That being interesting to sort of the upper market customers. Mm-hmm. So for, for whatever reason, it seems like maybe it’s catching on some of the larger customers with whom we speak in the smaller space.
It’s, they’re more, they’re more really more interested in just saying, Hey, just, just sort of help me holistically the, they help me gimme, gimme a plan to sort of get my security house in order. Yeah. And we love working with them as well. So I think it’s, for us, I think we’re gonna see over the next year, this two, the bifurcation of the, of the use cases sort of happen more strongly.
Mm-hmm. Amazing. Scott, if somebody’s listening or watching this and they wanna follow up and they wanna learn more and connect with your team, how do they do that? Sure. Mine’s easy, Scott at SolCyberr S O L Cyber, so sol like the Spanish Sun and then obviously SolCyber.com. So happy to talk with anybody.
We do a lot of podcasts and, and calls and so if you have any questions, we’ve got a great team and we’re happy to, happy to work with you and answer any questions you have. Wonderful. And if everybody watching, just so you know, we’ll definitely put the links in the show notes so you can just click on ’em and head right on over.
And speaking of the audience, if this is your first time with Mission Matters and you haven’t done it yet, hit that subscribe or follow button. This is a daily show. Each and every day we’re bringing you new content, new ideas, and hopefully new inspiration to help you along the way in your journey as well.
So again, hit that subscribe or follow button. And Scott, thanks again for coming on the show. Thanks, Adam. Appreciate having me.
Let’s chat.