Summer 2016 at Cybersecurity Factory

My name is Chris and my startup Pixm was among a cohort of four teams that entered into Cybersecurity Factory’s 2016 summer program. Pixm’s platform provides visual search tools to identify phishing web pages in real time, without relying on reactive industry standards like blacklisting and IP reputation. Before this company, I did an undergraduate degree in physics at Princeton, where I worked after graduation to publish my thesis research, started a graduate degree in machine learning at Columbia, and took a leave of absence to do a startup full time after winning a pitch contest.

Our technology addresses a threat that costed the private sector $5–11B in 2013. While a large portion of both established security vendors and startup innovation is geared to address vulnerabilities associated with software and hardware, about 95% of breaches start with human mistakes and 90% from phishing emails specifically. Our technology brings the miracles of convolutional networks to process web image data in a way that can effectively detect and thwart these threats.

I arrived at the program with a prototype of a visual recognition platform combined with a browser extension demo. While I had a general sense of the kind of products that this platform could support, my goal for the summer was to get in front of real customers and validate a specific product-market fit. My team’s core expertise and network was outside the security industry, and we knew early that our focus would be SMB and enterprise rather than consumer, so getting in the door with prospective customers was a big challenge.

This was where the program mentors made all the difference. The program of course supported us with generous investment terms and office space, but the mentors were the heart of the program. Within the first two weeks, via the extended network of the mentors, we had signed NDAs and arranged trials with two companies, including a Fortune 50 email provider. It turned out the platform itself could be valuable as a web API. Within a remarkably rapid period, almost a year’s worth of coding started to pay off. As we moved into our trials, we were able to continue iterating our platform while meeting new prospects.

Managing time between meetings and development could be a challenge. From the first week, we had a high ratio of time spent in meetings compared to time spent in development, which was great because it allowed us to meet customers and get traction. As the summer progressed and our trials started to go live, it became a challenge to maintain this balance because we had to focus on delivering our trials and iterating our product. So there were maybe times later in the program where we weren’t as aggressive from a sales point of view because we wanted to deliver to our early use cases. In retrospect, this was unavoidable because CSF gives so much network access. But, given the circumstances, it was a good problem to have. Ordinarily, it would take many months of networking to have achieved the same kind of introductions.

Going into the Fall, our API volume has increased dramatically with our partners — the last month alone we stopped counting after verifying over 3000 distinct phishing threats with our platform. This is enabling novel visibility for our partners and for us inspiring new opportunities as we gather vast amounts of live threat data, which includes malware as well as phishing pages. We are excited to see what this can grow into not only as a detection platform but also as a threat intelligence platform. We are also looking into how we can combine all the threat data we are receiving with our deep learning infrastructure to extend our capabilities beyond visual search. These are just a couple of opportunities we are excited about as we grow.

I’d like to give a big thanks to Frank for organizing this project and bringing his passion for tech entrepreneurship to MIT. Thank you to Sean Dalton for all your guidance during the summer. To my mentors — Jay, Vincenzo, Emad, Steve, Justin, Rafi, Frank, Harold, and Chris — you guys made all the difference. I hope you are available to continue to work with future cohorts so they can have a similar experience.