We put a lot of trust in the software that we use. We trust software with our personal information, our payment details and the security of our devices. In return, we hope that software companies prioritize the security of their user data, but that’s not always the case. That is, unless something goes wrong.
“Companies tend to not take security seriously until something happens,” CESPPA CEO and co-founder Joseph Melika told Built In.
On Tuesday, LA-based cybersecurity startup CESPPA announced the closing of its $6 million seed funding round, which was co-led by Fika Ventures and Freestyle Capital. Open Raven CEO David Cole, Greenspring Associates, Knollwood Advisors and Mucker Capital — which led the company’s pre-seed round — also participated in the round.
CESPPA provides a platform to connect tech companies with a network of over 1,700 security researchers. These researchers are experts in security protocols, and know how to look for potential liabilities and risks. If a researcher spots a potential issue, they can flag it for the company to address.
Melika explains that, when a software company is getting started, its No. 1 priority, almost always, is building its product. The security of that product is often an afterthought. Once the product is built, a company may go back to make sure that product is secure. Or, a security breach may occur, forcing the company to respond.
But the same people who create software aren’t necessarily the best at finding flaws in that software, since that’s not what they specialize in. By outsourcing the work to a security researcher, the company gets to leverage their specific skills in cybersecurity.
“Developers are really good at building things and creating certain functionalities. What we do is take those things apart, and we see what else can we do,” Melika told Built In.
He continued: “If you run an internal security team, good luck finding every possible way that your entire environment can be exploited — especially while you’re on your own and doing a million other things. So that’s where we come in. We say: ‘Focus on what you do best. Go build your features, build your infrastructure, run everything, because that’s what you’re in business of doing.’ Let us be on the back end, following your breadcrumbs, while keeping tabs on all the different vulnerabilities out there.”
Numerous tech companies rely on CESPPA for their cybersecurity needs, including Veritone, CreatorIQ, Karuna Health and more. CESPPA also saw a significant uptick in demand in 2020, as the pandemic and remote work drove the adoption of digital tools. The company saw revenue triple and it became profitable this year.
“Discovering security vulnerabilities is a never-ending, sometimes painful process. Our mission is to alleviate that pain and streamline the process for tech companies. The investment will go toward growing our platform to reflect our commitment to that mission,” Melika told Built In.