Episode 56: From Bristol to the Bay: AI-Powered DLP solutions that really work with Parvez Alam Kazi

Narrator:

Welcome to 909 Exec, the executive leadership podcast from 909 Cyber, where cybersecurity intersects with business strategy. Your host is Den Jones, founder and CEO of 909 Cyber. For more than three decades, Den has led security at Adobe, Cisco, SonicWall, and Banyan Security, helping executives navigate risk, trust, and transformation. Each episode goes beyond headlines and hype with conversations that matter to leaders shaping the world of technology. So please join us for 909 Exec episode 56 with Den Jones and Parvez Alam Kazi.

Den:

Hey, everybody. Welcome to another episode of 909 Exec, your trusted journey in your executive leadership life, I guess. And every episode, I bring in some fascinating guests, and today I've got a fellow Brit, a founder, someone who's creating some new magic in our industry of cybersecurity. He's an operator. He's worked at trenches. Parvez, why don't you introduce yourself and tell us a little bit more?

Parvez:

Absolutely. Again, great to meet you, Den. So I'm Parvez. I'm one of the founders at Fortyx Security. In a nutshell, we protect against data loss over email. But just in terms of my background, I have been a career operator. Most recently took the plunge into starting my own company. So started at Morgan Stanley, had a little flirting with becoming machine learning engineer. And most recently, I spent the last five, six years having an operator role at startup, so helping both large companies and small companies optimize processes. But most recently, I led software and security at a scale up. And I got intrigued by the people element. The human layer is always the one that is the most exposed. And look, I've learned a lot of startups. So sometime last year I decided why not? It's time. It's time to start your own thing. And it's been a journey, and here I am.

They're trying to scale Fortyx.

Den:

And here you are. The here is in Bristow, United Kingdom, right?

Parvez:

Yes. So I'm based out of Bristol. It's not the usual London, but it's a very nice part

Den:

Of it. Well, it's really funny. I mean, most of the people I have on the show, they're all part of the US Bay Area tech scene. So more recently with our networking groups, I've been managing to grab some of the UK founders, and especially the ones that are trying to break into the US market. And I found it fascinating as I start to learn a little bit more. I mean, I've been gone from the UK for 25 years, so I'm really not up to speed with the UK startup scene. So can you explain to people from your experience, what's the UK startup scene like and how does that operate and how do you think it's different from the scene in the US?

Parvez:

So look, the startup scene in the UK is pretty much concentrated. Most of the money is around London. The other bigger hub in the UK is around Manchester. But as you might be aware, the UK has been famous for automotive, aerospace, the heavy engineering side of things, and Bristol has a legacy around it. This is where the Concord first took flight. This is where the offices of a Rolls-Royce and an Airbus or a GKN are located. And also the likes of defense players like Northrop Grumman, as well as Lockheed Martin. So there's a big bubbling tech scene in other parts of the UK. It's not only London, and there's a lot of private sector as well as public sector interest in uplifting the remaining parts of the UK so that it's not just London. But to be honest, London.

Den:

Most of it is still London. I mean, what's it like trying to raise funds? And actually, so Fortex, you guys are pretty new. So what round of funding are you guys in just now and what's it like trying to raise those funds?

Parvez:

So to be honest, raising funds is pretty much concentrated around London. Most of the VC capital or the flow of capital happens around London. Some of our angel investors are based in the US. So how we got into this, and this is just going into my story. So look, I'm a first-time founder. I was looking for a co-founder as well to start this off with. And there's this accelerator, a prefeed VC accelerator called Antler who run a residency out of London. So I actually spent quite a few months in London. I was staying there for the entire week and for a couple of months. So that is where I met my co-founder. That is where we hit it off around, okay, we want to build something in security, focusing on people, and that is also where we got a first check. And at this point, we are pre-seed.

We'll be looking at raising our seed round soon. And at this point we are looking at global investors. So people who are based in the US but have a presence in the UK. And equally, there are really some good funds around cybersecurity based in the UK as well.

Den:

And you do use the buzzword AI. So obviously that means everyone's going to give you more money because you've got AI in the buzzwords. I love it. So you guys decided you're going to do something in the identity space. So can you share with us, what is it that Fortix is going to deliver? Why is it groundbreaking? What's fascinating about it? But more importantly, what's the problem you're going to solve? And for all the CISOs listening, oh, my network of friends, why should they care?

Parvez:

Yeah, and that's a great question. So over the last one year, we did a little bit of soul searching, a lot of problem discovery before arriving on what we are doing. And to be honest, we have pivoted away from what we actually got the funding for. And that's the reality of it. So more than identity, it's about protecting people, not through security awareness, but through tooling that actually protects. So I'll start with a vision statement, and we have been trying to refine this over a long period of time. And today the statement is we want to secure the world's communication channels. And what does that mean? So we are starting with email. So one of our design partners post-pivot, they said, look, we have this tool around email data loss protection, not very happy with it because of either false positives or commercial reasons or customer service problems.

And they said, while we are looking out for something out there, there's not much. Email security is all about phishing, social engineering, business email compromise, but data loss protection, especially in regulated sectors where the wrong file would send to the wrong person just has a lot of financial and reputational damage associated with it. And that is where we see the opportunity and that is where we started building. And what we saw is we talked to people in the mid-markets or companies that are 200, 300 headcount. It was a problem there, but then we started looking at enterprises. And where we found the common patterns where either insurance companies or financial services companies that have either anywhere between 2,000 people all the way up to 25,000 people. And what has happened is email data loss protection is part of the broader data loss protection category. And the industry has pretty much written off DLP or data loss protection.

That's a reality that's been fascinating to understand because there's a lot of noise, there's a lot of false positives and people today, especially with tight security budgets, smaller security teams, you don't have the bandwidth to actually operate on top of those alerts. Some of the larger organizations, some of the larger financial services we are working with, they are treating it like a people and process problem. We don't trust the tool, but look, someone, John from the compliance department has sent an email out to the wrong third party. Now his manager has to review that email manually.

Den:

So of all the problem ... Well, a couple of thoughts, right? One is I think the whole DLP market has been a mess and I'm going to just say an epic failure forever in the sense of we talk about data classification as if 40,000 employees is going to know the difference between a restricted or a confidential document. Very rarely do they know that. So then you rely on a tool to classify it. And the tools, as you mentioned, there's a lot of false positives, there's a lot of tools that suck. And then you talk about the price of these tools. So you can spend millions, multimillion. If you're a large enterprise, you'd spend five million plus a year on what I would call a semi-robust DLP program between the tooling and the people and all this stuff. And then at the end of it, the ability for a bad actor or an employee to make a mistake, like you say, and send an email out with crap in there that you don't want sent out or they shouldn't be sending out, we still aren't solving the basics of these problems.

But the one thing I would question, and have you guys put much thought into this, if a CISO's got 10 burning things this year to solve, I always say to founders and startups, especially in the security space, why would your thing be in the top 10? And how do you make it so that from an ROI perspective, it just is a no-brainer. You wouldn't even want to think about it because it just makes sense.

Parvez:

Yeah. So let me start with the ROI. And look, I was talking to another founder in the industry pretty accomplished, and he told us, look, this is what you're trying to do. Today, DLP solutions are stuck in monitoring mode. They just analyze, but there's no blocking, there's no prevention. Someone has to manually glaze through it. Can you actually go to a world where DLP products actually block? So can you go from monitoring a passive mode to action or block? And that is the value creation we want to do. That is where the ROI is. You're paying for a tool, as you said, in the millions, but I don't want to also add people's time on top. So one organization, it's funny, 12,000 employees, but there are a thousand people spending thousands of hours in

Den:

A week just reviewing emails. So this is the whole thing, right? The cost of operation needs to be so low. It's almost set it and forget it.

Parvez:

Yeah. And that is exactly what we are trying to do. Data loss prevention that actually works. And the way we are thinking about it. So if you have an unlimited IT budget and by transitive law, a large security budget, you could hire a team of thousand people to just manually review all your emails, manually track all your data flows. Today, if you try to emulate that, it's becoming possible through AI agents. And imagine if you were sitting in the security team trying to review an email, okay? Okay, this content doesn't look right. Let me see what's there in the attachment. Okay. This attachment is not meant for the person I'm sending it to, or sometimes the recipient. Does this recipient actually exist? So we are able to almost do real-time analysis as humans, and can we emulate the same concept using AI agents? So imagine if you're a large bank and you're sending out millions of emails every day, we can spin up five million AI agents, behave like humans.

Oh, the attachment doesn't match with the person I'm trying to send this to. Or I'll give you an example of a false positive. Say you're a large bank, you have a third party software provider, they're doing an audit and they're just trying to confirm what bank details do you have on your records. So I'm trying to just send their bank details to them, not someone else's information, but traditional tools would flag that up as a false positive. Oh, there's banking information in it. Let's flag it up. And that's the noise we are talking about. How do we bring context and understand human intent? And that is how we're modeling the problem.

Den:

So let me pivot a little bit. So you mentioned about you spoke to another founder who's probably further along in their journey than you are, and they gave you all this advice. So what kind of advice when you're speaking to your founder friends, what's the best piece of advice they're giving you as you're ideating and trying to think of solidifying the journey here?

Parvez:

Yeah. And see, in a nutshell, I have realized this myself and having talked to a lot of founders, ultimately, are building a business. You provide a service, you build a product, and there are people who are willing to buy that product, and it actually creates value for them. That's the fundamental. And how you scale this and beyond, again, that comes further along the line. So solve a problem that actually matters and people are willing to pay for it. Now there's a lot of distraction, say partnerships, fundraising. You have to time all of that right. You cannot be doing all of that at the same time, otherwise it's a chicken and egg problem. So have your priorities set right and time the things that-

Den:

And that's interesting because as you're building the product and ideaing it with design partners and your own team, then there's a point where you think, okay, right, we've nailed this enough to then go and take it to VCs or angel investors because now we get something to show them. And it might not be the fully fledged product, but it might be the concept product that you can then take. Yep. Yeah, that's cool. I want to come back to that in a second, but let's take a short break for this announcement. Hey folks, just want to take a minute to say thanks for listening to the show, watching the show, however you engage with us. If you're liking the conversations, if you think we're adding some value, we'd love you to like, subscribe, and share the show with your friends, if you know of anyone else that would benefit.

Ideally for us, that will help us be able to grow the show, invest more in the quality, get some more exciting guests, and keep bringing you some executive goodness. Thanks everybody. Take it easy and enjoy the rest of the discussion.

Okay, so Parva, so let's dig into this, man. So this is exciting. So you guys are on the path to jump into some angel investors, you're going to have some great conversations, you're building some great product. You've got the fancy words AI, which I think most investors want to hear these days. I think they're beyond digital transformation and zero trust, and they've all jumped on the AI bandwagon. So when you're thinking of going to investors, so you've got the UK market that you spoke about earlier, does your approach change when you're speaking to US investors? I mean, do you approach that conversation differently? And for others following your footsteps, because I know there's a huge amount of UK startups seen where they're now trying to get into the US. So yeah, how do those conversations differ? And what advice would you have for people who are following the dream just like you?

Parvez:

I'll share things I've learned across the journey. So when we started raising our first angel round, it's just going to pitch mode, first time founder, classic mistake. It's all about, on the other hand, building a relationship. It's not that you pitch today and money in the bank tomorrow. It's all about building that relationship, trust. We are on a journey, we are showing progress. We are not just in it for any other reason. We want to solve an actual problem. So that is what I've learned, and that's true whether it's angel investors, whether it's pre-seed VCs or some of the further early stage, but seed stage VCs that we are trying to talk to. So currently approach it, yeah, look, we are building this cool thing. We have identified this problem. We have a seed round coming up in the future. Let's start a conversation. Let's get to know each other.

So that's how I'm approaching it. On your question around the UK versus the US, the ethos are pretty much the same. How people approach it, the size of the opportunity, those are things that differ, but yeah, you start off with building a relationship. I'll share some instances where, look, a top tier VC or a few of them, if you reach out to someone really senior there on a LinkedIn, there's a higher chance that someone will actually take the call in the US. So UK, on the other hand, don't get me wrong, it happens, but the stats are not in your favor. So what people operate through is warm intros. I know this person, really good guy, have a chat with them. So that is how the dynamics differ and people are very open to making intros in the US. That's the other thing. Okay, this is interesting.

You should talk to 500

Den:

People. I was going to say, this to me just feels like networking 101. And when you're looking for a job in a more junior capacity, you apply for the job online and blah, blah, blah, and you try and beat the AI bots to the whole chase of my ... I'm right for that thing. But when you get more senior, then it's all about your network. And I look at it like

You guys are in a very same boat where there's VCs, I believe ... I mean, so it's funny, as I started 909 cyber, I didn't seek any funding from anybody. I just like, I'll use my own money and burn my money to the ground as I build this business. The big thing for me though was when I hear of founders and other people having conversations with VCs, there's two things that seem to strike me, and I'd love your feedback on this, is one is do they have confidence in the founders themselves? So it's a, we have confidence in you, the human, the leader, the visionary, and your ability to execute.

The second thing for me, and I don't know which one's more important, so I'd love your feedback, but second one is, are you solving a problem that people give a shit about? So I look at those two things, and you mentioned a couple of other little nuggets along the journey of what's the customer experience like? What's the success like on the implementation? What's the ROI on the thing, the cost of operation? But I still go back to the first two. So I mean, what's your take, founder confidence, solving the right problem? Is that how you see it?

Parvez:

Yeah. And then I say, look, when we went through the Angela program, there were three questions that were very clear. Why this? Why you? That's brilliant. And especially at early stage pre-seed seed, it's all on the founders. That is what people are betting on. They know you'll pivot. They know nine of the 10 startups they invest in will

Most probably go bust, but it's all about people at the early stages. You might think it's about traction, it's about everything else, but that is a product of you as a person, your drive, your sales motivation, that is how it manifests. So that is my take on it, but at the same time, the other key terms of her in the industry, so you raise or do fundraise on the basis of two things, either track record or traction. So if you have the right logos on your CV and you're in the right industry, that's one way of looking at it, or you have actually come across a problem and you've built a good product and there's great traction. And that is another way of looking at it where, okay, your track record is your traction and how you've built up the business. You already have paying customers, you already have revenue.

It makes the story a lot more digestible. Those are the proof points that

Den:

Eventually matter. And I mean, I think that's the thing that's fascinating to me is how at the end of the day, I think VCs, it's gambling. It's gambling for the big boys really or big girls, and they need some level of confidence that that gamble's going to pay off. And yeah, like you said, they know that they might invest in 10 things and one of them is a wild success and nine of them just flop, or they don't get that investment that they hoped for. So where do you see ... I mean, so you guys are building stuff around the AI space. So where do you see the AI security game going in the next 12 months? I mean, have you got some crystal ball there, Parvez, that you're checking in on?

Parvez:

See, I wouldn't call it a crystal ball, but there's one thing I believe in. Starting up is really hard. So anyone who's taking the shot, kudos. So whether you fail or succeed at this point doesn't matter, you've taken the first step, and that's an incredible thing to do. In terms of what I'm observing in the industry, in terms of security, there are two sectors that are emerging. So there are new possibilities. Okay. AI SOC, hundreds of thousands of alerts, humanly not possible to see through them. AI can do wonders over there. Then there's the other element. How do you protect the AI itself so that you don't upload or upload the wrong files or misuse the AI? So there are guardrails around how do you interact with ChatGPT or Groc or any of the other AI platforms out there? So those are the two broadcams that I'm seeing.

And then the third category, in my opinion, is existing tooling. So for example, the email data loss prevention side or email security or DLP as a whole or some of the other data security products or vulnerabilities. So that is where it's now possible to rethink how those platforms operate. So the false positive problem or the operational burden, how do we make that go away and how do we improve the tools that already exist? Now, the broader observation now is when I talked about AI security where you protect how you interact with AI or how your AI behaves or this new tools where, okay, I deals with hundreds of thousands of SOC alerts and AI is making that feasible. The thing is, now every category, I was reading something, I don't know the exact thing, but there are hundreds of startups with $700 million total funding in the AI SOC category.

So that's $23 of funding for every $1 of revenue. And

Den:

Yeah, I don't know how that- And that just goes back to the gambling piece, right? Because all these VCs, they're not all going to win. In the AI SOC space, you'll probably get four or five bigger players, which in the end, really, those four or five startups get bought over by the bigger players like the Palatos or the Ciscos or whomever else. So I think of it just like as VCs are pumping money into the AI security space, and RSA is around the corner, so I can't imagine now how many more vendor booths are going to be there, but it's like there's three and a half thousand plus vendors in the security space alone, and that's before we get every mother and a brother doing an AI company. Because I think building product with AI is becoming more accessible, which means we're just going to start to see a lot more smaller little incubators coming up with one jazzy idea.

So I think we're about to see in the next 12 months a flood of more and more AI created solutions solving little micro problems. And I'll be curious to see how it plays out. But I also think there's, I said this a couple of years ago at a CDW event in Canada about AI and security. And I just basically thought one of these big players are going to get breached at some point and all the crap that we've been putting into their platform for using AI is going to be out there in public. And a lot of companies don't think of that when their organizations are using AI technologies today. So when you think of DLP, there's DLP for email, but I mean, we've got friends that we partner with and they aim to try and solve this problem of your employees uploading confidential information into the ChatGPTs of the world or whatever, Copilots or whatever.

So I think that at some point is going to be a big headline in 26. What do you see? So what does the next six months look? I was going to say 12 months for you guys, but what does the next six months look like for Fortix? Yeah, so you're still going to be talking about raising funds, but share with me the 2026 plan.

Parvez:

So the 2026 plan, the next few months are very, very clear in terms of what we have to do. So we do have three POCs lined up. One is ongoing. We start another POC in a couple of weeks time, there's another POC in March and just tack up the revenue, start building a business, like I said at the start. And one of the other things is it's been mostly founder-led sales, building relationships, showing up at events, and eventually those things have led to POCs. And going forward, what I'd want this to be is more repeatable, where the brand is more recognizable rather than just the founder brand. So security is all about polish trust and brand, something that people can trust to secure their organizations. So that is, we want to start building a brand that is where, okay, ramp up marketing activities, ramp up more repeatable sales motions.

So start looking at partnerships going forward. So one of the cool things, I don't know if I've already mentioned, we are part of the CrowdStrike, AWS and VDS Cyber Accelerator, and that's been opening a lot of those for us. So access to CrowdStrike resources, AWS resources, NVIDIA resources where you're talking to the best people in the business. So how do you leverage their partnerships tapping into potentially a CrowdStrike API to improve our platform? How do you use co-sell motions with them, go into their existing accounts? So how do you make the best of the ecosystem? So in a nutshell, keep building that customer base, get to revenue, but at the same time Start planning for the future where it's not only this initial three customers we're working with, how do we scale this through

Den:

Partnerships? I think that's important because at some point, and somebody said this to me when I started 909 Cyber, which is the first set of customers you get are going to be your network, your friends within your network or people they refer to you.

Where does your next wave of customers come from or what are you planning now so that you're ready for the next wave? And I just remember the very first thing for me was I always thought that any business needs to have a professional website. And I'm like, okay, so I have to have that up and running before we even say we're a business. So I actually spent the first few months before anything just making sure I worked with the marketing team on building a website that I was pleased with. And as you know, these things evolve over time and ours certainly does. But yeah, at some point you go from that founder led sales to the salespeople led sales. Now you talked about events. So next event in the US is going to be RSA, March. Are you guys flying in for this one? Yeah, that's a big one.

Yes. There was going to be there, so it'll be better. Yeah, we'll be there, so we'll be able to hang out and stuff. And then do you guys, I mean, Black Hat in Vegas and Hacker Summer camp, are you good thinking about that one as well?

Parvez:

Yes. So there's a lot of events happening again across the globe in the UK. So there are events happening here in March, just followed by RSA and also NVIDIA GTC that's happening in March. And look, it's striking a balance between building and serving customers and showing up at events. So we have to be really picky about the ones that we show up to. RSU is definitely the next one, but Black Hat. So we were at London Europe in December and then Bsides. So that is a really good community thing where different cities, different Bsides communities. So those are things we definitely need

Den:

To know. And it's funny because we do give some go- to-market advice to several startups or security startups. And one of the things for me is don't spend money on a booth at RSA. That's the first thing. Don't do that. I mean, the little AI showcase space or the little startup space, some of those are not too bad to get some visibility, but when you get onto the whole shop floor, I just think the price of that and the overwhelming noise is just ... The ROI, I don't think is really there. I think you're better off getting a little space or cohabiting a space with another company and doing meetings offsite and stuff. And what we find is we're just bouncing between different events and different spaces. We co-sponsor with other security vendors as well. And I think for us, that's good bang for the buck.

And it's really just brand. As you said, you're building your brand. So as we wrap up today's talk, I mean, the one thing Parvez is you're still young in the journey of being this first time founder, but if you could tell your younger self one piece of advice as you were starting the business and gone through this process, what is one thing that you'd advise yourself to do differently?

Parvez:

Stop being in pitch mode every time, right? Whether you're customers, whether they're VCs or whether the partners, be genuine. I know you're trying to sell your business for a number of reasons, but focus on the people element, build strong relationships. It's not a sprint. It's a marathon, as they call it. Follow up with people and just check up on people. That's

Den:

Brilliant. So let's plan to get you back on the show in about six months because I'd love to hear where the journey is at that point and see your success and celebrate your success with you. But I think by that point, you'll also have a few more nuggets and gems that you can share with the audience. So Parvez, I really appreciate your time, everybody. Parves, Alam, Kazi, all the way from Bristol, United Kingdom, co-founder and CEO of Fortex Security, the guys that you're going to chase for some DLP saviors. So thank you very much, man. Been great having you on Peter.

Parvez:

No, thank you, Den. It's been a pleasure, and thanks for having me on the show. Thanks

Den:

Everybody.

Narrator:

That wraps up this episode of 909 Exec. If you found value here, subscribe and leave a rating to help others discover the show. To learn more about 909 Cyber, our advisory services, and how we help organizations secure growth, visit 909Cyber.com. Thanks for listening, and until next time, lead with clarity, build trust, and stay secure.

‍