An irreverent tribe focused on helping our customers love security, rebelling against the status quo and getting $#*! done
How we got started
(not in a garage… but in a barn)
It was a tweet. ¯\_(ツ)_/¯ Seriously, when co-founders Dave Merkel, Yanek Korff and Justin Bajko saw @rickhholland tweet back in late 2015 that MSSP customers had endured “the customer service equiv. of taxi drivers” they saw an opportunity.
What we found
(alerts without any good answers)
Digging deeper, we saw three big problems that were dragging the security industry down.
- Too many confusing security products delivering reams of alerts
- Not enough security talent to prioritize the alerts and effectively manage the risk
- MSSPs who had failed to deliver on their promises
And there were no good solutions. Some companies were looking at managed detection and response (MDR) providers – but MDRs added a new expense without replacing MSSPs. Most customers were suffering in silence with no alternative.
(it’s a bit unorthodox but we DO believe that you can love security)
Remember how IT used to run wires and rack servers? Thanks to cloud computing and web services they don’t do that anymore.
But if you’re in security you still spend the majority of your time in the weeds massaging alerts and operating products. Or worse, you can’t afford (or find) the people and technology to even do that.
We want to flip that equation and create space for you to do what you love about security (even if that’s thinking about it as little as possible).
(so radical we had to talk ourselves into it)
We think our approach is pretty unique. It starts with transparency. We’re busting up the proprietary black-box approach that MSSPs and MDR providers take. In our hold-your-cards-close-to-your-chest industry that’s the radical part.
Here’s what we do…
- We use the security products you’ve already bought
- Our analysts investigate alerts and monitor your environment
- When we find a problem we tell you exactly what to do about it
- We also tell you how to fix the root cause of problems that happen over and over
Transparency means that you can look behind the curtain while we’re doing ^this^ and see anything (or everything) our analysts are doing for you 24x7 while they’re doing it. Heck, we’ve even built it so you can even jump in and work collaboratively with our analysts if you want. Either way, we’ll give you answers to these questions (not more alerts).
Chief Executive Officer
Dave Merkel (aka “Merk”) is a co-founder of Expel as well as the company’s chief executive officer. He’s ultimately responsible for everything and has been frequently mistaken for Willy Wonka.
Dave has been involved in the information security field for nearly 20 years, first as a federal agent pursuing cyber criminals in the era of floppy disks and 2400 baud modems, then as chief technology officer (CTO) and vice president of products at Mandiant. Following FireEye’s acquisition of Mandiant, Dave served as the global CTO of FireEye.
Before Dave’s 10 years as a solutions provider he spent another decade as a security practitioner. He got his start as a special agent in the Air Force Office of Special Investigations, pursuing cyber criminals and conducting digital forensic investigations, and later as head of AOL’s technical security organization. While at AOL, he created and ran the first incident response capability for AOL and Time Warner, managed software security and policy programs, and built technologies for AOL’s security infrastructure.
Dave has a B.S. in computer science from the University of Colorado at Boulder.
Chief Operating Officer
Yanek Korff is a co-founder of Expel as well as the company’s chief operating officer (COO). In addition to paying the bills and counting beans, Yanek makes it easy for employees to stay focused on serving our customers.
Yanek has worked in IT and information security roles for nearly 20 years beginning as a student help desk technician in a musty basement at the College of William and Mary.
Prior to Expel, Yanek was the vice president of Mandiant’s managed services business which helped customers mitigate the consequences of security breaches. Yanek established and grew the service to become one of the first follow-the-sun managed detection and response (MDR) providers, accounting for over 30 percent of Mandiant’s revenue. Following Mandiant’s acquisition by FireEye, Yanek served as CTO of FireEye as a Service, FireEye’s managed services offering.
Prior to Mandiant, Yanek was responsible for the majority of AOL’s security infrastructure including authentication, authorization management, public key infrastructure (PKI) and systems that supported incident response, e-discovery and investigations.
Yanek has a B.S. in Computer Science from the College of William and Mary, and an M.S. in the Management of IT from the McIntire School of Commerce at the University of Virginia. He was the principal author for “Mastering FreeBSD” and “OpenBSD Security”, published by O’Reilly.
Chief Technology Officer
Matt Peters is our chief technology officer (CTO). As CTO and head of engineering at Expel, Matt leads a smart, dedicated team building tools to simplify security and protect our customers.
He comes to the company with 20 years of experience in the tech world. Before joining Expel, Matt was vice president of worldwide operations at FireEye for the managed services offering, FireEye as a Service.
Before FireEye, Matt was the director of technical operations at Mandiant for Mandiant Managed Defense, one of the first managed detection and response (MDR) services. He was responsible for the design and delivery of the application platform that powered analyst detection and investigation.
Before getting into the managed services space, Matt worked at a number of Silicon Valley computer networking technology startups before joining Check Point Software where he led the security analytics group, which applied machine learning and data science to network and firewall data.
Matt has a B.S. in computer engineering from the University of Kansas.
Chief Information Security Officer
Bruce Potter is our chief information security officer (CISO). He’s responsible for cyber risk management and ensuring the secure operations of Expel’s services.
Previously, Bruce co-founded Ponte Technologies, a cybersecurity research and engineering company that worked with organizations ranging from hedge funds to intelligence agencies. Bruce sold Ponte Technologies to the KeyW Corporation where he served as CTO for 2 years.
In another life, Bruce founded the Shmoo Group and helps run the yearly hacker conference, ShmooCon, in Washington, DC. Bruce has co-authored several books and written numerous articles on security (or the lack thereof). He is a regular speaker at conferences including DefCon, Blackhat, and O’Reilly Security as well as private events at the United States Military Academy, the Library of Congress and other government agencies.
Chief Marketing Officer
Michael Evans is our chief marketing officer (CMO). He’s responsible for explaining what Expel does and finding more companies that we can help. He also manages our official list of banned security marketing buzzwords.
Michael has been marketing enterprise software and services to big and small companies for more than 20 years. Previously, Michael was CMO at Fidelis Cybersecurity. Before that, Michael led marketing at Mandiant where he established the company as one of the most respected security brands in the industry. Following Mandiant’s acquisition by FireEye, Michael served as vice president of marketing at FireEye. Before entering the security world Michael worked at both venture-backed and publicly traded companies marketing software to everyone from internal auditors, chemical engineers, CFOs and supply chain managers to ERP admins.
Michael has a B.A. in Economics and Classics from Brown University and a MBA from the Wharton School at the University of Pennsylvania.
VP Strategy and Business Development
Justin Bajko is a co-founder of Expel as well as our VP of Strategy and Business Development. It’s Justin’s job to stay close to our customers and partners and make sure that we’re heading in the right direction. He also spends a good bit of his free time fretting about the University of Tennessee’s football program.
Justin has been involved in information security and managed services since just after the turn of the century. Prior to Expel, he was senior director of global service delivery for FireEye’s managed service, FireEye as a Service. Justin was responsible for building and managing FireEye’s security operations centers (SOCs) around the world, including a staff of more than 80 analysts.
Prior to FireEye, Justin was the managing director for Mandiant’s Managed Defense service, one of the industry’s first managed detection and response (MDR) providers. Before that, Justin worked at Symantec where he worked in a number of roles within their managed services business ranging from SOC engineer to senior manager of the global threat response team where he was responsible for detection capabilities, intelligence integration, and customer data ingestion for Symantec’s MSSP customers worldwide.
Justin hails from northeast Tennessee. In his free time he enjoys anything to do with cars (spending an inordinate amount of time making sure his are always clean) or boats, traveling, and playing an embarrassing amount of video games.
(yes… they hoard all the monitors)
If you skipped down to this section we don’t blame you. Our analysts are at the heart of everything Expel does. They monitor your environment, chase down issues and keep you safe. We put a lot of careful thought and effort into the way we hire, train and promote our analysts. Here’s a glimpse (iow… we have more than three) at some of the people behind the service.