Scaling Cyber

How to Build a Cybersecurity community of 80000 members? The story of Women4Cyber Foundation

Europe’s cybersecurity talent gap isn’t just a technical problem. It’s a human capital problem — and one that became dramatically more urgent in 2025, when geopolitical shifts quietly pulled the financial rug out from under the continent’s most active cybersecurity community builder. Anett Mádi-Nátor, President of the Women for Cyber Foundation and Managing Partner at CyEx.hu, joined Scaling Cyber to discuss what it takes to build and sustain an 80,000-member community across 35 countries — and how the foundation navigated its most challenging strategic pivot to date. The Journey: From COVID Startup to European NGO Unicorn Women for Cyber launched in 2019 — just before COVID — with a diverse portfolio of community initiatives. Rather than dictating what the community needed, the team ran what Anett describes as a form of “targeted market research”: launching multiple programs, watching what resonated, and doubling down accordingly. The answer was clear: education, training, and mentorship. Not advocacy. Not events alone. Practical, bottom-up capacity building. Today, Women for Cyber manages 2,500 active mentees through a structured six-month matching program — run by just 1.5 staff members, supported by digital platforms. Fewer than 15 people run the entire foundation. The Market Shift: When US Funding Disappeared Almost Overnight In 2025, a seismic shift hit Women for Cyber’s funding model. With new US political priorities deprioritizing DEI globally, American corporate donations — which had made up 95%+ of W4C’s income — collapsed to below 50% within months. The foundation’s response was not to scale back. It was to restructure. New European corporate partners stepped in. And in doing so, Women for Cyber’s funding crisis became a microcosm of a much larger story: Europe realizing it needs to build its own cybersecurity capacity — independently, urgently, and at scale. “When one door closes, another opens,” Anett notes. “And for Europe, that door is opening now.” Why This Matters Beyond Diversity The conversation reframes the “women in cyber” issue entirely. This isn’t a fairness argument — it’s a strategic one. With cybersecurity talent demand outpacing supply across Europe, excluding 50% of the potential workforce isn’t just inequitable. It’s a security risk. Women for Cyber’s model — inclusive, bottom-up, non-profit — has proven more effective at community building than well-funded institutional programs precisely because it operates without corporate compliance constraints and channels everything back into the mission. Anett also challenges assumptions about where the gender gap actually lives. It’s not primarily in entry-level roles or even founders — it’s in corporate boards and C-suites, where cybersecurity leadership (regardless of gender) is still underrepresented at the highest decision-making levels. What’s Next: Cyber Resilience, AI, and Going Local For 2026, Women for Cyber is pivoting its portfolio toward two new frontiers: cyber resilience (a broader, more operational frame than traditional cybersecurity) and AI-enabled capacity building. The foundation is also leaning harder into local chapter activation — recognizing that physical, local communities are now stronger than purely digital ones in a post-COVID world. The next annual conference will be held in Brussels in September 2026 — a symbolic move to the heart of European institutions. Key Takeaways for Cyber Founders & Leaders * Community-led beats consultant-led. W4C never hired external consultants. Everything came from internal teams and the community — and that’s why it scaled. * The DEI funding shift is a cybersecurity story. The pullback of US support for diversity initiatives has direct, material consequences for European cyber capacity. * The real gap is in boards, not entry-level. For leaders focused on inclusion, the most impactful change happens at the top of established organizations. * Local chapters > central programs. European companies should connect with their national Women for Cyber chapter first — local community building has the highest ROI. * Operational efficiency is a competitive advantage. 2,500 mentees, 1.5 staff. The model is replicable and worth studying. * Cybersecurity is never a one-person show. Anett’s closing line: “It’s always a team effort.” About the Guest Anett Mádi-Nátor is President of the Women for Cyber Foundation, Europe’s largest cybersecurity community with 80,000+ members and 35 national chapters. She is also Managing Partner at CyEx, a CEE-based cybersecurity company. A recognized leader in European cyber policy and capacity building, Anett is driving Women for Cyber’s strategic pivot toward cyber resilience and AI-enabled education for 2026. About Scaling Cyber Europe’s cybersecurity talent gap isn’t just a technical problem. It’s a human capital problem — and one that became dramatically more urgent in 2025, when geopolitical shifts quietly pulled the financial rug out from under the continent’s most active cybersecurity community builder. Anett Mádi-Nátor, President of the Women for Cyber Foundation and Managing Partner at CyEx, joined Scaling Cyber to discuss what it takes to build and sustain an 80,000-member community across 35 countries — and how the foundation navigated its most challenging strategic pivot to date. Subscribe: Substack [https://scalingcyber.substack.com/] | Spotify [https://open.spotify.com/show/6ya2wXnAocJvzDfGkAjH8t] | Apple Podcasts [https://podcasts.apple.com/us/podcast/scaling-cyber/id1840151010] | YouTube [https://www.youtube.com/@ScalingCyberPodcast] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com [https://scalingcyber.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

The Channel Is King: How Mateusz Wepa Is Building Cybersecurity Distribution from Scratch in Central Europe

Most cybersecurity founders obsess over their product. Mateusz Wepa obsesses over something else entirely: the channel. And in less than two years, that obsession helped him build IITD’s Polish operation from 5 people to 12, a growing network of dedicated partners, and a reputation for being the most responsive distributor in the market. Guest Journey Mateusz Wepa came up through the world of technology sales and distribution — from his early days at Dagma, where a senior mentor taught him that every email gets answered within two hours, to managing teams across multiple European countries. That discipline — consistency as a form of trust — became the foundation of everything he’d later build at IITD. When IITD decided to enter Poland, they made an unconventional bet: instead of placing one or two business developers to see what happens, they launched with five people from day one — a sales lead, a technical expert, a marketing specialist, and a product manager. The goal was to be fully local, fully committed, and fully capable from the start. The Key Insights Trust is a mathematical equation. Mateusz defines trust simply: consistency over time. Partners don’t need you to be perfect, they need you to be predictable. Pick up the phone. Answer emails. Show up. Do it long enough, and you earn a place in their comfort zone. You don’t need the best product. You need the best channel. He uses his experience with ESET as the example: not the best endpoint product in the world, but the best-distributed one in Poland. The market share follows. Channel excellence consistently beats technology excellence in the mid-market. Identity is the new front line. CrowdStrike’s own data shows that over 80% of attacks use no malware at all. Threat actors don’t hack in, they log in. This is reshaping the conversation around identity protection, Active Directory security, phishing simulation, and AI data exposure. American vendors struggle to let go. Most US vendors have never needed distribution at home. When they try to scale to markets that don’t speak English, they face a paradox: they need to hand over control to a local partner, but struggle to trust one. The ones that figure it out scale. The ones that don’t stall. Why It Matters Poland is the sixth-largest economy in the EU. The Baltics are fast-growing, cyber-aware markets. And Central and Eastern Europe represents a significant untapped opportunity for cybersecurity vendors, if they’re willing to invest properly. IITD’s model — small team, deep expertise, total local commitment — is a blueprint for how to enter these markets the right way. Scaling Lessons * Start with local presence, not remote support. Language, culture, and in-person relationships define trust in CEE markets. * Don’t fall in love with your technology. The market will tell you where the value actually is. * Pick a smaller, committed distributor over a large one that won’t prioritize you. * Identity security is the most pressing emerging category in the Polish market right now. * Consistency — in response times, follow-through, and partner enablement — is your most durable competitive advantage. Key Takeaways for Cyber Founders & Leaders * Channel > Product. A good product with a great channel will outperform a great product with an average channel, every time. * Trust = Consistency over Time. Be predictable. Be responsive. Be there. * Invest in the market, not just in a contract. A distribution agreement is not an investment. MDFs, events, enablement, and local presence, that’s investment. * Don’t assume size equals commitment. A large distributor with 50 products won’t fight for yours. A focused one with 10 will. About the Guest Mateusz Wepa [https://www.linkedin.com/in/mateusz-wepa/] is Country Manager Poland at IITD [https://iit-d.pl/] (Intelligent IT Distribution), a cybersecurity value-added distributor operating in Poland and the Baltics. With a career spanning technology sales, channel management, and multi-country team leadership, he has spent the last two years building one of Poland’s most focused and fastest-growing cybersecurity distribution operations. About Scaling Cyber Scaling Cyber [https://scalingcyber.bridgerwise.com] spotlights cybersecurity founders and ecosystem leaders outside the traditional US/Israel hubs, surfacing the real stories behind building global cyber companies. Subscribe: Substack [https://scalingcyber.substack.com/] | Spotify [https://open.spotify.com/show/6ya2wXnAocJvzDfGkAjH8t] | Apple Podcasts [https://podcasts.apple.com/us/podcast/scaling-cyber/id1840151010] | YouTube [https://www.youtube.com/@ScalingCyberPodcast] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com [https://scalingcyber.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

SaaS Doesn't Mean Secure. Lukasz Jesis Built Two Companies to Prove It.

Most companies assume their data is safe because it lives in the cloud. Most engineering teams assume their source code is protected because it’s on GitHub. Most CISOs don’t think about DevOps data until an auditor asks — or until something goes wrong. Lukasz Jesis thought about it before most people did. And it led him to build two of the most focused data protection companies coming out of Europe today. Founder Journey Xopero was founded in 2010 in Gorzów Wielkopolski, Poland — a mid-sized industrial city far from any traditional tech hub. The ambition from day one was to build a Polish product company that sold globally in cybersecurity, at a time when almost no one in Poland was doing it. Lukasz and his team grew Xopero deliberately: targeting the mid-market sweet spot (500–1,000 employees), building a flexible platform that works across hardware appliances, SaaS, and software — all with the same experience. No specialist required to deploy it. The real turning point came from an internal question. What would happen if Xopero lost its own source code? The team said it was “protected somehow.” That answer wasn’t good enough. Digging deeper revealed a gap no one was properly addressing: the backup and security of DevOps ecosystems — GitHub repositories, Azure DevOps pipelines, CI/CD metadata, intellectual property. GitProtect was born. The Key Insights SaaS ≠ Security. Cloud vendors provide services, not data protection guarantees. The shared responsibility model puts full accountability for data recovery on the customer — but most organizations haven’t internalized this. GitProtect exists to close that gap. Category creation requires education. When GitProtect launched, the market didn’t know it needed the product. Early conversations were met with “why would I back up GitHub?” Today, the inbound has flipped: customers arrive already convinced, looking for the best solution — not a reason to buy. Two products, two strategies. Xopero competes in a known market (backup and recovery) against funded giants like Veeam and Acronis — as a disciplined challenger focused on European mid-market. GitProtect creates a niche and leads it globally, with the US as the primary growth market. Both lines are growing at 100%+ year over year. Certifications are GTM accelerators. ISO 27001, SOC 2, and similar attestations are not just compliance exercises. They shorten procurement cycles — especially in the US — and signal that a cybersecurity vendor can be trusted to protect others. Why It Matters Poland’s IT market spends over $50 billion annually. Almost none of it goes to Polish companies. Lukasz calls this “the trap” — a market large enough to seed serious growth, but historically captured almost entirely by US vendors. That’s changing. Digital sovereignty awareness is rising across Europe. And companies like Xopero and GitProtect are proving that innovation in cybersecurity doesn’t require a Silicon Valley zip code or a Tel Aviv address. Scaling Lessons * Define your target group precisely. You cannot build the best product for everyone. Win on the battlefield you define. * Follow your customers, not the full market. Xopero protects 80–90% of critical assets — at the highest possible quality — rather than chasing 100% coverage at lower depth. * Go where your talent leads you. Lukasz’s first international hire for the DACH region was an experienced, hungry leader — someone whose drive matched the company’s pace. * Build culture before scale demands it. At 120 people growing toward 170, the hardest challenge is not product or sales — it’s transmitting core values through layers of new hires. * Governance is the next frontier. Auditors are no longer asking “do you have backups?” They’re asking which data is backed up, how, and who verified it. Key Takeaways for Cyber Founders & Leaders * SaaS services are not data protection. The shared responsibility model places full ownership of data recovery on the customer. * Category creation requires patience. GitProtect spent years educating the market before inbound demand flipped. * Certifications (ISO, SOC 2) are not just compliance — they are competitive advantages in enterprise procurement, especially in the US. * The fastest deals often come after incidents. Be ready to move quickly when a customer has a live problem. * Poland and Central Europe are serious cybersecurity markets — both as talent pools and as emerging ecosystems worth watching. About the Guest Lukasz Jesis [https://www.linkedin.com/in/lukasz-jesis/] is Co-Founder and CEO of Xopero [https://xopero.com] Software and GitProtect.io [http://GitProtect.io], headquartered in Gorzów Wielkopolski, Poland. Xopero is a unified backup and disaster recovery platform for mid-market enterprises, and GitProtect is the leading DevOps data protection platform focused on source code, repositories, and the broader engineering ecosystem. About Scaling Cyber Scaling Cyber [https://scalingcyber.bridgerwise.com] spotlights cybersecurity founders and ecosystem leaders outside the traditional US/Israel hubs — surfacing the real stories behind building global cyber companies. Subscribe: Substack [https://scalingcyber.substack.com/] | Spotify [https://open.spotify.com/show/6ya2wXnAocJvzDfGkAjH8t] | Apple Podcasts [https://podcasts.apple.com/us/podcast/scaling-cyber/id1840151010] | YouTube [https://www.youtube.com/@ScalingCyberPodcast] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com [https://scalingcyber.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

Building Security Operations That Actually Scale: Lessons from Europe's MDR Trenches

Most security operations centers collapse under their own complexity. They promise to support every vendor, every SIEM, every workflow. They chase features instead of focusing on what actually matters: operational efficiency. Federico Meiners learned this the hard way. After a failed attempt to build a SOC in the United States, he joined Nynox (now ACEN) in Belgium and spent five years discovering what it really takes to build and scale managed detection and response services in Europe’s fragmented market. In this episode of Scaling Cyber, Federico (also known as "Fede") shares the operational playbook behind ASIN’s growth from 5 to more than 50 monitored customers, and why most MDR providers get it completely wrong. From Network Security to Security Operations Federico’s path into security operations wasn’t linear. He started in network security, spending more time troubleshooting VPNs and latency issues than actually doing cybersecurity. His first SOC attempt—setting up operations in the US market—failed despite significant investment in vendors, infrastructure, and marketing. “Setting up a SOC is expensive. You need a lot of foundations to start delivering the service. We invested a lot... and it was really hard to get traction.” That failure became the foundation for everything that came next. The Operational Efficiency Mandate When Federico joined ACEN, he discovered the biggest pitfall of security operations: trying to support everything. The trap most MDR providers fall into: * “Bring your own SIEM” * “We support every vendor” * “Unlimited integrations” * “Custom workflows for every customer” It sounds good in sales calls. It’s impossible to maintain in production. ACEN’s contrarian approach: * Standardize on a specific stack * Choose the 20% that delivers 80% impact * Commit to specific technologies * Pick your market and optimize relentlessly “You really need to pick your market. I mainly work with construction, healthcare, government. They don’t have a SOC, they don’t have a SIEM. So they’re not going to tell me they want their Sentinel integrated. And if they do, I show them the operational efficiency increase on their side when they come to us.” This focus on standardization became ACEN’s scaling engine. Thanks for reading Scaling Cyber! Subscribe for free to receive new posts and support my work. Automation: From Skepticism to Scale One of the most revealing parts of the conversation is Federico’s automation journey. In 2021-2022, customers started asking: “Federico, why doesn’t your SOC do machine learning? Where’s the automation?” ACEN built their first fully autonomous playbook for Microsoft 365 alerts. The system worked. Less than 1% error rate. Clear visibility into failures. Customer reaction? “I want humans in the process.” “Our generation—people 35 and onwards—we still want to see humans. And to this day, we automate a lot of alerts, and sometimes customers say: I want the human checking this alert.” But the reality is stark: ACEN scaled from 5 to nearly 50 customers because of automation. Federico’s golden metrics for SOC efficiency: * Customer-facing: How many alerts can you handle without contacting the customer? * Internal: How many of those alerts were solved without your analyst? The ratio between these two numbers determines whether a SOC can scale or not. The European Cybersecurity Paradox Federico offers one of the most candid assessments of Europe’s cybersecurity market: “We really like laws. It’s all about compliance and regulations. Sometimes I think Europe wants that to be the competitive advantage against the world. But speak with any MDR vendor in Europe, and 80% of their stack is probably from the United States.” The structural challenges: * Market fragmentation (language, culture, local requirements) * Smaller addressable market per country * Slower sales cycles (3-6 month POCs, 12-month buying processes) * Strong local markets (Germany, France) but limited cross-border scaling * Work-life balance culture vs. startup intensity required for breakthroughs What actually drives SOC adoption in Europe: * Breaches (the strongest driver, despite being fear-based) * Outsourcing (companies separating IT from security vendors) * Curiosity (30% of leads are now genuine interest—a new trend) Compliance matters, but it’s not the primary driver Federico sees in the field. Key Takeaways for Cyber Founders & Leaders On operational efficiency: * Standardization beats flexibility when scaling security operations * Commit to a specific stack and optimize deeply rather than supporting everything superficially * Operational efficiency is your competitive moat, not feature lists On automation: * Automation is the only path to scaling SOC operations * Balance automation with human oversight to maintain customer trust * The golden metric: alerts handled without analyst intervention On detection engineering: * Out-of-the-box rules are making a comeback (detection engineering is expensive) * Focus on the 20% of technologies that cover 80% of your customer base * Patterns emerge when you standardize—use them to your advantage On European scaling: * Market fragmentation is real, but specialization can overcome it * Language and culture matter more in mid-market than enterprise * European founders need to balance work-life culture with the intensity required for breakthroughs On the future: * Abstraction layers will eventually handle most alert workflows * The analyst’s role will shift to ensuring the machine runs properly * Vendors will increasingly embed AI into platforms—choice will disappear About Federico Meiners Federico Meiners is a Security Operations Leader at ACEN (formerly Nynox), where he has spent five years building and scaling managed detection and response services across Belgium and Europe. Originally from Argentina, Federico brings a global perspective to European cybersecurity challenges. About Scaling Cyber Scaling Cyber is a founder-led cybersecurity podcast spotlighting companies and leaders building outside the US and Israel. Hosted by Ignacio Sbampato, the show focuses on real GTM lessons, operational challenges, and global scaling strategies. Subscribe: Substack [https://scalingcyber.substack.com/] | Spotify [https://open.spotify.com/show/6ya2wXnAocJvzDfGkAjH8t] | Apple Podcasts [https://podcasts.apple.com/us/podcast/scaling-cyber/id1840151010] | YouTube [https://www.youtube.com/@ScalingCyberPodcast] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com [https://scalingcyber.substack.com?utm_medium=podcast&utm_campaign=CTA_1]

American Velocity, European Values: How EclecticIQ Is Redefining Threat Intelligence

For years, the cybersecurity industry has operated on a false premise: that you must choose between speed and values, between aggressive American scaling and thoughtful European principles. Cody Barrow [https://www.linkedin.com/in/codygbarrow/], CEO of EclecticIQ, is proving that’s wrong. From Intelligence Officer to CEO Cody spent over 20 years in intelligence, half of that in the US federal government. He wasn’t just a practitioner; he was a buyer. He purchased, deployed, and ultimately churned through multiple threat intelligence platforms. When he joined EclecticIQ six and a half years ago, first as VP of Intelligence, then Chief Strategy Officer, and finally as CEO in February 2024, he brought something rare: he had been the customer. That perspective shapes everything — from product roadmap decisions to understanding why prospects ask for specific integrations. When a customer requests a feature, Cody doesn’t have to reverse-engineer their thinking. He already knows the “why” because he lived it. The Market Shift: From Data Hoarding to Decision Enablement For too long, threat intelligence platforms promised one thing and delivered another. Organizations bought CTI tools expecting a system of record. Something that would help them understand who was targeting them and why, so they could prevent incidents. What they got instead was noise: massive data feeds, irrelevant threat actor profiles, and platforms that encouraged “Pokémon-style collection” of indicators without context. Cody calls this out bluntly: “I bought so many TIPs. I churned through them. It hadn’t been done. The original promise of threat intelligence platforms hadn’t been fulfilled.” EclecticIQ’s response? Intelligence Compass, an AI-powered feature that contextualizes threat data based on your actual infrastructure. If you run entirely on Microsoft, you don’t need endless alerts about Linux kernel exploits. Relevance over volume. Insight over collection. This isn’t about adding AI for the sake of AI. It’s about solving the fundamental problem threat intelligence was supposed to solve from the beginning. Why Being European Matters EclecticIQ is fully European-backed and European-owned. That positioning matters more than ever. As digital sovereignty becomes a priority - especially for governments and critical infrastructure - customers increasingly care about jurisdiction, long-term control, and trust. Cody is clear: “We’re not just serving Europeans. We’re serving anyone who thinks about that level of trust.” It’s a positioning that reflects a broader European reawakening: the recognition that Europe needs to move faster, not by copying Silicon Valley’s “move fast and break things” ethos, but by removing obstacles while preserving what makes European companies trustworthy. Scaling Lessons: Talent, Remote Work, and Velocity The European Talent Problem One of the hardest challenges facing European cybersecurity companies is talent: not on the technical side (Europe has world-class engineers), but on the business and domain expertise side. In the US, 50-60% of cybersecurity professionals come from national security backgrounds. They bring discipline, strategic thinking, and deep domain knowledge from day one. In Europe? That pipeline barely exists outside the UK. Cody’s solution: Go fully remote. Today, EclecticIQ’s workforce is roughly 40% Netherlands, 25% UK, 25% India. By removing geographic constraints, they’ve unlocked access to talent pools that would otherwise be unreachable. This is the same playbook being used by other high-velocity European cyber companies like BforeAI [https://open.substack.com/pub/scalingcyber/p/predicting-the-future-how-bforeai?r=ifkfc&utm_campaign=post&utm_medium=web] and Whalebone [https://open.substack.com/pub/scalingcyber/p/from-czechia-to-1-billion-users-whalebone?r=ifkfc&utm_campaign=post&utm_medium=web] — and it’s working. American Velocity, European Values Cody flattened EclecticIQ’s hierarchy early, removing management layers that slowed decision-making. But he didn’t adopt the startup grind culture. The team doesn’t work 60-hour weeks unless absolutely necessary. Instead, velocity comes from efficiency: fewer layers, faster decisions, transparent communication, and a deep respect for work-life balance. It’s not Silicon Valley. It’s not Brussels bureaucracy. It’s something new. Key Takeaways for Cyber Founders & Leaders * Domain expertise is a competitive moat. If your team has actually lived the customer’s problems, product decisions become clearer and faster. * Remote-first solves Europe’s talent gap. Don’t limit yourself to your home country when you can access global expertise. * Relevance beats volume. In threat intelligence (and probably in every category), contextual insight is worth more than raw data. * Integrations > all-in-one platforms. Customers want best-of-breed tools that work together, not forced ecosystems. * Positioning matters. Being European isn’t a liability but a trust signal, as long as you combine it with the velocity to compete globally. * Bold voices stand out. European founders who engage with analysts, share strong opinions, and show up consistently (like Cody does) break through the noise. About Cody Barrow Cody Barrow is the CEO of EclecticIQ, a global cyber threat intelligence platform serving governments, critical infrastructure, and the largest enterprises worldwide. With over 20 years in intelligence - including service in the US federal government - Cody brings a unique customer-first perspective to building security products. He’s also a vocal advocate for European cybersecurity sovereignty and building high-velocity teams without sacrificing values. About Scaling Cyber Scaling Cyber is a founder-led cybersecurity podcast highlighting companies and leaders building outside the US and Israel. Hosted by Ignacio Sbampato — former Chief Business Officer at ESET and founder of BridgerWise [https://bridgerwise.com] — the show explores the real challenges of global expansion, category creation, and building in competitive markets. Subscribe: Substack [https://scalingcyber.substack.com/] | Spotify [https://open.spotify.com/show/6ya2wXnAocJvzDfGkAjH8t] | Apple Podcasts [https://podcasts.apple.com/us/podcast/scaling-cyber/id1840151010] | YouTube [https://www.youtube.com/@ScalingCyberPodcast] This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit scalingcyber.substack.com [https://scalingcyber.substack.com?utm_medium=podcast&utm_campaign=CTA_1]