Episode #87: Meet the Startup Changing How We Authenticate Everything

Frequently Asked Questions

FAQ

• Where is the transcript for this webinar?

  Samantha Herrick:
  Welcome back to the Tech Optimist where we don’t just talk about the future, we celebrate it. I’m your host. My name is Samantha Herrick and I am your guide to game-changing ideas, bold founders, and the breakthroughs redefining what’s possible in our today. Here, we cut through the noise, explore the why behind certain innovations, and break it down so you get the full picture. From cybersecurity to AI and beyond, if it’s shaping tomorrow, we’re talking about it today. All right, welcome back everyone. We hope you had a fantastic holiday and a happy new year. Let’s take 2025 by the horns. Let’s dive in.

  Cyber threats are evolving and so is the way we defend against them. Enter UNIXi, a cybersecurity startup that’s making waves in the fight against social engineering attacks, one of the most dangerous and deceptive tactics used by hackers today. Headquartered in Wilmington, Delaware with a global presence, UNIXi is on a mission to protect enterprises from phishing, credential theft, and other identity-based cyber threats. Their patented technology takes a unique integration-less approach to identity security, giving businesses seamless protection without the usual complexity. Despite being a lean and agile team of 11 to about 50 employees, UNIXi has already caught the attention of top cybersecurity investors and is gaining momentum in industries that demand the highest level of security—healthcare, finance, and beyond. So what makes UNIXi different and how is it changing the cybersecurity landscape? Let’s hear it from the mind behind the mission itself, Chad, the CEO of UNIXi.

  Chad Gerstensang:
  What UNIXi does in a very simple way is providing the professional security people within an organization, first of all, visibility. So UNIXi automatically discovers every single application that the users are trying to use. Sometimes organizations really don’t know what they have, and if you don’t know what you have, you don’t really know what you’re protecting, right? So Shadow SaaS—it’s a term in cybersecurity that is really, really trending lately. And what UNIXi provides is the visibility to see everything. Not only do we provide visibility, we’re also providing control and governance.

  Samantha Herrick:
  Chad Gerstensang, the co-founder and CEO of UNIXi, our guest today, brings a deep background in offensive security. Having led cybersecurity teams across both military and civilian sectors, his expertise in tackling some of the toughest security challenges has shaped UNIXi’s approach to stopping cybercriminals before they even strike. Beyond his leadership, Chad is an active voice in the cybersecurity space, sharing insights on phishing, human vulnerabilities, and cyber defense strategies. He’s not just building this company, he’s shaping the future of cybersecurity.

  Chad Gerstensang:
  The real holy grail of what we provide is the universal SSO. So in simple terms—you know passwords, right? We need to use them, nobody likes them. Sometimes you use password managers and sometimes you just forget your password, I guess. Someone can steal those credentials and just try to log in to a certain website using your own passwords, right? This is what happens. It’s like 98% of cybersecurity attacks. So what UNIXi provides is the universal SSO. SSO stands for single sign-on. You sign into UNIXi and that’s it. You don’t have any passwords to use anywhere.

  Lucas Pasch:
  So let’s double click into that because I want to drive home kind of exactly how that works.

  Samantha Herrick:
  Now, venture capital isn’t just about funding, it’s about insight, strategy, and the people who make it happen. And today, we have one of those key players with us, Lucas Pasch, a senior principal at Alumni Ventures. This is the first time he’s on this podcast, so welcome, Lucas. Lucas has an MBA from the Northwestern Kellogg School of Management and a background that spans investment banking, startups, and of course, venture capital. He’s led business operations at Let’s Get Checked, co-founded a startup, and worked in strategy for emerging companies—all before diving into the world of VC. At Alumni Ventures, Lucas focuses on early-stage SaaS investments, bringing an operator’s mindset to the table, and he’s worked across digital health, proptech, and retail, helping founders navigate the complexities of scaling their businesses. Today, we’re going to tap into his expertise along with Chad’s insights—what he looks for in startups, how venture capital is evolving within this space, and what founders may need to know.

  Speaker 4:
  Do you have a venture capital portfolio of cutting-edge startups? Without one, you could be missing out on enormous value creation and a more diversified personal portfolio. Alumni Ventures, ranked a top 20 VC firm by CB Insights, is the leading VC firm for individual investors. Believe in investing in innovation? Visit av.vc/foundation to get started.

  Samantha Herrick:
  As a reminder, the Tech Optimist podcast is for informational purposes only. It is not personalized advice and it is not an offer to buy or sell securities. For additional important details, please see the text description accompanying this episode.

  Now that we’ve covered the big picture—who our guests are, what they do, and why their work matters—let’s get into the real magic: the technology behind it all. UNIXi, as we already know, is pushing in their field. So how is UNIXi defending enterprises from social engineering attacks? Lucas and Chad, walk us through it.

  Lucas Pasch:
  And we’re not going to do a demo on the screen here, but we did this the first time that you pitched me. Explain what you did. You showed me your password, one of your logins—take it from there. What exactly did you tell me to do?

  Chad Gerstensang:
  Sure. So we have a very interesting way of explaining the algorithm which stands behind our single sign-on. And just as we did with you, Lucas, we’re providing your username and password to HubSpot. You can actually go right now to our website, scroll down and you will see the video of me giving away the HubSpot and PayPal account—we have a PayPal account with like $10,000—and asking people to try to sign in. And I can jump on a call and show you using those credentials right now and you can see this—all credentials actually work. But if you try to do it from your end, you won’t be able to. And the reason is that I have my very own UNIXi extension installed in my browser, and that’s the only difference between me and you. And that’s the reason why I managed to sign into HubSpot when we did a demo together.

  Lucas Pasch:
  Yep. So on your end, you have your HubSpot credentials and because you have this extension, you enter your username, your password, but the extension is scrambling it in some way, shape, or form to where you don’t even know what it actually is. And so if I steal your credentials, I don’t have that thing on my browser, and so it’s the wrong password, and so I get rejected.

  Chad Gerstensang:
  To simplify it, you can think about an old Swiss bank, right? You came with a key and the banker provided another key. And only by combining those two keys, you manage to open the vault. This is what UNIXi does in this demonstration. You’re providing your key, which is the password, and we scramble that password and create something completely different, which is essentially opening the vault.

  Lucas Pasch:
  Yep. Yep. So tell us—who are your primary customers and what industries or types of organizations benefit the most from your company’s solutions?

  Chad Gerstensang:
  Honestly, every single company can benefit from UNIXi because every company—well, given that you’re using the internet—every company has a phishing threat on them. But we do usually aim for companies that have about 1,000 employees and above, just because we found that those types of companies are usually a bit more mature and a bit more ready and a bit more understandable regarding the security posture. So we aim for these sizes of companies. Now, we currently have plenty of customers within the medical industry and the healthcare industry. In addition to that, finance. But honestly, we are industry-agnostic—it just happened to be those industries that we’re starting off with.

  Samantha Herrick:
  Now, if you think cyberattacks are just an occasional nuisance, think again. The numbers that I’m about to share with you are staggering. By 2025, the global cost of cybercrime is projected to hit around $10.5 trillion annually. That’s more than the GDP of most countries. And the attacks themselves? Relentless. A new one happens every 39 seconds, putting businesses and personal data at constant risk. And it’s not just small-scale breaches—the average global data breach now costs a company $4.45 million.

  Meanwhile, ransomware damages alone are expected to soar to $265 billion per year by 2031. These attacks are growing more frequent, more sophisticated, and more expensive than ever. In 2024, UK businesses alone faced an average of 753,341 attempted breaches—meaning a new cyber threat emerged every 42 seconds. And for those who fall victim to DDoS attacks, the downtime can cost up to $22,000 per minute. We’re also seeing a huge rise in encrypted threats—a 92% increase in 2024—signaling that hackers are adapting faster than security defenses. And supply chain attacks? They impacted 183,000 customers this year, a 33% jump from last year.

  Samantha Herrick:
  With cyber threats evolving, many companies turn to identity and access management solutions like Okta. But what happens when those solutions don’t cover everything? That’s where UNIXi stands apart. Chad is going to start to break down how UNIXi offers universal SSO without complicated integrations or added costs in this next chapter of the interview. So let’s get into what makes UNIXi different and why it’s built to handle security challenges competitors can’t.

  Lucas Pasch:
  So identity and access—those types of companies with a thousand people plus have some kind of identity and access management solutions kind of built into their cyber stack already. It’s a relatively crowded space. So what gaps were you seeing in the market from existing solutions? The one that comes to mind first—and maybe a lot of our listeners have heard of—is Okta, kind of the 800-pound gorilla in the room. What kind of gaps did you see in solutions like Okta’s that inspired you to build UNIXi?

  Chad Gerstensang:
  Well, Okta is a very good product. I really like their product. It’s very easy and it’s very, very convenient. Now, the main gap that Okta has is the coverage that they can provide, meaning that Okta is built in a way of exchanging tokens. And in order to do this exchange, they need the third-party application to have SAML protocol; otherwise, they won’t be able to do this exchange. And according to our research, only about 20% of SaaS enterprise applications are able to have SAML protocol installed or currently have SAML. And while it is true that it’s a bit of a crowded space—the identity and access management—but it’s crowded for those 20%. Because of the way that UNIXi is built, we built it completely integration-less. The third-party application doesn’t really even know that we exist. Thus, it’s allowing us to provide coverage to those remaining 80%. And I only know one company that provides SSO to the remaining 80%, and that’s UNIXi. So honestly, it’s not as crowded.

  Lucas Pasch:
  Tell me about this term “SSO tax” and what that is and how your company kind of helps organizations avoid it.

  Chad Gerstensang:
  Sure. Try to think that, for example, you went out and bought a car. You have the car and everything works out great. But then Toyota—or whoever you bought the car from—asks you extra for the airbags. So if you went out there and bought a SaaS application, right now you have the SaaS application, you can use it and everything works fine and everything is well. But if you want SSO—single sign-on—to this specific application, you will need to buy the premium package. It really is a scandal. It’s like they are holding you in jail to have SSO, which is a security measure.

  And what’s just really interesting for me is that those vendors decided to take away security in order to make more profit. But, well, it is what it is. Obviously, with UNIXi, because we’re integration-less and the third-party vendor doesn’t really know that we exist, you don’t pay any SSO tax. Because what we do in really the big picture is telling you: do not trust the third-party application to have good security. We all saw that they take SSO and put it here in a jail—to pay extra just for security. Do rely on UNIXi. And we provide SSO to every single application—whether the application has SAML, whether the application puts SSO behind the SSO tax—we don’t care about it. We provide you the SSO for whatever you need.

  Lucas Pasch:
  Yeah, I love that positioning is a pretty universal problem across enterprises.

  Samantha Herrick:
  Every groundbreaking and innovative company has a story, and UNIXi is no different. Chad’s journey from military cybersecurity to startup founder gives UNIXi a unique edge—thinking like hackers to stay ahead of them. And with backing from some of the biggest names in cybersecurity, the company is poised for serious impact. Now in this next chapter of this episode, let’s hear about the team behind UNIXi and the vision driving its future. But before we dive headfirst into that, here’s a quick message from our sponsor.

  Speaker 4:
  Exceptional value creation comes from solving hard things. Alumni Ventures’ Deep Tech Fund is a portfolio of 20 to 30 ventures run by exceptional teams who are tackling huge opportunities in AI, space, energy, transportation, cybersecurity, and more. These game-changing ventures have strong lead venture investors and practical approaches to creating shareholder value. If you are interested in investing in the future of deep tech, visit av.vc/deeptech to learn more.

  Chad Gerstensang:
  So I started my—well, honestly, I grew up as an Orthodox Jew, so I didn’t really touch a lot of the computer stuff. The first experience that I really had with computers was in the IDF. I joined the IDF at the age of 18 and I worked as a security researcher. I did specifically DFIR, and I also managed to work quite often with the FBI. I’m actually really, really blessed by the opportunities that I had. I worked a lot with the FBI, and after that, I joined a company named Comsec, where I was an offensive cybersecurity expert. Did a lot of threat team and penetration testing. And this is also where I actually met my co-founder, Reuven. He actually was my boss. We were both offensive cybersecurity experts.

  And the reason why we started UNIXi was because we noticed that the way to intrude companies was by stealing credentials. And we tried to understand—why does this problem still exist? It doesn’t make any sense. If you were in the 1980s, you still were worried about phishing, and nowadays, you’re worried about phishing as well. It just doesn’t make any sense, and nobody really addresses the issue but the SSO providers. Yes, you can try to have MFA and so on, but as I told you—coming from an offensive security background—it’s very easy to bypass those MFAs. It’s just another step.

  And I think that because we’re coming from offensive cybersecurity, it also really helps us think outside of the box. Because this is what you do when you try to hack into a company—you’re thinking outside of the box. And this is why UNIXi is so unique and it’s so different, because Reuven, my CTO, and myself are coming from offensive security.

  Lucas Pasch:
  Yeah, it makes sense. And for the audience, when you say offensive security, it means that kind of in your background when you were at Comsec and other places, you were essentially paid to put yourselves in the shoes of the hacker and kind of try to exploit vulnerabilities and then help the company overcome those. Is that accurate?

  Chad Gerstensang:
  Yeah. Well, if you pay a lot of money to have a very good defense, you want to make sure that this defense actually works.

  Lucas Pasch:
  Yeah.

  Chad Gerstensang:
  And this is when you call a guy like me, that has the skills of a hacker but tries to use them for a good purpose. And we try to hack into your organization and tell you, “Well, your defense mechanism is very, very good,” or “You need to replace the vendor.”

  Lucas Pasch:
  Yeah. Awesome. And so you’ve been backed so far by some really talented cybersecurity investors, experts, and practitioners—Hyperwise Ventures, who we’re very close with here at Alumni Ventures; Shlomo Kramer, an industry giant, is one of your key angels. What do these folks’ involvement kind of mean for your company and its growth trajectory?

  Chad Gerstensang:
  Well, Shlomo Kramer isn’t only an investor, he is also a mentor of mine. I have regular meetings with him, and I feel very, very honored and humbled to have those giants invest in me.

  Lucas Pasch:
  Give us more background. Who is Shlomo Kramer?

  Chad Gerstensang:
  Well, Shlomo Kramer is probably one of the biggest names in the Israeli cybersecurity industry. He came up with Check Point, he came up with Imperva, he’s currently the CEO of Cato. So all of those unicorns of cybersecurity companies—it’s just him and his team, of course. And I feel as if I have an unfair advantage toward other companies because I get to consult with him so much. Every time I have a very important strategic issue that I want to consult on, I know that he’s just a phone call away, and I know that I have those regular meetings where I can present him with this issue and ask his opinion.

  And not only Shlomo, I also have Nathan, who is an amazing person to consult with. And then we have Nadir and Yevgeny from Armis. And just—we’re surrounded by so many talented people: Dean Sysman from Axonius—that we can consult with. And it really just gives us an unfair advantage toward anyone else. And it also shows that the vision of UNIXi, and the vision of integration-less, is something that a lot of experts really believe in.

  Lucas Pasch:
  Yeah, love that. So let’s wrap up with one final question. If someone listening today is part of an organization grappling with identity and access management issues, what is the one message you’d like to leave them with today regarding UNIXi?

  Chad Gerstensang:
  I think that whenever you’re starting to build your identity security posture, the first thing that you need to do is to know what you have. This is where the discovery features come in. After you know what you have, you need control over it—and maybe even freeze. Don’t add any new SaaS applications before you start managing whatever you already have. So by the governance, which you can do that in, it’s almost like you stop time and you can start managing whatever you already have. And you manage those by having the universal SSO.

  First thing: take the biggest threat out—take the phishing threat out of the way—so you have visibility across what you had, you have control over what you currently have and what’s coming, and then you also have universal SSO to every single application.

  Lucas Pasch:
  I love it. I think that’s a good wrap-up point for us. Chad, thank you so much for taking the time and walking our audience through what you’ve been building. We’re very proud supporters of UNIXi, and just—we’re proud to be on your rocket ship.

  Chad Gerstensang:
  Thanks for having me, Lucas. Thank you so much for backing us up as well.

  Lucas Pasch:
  All right. Thanks, Chad. Take care.

  Samantha Herrick:
  Thanks again for tuning into the Tech Optimist. If you enjoyed this episode, we’d really appreciate it if you’d give us a rating on whichever podcast app you’re using, and remember to subscribe to keep up with each episode. The Tech Optimist welcomes any questions, comments, or segment suggestions, so please email us at [email protected] with any of those and be sure to visit our website at av.vc. As always, keep building.