MACH37 Portfolio Company Spotlight:

Now we can have both High Security and High Convenience

The pain of passwords is a common issue in today’s world for both users and companies alike. There are either too many passwords to remember, or not enough diversity between them to keep your accounts safe. With breaches resulting from inadequate authentication happening every day, companies are scrambling to define stronger password controls. Verizon states that almost 67% of all hacks occur in some way due to stolen or compromised credentials. But what can be done to change a system that has become so pervasive across the world?

This is where Status Identity’s origin story begins. Our company seeks to provide a solution for the competing priorities of password security and convenience. The increasing complexity of authentication mechanisms was resulting in productivity losses for corporations, and frustrations for their employees. Status Identity brings to market a solution that keeps passwords in their place, but adds a second factor to reduce the risk of that log-in for the enterprise. This is a rapidly growing space called multi-factor authentication (MFA). MFA requires users to validate their identity with answers/factors from two of the following categories: something the user knows (a secret), has (a specific possession), and is (a physical characteristic). While the password has always exacted as a secret that the end-user knows, Status Identity looked at the second factor differently in order to increase security and convenience simultaneously.

Common solutions today send passcodes through phone calls and text messages to authenticate users. With these methods, security relies on third-parties (telecom companies), and hackers have been able to spoof connections to secretly assume users’ phone numbers. The National Institute for Standards and Technology (NIST) has looked at this and recommended that these forms of MFA be replaced. And we can’t forget how much friction is created when users are required to enter in these codes on web pages, perhaps mistyping a single digit causing the whole process to start all over again. So what are we left with?

Status Identity’s solution uses an android or iOS application that resides on the end-user’s phone for quick and convenient MFA. This application interfaces with Status Identity’s authentication service to confirm or deny access. The benefits of utilizing the phone are numerous, as users always have their phone readily accessible to them and have become very used to the features the phone offers for a second-factor of authentication. These same features are leveraged within the app: the user can confirm or deny their access via a push notification, biometric authentication (such as TouchID), soft-tokens, and many other manners. However, the biggest difference that Status identity provides is “Passive MFA”. So what exactly is Passive MFA?

Passive MFA provides corporations and security professionals the security of an additional point of verification without any active involvement required from the end user. Rather than require the end user to take additional steps after entering a single set of credentials, Status Identity simply pings their mobile device and captures data to ensure their behavior is consistent with prior patterns, and contextually relevant. For example, when a user logs-in and types their username and password correctly, Status Identity would then make sure that the user’s phone is in the right area and that the application being accessed is a normal application for this user amongst other criteria. If something seems anomalous, the service would prompt the user to authenticate via one of the above mentioned factors. This logic is built so that the user has the ability to earn the trust of the service and gain access to passive authentication.

Status Identity’s objective is to make the authentication process as easy as possible so that security is an inherent part of your day. If we can leverage several data points at each point of log-in and adapt the optimal authentication mechanism during each access event, we should be able to solve the pain that passwords have caused for many years.

–  Nakul Munjal, Status Identity Chief Executive Officer


MACH37 2.0 by Tom Weithman

TomWAs MACH37’s President and Chief Investment Officer, I was delighted last week to welcome our Fall 2017 cohort class. The 6 new companies of this, our “F17 cohort,” make up the 9th such class of MACH37, our nation’s first and preeminent accelerator dedicated solely to the launch and development of new cybersecurity start-ups.

We are proud to build on a strong past record of success. With start-up representation in its deal-flow to-date from 29 countries, MACH37 has truly emerged as a global brand. We are proud of having hit upon a formula that has allowed us to launch 46 new cyber companies since the program started in 2013. Our model has helped over 60% of MACH37 graduates succeed in raising funding post-demo day. We are proud that MACH37’s financial sponsors and supporters – among them General Dynamics, MITRE, and SAP NS2 have testified to the value of our program. We are proud of our acknowledgement by the broader cybersecurity community as the “go-to” resource for security entrepreneurs. We build on this successful track record as we move forward with the Fall MACH37 class – ninth in chronology but the first of what we have come to consider “MACH37 2.0.”

So what’s changed?

New MACH37 Team Members: Mary Beth Borgwing (Left) and Jason Chen (Right)

Team Additions
As members of the founding MACH37 management, Chief Technology Officer Dave Ihrie and I were present at the creation of MACH37 in the Spring of 2013. This fall, for MACH37 2.0, we have welcomed on-board four new teammates:

      • Jason Chen – Managing Director of Operations. Jason brings to us a rich experience as a consultant, early stage investor and serial entrepreneur. Most recently, Jason has served as Techstars Entrepreneur-in-Residence, Director of Techstar’s Start-up Next Cybersecurity DC pre-accelerator program, and co-founder of cybersecurity training start-up HackEd.
      • Mary Beth Borgwing – Managing Director of Cyber. Mary Beth is an industry executive with 30+ years of operating experience in a variety of cybersecurity companies. Most recently, Mary Beth served as President and CEO of Lemonfish, a data breach discovery and AI analytics company that was acquired in March, 2017.
      • Jennifer Quarrie – Director of Knowledge and Innovation Strategy. Jennifer is a professional innovation strategist and entrepreneur who uses applied creativity and innovation to facilitate organizational transformation. She combines her instructional design skills and research in cognition, learning, well-being and listening with 17 years of international business experience to teach applied creativity and innovation across the public and private sectors.
      • Mike Ravenscroft – Associate Director of Operations. A former consultant for the Advisory Board and founding team member of the Smart Cities Accelerator, Mike will be working closely with Jason on the day-to-day operations of MACH37.

This team will be instrumental in MACH37’s drive to accelerate the industry’s next great cybersecurity start-ups.

Co-Location with CIT GAP Funds
Our discussions with MACH37 graduates consistently point to the benefit of closer linkage between MACH37 classes and other start-ups, specifically citing start-ups in the CIT GAP Funds portfolio. Acknowledged by organizations such as CB Insights, Entrepreneur Magazine and the Association for Corporate Growth as an industry leading venture investor, CIT GAP Funds has placed over 180 seed and early stage investments since its 2004 launch. Along the way, CIT GAP Funds has quietly built up a reputation as one of the nation’s leading early stage cybersecurity financiers with a deal sheet including investments such as Invincea, Distil Networks,, ThreatQ and Divvy Cloud. As CIT GAP Funds has bankrolled all 46 of MACH37’s seed investments, it made sense to foster greater synergies between the two portfolios. In MACH37 2.0, we have physically co-located the CIT GAP Funds Investment Team and MACH37. We realized still greater density of entrepreneurial activity by folding the Smart Cities Accelerator into a single common work space. These linkages offer the F17 cohort an unprecedented concentration and diversity of perspective on the new business formation process and a heightened visibility to members of the downstream investor community likely to back MACH37 deals.

Curriculum Enhancements
MACH37 2.0 introduces a pair of enhancements to the past MACH37 training program. Curriculum changes deepen MACH37’s reliance on the Lean Start-Up methodology and place a greater emphasis on customer development by introducing the GOOTB (“get out of the building”) approach. Our commitment to these twin principles emphasizes continuous interaction throughout the program by accelerator companies with real-world cybersecurity industry experts. Our curriculum and cohort management approach will challenge MACH37 companies to leave the comfort of the office and literally “get out of the building” to test their assumptions, pivot, and rapidly hone their go-to-market strategy in a real world setting through brokered meetings with potential customers, partners, and investors. These enhancements will produce more “shots on goal” by MACH37 graduates for our founders and their customers and investors.

Re-Focus on STARS Mentor Network
MACH37 has long been differentiated by its broad and deep, cybersecurity industry-specific “STARS” mentor network. In MACH37 2.0, we draw on this network with renewed vigor and focus. Through the assignment of “lead mentors” and formation of advisory “kitchen cabinets” for each MACH37 company, we will provide founding teams with extensive one-on-one mentorship from cybersecurity industry experts in sales, marketing, product development, and venture capital investment. This coupling of MACH37 instructional processes and business advice delivered by business and technical savvy mentors will create valuable connections that provides MACH37 startups the competitive advantage required to attain market leadership and customer traction. Again, think “customers … early and often.”

MACH37 Fall 2017 Meet the Cohort – Fireside Chat with Dov Yoran and Ely Kahn

MACH37 “Gets Out of the Building”
In MACH37 2.0, the accelerator itself will live by the principles it espouses, maximizing exposure to partners and accelerator stakeholders throughout the region. To do this, we are taking our Fall 2017 flagship MACH37 events – including our “Meet the Cohort” event, “Security Leaders Dinners” series and “Demo Day” – to multiple locations along the Northern Virginia’s Metro Corridor.

Our Meet the Cohort event kicked off our Fall 2017 event series last week at SineWave Technologies in Crystal City. The event featured a lively fireside chat with Ely Kahn, Co-Founder of Sqrrl, and Dov Yoran, Senior Director, Business Development at Cisco Systems.

Next Wednesday, we will host our MACH37 Fall 2017 Security Leaders Reception featuring Dr. Mark Maybury, Vice President of the Intelligence Portfolio for The MITRE Corporation. For more information on this event and others, visit our website:

From all reports, the entire MACH37 community – the F17 class, past MACH37 graduates as well as our sponsors, mentors and other investor and corporate stakeholders – are as excited as we are about MACH37 2.0. We’re not turning MACH37 upside down … just inside-out. We hope you’ll come along for the ride!

–  Tom Weithman, MACH37 President and Chief Investment Officer