Making Cybersecurity Accessible & Efficient

Discussion with Grant McCracken

As organizations of all sizes face escalating cyber threats, the importance of cybersecurity cannot be overstated. Few understand this better than Grant McCracken, a seasoned expert whose decade-long career includes leadership roles at Bug Crowd, a pioneering Series E crowdsourced cybersecurity company. From ethical hacking to building operational teams, McCracken has seen firsthand the challenges and opportunities in the industry. Now, as the founder of Darkhorse, he is on a mission to make cybersecurity both affordable and accessible. This article explores his insights into overcoming inefficiencies, educating organizations, and leveraging innovation to democratize cybersecurity solutions.

Addressing Inefficiencies: A Fresh Approach to Cybersecurity

The cybersecurity market is often bogged down by inefficiencies, with multiple layers of account managers, solutions architects, and support teams adding unnecessary complexity. McCracken likens this system to navigating the U.S. tax code: “If you tried to just whip out the tax code and do your own taxes, you’d be in for a bad time. Platforms like TurboTax have made this process efficient and accessible. Similarly, the cybersecurity industry needs to simplify its processes”.

Many companies, like Darkhorse, are tackling this problem by stripping away these extra layers, empowering customers with streamlined, self-service solutions. Simplifying workflows reduces the need for excessive personnel, which in turn cuts costs. By adopting these tools, smaller businesses can access protections previously out of their reach. McCracken firmly believes that this model could lead to a fundamental shift in the industry, enabling small and medium-sized enterprises (SMEs) to bolster their cybersecurity defenses effectively.

The Role of Education in Cybersecurity Accessibility

A major challenge in cybersecurity is the lack of awareness. “Organizations don’t know what they don’t know”, McCracken points out. Frameworks like NIST are valuable but can overwhelm smaller companies with their complexity.

A crucial aspect of cybersecurity education involves understanding the role of ethical hackers. Often called "white-hat hackers," these professionals use the same tactics as bad actors to find vulnerabilities before they can be exploited. McCracken emphasizes, “The best way to find and address your vulnerabilities is to think like a hacker. Ethical hackers simulate the techniques used by bad actors, providing a comprehensive view of an organization’s security posture”.

By including ethical hacking in these strategies, businesses can not only close security gaps but also build resilience against evolving threats. The expertise of ethical hackers provides a proactive, rather than reactive, approach to cybersecurity, strengthening defenses and boosting confidence in digital security measures.

Leveraging Technology to Drive Down Costs

Emerging technologies such as artificial intelligence (AI) and automation hold significant promise for reducing cybersecurity costs. However, as McCracken notes, these advancements don’t always lead to lower prices for customers. “AI might make solutions cheaper to deliver, but incumbents aren’t necessarily going to pass those savings on to customers”, he explains. This highlights the importance of new players and innovative approaches in bringing these cost-saving benefits to the forefront.

Still, the potential for innovation is vast. Automation has the power to take over repetitive yet crucial tasks, such as incident triage, allowing cybersecurity professionals to dedicate their time to more strategic and complex issues. Machine learning enhances these efforts by rapidly identifying patterns, predicting threats, and providing actionable insights. Startups that incorporate these technologies are proving that it is possible to deliver high-quality cybersecurity services at affordable prices. McCracken emphasizes that smaller, agile players using technology in creative ways have the potential to challenge the status quo, offering scalable solutions that meet the needs of organizations traditionally priced out of comprehensive cybersecurity services.

The Role of Government and Policy

The debate about government’s role in cybersecurity is ongoing. While McCracken supports market-driven solutions, he acknowledges the importance of a balanced approach. “Governments should make it painful for organizations that don’t follow good cybersecurity practices”, he says, pointing to regulations like GDPR that enforce accountability.

At the same time, McCracken sees an opportunity for governments to actively support smaller enterprises. “Grants, educational programs, and incentives can go a long way in helping SMBs adopt robust cybersecurity measures that would otherwise be out of reach”, he explains. Regulatory frameworks provide a strong foundation for compliance, but their effectiveness is amplified when paired with resources that enable businesses to act on those guidelines.

Opportunities for Startups and Investors

Startups are uniquely positioned to fill the gaps in the cybersecurity market, especially for underserved SMBs. “Startups can relate more closely to founders and CTOs, shortening deal cycles and building trust”, McCracken explains.

By focusing on niche markets and creating flexible pricing models, startups can deliver tailored solutions that resonate with smaller organizations. Education-driven approaches also offer a competitive edge, helping these businesses understand their vulnerabilities and how to address them. For private equity and venture capital investors, McCracken sees an opportunity in taking a longer-term view. While the returns may not always be exponential, the sheer size of the SMB market—a multi-billion-dollar addressable market—offers steady, sustainable growth for those willing to invest.

Key Takeaways

Cybersecurity Is Essential and Accessible: McCracken emphasizes that cybersecurity is crucial for all organizations, regardless of size. “Cybersecurity is essential, and it’s accessible,” he says. Companies need to explore the full range of tools available, from antivirus software to comprehensive frameworks like NIST.

1. Ethical Hacking as a Cornerstone: Thinking like a hacker is one of the most effective ways to secure an organization. “Hackers are everywhere, and breaches are expensive. The best way to identify vulnerabilities before hackers do is to use ethical hackers”, McCracken notes. Ethical hacking provides a practical and proactive approach to uncover weaknesses and strengthen defenses. “If I could communicate one thing to executives, it’s that using ethical hackers is affordable, accessible, and not as scary as it sounds”
2. The High Cost of Breaches: Cyber breaches caused $30 billion in losses globally in 2023, excluding reputational damage. By focusing on vulnerability assessments, businesses can mitigate these risks and avoid potentially catastrophic financial consequences.
3. The Future of Cybersecurity: The cybersecurity landscape is constantly evolving. “Attackers are becoming more sophisticated. Organizations need to stay ahead by embracing forward-thinking practices”, McCracken advises. By integrating these practices, companies can build a secure and resilient future.