AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

An irreverent crew focused on helping our customers love security, rebelling against the status quo and getting $#*! done

Expel employees
Strategic partners
SOCs built

How we got started

(not in a garage… but in a barn)

It was a tweet. ¯\_(ツ)_/¯ Seriously, when co-founders Dave Merkel, Yanek Korff and Justin Bajko saw @rickhholland tweet back in late 2015 that MSSP customers had endured “the customer service equiv. of taxi drivers” they saw an opportunity.


What we found

(alerts without any good answers)

Digging deeper, we saw three big problems that were dragging the security industry down.

  • Too many confusing security products delivering reams of alerts
  • Not enough security talent to prioritize the alerts and effectively manage the risk
  • MSSPs who had failed to deliver on their promises

And there were no good solutions. Some companies were looking at managed detection and response (MDR) providers – but MDRs added a new expense without replacing MSSPs. Most customers were suffering in silence with no alternative.

“I think the MSSP market is ripe for disruption. Many have had the customer service equiv of taxi drivers, customers aren’t happy.”

Rick Holland @rickhholland

Our vision

(it’s a bit unorthodox but we DO believe that you can love security)


Remember how IT used to run wires and rack servers? Thanks to cloud computing and web services they don’t do that anymore.


But if you’re in security you still spend the majority of your time in the weeds massaging alerts and operating products. Or worse, you can’t afford (or find) the people and technology to even do that.


We want to flip that equation and create space for you to do what you love about security (even if that’s thinking about it as littleas possible).

Our approach

(so radical we had to talk ourselves into it)

We think our approach is pretty unique. It starts with transparency. We’re busting up the proprietary black-box approach that MSSPs and MDR providers take. In our hold-your-cards-close-to-your-chest industry that’s the radical part.

Here’s what we do…

  1. We use the security products you’ve already bought
  2. Our analysts investigate alerts and monitor your environment
  3. When we find a problem we tell you exactly what to do about it
  4. We also tell you how to fix the root cause of problems that happen over and over

…that’s it!

Transparency means that you can look behind the curtain while we’re doing ^this^ and see anything (or everything) our analysts are doing for you 24x7 while they’re doing it. Heck, we’ve even built it so you can even jump in and work collaboratively with our analysts if you want. Either way, we’ll give you answers to these questions (not more alerts).

What’s happening in my environment

What do I need to care about and why?

How do I resolve this incident?

How can I become more resilient?


Index Ventures

Leadership team

Dave Merkel

Dave Merkel

Chief Executive Officer

Dave Merkel (aka “Merk”) is the co-founder of Expel as well as the company’s chief executive officer. He’s ultimately responsible for everything and has been frequently mistaken for Willy Wonka.

Dave has been involved in the information security field for nearly 20 years, first as a federal agent pursuing cyber criminals in the era of floppy disks and 2400 baud modems, then as chief technology officer (CTO) and vice president of products at Mandiant. Following FireEye’s acquisition of Mandiant, Dave served as the global CTO of FireEye.

Before Dave’s 10 years as a solutions provider he spent another decade as a security practitioner. He got his start as a special agent in the Air Force Office of Special Investigations, pursuing cyber criminals and conducting digital forensic investigations, and later as head of AOL’s technical security organization. While at AOL, he created and ran the first incident response capability for AOL and Time Warner, managed software security and policy programs, and built technologies for AOL’s security infrastructure.

He is frequently invited to comment on security-related headlines, and has been featured in news outlets like Bloomberg, The Washington Post and Forbes. Dave was also named to Washingtonian’s Tech Titans list in 2018 and 2015.

Yanek Korff

Yanek Korff

Chief Operating Officer

Yanek Korff is a co-founder of Expel as well as the company’s chief operating officer (COO). In addition to paying the bills and counting beans, Yanek makes it easy for employees to stay focused on serving our customers.

Yanek has worked in IT and information security roles for nearly 20 years beginning as a student help desk technician in a musty basement at the College of William and Mary.

Prior to Expel, Yanek was the vice president of Mandiant’s managed services business which helped customers mitigate the consequences of security breaches. Yanek established and  grew the service to become one of the first follow-the-sun managed detection and response (MDR) providers, accounting for over 30 percent of Mandiant’s revenue. Following Mandiant’s acquisition by FireEye, Yanek served as CTO of FireEye as a Service, FireEye’s managed services offering.

Prior to Mandiant, Yanek was responsible for the majority of AOL’s security infrastructure including authentication, authorization management, public key infrastructure (PKI) and systems that supported incident response, e-discovery and investigations.

Yanek has a B.S. in Computer Science from the College of William and Mary, and an M.S. in the Management of IT from the McIntire School of Commerce at the University of Virginia. He was the principal author for “Mastering FreeBSD” and “OpenBSD Security”, published by O’Reilly.

Matt Peters

Matt Peters

Chief Product Officer

Matt Peters is our chief product officer (CPO). As CPO, Matt focuses on robust dialogue, encouragement of his team as they grow their own careers, and the relationships between all aspects of the business.

He comes to the company with 20 years of experience in the tech world. Before joining Expel, Matt was vice president of worldwide operations at FireEye for the managed services offering, FireEye as a Service.

Before FireEye, Matt was the director of technical operations at Mandiant for Mandiant Managed Defense, one of the first managed detection and response (MDR) services.  He was responsible for the design and delivery of the application platform that powered analyst detection and investigation.

Before getting into the managed services space, Matt worked at a number of Silicon Valley computer networking technology startups before joining Check Point Software where he led the security analytics group, which applied machine learning and data science to network and firewall data.

Matt has a B.S. in computer engineering from the University of Kansas.

Bruce Potter

Bruce Potter

Chief Information Security Officer

Bruce Potter is our chief information security officer (CISO). He’s responsible for cyber risk management and ensuring the secure operations of Expel’s services.

Previously, Bruce co-founded Ponte Technologies, a cybersecurity research and engineering company that worked with organizations ranging from hedge funds to intelligence agencies. Bruce sold Ponte Technologies to the KeyW Corporation where he served as CTO for two years. In 2016, Bruce served as the senior technical advisor to the members of President Obama’s Commission on Enhancing National Cyber Security.

Bruce also founded the Shmoo Group in 1996 and helps run the popular annual hacker conference, ShmooCon, in Washington, DC. Bruce has co-authored several books and written numerous articles on security (or the lack thereof). He regularly speaks at industry conferences including DefCon, Blackhat, and O’Reilly Security, as well as at private events hosted by the United States Military Academy, the Library of Congress, the National Security Agency and other government agencies.

Michael Evans

Michael Evans

Chief Marketing Officer

Michael Evans is our chief marketing officer (CMO). He’s responsible for explaining what Expel does and finding more companies that we can help. He also manages our official list of banned security marketing buzzwords.

Michael has been marketing enterprise software and services to big and small companies for more than 20 years. Previously, Michael was CMO at Fidelis Cybersecurity. Before that, Michael led marketing at Mandiant where he established the company as one of the most respected security brands in the industry. Following Mandiant’s acquisition by FireEye, Michael served as vice president of marketing at FireEye. Before entering the security world Michael worked at both venture-backed and publicly traded companies marketing software to everyone from internal auditors, chemical engineers, CFOs and supply chain managers to ERP admins.

Michael has a B.A. in Economics and Classics from Brown University and a MBA from the Wharton School at the University of Pennsylvania.

Denise Hayman

Denise Hayman

Chief Revenue Officer

Denise Hayman is our Chief Revenue Officer. If you’re looking to learn more about Expel, chances are that you’ll be talking to her or someone on her team. She’s also passionate about making sure that your experience is better than it was for any other security product you’ve bought.

She comes to Expel with more than 25 years experience seeing security (and sales) done right, wrong and every shade in between. Prior to Expel, she was vice president of global security sales at Neustar where she built out a sales team that helped customers protect themselves from the evils of DDOS and IP attacks.

Denise got her start in sales at Symantec. Over her career she returned to the endpoint behemoth twice as it gobbled up two of the companies where she went on to head up sales: Vontu, a pioneer in data loss prevention (DLP) and disc encryption vendor PGP.

She’s also built and led sales teams at Tripwire, Cyphort, Norse (there’s a good story about that one – just ask her), and Vendavo. She likes to say she was trained at Symantec and then followed the data (and attackers) as they used the internet (and now cloud apps and infrastructure) to compromise organizations in creative new ways.

Denise is passionate about building diverse sales teams (including women) which know that honesty, transparency and “doing the right thing” for customers isn’t just good business … it’s essential to their own reputation.

She’s working hard to get more women in sales and wants women everywhere to know that you can build a successful sales culture without having the uncomfortable sameness that exists without diversity.

She has a B.A. from Boston College.

Justin Bajko

Justin Bajko

VP Strategy and Business Development

Justin Bajko is a co-founder of Expel as well as our VP of Strategy and Business Development. It’s Justin’s job to stay close to our customers and partners and make sure that we’re heading in the right direction. He also spends a good bit of his free time fretting about the University of Tennessee’s football program.

Justin has been involved in information security and managed services since just after the turn of the century. Prior to Expel, he was senior director of global service delivery for FireEye’s managed service, FireEye as a Service. Justin was responsible for building and managing FireEye’s security operations centers (SOCs) around the world, including a staff of more than 80 analysts.

Prior to FireEye, Justin was the managing director for Mandiant’s Managed Defense service, one of the industry’s first managed detection and response (MDR) providers. Before that, Justin worked at Symantec where he worked in a number of roles within their managed services business ranging from SOC engineer to senior manager of the global threat response team where he was responsible for detection capabilities, intelligence integration, and customer data ingestion for Symantec’s MSSP customers worldwide.

Justin hails from northeast Tennessee. In his free time he enjoys anything to do with cars (spending an inordinate amount of time making sure his are always clean) or boats, traveling, and playing an embarrassing amount of video games.

Amy Rossi

Amy Rossi

Vice President, Employee Experience

Amy Rossi is our vice president of employee experience. She’s leading the charge to make Expel a place where everyone wants to work. That includes how we hire, develop, and take care of our team.

While in college, Amy created her first leadership development program for a summer camp in New York and she has been building people development programs ever since. She comes to Expel with more than 15 years experience in human resources, talent management, and learning and development.

Prior to joining Expel, Amy was vice president of talent management at MicroStrategy. Before that, she served in human resources and talent management roles at AOL, comScore, Network Solutions and CareerBuilder. She has built talent management functions from the ground up twice and some of her best work has involved developing managers and leaders.

Amy graduated from Cal Poly, San Luis Obispo with a B.S. in Recreation Administration and a Minor in Dance and has completed coursework in adult education at George Mason University.

Our analysts

(yes… they hoard all the monitors)

If you skipped down to this section we don’t blame you. Our analysts are at the heart of everything Expel does. They monitor your environment, chase down issues and keep you safe. We put a lot of careful thought and effort into the way we hire, train and promote our analysts. Here’s a glimpse (fyi… we have more than three) at some of the people behind the service.

Expel overview

Check out this brochure to learn what we do (transparent managed security) and what you get from Expel and our team of analysts
Learn more >

Relativity Customer Story

Rapidly growing software company selects Expel as transparent managed security partner
Learn more >

The transparent managed security handbook

Learn what transparent managed security is, how it compares to other approaches and the role it plays in helping to improve your security
Learn more >
Back To Top