Starting a company is hard. Doing it solo is harder. And like many other people in cybersecurity, for me, imposter syndrome is real.
My journey from industry expert to solo founder to acquisition is both unique and entirely stereotypical. I made (and probably continue to make) all the mistakes that other founders warn you about—the same mistakes they experienced themselves. Maybe these should be framed less as warnings and more as the trials and tribulations that come with starting a business; the dues every founder pays along the way.
I wasn't even sure if I should write this blog for fear of self-aggrandizing —but I think back to all that time spent in my head, questioning every move, feeling a bit isolated, and realize this was exactly the kind of blog I would've connected with during those times. Because going solo is hard.
TLDR: I joined Tidal Cyber because it was an obvious fit at the right time. Zero-Shot's NARC technology complements Tidal Cyber's mission of Threat-Informed Defense so perfectly that this acquisition is truly more of a joining of forces than one entity swallowing another—it's an evolution of what I set out to tackle as a solo founder.
Read on to understand my journey to this point and possibly some fragments of wisdom for entrepreneurs (regurgitated from people much smarter than me).
"Solve a specific problem" is probably one of the first pieces of advice you hear when learning about startups—it's evergreen because it's the genesis of everything else. Take it a step farther – if your business doesn't solve a problem, then you don't have a business. Once you know the problem you’re solving, many other pieces naturally fall into place: who to market to, who to sell to, who to hire. It all starts with the problem.
Before starting Zero-Shot Security, I spent eight years as an intelligence analyst, with stints at Digital Shadows (later acquired by Reliaquest), MITRE, and Red Canary, working alongside some of the best security minds in the industry. My career spanned intelligence collection, geopolitics, security operations, national and foreign policy, and detection engineering—each one substantial enough to be an entire career path on its own. As a threat intelligence analyst, you learn to balance technical depth with strategic vision when communicating your work—a skill that translated directly into my role as a founder.
Zero-Shot’s problem to solve was MITRE ATT&CK mappings. Throughout my career, there’s only been a handful of challenges that came up time and time again at each role I’ve had and each project I’ve worked on – one of them is knowing which MITRE ATT&CK technique is being described in a threat report.
Early versions of Zero-Shot's product had a lot of things built around this core problem. I’d built an entire threat library that would update automatically as new information came in, complete with timelines, ATT&CK mappings, and fresh analysis that updated constantly. I built all this up front with no customer guidance, thinking this was what was really needed to make the solution worth buying.
But it was too much stuff. I'd essentially recreated another threat intelligence platform, of which there are plenty. That wasn't the goal, nor was it the solution to the problem I'd set out to solve. I'd created a product that began solving the same problem that threat intelligence platforms (Mandiant, Crowdstrike, Microsoft, etc.) had been solving for years, just with a unique ATT&CK mappings feature tacked on.
Realizing this, I boiled off the excess, and NARC was born – an API dedicated to one thing: labeling textual descriptions of threat behaviors with MITRE ATT&CK techniques. We weren’t trying to “solve” threat intelligence anymore; we were solving a specific problem within threat intelligence that hadn’t been solved before.
This wasn't an instant revelation—after all, I'd spent a not-insignificant amount of time building something that only tangentially solved my target problem. But it was a crucial lesson learned—one that other founders would benefit from learning as fast as possible. You might have to go through the trial of building too much, but being able to recognize it and pivot quickly is key.
In my case, that failure led to a win. Tidal Cyber’s platform allows organizations to look across their entire security stack (EDR, SIEM, Network, etc.) and rapidly understand where their protections are solid, and which need improvement. To do this effectively, you need a common framework to orient everything around – enter ATT&CK. To say “X security product defends against Y threat,” you need to know what TTPs are being used. And to get that granular level of detail at scale, you need an accurate way to map threat reporting to ATT&CK…and you see where I’m going with this.
This laser focus on solving one previously unsolved problem marked the turning point for NARC, turning Tidal into a customer and eventually leading to their acquisition of Zero-Shot.
Being able to argue is a valuable skill – ask any lawyer. “Argument” might sound like a charged word, but let’s reframe it. At its core, an argument is just a clash of different opinions. Sure, when you’re arguing with friends or family, it can get heated – that familiar urge to be right and ‘win’ takes over. But it doesn't have to be that way.
In the real world, opinions evolve as new information surfaces (or old information gets a fresh look). Watch how lawyers argue their cases, or a threat intel analyst communicates their findings—there's no heat, just precision. So, if it's not emotion driving a lawyer's argument or a threat intel analyst's assessment, then what is it? I'd argue (see what I did there) that it's conviction.
CONVICTION: a fixed or firm belief; the act of convincing a person by argument or evidence
"Have conviction" is another piece of evergreen startup advice, and for good reason. Even though I'd learned to navigate opinions and arguments as a threat intelligence analyst, building a product and starting a company was a whole new arena with different stakes (just my livelihood, no big deal). My conviction was fairly strong when the product included all the threat intelligence bells and whistles. But after condensing it down to the core uniqueness of accurate and fast ATT&CK mappings, it went through the roof. I knew, beyond a shadow of a doubt, that NARC solved that problem. And THAT is the level of conviction you need as a founder.
Tidal Cyber's conviction is that Threat-Informed Defense is the best possible way to operationalize ATT&CK and achieve a secure organization. There hadn't been an easy way to look across your whole security stack and layer a threat across all your solutions to truly understand where you may or may not be able to prevent, detect, or monitor for threat behavior.
My conviction about NARC comes from the accuracy of its ATT&CK mappings. Manually finding techniques within threat reporting is no small task and can be somewhat subjective for the less obvious TTPs—it's easy to spot T1059.001 PowerShell usage but less obvious to determine if a threat is doing T1055.012 Process Hollowing vs. T1055.013 Process Doppelgänging. It requires a healthy mix of technical expertise and operational context to truly understand everything happening.
NARC isn't right every single time (yet)—but a solution that gets me 80-90% of the way there in seconds or minutes, versus a task that typically takes multiple hours of manual work by security experts? I'll take that alternative any day. That was my conviction when pitching NARC—it came from knowing without a doubt that Zero-Shot solved the problem I’d set out to solve.
These convictions—Zero-Shot's and Tidal Cyber's—align so well that we mutually benefit from both our initial customer relationship and now this acquisition.
As Tidal Cyber's Director of AI, I’m collaborating with the team to firm up our plans for this year—some obvious, like improvements to NARC and integration into Tidal Cyber's platform. Others we're keeping under wraps, for now. Security is core to everything Tidal Cyber does, which often intersects with common concerns about AI adoption. I get it—there's skepticism about companies jumping on the AI bandwagon just because it's trendy. But I don't subscribe to "AI for AI's sake." My goal has always been to solve problems that wouldn't be possible to solve otherwise. NARC is proof of this approach—it simply wouldn't exist without recent LLM advancements, and it solves a real problem that security teams face daily. If you're hesitant about AI in security, I encourage you to reach out and discuss your concerns.
As a founder, starting a company means making countless decisions. At the end of the day, if you make more decisions that feel right than wrong, you're coming out ahead. When we started talking about the potential for an acquisition, the decision was one of the biggest I had faced. But when I considered being able to continue working on something I built, expand it to more users, with support from extremely talented colleagues, joining forces with Tidal Cyber felt right.
Sometimes, it really can be that simple.