Yesterday, we brought Security Chat back to Zurich for its sixth edition and it was everything I had hoped for: brilliant talks, a packed room, and the joy of reconnecting with friends old and new. What started back in 2012 as an informal gathering of security enthusiasts has grown into a tradition where community and ideas come together.
This year we had five lightning talks. Each one very different in style, but all equally thought-provoking:
Candid Wüest – Why AI-Powered Malware Won’t Kill You (Yet)
Candid cut through the hype around “AI-driven malware.” He explained the difference between AI-generated malware (just code produced by LLMs) and AI-powered malware (where AI runs inside the malicious code). While there are proof-of-concepts in the wild, protection stacks still hold up. Behavior-based detection and layered defenses remain effective. His takeaway: AI will eventually give attackers new tools, but defenders are not out of the game.
Joshua Rawles – The Global Impact of a Modern Phishing-as-a-Service Operation
Josh gave us an inside look at the booming phishing-as-a-service industry. For as little as $50 a month, criminals can buy turnkey kits that bypass MFA, come with 24/7 “support,” and scale to tens of thousands of victims. His case study on Storm-1167 (“FluorStorm”) showed just how industrialized this has become, with thousands of domains, Telegram bots for real-time stolen credentials, and devastating impact on nonprofits. His message: MFA is necessary but not sufficient; phishing-resistant authentication and faster takedowns are critical.
Barbara Dravec – Drawn to Encrypt: A Visual Trail from OTP to RSA
Barbara brought cryptography to life with a visual storytelling approach. Mapping concepts like one-time pads, pseudo-random generators, and RSA to vivid imagery from the natural world (snakes, owls, octopuses, and more). It was a refreshing, creative reminder that explaining security to non-experts requires more than equations. It sometimes requires narratives that people can connect to.
Advije Rizvani – AI on Wall Street: Smart, Fast… and Surprisingly Fragile
Advije, a PhD student in Liechtenstein, showed how machine learning systems that drive algorithmic trading can be tricked with subtle, temporary data manipulations. A single manipulated data point can cause wrong trades, eroding portfolio performance over time. Her research raises a sobering question: in high-stakes financial markets, how do we know whether losses are due to bad luck, bad models… or deliberate attacks?
Elliott – When Cookies Collide: The Overlooked Attack Vector
Elliott closed the night with a deep dive into cookie tossing, a little-known but powerful web attack. By controlling a subdomain, an attacker can “toss” malicious cookies that hijack authentication flows or manipulate transactions on the parent domain. He walked us through real-world cases and defenses and highlighting how a small misconfiguration can open the door to session hijacking and data theft.
More Than Talks—It’s About Community
What I loved most about Security Chat 6.0 wasn’t just the talks, but the variety of voices and the energy in the room. We had people flying in from London, driving hours through traffic, and carving out time to share ideas. We had job seekers and companies hiring. We had old friends, new connections, and plenty of wine and bagel bites to keep conversations flowing.
A big thank you to our sponsor 1Password for supporting the evening, to the speakers for sharing their insights, and to everyone who showed up to make this community vibrant.
As I said on stage: cybersecurity has given me so much over the years. Events like this are my way of giving back by fostering connection, sparking ideas, and reminding us all that innovation doesn’t happen in isolation.
See you at the next Security Chat – whenever and wherever it may be.
Thanks to everyone who joined the panel at the BlackHat Innovators & Investors Summit — it was a fast, practical session and full of real, repeatable advice. Below I’ve distilled the conversation into the speakers and the most actionable takeaways founders, investors and channel leaders can use.
Who Spoke
Daniel “DB” Bernard — Chief Business Officer, CrowdStrike
Matt Berry — Global Field CTO, Cyber, World Wide Technology (WWT)
Chris Bisnett — Co-founder & CTO, Huntress
Peter Bryant — Market Analyst, Canalys
Moderator: Raffael Marty, Operating Advisor
Top-line Thesis
Great product is necessary but not sufficient. If you want scale and durability you must design product, GTM, pricing and operations for the channel — MSPs, VARs, MSSPs, distributors and hyperscaler marketplaces. Get those pieces aligned and the channel becomes your growth engine and a moat.
The Most Important, Actionable Insights
1) Start with real customer evidence — then bring partners in
Close a first few deals directly and then ask: Who do you buy through? If the customer uses a reseller or integrator, bring that partner into the next conversation.
A partner introduced by a customer is infinitely more effective than cold outreach.
2) Target, pilot, then scale (regional first)
Don’t boil the ocean. Pick a geography or vertical where a partner has influence, run an enablement-intensive pilot, close a few joint deals, and let the wins spread organically through the partner organization.
Grassroots wins (regional proof points) are how startup products get noticed inside large SIs and disti sales orgs.
3) Engineer the product for MSPs and scale
Some technical must-haves for MSPs: multi-tenancy, frictionless provisioning, usage-based billing, robust reporting, and minimal support overhead (no reboots, simple deployment).
Build integrations with RMM/PSA tools. Partners won’t adopt tools that don’t fit their stack.
4) Use hyperscaler marketplaces as a growth hack
AWS/Azure/Google marketplaces are a procurement shortcut — customers can spend cloud credits and close without long vendor approvals. CrowdStrike and others proved this: marketplace adoption accelerated scale dramatically.
Prioritize marketplace readiness early (billing, security/compliance, packaging).
5) Think of channel margin as external sales / commission
Yes, margins look worse on paper — but compare to the true CAC of building a direct sales force. That margin buys you reach and reduces acquisition risk (you only pay when a partner sells).
Measure partner-sourced vs partner-influenced revenue and the CAC of each.
6) Don’t assume distis/VARs will sell without support
Listing in a distributor catalog is not the finish line. You must: enable, co-market, provide lead flow, run joint sales plays, and sometimes front-end incentives to get sellers focused on your SKU.
Short-term investment in enablement and marketing is how you get long-term pull-through.
7) Build partner economics and enablement as products
Provide free (or low-cost) certification, sales playbooks, demo environments, one-click onboarding, and co-branded assets. These reduce time-to-first-deal and lower partner friction.
Consider usage-based billing to match MSP economics: partners want to align cost with consumed endpoints/services.
8) Decide and double-down on one partner type first
MSP vs MSSP vs VAR vs SI: each requires a different product shape and GTM. Nail one, then expand. Trying to serve all at once dilutes focus and kills momentum.
9) Invest in partner success and low-touch CSM automation
With thousands of SMB endpoints, you can’t scale human CSM for every account. Automate onboarding, monitoring, renewal nudges and migration tools — make it easy for MSPs to manage many customers.
10) Metrics you should be tracking from day 1
Time-to-first-deal with partner (by partner type)
Partner-sourced pipeline and partner-influenced revenue
Onboarding time per MSP customer (time-to-live)
Churn by partner / churn during partner transitions
Net retention for partner-sourced customers
Practical checklist for founders (do this tomorrow)
Pull your top 3 customers and ask: who did you buy through?
Pick one partner (regional or niche) and design a 90-day pilot with joint enablement and a measurable close objective.
Audit product integration: do you have PSA/RMM connectors? If not, roadmap one.
Prepare an AWS/Azure/Google marketplace package (billing, security, description, packaging).
Create a partner enablement kit: demo script, short playbook, 1-page technical install guide, and a free certification.
Model partner economics as commission vs. CAC — present it to your board/investors as external sales.
Instrument partner metrics in your analytics and report them weekly.
Suggested questions to ask a distributor / VAR / SI when exploring partnership
Who in your organization will sell and who will implement our solution? (names/roles)
What does success look like in the first 90 days? How many joint opportunities will you target?
Which 3 vendors do you co-sell with today (and how do we integrate with them)?
What enablement will you need from us (sales motion, demo environment, pricing, rebates)?
How will leads/credit/margin be handled if a customer comes direct?
For investors: what to look for in a channel-first startup
Product designed for the channel: multi-tenancy, RMM/PSA integrations, usage billing.
Early partner proofs: paying partners or partner-introduced deals, not just distributor listings.
A go-to-market playbook for partner enablement (documented processes, enablement kits, measurable time-to-first-deal).
Marketplace strategy and early traction (even if small, momentum matters).
Closing takeaways (what I heard loud and clear)
The channel is not a shortcut — it’s a discipline. If you commit, build for it, and invest in the partner motion, channel-first companies scale faster and with lower long-term CAC.
Start with customers, pilot locally with partners, engineer for MSP realities, and use marketplaces to accelerate procurement.
Win through repeatable partner plays and measurable enablement — wins scale inside partner organizations.
Thanks again to BlackHat for having us and to the panelists to take time out of their busy schedules to impart these very actionable insights.
