Monday.com raises $150M more, now at $1.9B valuation, for workplace collaboration tools

Workplace collaboration platforms have become a crucial cornerstone of the modern office: workers’ lives are guided by software and what we do on our computers, and collaboration tools provide a way for us to let each other know what we’re working on, and how we’re doing it, in a format that’s (at best) easy to use without too much distraction from the work itself.

Now, Monday.com, one of the faster growing of these platforms, is announcing a $150 million round of equity funding — a whopping raise that points both to its success so far, and the opportunity ahead for the wider collaboration space, specifically around better team communication and team management.

The Series D funding — led by Sapphire Ventures, with Hamilton Lane, HarbourVest Partners, ION Crossover Partners and Vintage Investment Partners also participating — is coming in at what reliable sources tell me is a valuation of $1.9 billion, or nearly four times Monday.com’s valuation when it last raised money a year ago.

The big bump is in part to the company’s rapid expansion: it now has 80,000 organizations as customers, up from a mere 35,000 a year ago, with the number of actual employees within those organizations numbering as high as 4,000 employees, or as little as two, spanning some 200 industry verticals, including a fair number of companies that are non-technical in their nature (but still rely on using software and computers to get their work done). The client list includes Carlsberg, Discovery Channel, Phillips, Hulu and WeWork and a number of Fortune 500 companies.

“We have built flexibility into the platform,” Roy Mann, the CEO who co-founded the company with Eran Zinman, which is one reason he believes why it’s found a lot of stickiness among the wider field of knowledge workers looking for products that work not unlike the apps that they use as average consumers.

All those figures are also helping to put Monday.com on track for an IPO in the near future, said Roy Mann, the CEO who co-founded the company with Eran Zinman.

“An IPO is something that we are considering for the future, he said in an interview. “We are just at 1% of our potential, and we’re in a position for huge growth.” In terms of when that might happen, he and Zinman would not specify a timeline, but Mann added that this potentially could be the last round before a public listing.

On the other hand, there are some big plans up ahead for the startup, including adding in a free usage tier (to date, the only free on Monday.com is a free trial, all usage tiers have been otherwise paid), expanding geographically and into more languages, and continuing to develop the integration and automation technology that underpins the product. The aim is to have 200 applications working with Monday.com by the end of this year.

While the company is already generating cash and it has just raised a significant round, in the current market, that has definitely not kept venture-backed startups from raising more. (Monday.com, which first started life as Dapulse in 2014, has raised $234.1 million to date.)

Monday.com’s rise and growth are coming at an interesting moment for productivity software. There have been software platforms on the market for years aimed at helping workers communicate with each other, as well as to better track how projects and other activity are progressing. Despite being a relatively late entrant, Slack, the now-public workplace chat platform, has arguably defined the space. (It has even entered the modern work lexicon, where people now Slack each other, as a verb.)

That speaks to the opportunity to build products even when it looks like the market is established, but also — potentially — competition. Mann and Zinman are clear to point out that they definitely do not see Slack as a rival, though. “We even use Slack ourselves in the office,” Zinman noted.

The closer rivals, they note, are the likes of Airtable (now valued at $1.1 billion) and Notion (which we’ve confirmed with the company was raising and has now officially closed a round of $10 million on an equally outsized valuation of $800 million), as well as the wider field of project management tools like Jira, Wrike and Asana — although as Mann playfully pointed out, all of those could also feasibly be integrated into Monday.com and they would work better…

The market is still so nascent for collaboration tools that even with this crowded field, Mann said he believes that there is room for everyone and the differentiations that each platform currently offers: Notion, he noted as an example, feels geared towards more personal workspace management, while Airtable is more about taking on spreadsheets.

Within that, Monday.com hopes to position itself as the ever-powerful and smart go-to place to get an overview of everything that’s happening, with low-chat noise and no need for technical knowledge to gain understanding.

“Monday.com is revolutionizing the workplace software market and we’re delighted to be partnering with Roy, Eran, and the rest of the team in their mission to transform the way people work,” said Rajeev Dham, managing partner at Sapphire Ventures, in a statement. “Monday.com delivers the quality and ease of use typically reserved for consumer products to the enterprise, which we think unlocks significant value for workers and organizations alike.”

No Jail Time for “WannaCry Hero”

Marcus Hutchins, the “accidental hero” who helped arrest the spread of the global WannaCry ransomware outbreak in 2017, will receive no jail time for his admitted role in authoring and selling malware that helped cyberthieves steal online bank account credentials from victims, a federal judge ruled Friday.

Marcus Hutchins, just after he was revealed as the security expert who stopped the WannaCry worm. Image: twitter.com/malwaretechblog

The British security enthusiast enjoyed instant fame after the U.K. media revealed he’d registered and sinkholed a domain name that researchers later understood served as a hidden “kill switch” inside WannaCry, a fast-spreading, highly destructive strain of ransomware which propagated through a Microsoft Windows exploit developed by and subsequently stolen from the U.S. National Security Agency.

In August 2017, FBI agents arrested then 23-year-old Hutchins on suspicion of authoring and spreading the “Kronos” banking trojan and a related malware tool called UPAS Kit. Hutchins was released shortly after his arrest, but ordered to remain in the United States pending trial.

Many in the security community leaped to his defense at the time, noting that the FBI’s case appeared flimsy and that Hutchins had worked tirelessly through his blog to expose cybercriminals and their malicious tools. Hundreds of people donated to his legal defense fund.

In September 2017, KrebsOnSecurity published research which strongly suggested Hutchins’ dozens of alter egos online had a fairly lengthy history of developing and selling various malware tools and services. In April 2019, Hutchins pleaded guilty to criminal charges of conspiracy and to making, selling or advertising illegal wiretapping devices.

At his sentencing hearing July 26, U.S. District Judge Joseph Peter Stadtmueller said Hutchins’ action in halting the spread of WannaCry was far more consequential than the two malware strains he admitted authoring, and sentenced him to time served plus one year of supervised release. 

Marcy Wheeler, an independent journalist who live-tweeted and blogged about the sentencing hearing last week, observed that prosecutors failed to show convincing evidence of specific financial losses tied to any banking trojan victims, virtually all of whom were overseas — particularly in Hutchins’ home in the U.K.

“When it comes to matter of loss or gain,” Wheeler wrote, quoting Judge Stadtmeuller. “the most striking is comparison between you passing Kronos and WannaCry, if one looks at loss & numbers of infections, over 8B throughout world w/WannaCry, and >120M in UK.”

“This case should never have been prosecuted in the first place,” Wheeler wrote. “And when Hutchins tried to challenge the details of the case — most notably the one largely ceded today, that the government really doesn’t have evidence that 10 computers were damaged by anything Hutchins did — the government doubled down and issued a superseding indictment that, because of the false statements charge, posed a real risk of conviction.”

Hutchins’ conviction means he will no longer be allowed to stay in or visit the United States, although Judge Stadtmeuller reportedly suggested Hutchins should seek a presidential pardon, which would enable him to return and work here.

“Incredibly thankful for the understanding and leniency of the judge, the wonderful character letter you all sent, and everyone who helped me through the past two years, both financially and emotionally,” Hutchins tweeted immediately after the sentencing. “Once t[h]ings settle down I plan to focus on educational blog posts and livestreams again.”

The Good, the Bad and the Ugly in Cybersecurity – Week 30

The Good

The NSA, which has something of a reputation for offensive security practices, is to launch a defensive division called the Cybersecurity Directorate on October 1st. Its mission will be to focus on protecting the US against foreign cyber threats and involve collaborating with other US government departments such as US Cyber Command, the FBI and Homeland Security. There’s also a stated promise that the new Directorate will share information “with our customers so they are equipped to defend against malicious cyber activity”. Wondering just who the NSA’s customers are? That’d be the Five Eyes partners and other government departments, including the President. It’ll be interesting to see if the new Directorate takes a similar approach to US Cyber Command and shares some of that intel with the public and the rest of the security industry.

image of nsa on twitter

However, don’t let the new emphasis on defense fool anyone into thinking the NSA are getting all warm and fluffy. After making the announcement, NSA director General Nakasone implicitly warned any potential foreign enemies that “The American public should rest assured that there will be consequences for taking the US on.”

More good news for the NSA this week as confirmation of news @VK_Intel first broke on this blog back on May 9th came in that their (ahem…the) Eternalblue toolkit was not in fact involved in the Baltimore ransomware incident. City of Baltimore Mayor Bernard C. “Jack” Young confirmed the ransomware attack they experienced (Robinhood ransomware) was not caused by BlueKeep nor Eternalblue

The Bad

Another day, another data breach…it’s not uncommon to hear of data breaches these days that leak millions of user records, so the estimated 5 million people affected by a breach of the Bulgarian tax office might not seem like big news until you factor in that Bulgaria’s total population is only around 7 million people. That pretty much means every tax paying adult in the country has been affected, and reports indicate the data is already circulating online. Things may get worse for the Bulgarian government, too. Since the nation is a member of the EU and enforces GDPR data laws, it may end up having to fine itself for breach of its own cyber security regulations. Leaking the personal data of your entire adult population seems to bring new meaning to the term “nation state hacking”.

The Internet of Things (Iot) has been in the news again this week, and that rarely bodes well for security. A Brazillian botnet of 400,000 infected IoT devices has been conducting a massive DDoS campaign over 13 days against an entertainment service provider. Meanwhile, ICANN and IBM have separately warned that the massive growth of IoT devices using DNS to locate remote services could put serious stress on DNS infrastructure and result in unintentional DDoS attacks. What might happen, for example, if hundreds of thousands of devices simultaneously run DNS lookups as they try to download an automatic software update? The reports also sound the alarm over the potential for cloud-connected IoT devices to serve as an infection vector to deliver malware to corporate cloud servers.

The Ugly

It had to happen sooner or later: someone’s dropped a working exploit for BlueKeep. No, we don’t mean the Chinese language slides that surfaced last week. US government contractor Immunity have developed a working exploit and included it in their penetration testing suite, Canvas. The move has divided researchers, with some arguing it’s best that defenders can test their networks knowing that there’s bound to be some actors that have already developed private exploits, and others suggesting that publishing a working exploit will unleash a “WannaCry” style storm. For the time being, Immunity’s exploit is closed source and only available to their customers. Watch this space!

Bugs! Nobody likes them and we all love to see them squashed, but if there’s one thing worse than a bug that you have to patch it’s a patch that introduces a showstopping bug. Some Apple Mac users still running macOS 10.13 High Sierra are reporting kernel panics when their Macs sleep after applying the latest security update from the Cupertino outfit. Apple have since removed the update from their software catalog, but that’s cold comfort for those that have followed security best practice to “update early, update often”.

image of mac kernel panic

Even after reverting the system via a snapshot, it appears the issue remains, which suggests the update may have patched the device firmware (technically, the culprit is suspected to be a patch to the T1/T2 chip and appears not to affect models without it). Nothing to be done except wait for Apple to release a fix.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Emergence’s Jason Green joins TC Sessions: Enterprise this September

Picking winners from the herd of early-stage enterprise startups is challenging — so much competition, so many disruptive technologies, including mobile, cloud and AI. One investor who has consistently identified winners is Jason Green, founder and general partner at Emergence, and TechCrunch is very pleased to announce that he will join the investor panel at TC Sessions: Enterprise on September 5 at the Yerba Buena Center in San Francisco. He will join two other highly accomplished VCs, Maha Ibrahim, general partner at Canaan Partners and Rebecca Lynn, co-founder and general partner at Canvas Ventures. They will join TechCrunch’s Connie Loizos to discuss important trends in early-stage enterprise investments as well as the sectors and companies that have their attention. Green will also join us for the investor Q&A in a separate session.

Jason Green founded Emergence in 2003 with the aim of “looking around the corner, identifying themes and aiming to win big in the long run.” The firm has made 162 investments, led 64 rounds and seen 29 exits to date. Among the firm’s wins are Zoom, Box, Sage Intacct, ServiceMax, Box and SuccessFactors. Emergence has raised $1.4 billion over six funds.

Green is also the founding chairman of the Kauffman Fellow Program and a founding member of Endeavor. He serves on the boards of BetterWorks, Drishti, GroundTruth, Lotame, Replicon and SalesLoft.

Come hear from Green and these other amazing investors at TC Sessions: Enterprise by booking your tickets today — $249 early-bird tickets are still on sale for the next two weeks before prices go up by $100. Book your tickets here.

Startups, get noticed with a demo table at the conference. Demo tables come with four tickets to the show and prime exhibition space for you to showcase your latest enterprise technology to some of the most influential people in the business. Book your $2,000 demo table right here.

David and Goliath: Approaching the ‘deal’

It is a simple question with a complex answer. How does a startup get from zero to execution when negotiating contracts with potential customers that are large enterprises? The 800-pound gorillas. Situations in which your negotiating leverage is limited (often severely so).

As a commercial contracts attorney, clients often ask me about the one right way to approach deals. Many are looking for a cheat sheet of universal terms they should push for in contracts. But there is no one answer.

Deals are not cookie-cutter, and neither are the contracts on which they are built. That said, a basic framework can help provide startups with some grounding to better think about negotiations with large enterprises. The idea is to avoid over-lawyering, and instead approach the discussion with a legally prudent yet deal-centric mindset.

There are generally six overarching considerations as you head into negotiations with large, enterprise organizations.

MegaCortex | Malware Authors Serve Up Bad Tasting Ransomware

This year’s uptick in new ransomware attacks continues with the emergence of the MegaCortex malware, first seen in May and engaging in targeted attacks on corporate networks throughout June and July 2019. Although the infection vector isn’t known at this time, it is likely spread through phishing emails, poisoned attachments or trojan installers. Analysis shows that MegaCortex makes a deliberate attempt to avoid both enterprise security solutions and specific business management software products and delivers a particularly unpleasant ransom note on top. In this post, we dig in to the MegaCortex ransomware and take it for a test drive on one of our endpoints.
 

Background to MegaCortex Ransomware

MegaCortex ransomware continues the recent trend of targeted ransomware specifically looking to compromise and extort money from enterprise victims.

The ransom demand starts out at 2-3 BTC, which at today’s prices represents somewhere in the region of US $20,000 – $30,000. The attackers warn that the demand could rise to as much as 600 BTC (about US $6 million), presumably if the victim tries to hold off paying or if the attackers think the victim can be coerced into paying so much.

image of bitcoin value

Analysis by researcher Vitali Kremez shows that MegaCortex has some interesting functions, including a process killer that targets a number of enterprise level programs such as the Proficy Suite Operations Management software and Gemalto digital identity services.

image of megacortex process killer

 
The MegaCortex ransomware also attempts to take a pot-shot at a number of SentinelOne processes, although as we will see below, the agent’s anti-tampering protection makes MegaCortex’s attempt to kill the SentinelOne processes quite unsuccessful.

Who is Behind MegaCortex Malware?

In order to get past basic security measures, the authors’ of the sample we obtained signed the file with a digital signature.

77ee63e36a52b5810d3a31e619ec2b8f5794450b563e95e4b446d5d3db4453b2

The sample was compiled on the 15th July, 2019, two days before appearing on VirusTotal, and bears a Thawte CA certificate, signed with the name “ABADAN PIZZA LTD”. The product is named “Pizza Napoletana”, described as a “Helper Library” (as we’ll see when we discuss the ransom note below, the authors’ appear to be quite the jesters…).

image of megacortex signed by abadan pizza

Abadan Pizza Ltd turns out to be the name of a UK registered company. It was originally registered, along with a number of other food-related businesses, to an address at 13, Mary Street in Sunderland, North East, England on May 3rd, 2017.

image of Abadan Pizzas in Sunderland

Five days later it changed its registered office to another small business address in Chester Road of the same city (pictured below) before changing it back to its original address in Mary Street in January of 2019. Although there are Italian restaurants in both locations, there doesn’t appear to be an actual shop front with the name ‘Abadan Pizza’ in either street at the time Google Maps drove by. Perhaps they moved into Gentlemen’s hairdressing, though, as there does appear to be an ‘Abadan Barbers’ shop at the second of the two registered addresses

image of megacortex abadan barber

Of course, the link between the name of the business and the name used to sign the malware is likely entirely coincidental and we have no evidence to suggest that the business owners have any knowledge or involvement with the MegaCortex malware. More than likely, they are random victims of the malware authors’ odd sense of humor. It remains an interesting speculation, though, as to whether the malware authors’ picked the name out of a random internet search from halfway across the world or whether the malware authors are or were at some time located in the vicinity of the Abadan Pizza company’s registered addresses.

We Don’t Work For Food!

As we’ve noted, the amount of ransom demanded is clearly aimed at enterprise customers, but MegaCortex’s ransom note also displays an unusual amount of unnecessary grandstanding. Rather than just getting down to business and ensuring the victim has clear incentives and instructions to pay like malware strains such as RobinHood ransomware do, MegaCortex chooses instead to first taunt and then mock its victims, explaining that – candidly, if callously enough – any appeals to the criminals’ better nature would be a waste of everyone’s time. Perhaps playing on the name of their adopted code signatory, Abadan Pizza, the ransom note mockingly tells the victim that they “don’t work for food”.

Remember ! We don’t work for food.
You have to pay for decryption in Bitcoins (BTC).
If you think you pay $500 and you’ll get the decryptor, you are 50 million light years away from reality 🙂
If you don’t have the money don’t even write to us.
We don’t do charity !

image of megacortex ransom note 3

The developers of MegaCortex demonstrate a clear understanding of business software suites and knowledge of enterprise security solutions. This suggests that the actors are not as immature as the language in the ransom note may be trying to suggest. The grammar errors in the ransom note also look somewhat artificial and inconsistent with the overall level of linguistic competency on display.

Demonstration of MegaCortex Ransomware

Let’s take a look at what happens on a victim’s machine when infected with MegaCortex. We’ll set the policy of the SentinelOne agent to “Detect only” so that we can observe the malware in action. Typically, however, enterprise customers would use the ‘Protect’ policy in a real deployment, which would not just detect the malware but also block its execution.

With the policy set to allow MegaCortex to run, we first see on the agent side that the ransomware begins scanning for files to infect.

image of megacortex scanning

At this point, the SentinelOne agent, which the malware failed to evade, is detected by the behavioral engine.

image of megacortex detected on agent

From the administrator’s or SOC analyst’s point of view, the SentinelOne management console alerts on the threat in the Dashboard. Looking at the analysis, the precise reason for the detection is given.

image of megacortex detection in console

The attack story line also reveals MegaCortex’s failed attempt to circumvent the SentinelOne agent.

image of megacortex fails to avoid sentinelone

At this point on the agent side, since we were using the Detect-only policy, the user’s files have been encrypted by the malware. However, now that we’ve seen enough of MegaCortex, it’s time to remediate the machine. One click rolls back the infection and returns all the user’s files to their unencrypted state.

image of megacortex rolled back

If you’d like to see the full demo in action, check out the video below.

Conclusion

Criminals motivated primarily by financial gain have returned to ransomware as their go-to choice of malware in 2019 as a result of both a resurgence in the value of Bitcoin and the decline of easy-money from cryptomining after the closure of Coinhive. This is a trend we expect to see continue throughout 2019 as ransomware attacks have proven devastatingly successful where enterprises are not protected by a comprehensive security solution like SentinelOne. If you’re not already protected by SentinelOne, now is a great time to try a free demo to see how our autonomous endpoint detection and response solution can keep your business safe.


Like this article? Follow us on LinkedIn, Twitter, YouTube or Facebook to see the content we post.

Read more about Cyber Security

Analytics startup Heap raises $55M

Since co-founding Heap, CEO Matin Movassate has been saying that he wants to take on the analytics incumbents. Today, he’s got more money to fund that challenge, with the announcement that Heap has raised $55 million in Series C funding.

Movassate (pictured above) previously worked as a product manager at Facebook, and when I interviewed him after the startup’s Series B, he recalled the circuitous process normally required to collect and analyze user data. In contrast, Heap automatically collects data on user activity — the goal is to capture literally everything — and makes it available in a self-serve way, with no additional code required to answer new queries.

The company says it now has more than 6,000 customers, including Twilio, AppNexus, Harry’s, WeWork and Microsoft.

With this new funding, Heap has raised a total of $95.2 million. The plan is to fund international growth, as well as expand the product, engineering and go-to-market teams.

The Series C was led by NewView Capital, with participation from new DTCP, Maverick Ventures, Triangle Peak Partners, Alliance Bernstein Private Credit Investors, Sharespost and existing investors (NEA, Menlo Ventures, Initialized Capital and Pear VC). NewView founder and managing partner Ravi Viswanathan is joining the startup’s board of directors.

“Heap offers an innovative approach to automating a company’s analytics, enabling a variety of teams within an organization to obtain the data they need to make educated and, ultimately, smarter decisions,” Viswanathan said in a statement. “We are excited to team up with Heap, as they continue to develop their cutting edge software, expand their analytics automation offerings and help serve their growing numbers of customers.”

Arrcus snags $30M Series B as it tries to disrupt networking biz

Arrcus has a bold notion to try and take on the biggest names in networking by building a better networking management system. Today it was rewarded with a $30 million Series B investment led by Lightspeed Venture Partners.

Existing investors General Catalyst and Clear Ventures also participated. The company previously raised a seed and Series A totaling $19 million, bringing the total raised to date to $49 million, according to numbers provided by the company.

Founder and CEO Devesh Garg says the company wanted to create a product that would transform the networking industry, which has traditionally been controlled by a few companies. “The idea basically is to give you the best-in-class [networking] software with the most flexible consumption model at the lowest overall total cost of ownership. So you really as an end customer have the choice to choose best-in-class solutions,” Garg told TechCrunch.

This involves building a networking operating system called ArcOS to run the networking environment. For now, that means working with manufacturers of white-box solutions and offering some combination of hardware and software, depending on what the customer requires. Garg says that players at the top of the market like Cisco, Arista and Juniper tend to keep their technical specifications to themselves, making it impossible to integrate ArcOS with those companies at this time, but he sees room for a company like Arrcus .

“Fundamentally, this is a very large marketplace that’s controlled by two or three incumbents, and when you have lack of competition you get all of the traditional bad behavior that comes along with that, including muted innovation, rigidity in terms of the solutions that are provided and these legacy procurement models, where there’s not much flexibility with artificially high pricing,” he explained.

The company hopes to fundamentally change the current system with its solutions, taking advantage of unbranded hardware that offers a similar experience but can run the Arrcus software. “Think of them as white-box manufacturers of switches and routers. Oftentimes, they come from Taiwan, where they’re unbranded, but it’s effectively the same components that are used in the same systems that are used by the [incumbents],” he said.

The approach seems to be working, as the company has grown to 50 employees since it launched in 2016. Garg says that he expects to double that number in the next six-nine months with the new funding. Currently the company has double-digit paying customers and more than 20 in various stages of proofs of concepts, he said.

CircleCI closes $56M Series D investment as market for continuous delivery expands

CircleCI launched way back in 2011 when the notion of continuous delivery was just a twinkle in most developers’ eyes, but over the years with the rise of agile, containerization and DevOps, we’ve seen the idea of continuous integration and continuous delivery (CI/CD) really begin to mainstream with developers. Today, CircleCI was rewarded with a $56 million Series D investment.

The round was led by Owl Rock Capital Partners and Next Equity. Existing investors Scale Venture Partners, Top Tier Capital, Threshold Ventures (formerly DFJ), Baseline Ventures, Industry Ventures, Heavybit and Harrison Metal Capital also participated in the round. CircleCI’s most recent funding prior to this round was a $31 million Series C last January. Today’s investment brings the total raised to $115.5 million, according to the company.

CircleCI CEO Jim Rose sees a market that’s increasingly ready for the product his company is offering. “As we’re putting more money to work, there are just more folks that are now moving away from aspiring about doing continuous delivery and really leaning into the idea of, ‘We’re a software company, we need to know how to do this well, and we need to be able to automate all the steps between the time our developers are making changes to the code until that application gets in front of the customer,’ ” Rose told TechCrunch.

Rose sees a market that’s getting ready to explode and he wants to use the runway this money provides his company to take advantage of that growth. “Now, what we’re finding is that fintech companies, insurance companies, retailers — all of the more traditional brands — are now realizing they’re in a software business as well. And they’re really trying to build out the tool sets and the expertise to be effective at that. And so the real growth in our market is still right in front of us,” he said.

As CircleCI matures and the market follows suit, a natural question following a Series D investment is when the company might go public, but Rose was not ready to commit to anything yet. “We come at it from the perspective of keeping our heads down trying to build the best business and doing right by our customers. I’m sure at some point along the journey our investors will be itching for liquidity, but as it stands right now, everyone is really [focused]. I think what we have found is that the bulk of the market is just starting to arrive,” he said.

Duo’s Wendy Nather to talk security at TC Sessions: Enterprise

When it comes to enterprise security, how do you move fast without breaking things?

Enter Duo’s Wendy Nather, who will join us at TC Sessions: Enterprise in San Francisco on September 5, where we will get the inside track on how to keep enterprise networks secure without slowing growth.

Nather is head of advisory CISOs at Duo Security, a Cisco company, and one of the most respected and trusted voices in the cybersecurity community as a regular speaker on a range of topics, from threat intelligence to risk analysis, incident response, data security and privacy issues.

Prior to her role at Duo, she was the research director at the Retail ISAC, and served as the research director of the Information Security Practice at independent analyst firm 451 Research.

She also led IT security for the EMEA region of the investment banking division of Swiss Bank Corporation — now UBS.

Nather also co-authored “The Cloud Security Rules,” and was listed as one of SC Magazine’s Women in IT Security “Power Players” in 2014.

We’re excited to have Nather discuss some of the challenges startups and enterprises face in security — threats from both inside and outside the firewall. Companies large and small face similar challenges, from keeping data in to keeping hackers out. How do companies navigate the litany of issues and threats without hampering growth?

Who else will we have onstage, you ask? Good question! We’ll be joined by some of the biggest names and the smartest and most prescient people in the industry, including Bill McDermott at SAP, Scott Farquhar at Atlassian, Julie Larson-Green at Qualtrics, Aaron Levie at Box and Andrew Ng at Landing AI and many, many more. See the whole agenda right here.

Early-bird tickets are on sale right now! For just $249 you can see Nather and these other awesome speakers live at TC Sessions: Enterprise. But hurry, early-bird sales end on August 9; after that, prices jump up by $100. Book here.

If you’re a student on a budget, don’t worry, we’ve got a super-reduced ticket for just $75 when you apply for a student ticket right here.

Enterprise-focused startups can bring the whole crew when you book a Startup Demo table for just $2,000. Each table gives you a primo location to be seen by attendees, investors and other sponsors, in addition to four tickets to enjoy the show. We only have a limited amount of demo tables and we will sell out. Book yours here.