I have spent the last few years building, breaking, and shipping security products. I founded and exited AttackEngine (acquired within one year). I scaled TrazTech to $13K MRR in a single quarter bootstrapped. I ran operations at Humera, a VC-backed security startup, managing a team of 15 and building SOC 2 compliance from scratch. I published CVE-2024-45163, the Mirai botnet kill switch, which was a CVSS 9.1 that enabled law enforcement to take down active botnet infrastructure globally.
I say all of that not to list credentials. I say it because it is directly relevant to what I am now doing: advising, consulting for, and connecting early-stage cybersecurity startups with the people and capital they need to grow.
Most startup advisors in cybersecurity fall into one of two categories. The first is the executive who had a title at a big company and now collects advisory equity from six startups they talk to once a quarter. They give you high-level strategy that sounds good in a board deck but does nothing when you are trying to close your first enterprise deal or figure out why your detection engine is throwing false positives at scale.
The second is the VC-adjacent operator who knows the fundraising game but has never actually built a security product, never sat in a SOC, never written a detection rule, and never had to explain to a CISO why your tool is better than the one they already have.
I am neither of those. I am an operator. When I tell you your architecture has a problem, it is because I have pentested systems like yours and found the exact class of vulnerability you are about to ship. When I tell you your compliance story needs work, it is because I have built SOC 2 programs and know what auditors actually look for. When I introduce you to a VC, I have already written a deal memo explaining why your company fits their thesis, because I understand both sides of the table.
I have structured this into three tracks because different companies need different things at different stages.
This is the deepest engagement. I work with a small number of startups on an ongoing basis, typically for equity or equity plus a small retainer. What you get is not a monthly call where I ask how things are going. You get security architecture review against real practitioner needs. Product validation from someone who has done 20+ pentesting and hardening engagements and knows what security teams actually buy. Warm introductions to CISOs and security buyers in my network. GTM strategy from someone who has scaled outbound engines. And honest, in-context product feedback from someone who is still actively in the field evaluating and implementing security tools, not a retired executive collecting equity.
I also bring fundraising support. Warm introductions to cybersecurity-focused VC funds, pitch coaching, investor narrative, and raise strategy. I have been on both sides of the investor conversation and I know what makes a fund partner lean in.
Some companies do not need an ongoing advisor. They need someone to come in and do specific work. Penetration testing. SOC 2 compliance buildout. Technical due diligence prep before a raise. Infrastructure security architecture. Incident response planning. Fractional security leadership for a team that is not ready to hire a full-time security lead.
This is hourly or retainer-based. You hire me to do the work, not talk about it.
I scout for VC funds in the cybersecurity space. If your company is a fit for a fund in my network, I introduce you directly to partners. This costs you nothing. I am compensated by the fund if they invest.
What makes my referral different from a cold intro is that I have actually built and exited in this space. When I tell a fund your company is real, that carries weight because I have also seen the ones that are not. I write a deal memo, I pre-brief the partner, and I frame your story in investor language. You get the credibility of a referral from someone who has operated, not just observed.
I am selective. I work with a small number of companies at any given time because the value of advisory comes from depth, not breadth.
I look for cybersecurity or security-adjacent SaaS companies, pre-seed through Series A. Technical founders who understand the problem from the practitioner side. Real product differentiation, not a reskinned dashboard or an AI wrapper with no moat. Traction signals: revenue, pilots, LOIs, or strong design partners. Primarily North American, but I am open to global.
Focus areas: threat intelligence, cloud security, identity and zero-trust, GRC and compliance automation, DevSecOps, detection and response, and security for mid-market companies. These are the areas where I have direct operator experience and where I can add the most value.
Honestly, because I have been doing it informally for a while and it is time to formalize it. Founders in my network already reach out for architecture feedback, investor intros, and help navigating their first enterprise sales. I was giving this advice over coffee and DMs. Now I am putting structure around it so I can do it properly and at a higher level.
I also believe the cybersecurity startup ecosystem has a gap. There are plenty of advisors who can help you with your pitch deck. There are very few who can also review your detection logic, introduce you to the CISO who will be your first design partner, and then put you in front of the fund that writes the check. I can do all three because I have done all three for my own companies.
If you are building something in cybersecurity and any of this resonates, I want to hear from you. Whether you need ongoing advisory, a specific consulting engagement, or you are looking for investor introductions, the starting point is the same: tell me about your company.
All terms are negotiable. The goal is to find an arrangement that works for both of us and creates real value, not to check a box on your cap table.
Work with me →