Mark is a distinguished cybersecurity executive with over two decades of leadership and expertise in safeguarding organizations against sophisticated cyber threats. His passion has always been offensive security. Over 20+ years, he has one of the most unique perspectives based on the evolution of the craft. He has held senior positions at prestigious firms, including the Big 4 (Deloitte, PwC), leading commercial cybersecurity companies (SecureWorks, Trustwave SpiderLabs), and prominent defense contractors (BAE Systems, General Dynamics). Mark’s ability to drive results is evident through his strategic contributions to high-growth Series D startups, such as PerimeterX and HUMAN Security, both of which achieved significant milestones and successful exits under his leadership.
A visionary in the field, Mark blends technical excellence with strategic insight. He has led over 10,000 offensive security tests and millions of vulnerability scans, fortifying organizations in an evolving threat environment. His expertise in managing complex security challenges while delivering results makes him a sought-after leader.
Click here to listen to full podcast
Marc Snyderman: Hi everybody, welcome to the ThinkFactory podcast. I’m your host, Marc Snyderman. Super excited today to have Mark Whitehead on. He is the CEO of NDAY Security and we’re looking forward to talking about all things cybersecurity.
It’s a super interesting topic. One of those things that, you know, a lot of people kind of hear the term but they don’t really know what they’re talking about—so excited to have a real expert on the podcast today to talk. So how are you doing today, Mark?
Mark Whitehead: I’m doing great, Mark. Thanks for having me on.
Marc Snyderman: So why don’t we just jump in. Why don’t you give kind of your background and a little bit about your company so people can, you know, understand kind of what you do.
Mark Whitehead: I’m Mark Whitehead. I’m a co-founder CEO of NDAY Security. We’re an offensive cyber security company. And so what people may say, what’s offensive cyber, right? Just like a sport, you have offense and defense. Cybersecurity is no different, right?
What most people are familiar with are the defensive side of the house, like an antivirus—that’s catching things. The offensive cybersecurity side of the house are the testers–the people trying to score the goals to make it so, you know, your defenses are actually tested and you know they’re going to work before you have to go into action with a real bad actor or hacker against your organization.
Marc Snyderman: So is that like what they call white hat hackers?
Mark Whitehead: Yeah, exactly. And so if you look at the history of it, right, what would probably a lot of your subscribers are going to hear about and know are, you know, you hear about security assessments or an audit or a vulnerability assessment or even a penetration test.
These are all encompassing of what offensive security is and there’s a lot more to it. But it’s basically “Let’s find stuff before the bad actors do for your organization and actually just minimize the cost to your organization” versus building up a whole bunch on the backside to catch it maybe. You can really hone both of those together.
Marc Synderman: So what industries do you typically are you looking to work with? Because, you know, it sounds like people would usually sit and say “Oh, that doesn’t really apply to me. You know, I’m just running an accounting firm or I’m running a law firm. I don’t really worry about it that much. Who’s trying to hack me? You know, I’m not the Department of Homeland Security. I’m not the Department of Defense.”
Mark Whitehead: Yeah, no, it’s a great question. “You know, I’m too small, no one’s going to care about me, blah, blah, blah,” right? I mean, we’ve worked with hedge funds that have 50 people, a very small organization.
You’d say that’s a small business but they have a billion dollars of revenue sitting back down there. You have, you know, doctors’ offices, lawyers’ offices, all that kind of stuff that employ, you know, 5 to 10 people again. Their systems on the back end—if they’re impacted and what the bad actor can use them to pivot into is very interesting.
No responses yet