In a typical security team, engineers write unique scripts to track a specific problem with a cloud provider, such as an unauthorized user, in your GitHub account. Although engineers are able to write such scripts, it is not exactly an efficient or scalable way to deal with the various security issues that these professionals must pursue.
Vectrix, a member of the Y Combinator Summer 2020 cohort founded by three security veterans, wants to fix this problem. A security market has been created where other security professionals write modules to automate these types of corrections, and other security professionals can benefit without reinventing the script dial every time.
Alex Dunbrack, co-founder and COO of the company, said that he and his co-founders, CTO Matthew Lewis and CEO Corey Mahan, saw this problem first-hand in their previous jobs at PlanGrid, Vimeo and Uber. Like so many YC founders, they decided to develop a solution.
The idea is that security experts create these modules and then give them a “license fee” and bragging rights for developing a workable solution. According to Dunbrack, it is no different from the HackerOne model, which provides financial incentive and community recognition to find vulnerabilities in the code.
Users don’t actually download anything. They simply select a module, enter their cloud service credentials, and output like Slack or Jira for all warnings generated by the module.
The startup checks the modules and the developers before they are approved on the market. While this is a manual process at the moment, he says that they are working to bring more automation. At the moment, every person wishing to contribute modules is conducting an interview, a reference test, an employment background check and similar types of research.
As soon as they have passed this and the security professional writes the module, it must undergo a further check. “We basically determine exactly what they will create and what types of warnings they generate. And from there we have an extremely template-based logic scheme on the code side, in which only the logic for the scan is written, ”he said.
Module writers cannot see user information about the service, and Vectrix ensures that there are no problems like outgoing data requests. They currently have 10 modules with plans to add more soon. While working on the pricing model, customers today pay a flat fee to access the entire market, rather than paying per module.
The company currently only consists of the three co-founders, but they hope to expand. If you do, you have already thought a lot about how to build a diverse and inclusive company. He says, for starters, they are not affected by the Silicon Valley network effect.
“A lot of people will say we just want the best people, but our interpretation of the best people is really a collective of different thoughts and experiences that make a person’s perspective really unique. It comes from the diversity in the way we see it. In many ways, highlighting the best people brings with it a variety of thought processes, and that goes with diversity and inclusiveness and takes all of these factors into account, ”he said.
Regarding the YC experience, Dunbrack said that he was primarily looking forward to learning from the network of companies that stood before him, and said that the company had practically managed to convey that experience to him.
So far, the company has booted and used Y Combinator’s money. but it intends to run a fundraiser soon. “We know what we bring to the industry and what value it has there. If we win strategic partners, we will really get closer to it, ”he said.