On this episode of Inside the Media Minds, my co-host Christine Blake and I sat down with Kyle McNulty, host of the Secure Ventures podcast, to hear how he landed in the podcasting world and what he’s learned from interviewing over a hundred founders and CEOs within the startup space. During the conversation, we discussed Kyle’s process for selecting guests, the common thread he sees among entrepreneurs and where he thinks the future of innovation is headed within the cyber startup space.
Kyle was inspired to start his own podcast from listening to the “How I Built This” show by Guy Raz. He enjoyed hearing the consumer stories, but he realized nothing like this existed specifically in and for the cybersecurity space when it comes to founders building business. And thus, the Secure Ventures podcast was born.
Kyle has interviewed over 125 founders within the cybersecurity space for his podcast alone, and noticed that the most successful founders are those who truly want to understand their customers’ problems and engage with them early on in the lifecycle. This ensures the founders build a product that people actually care about and solve a real problem end-users are facing in the industry. This “solve a problem” mentality is what truly sets successful founders apart.
“At that point, when you’re reaching out to someone, it doesn’t feel like you’re trying to sell them something,” Kyle noted. “They feel like you’re trying to learn from them and get some of their wisdom and experience, which is a way more enjoyable place to be on the receiving side of that interaction.”
Innovation vs. Bureaucracy
When considering the direction of the cyber startup space, Kyle is curious about the impact of bureaucracy on innovation. As development becomes more efficient due to AI and other productivity tools, there may be a backlog of feature building that development teams must wait for the bureaucracy to approve before starting their next feature.
“After you reach a certain speed of development, it’s very reasonable, and I think fair to say, that it takes less time for a developer to actually build a feature than it does for the bureaucracy within a big tech company to actually go through the rest of the process to release that feature.”
This trend may lend an advantage to startups, not only for faster deployment rates for products and new features, but also for expedited compliance with industry controls like SOC2 when compared to larger enterprises.
“I wouldn’t be surprised if there is more trust placed in startups in the future, and less of an innate competitive advantage for the massive cybersecurity and broader tech behemoths that exist today,” Kyle added.
If you’re interested in hearing more on Kyle’s industry predictions, his most memorable interviews and how he approaches industry conferences like RSA and Black Hat, tune in to the full episode or read the transcript below!
Timestamps
0:20 – Christine and Madison Preview the Discussion
1:50 – Kyle’s Background in Cybersecurity
2:30 – Inspiration for Starting Secure Ventures
3:45 – Kyle & Christine’s Favorite “How I Built This” Episode
4:15 – Balancing the Day-to-Day as Investor and Podcaster
5:18 – The Process of Selecting Guests
8:56 – The Process of Selecting Topics
10:52 – How Kyle Approaches Major Industry Events
12:50 – Common Qualities Among Influential Founders
15:46 – The Most Memorable Interview
17:32 – Predictions for Cybersecurity Startups & Innovation
20:52 – Learning from the Losses
21:51 – Kyle’ Dream Guest
23:05 – What’s Ahead for Secure Ventures
Want more from Inside the Media Minds? Find all of our past episodes here!
Transcript
Christine Blake (CB): Welcome to Inside the Media Minds. This is your host, Christine Blake. This show features in depth interviews with tech reporters who share everything from their biggest pet peeves to their favorite stories. From our studio at W2 Communications, let’s go inside the media minds.
CB: Hey, everyone. This is Christine Blake, one of the co-hosts of the Inside the Media Minds podcast.
Madison Farabaugh (MF): And this is Madison Farabaugh, the other co-host of the podcast. We’re super excited that we’ll be having Kyle McNulty on our show this week. He’s the host of The Secure Ventures podcast.
CB: Yeah, Kyle interviews founders, executives, visionaries and creators in the cybersecurity industry. We’ve actually known him for years through various events that we ran into him at, but he hosts a podcast, bi weekly on Tuesdays, and it has over 100 episodes now. On our interview with him, we learned a lot about his dream guest, how he pulls a podcast together, which was really interesting, and where he sees the cybersecurity industry going. Madison, what were some of your takeaways?
MF: Yeah, I thought it was super interesting to hear his comparison between startups versus well established enterprises and just the whole bureaucracy aspect of it, and how quickly startups might be able to get things done. They might be able to be more compliant. They might have a quicker process for innovation than some of these enterprises that have been around for much longer, and they just have, you know, the whole bureaucratic process that they have to dig through. So, I thought that was a really cool comparison that he made, and I think listeners will learn a lot from that.
CB: Yeah, I agree. We hope you all enjoy the following interview with Kyle.
[Transition to interview with Kyle]
Hey, everyone. We are here with Kyle McNulty, the host of the Secure Ventures Podcast, and investor at In-Q-Tel. Of course, we’re here to talk about your role as the host of the Secure Ventures Podcast. So thanks for joining us today, Kyle, it’s good to have you.
Kyle McNulty (KM): Yeah, absolutely. It’s great to be here and fun to be on the other side.
CB: Yeah. Can you start by giving us a quick overview of your background? How long have you had the podcast? What made you start the podcast?
KM: Yeah, sure. I got into cybersecurity back in college actually. Was fairly fortunate that University of Washington had cybersecurity as kind of one of the options to pursue within one of the technical degrees, Informatics, there. So that was how I kind of first became interested in doing capture the flags. But then after school, I ended up going into cybersecurity consulting.
So I was working at KPMG for a few years, and then over to Focal Point Data Risk, a smaller, more boutique shop, doing a lot of security operations, AppSec, cloud security. And over the course of that time, I’ve been listening to the show. How I Built This, with Guy Raz, who I was very fortunate to just hear live maybe a month ago or so now. So it’s really fun to get the chance.
CB: Wait. I saw I saw him live too, but I think that was like, probably, like, seven years ago. I saw, it was, who was it?
KM: Before it was cool.
CB: It was a founder of B.E.T., and it was such a cool, it was so cool seeing a podcast live like that with an audience and everything.
KM: Yeah, totally. And he is a great speaker. He completely delivered it. I’m always a little nervous when someone kind of goes out of their standard format. And yeah, he absolutely delivered. So that was kind of the inspiration for me, honestly, was I’ve been listening to How I Built This and thought it would be neat if something like this existed for cybersecurity. Like this is the industry that I spend all my time in, and it’s fun to hear some of these consumer stories, but it’d be much more relevant to me to hear about founders building businesses and the domain that I work in. And so did some research, nothing like that existed at the time, and decided, well, maybe I should go ahead and give this a shot. So that was about four and a half years ago or so. And yeah, 125 episodes later, here we are.
CB: That is so cool. Do you have a favorite How I Built This episode?
KM: Oh, I feel like the one that I’ve referenced most is Dropbox, like that was just one of the ones that really stuck with me. And Drew, the CEO, talking about, like coding to and from work on the train on, like, Dropbox on the side. That’s cool. So yeah, just, I feel like a couple of visuals that stuck with me.
CB: Yeah, I like the one with Sara Blakely, the founder of Spanx.I thought she had the coolest story. So this is amazing. So understanding your podcast is totally separate from your your full time role as an investor In-Q-Tel, how do you kind of balance the day to day with that?
KM: Yeah, I mean, honestly, a big part of it is, I’ve been doing the podcast for a while now, so it’s a fairly like well-oiled machine at this point. I would say, I benefit from it being around for a while. I mean, obviously, like a decent chunk of the listeners have probably never heard of this podcast before, right? It’s not like the CyberWire Daily or something that has like 50,000 listeners every single day, and that’s never really been my goal.
It’s always been more of like a personal project, getting the chance to kind of build my brand, but also just get a chance to talk to some really interesting people and hear interesting stories. So this isn’t something that I spend like 20 hours a week marketing and trying to, like, squeeze every ounce out of. And so because of that piece and what my goals are, and then, because it’s been around for four and a half years, I’ve got a fairly good pipeline in terms of what in terms of what it takes to actually build an episode. So it ends up being a fairly light lift these days.
CB: That’s great.
MF: Yeah, so speaking of just how you go about building your episodes, can you tell us a little bit about your process for booking guests, like when it comes to pitching? What are the ones that really catch your eye where you definitely want to have them on? Are there any common mistakes that you might see with pitching when it comes to maybe, if people are pitching you, like with cold outreach, is there anything that, you know, differentiates who you respond to versus the ones you might be ignoring?
KM: Yeah, sure. Lot to unpack with that. And I would say this has evolved a good bit over time. When I first, I mentioned this kind of origin story, right? Where I know that I want to, I wanted to find this in the market, like a podcast interviewing cybersecurity founders. And said, “Well, maybe I should go ahead and do this myself.” I knew literally zero founders at the time, right? Like, not a single one. And I was like, “How am I ever going to get guests on the show?” Well, maybe I’ll just do like, a ton of cold outreach, and maybe some of it will stick. And I was completely blown away.
This is maybe less surprising to folks today or folks who’ve just spent more time in the media industry, but people love the chance to go and talk about themselves and get free PR, right? So I don’t charge for folks to come on my podcast. That’s given me a lot of flexibility in terms of who I interview and making sure that I can kind of stay true to the the like general appetite of my listener base, and also just my own personal appetite in terms of what’s going to interest me. So like I mentioned, that’s evolved a lot over time from that first group of cold outreach. I think I reached out to like 25 people or so in that first batch, and I think like 14 or 15 of them ended up coming on the podcast over the course of the next year. It was pretty remarkable, actually.
And since then, it’s been largely inbound to your point, right? So a lot of these different PR agencies will send me recommendations. I’d say, in general, folks are pretty good about like, being receptive to a no or like not responding. Candidly, I think it’s been something that’s maybe an interesting parallel between like, the investing side and the podcast side is you don’t really want to, like, tell people “No.” And so you you try to, like, strike a middle ground there a little bit more, but yeah, in terms of what I specifically look for today and kind of how that’s evolved, or what that’s evolved into, I’d say what I prioritize first and foremost is making sure that each conversation feels a bit different. So like, if I talk to an AI security operations company on the last episode, I don’t really want to talk to another AI security operations company for like, four to five months.
Now, there’s exceptions occasionally, like, if there’s two major players in a small market, then maybe it’s fun to kind of talk to each of them, because it’s like, hey, we just talked to one of them a few weeks ago. Now let’s get the other perspective, and, like, the other side of the competitive dynamic that exists there. But again, part of this is keeping me interested, right? So I want to get the kind of broadest purview across the cybersecurity market, all these different pieces that are relevant. And I think that actually came through quite well with, like, one of the recent episodes I did, which was on the security of cryptocurrency and Web3, right? Which I think, like maybe somewhat fairly, is a bit scoffed at within, like, the investing world today and within the startup ecosystem because there was such a hype bubble around it. But at the same time, it is still a kind of interesting piece of cybersecurity that’s not talked about as much anymore, and it’s not a conversation I have very frequently, and so I like getting the chance to talk to some of the companies that are doing things like that.
MF: Absolutely. No, that’s awesome. So it sounds like there’s kind of a mix between, you know, people who are pitching you, versus maybe in the past, it was you reaching out to a lot more. Do you work from kind of an editorial calendar for you know topics you want to discuss with guests, or is it kind of, you know, what’s happening in the news, or maybe a topic that you just came across in your own research that you found particularly interesting, or is there kind of like a schedule you stick to, or kind of varies?
KM: I feel like the shortest answer is, it’s not that structured. If that’s, if that’s fair to say, it’s like, I have a general idea, obviously, because, again, this is very, like, self driven of what I’ve talked about recently. And so it’s easy to say, when I get a new inbound request, like, “Hey, have I talked about this recently?” If so, then if I like the company, then okay, maybe we’ll go ahead and put a pin in it for like, three to four months from now. And I’ve had that happen before where I’ve told PR people, like, “Hey, I just had a couple of conversations about this. Now is not a good time, like, why don’t we circle back up in six months?” And then they’ll go ahead and follow up, and we’ll make an episode happen, right?
So yeah, I mean, certainly there’s spaces that I may be more interested in. Another dynamic that’s worth conveying is I try to interview a range of startups, specifically on the product side. So this is something that I get a little bit more as well as folks on the services side saying, like, “Hey, will you go ahead and interview this person?” And nothing against services. I came from services. But I think, in general, the stories of building product businesses are maybe a bit more unique, and there’s just kind of interesting challenges that arise there with building product businesses in particular. So I’d say I’ve slanted towards that a little bit and then tried to do a mix of like bootstrapped companies, like super early stage companies, ones that are later and more established. And so that’s like another piece of kind of diversification, or telling a different story that I try to prioritize.
CB: And we know that you’re a big event attendee: Black Hat, RSA, we saw you at the Blue Venture Summit this year as well. So, what role do events and recording at events play in the podcast planning process?
KM: Yeah, I would say, first of all, like, for my day job as an investor, those events are really important, right? So, like, these are events that I should be going to, regardless of whether or not I’m doing a podcast. Like the podcast is not the primary focus when I’m going to these events. Thinking about some of those ones in particular, I mean, I think it’s just been a fun way to engage with the ecosystem a little bit more and build the brand in a slightly different audience. I think, like, there’s a lot of podcasts that exist out there today, and again, I’ve already prefaced that. I don’t think of mine as like one of the premier podcasts in the world, but at the same time, it’s very different to see like some kind of faceless, nameless podcast that exists in your feed, or maybe like that you’ve seen in a LinkedIn post, versus seeing someone present on a stage and do a live interview.
It’s like, oh, all of a sudden, there’s maybe a bit more credibility to this person and to this brand. And I think the events have certainly helped with that in the ecosystem, even for people that don’t even listen to my podcast. I think seeing me at some of these events over time has helped lend to the brand credibility, both for the podcast and also for myself, just because it’s relatively tied to the podcast.
CB: Absolutely. Are you going to be looking at doing podcast recordings at Black Hat in a couple months?
KM: You know, it’s actually pretty rare that I do podcast recordings at the like major events. This was the first time that I did it at RSA this last year, because Dreamit had their inaugural Cyber Founders Summit. So it’s just a fun opportunity to be a part of. So I don’t have any specific plans. I’m not gonna like bring my audio and recording equipment, but who knows, if there’s an opportunity to hop up on stage for one of these side events or something, then maybe I’ll take advantage.
CB: Yeah, no, that’s cool. That makes sense. You speak to a lot of like the most influential founders in the cybersecurity space. Have you noticed any sort of common theme or qualities that a lot of them possess that you know led them to found these companies?
KM: You know, something that I think has been super fascinating after having talked to so many founders, again, both like in the day job and through the podcast, at this point. I think for the most part, like any quality that you could say is a commonality between them, I could point to a handful of counter examples to that. So I’m always a bit reticent to, like, draw these hard trend lines.
One thing that I’ll say, and I don’t know if this is as much like a personal quality as it is a focus area for successful founders, is really obsessing over, like, what the customer problem is, and engaging with the customer really early on in the lifecycle. And this is something that I think Israeli founders do particularly well, and maybe that’s in part due to just the kind of support ecosystem and the kind of canonical advice that exists in that country and in that that kind of local entrepreneurship culture. But I think a lot of the most successful companies that I’ve talked to, they’re interviewing like 20 to 50 customers before they’ve even fully built a product, right?
And so this serves a few different advantages. One, you’re making sure that you’re building a product that people actually care about and solving a problem that people actually care about. But two, you’re also building these relationships, which is going to make it so much easier when you get to the design partnership phase and the next step of your business, right? You say, “Hey, we already had this conversation a few months ago. It seemed like you were genuinely interested.” And at that point, when you’re reaching out to someone, it doesn’t feel like they don’t feel like you’re trying to sell them something. They feel like you’re trying to learn from them and get some of their their wisdom and experience, which is a way more enjoyable place to be on the kind of receiving side of that interaction.
And again, I think it just leads into a lot more valuable kind of customer conversations later down the line, whether that’s design partnerships or then even future paying customers beyond those design partnerships as well. So that’s one thing that’s probably stood out to me above everything else.
CB: Yeah. I like that, focusing on the customer and the problem. It feels like it should be the right way to start a company, right?
KM: Yeah, I don’t think it’s like necessarily rocket science. I think in some ways it’s difficult to actually make happen, though, right? Like it’s one thing to say, “Hey, you need to go out and interview 20 to 50 potential customers before you start building a product.” But like, the average person, how are you going to go and get a hold of like, 20 to 50 security leaders in these different organizations? Like, that’s non trivial, and you probably need some level of support or a really strong network or a really compelling value proposition to even have those initial conversations. So definitely easier said than done in some ways.
MF: So after all of these founders that you’ve spoken to, and the great observations that you’ve had amongst all of them, are there any guests that you know, you have found have been the most memorable for you? Or maybe there’s something that you learned from one of them that was just, you know, out of this world?
KM: Yeah, I’ve had a lot of great guests over the years that, everyone probably says that, right? That’s probably everyone’s answer. One that certainly really stuck with me was Andrew Morris at GreyNoise, who’s a good friend of mine now, but he, we started the conversation. You know, like when I’m interviewing guests, there’s a whole range of different personalities and energy levels, and part of that might just be like how that person’s week has been going. Founders are extremely busy, extremely stressed, and some of them are more, let’s say, like lively, than others as they think about these different interactions, right?
Andrew, the first like three minutes of our interview, we’re talking about his earliest career experience when he was on the help desk. And he was so fired up about his help desk experience, he was like almost shouting into my earphones. And I loved it, and the conversation was phenomenal. His energy is infectious, and he does an exceptional job of that in a lot of different formats. He’s the only person at like, Black Hat, RSA, who’ll be going around, like, giving everyone hugs instead of handshakes. So he’s great. And that was a super memorable conversation just again because of that energy.
MF: Yeah. Those are the best types of guests, though, when they’re super passionate about what they’re talking about, it just, I feel like the conversation always goes in such a fruitful way, just because I feel like everybody just starts spit balling ideas here and there. So that’s the best.
KM: Yeah, totally.
MF: So with your podcast being a little bit over, I think four years old now, how have you seen just the cybersecurity and innovation space evolve to where we are today, and do you have any predictions on where it’s headed in the future?
KM: Yeah, yeah. And again, beyond, just like the podcast itself, this is kind of what I like, live and breathe. There’s certainly been a whole lot of evolution. I mean, I don’t know, maybe like the lowest hanging fruit one is around AI and the whole new capabilities in terms of, like securing AI applications and AI models, but then also how AI is being incorporated into all these different like legacy cybersecurity capabilities to kind of redefine them. Yeah, nothing particularly novel to say there.
You know, one thing that was occurring to me the other day I mean, I thought this was a kind of interesting thought. I don’t think my LinkedIn followers agreed quite as much, but that’s okay. I was thinking about how there’s the classic, like bureaucracy challenge that exists within big tech companies, right? Or and that applies to cyber as well, and now, as development becomes so much faster due to AI and other productivity tools, right? Basically, a larger percentage of the organization’s time is spent on bureaucracy. So I put together a whole example of numbers. I won’t try to, like, relay this whole thing right now, but basically what I realized is, after you reach a certain speed of development, it’s very reasonable, and I think fair to say, that it takes less time for a developer to actually build a feature than it does for the bureaucracy within a big tech company to actually go through the rest of the process to release that feature. And as soon as that is the case, then you have this backlog that’s basically building of like features that you’ve created versus bureaucracy, or like dead time, because you’re waiting for the bureaucracy to finish before you start the next feature.
And just as I was doing the math there, it’s incredibly, incredibly unproductive for the company as a whole, and just dramatically slows down the ability to actually like release features and push the pace of your product. So in terms of, you asked me like predictions, I’ll be curious to see over the next handful of years here or next decade, how that plays out. I wouldn’t be surprised if there is more trust placed in startups in the future and kind of less of a innate competitive advantage for the massive like cybersecurity and broader tech behemoths that exist today, just because, one, like the product, rate of deployment and rate of development would be so much faster for startups. Two, it’s become easier and easier for startups to become, like, compliant with some of these basic controls. SOC2 is probably a great example of that, where now, with all the technology that exists to expedite SOC2 compliance, there’s like series seed startups that are SOC2 compliant, right? So you’re kind of checking these boxes that enterprises need a little bit earlier.
And again, it’s also just easier to build a high fidelity product with only, like, a year behind the company. So this is kind of like maybe a little bit of a wilder prediction, but I’ll be interested to see how this one plays out.
CB: Cool. So want to jump into a couple listener questions that we have to wrap up the podcast. You talk to a lot of founders that probably tell you all about successes, challenges they’ve had. Do you think that the founders learn more from their wins or from what went wrong along the way?
KM: Hmm. I feel like this is a, this is almost like a variant of Guy’s question, like, do you think it was luck or skill, right? I think in general, the losses just stick in your head much more than the wins do, right? I think that’s human psychology and the whole concept of like loss aversion, right? But so I think those stick much more and naturally will just lead you to like over emphasizing, or maybe not over emphasizing, but at least emphasizing what you can learn from those experiences. That’s probably the short of it.
CB: Absolutely agreed. And then who is your dream guest?
KM: Yeah, you know, this is kind of a funny one. I I’ve thought about this a bit over time, and I feel like it’s, it’s changed, but I would say the CEO of [redacted], which I think the company actually, like, went out of business. I could be wrong about that, but, this was one, they were basically, the idea was like, how do you hack back? Essentially, so basically, try to take down attacker infrastructure directly. And I just thought this was a super interesting concept and very different than other cybersecurity businesses that existed.
Now, if we’re standing here today, like mid 2025, right? It’s a bit of a different story, and there’s definitely much more appetite, I would say, for the offensive cyber market. But I’ve been trying to get Max from [redacted] on the show for, I mean, probably since, like, the first year on the podcast. I think I’d send them a couple emails or LinkedIn messages or something like that. So it’s not like I was doing backflips trying to make it happen, but, but, yeah, that that feels like one that maybe got away a little bit and just would have been a fun conversation. That’s a very different angle of the cybersecurity space. Yeah, that would be super fun.
CB: Cool. Well, thank you so much, Kyle for coming on and talking about your podcast. So bi weekly on Tuesdays, is that the posting schedule, right? Yeah, that’s exactly right. Anything interesting coming up, you want to you want to plug?
KM: Oh, man, there’s a few coming up. I mean, I think, like, if you’re interested in cybersecurity startups, then all of them, yeah, it’s worth checking out. There’s like, a identity company coming up, but it’s kind of always changing, right? So, so I would say, if you’re interested in the broader space, then it’s worth following along and just seeing if one of the businesses sticks.
CB: Yeah, sounds great. Well, thanks for coming on and chatting with us. We learned a bunch, and we’ll look forward to catching up again soon.
KM: Yeah, thank you both. Really appreciate the opportunity.
CB: Thank you for joining us in today’s episode of Inside the Media Minds. To learn more about our podcast and hear all of our episodes, please visit us at w2comm.com/podcast, and follow us on Twitter @MediaMindsShow, and you can subscribe anywhere podcasts are found.