The Next Generation of Risk Management for Enterprise Networks is Here

Enterprise networks are complex, nuanced, and always changing. They are also always going to be targets for bad actors looking to get control of critical systems and data—whether for ransom or to use the data for some other illegal purpose. The combination of these factors means that organizations have to be constantly finding, measuring, addressing, and (hopefully) reducing cybersecurity risk. The negative consequences of falling behind include brand damage, loss of customers, as well as ever-increasing regulatory requirements with fines and other damages threatened.

The best way to deal with these threats is to have a strong CISO with a well-resourced and trained vulnerability management team with the right tools to empower them. Traditionally, keeping up with changes on the network, the new published threats, and prioritizing which threats to address first was a time-consuming, complicated and expensive proposition -- but DeepSurface is changing the equation and giving these teams power tools to automate the process of discovery, analysis, and prioritization of vulnerabilities and giving them actionable intelligence that allows them to focus on higher level tasks.

The most popular vulnerability management systems of the previous generation – vulnerability scanners and threat intelligence companies – have spent the past decades perfecting their ability to identify vulnerable software on networks and attempting to score how important they are. Those aren’t bad ideas, but they leave teams to do the hard work of sorting through false positive vulnerabilities that will never have an effect on them, and then prioritizing the ones that pose the most risk in the context of each organization. Quite simply, it’s a ton of work, requires hundreds of hours to do right, and is staggeringly complex in today’s hybrid networks which include cloud, end-points, on-prem services, IoT and mobile devices.

Alternatively, people can outsource the problem to red-teams and expensive consultants. These people will surely find problems and bring them to your attention, but they are expensive (further stretching your resources) and the useful half-life of their reports is short. This leaves companies no choice but to do the best they can, never really measuring risk, or having the ability to strategically address it. Ask most CISOs with thousands of users and hosts, and they’ll tell you they often have to rely on their team’s gut, and often don’t even get through all the critical vulnerabilities they know are on their network.

The security and vulnerability teams of the future won’t work this way. They will have highly automated tools that do the majority of the grunt work for them, allowing the team to focus on strategic risk-reduction campaigns armed with objective knowledge of the risk they face. At DeepSurface, our mission is to make that future a reality.


A Major Milestone

Today we’re thrilled to announce that DeepSurface Security has secured $1 million in seed funding to help us continue to build the best Predictive Vulnerability Management platform possible and to expand our team. We’re risk nerds, and we’ve been building the best enterprise risk discovery tool possible. We’ve been fortunate to have great Portland companies who have helped us fine tune DeepSurface through our alpha and beta releases. We’ve also been collaborating with great investment partners along that way and we’re excited to talk about them as part of this announcement.

Julie Harrelson and Robert Pease from Cascade Seed Fund, which led the round, have been on our “team” for years, coaching us as we bootstrapped the company, built the product and generated revenue with early customers, and helped to get us ready for investment. We’re also profoundly grateful to SeaChange Fund and Voyager Capital are joining the company as investors that share the vision and excitement for redefining how risk gets discovered, measured, and reduced in large enterprise networks. Finally, we’d like to thank our other investors and advisors who are a collection of CTOs, CISOs, CPOs, and CEOs who know all too well that the old ways of risk management don’t scale and don’t want to leave vulnerability teams without the tools they need. This is only the beginning and we can’t wait to work with this incredible group of investors and advisors to support the next generation of vulnerability management teams.


More About DeepSurface Security

With DeepSurface, enterprise security teams are better able to find, measure and address the real risk on their networks—and they can do it faster and cheaper than ever before.

To make it all possible, DeepSurface does automated reconnaissance and deep inspection of enterprise networks to gather all the context needed to find risk, produce highly-detailed threat models, and give the teams actionable intelligence. DeepSurface does all this without agents and from a central console that makes deployment extremely fast and easy. DeepSurface integrates seamlessly with legacy vulnerability scanners, SIEMs, and IT ticketing systems. Having objective measures of risk and actionable intelligence allows teams to move faster, make more strategic decisions, and reduce actual risk much faster.

To make all this possible we formed a world class team of employees and advisors who understand the risks of cybersecurity threats with experience from established cyber security companies like Tenable, Palo Alto Networks, Symantec, Galois, and Tripwire. Together we’re building a next generation solution for the rapidly-changing realities of modern vulnerability management. Here’s a look at the backgrounds and experiences of the people leading the charge at DeepSurface Security:


James Dirksen, CEO & Co-founder

James Dirksen is co-founder and CEO of DeepSurface Security, the first automated Predictive Vulnerability Management suite of tools that helps enterprises protect their organizations from cyber risk. A serial entrepreneur and accomplished executive, James brings a unique blend of leadership in the private and public companies to DeepSurface. After beginning his early career as a cybersecurity practitioner at Northrup Grumman and PriceWaterHouseCooper (PwC), he went on to found and be VP of Sales and Product at RuleSpace, an early SaaS product powering website categorization services for cybersecurity companies that was acquired by Symantec in 2010. After selling RuleSpace, he moved on to serve as VP of OEM Products at Procera Networks (now Sandvine) providing software DPI solutions used in cybersecurity products worldwide, and most recently served as Formaltech's president, spearheading efforts to transition DARPA-funded cybersecurity prototypes to commercial use. Based in Portland, Oregon, James is also a board member and advisor to several startups.

Follow James on Twitter. Connect on LinkedIn.


Tim Morgan, CTO & Co-founder

Tim is the CTO and co-founder at DeepSurface Security and leads the company’s research and development efforts. Tim has 24 years’ experience as a software developer, penetration tester, digital forensics researcher, and application security expert. After earning CS degrees (B.S., Harvey Mudd College and M.S., Northeastern University), Tim spent 8 years helping build a Boston-based security consulting practice. In 2014 Tim founded Blindspot Security where he worked as a security consultant performing network, application, and comprehensive security assessments. Tim has presented his independent research on Windows registry forensics, XML external entities attacks, web application timing attacks, and practical application cryptanalysis at conferences such as DFRWS, OWASP's AppSec USA, BSidesPDX, and BlackHat USA.

Follow Tim on Twitter. Connect with Tim on LinkedIn.


DeepSurface’s Board of Advisors includes cybersecurity and market experts with executive experience at leading companies:

Dwayne Melancon: Former Chief Technology Officer at Tripwire
Dave Cole: Former Chief Product Officer at Tenable
John Ewert: Former VP Finance at Palo Alto Networks
Rob Wiltbank: Chief Executive Officer at Galois, Inc
Keith Wymbs: Former Chief Marketing Officer at Elemental/Amazon


About DeepSurface Security

DeepSurface Security ( is the first automated Predictive Vulnerability Management suite of tools that helps cybersecurity teams automate the process of analyzing and prioritizing vulnerabilities on enterprise networks. Created by a veteran cybersecurity team, DeepSurface Security is trusted by enterprise companies to identify, prioritize, and research vulnerabilities in their networks. Headquartered in Portland, Oregon, DeepSurface is a privately held company funded by Cascade Seed Fund, SeaChange Fund, and Voyager Capital. To learn more visit