This new company wants to combine red and blue teams into a novel, purple approach

Starting today, purple is the new shade of cybersecurity in Northern Virginia.

McLean, Virginia-based UltraViolet Cyber (UV Cyber) is a security-as-code platform that brings together offensive and defensive cyber. The company was created through the combination of companies Metmox, Mosaic451, Stage 2 Security and W@tchTower.

The companies came together through several acquisitions and funding from Achieve Partners in New York, which wanted to assemble a group of like-minded, bootstrapped cyber companies. Acquisitions began in the summer of 2021 and concluded about a year later. The companies began operating as one under the UltraViolet Cyber name in January of this year.

CEO George McKenzie told Technical.ly that UV Cyber has about 400 employees, split between the US and the rest of the world.

“We’re tackling the problems with cybersecurity on a couple of different fronts and in a unique way that positions us differently in the market,” McKenzie said.

UV Cyber is using a so-called “purple” approach to cybersecurity, combing people with a cloud-native microservices platform architecture. Cyber teams often specialize in “blue teaming,” which is on the cyber defense side, or “red teaming” with an offensive approach that proactively looks at a network’s infrastructure. Combining these two approaches in one company, he said, means that risk and activities will be assessed holistically and 24/7.

“We’re looking at it with that ‘iron sharpens iron’ approach,” McKenzie said. “To be truly cyber-resilient, you have to be both defensive-minded and offensive-minded at the same time.”

Despite the typical bifurcated techniques, higher-end, mid-market customers still have the same security needs as Fortune 500 ones but lack the budget to hire multiple firms or develop their own red teams. Therefore, many only do a penetration test once a year, fix their vulnerabilities and spend the rest of the time working with blue teams.

“In today’s modern age, in a post-COVID world where the threat is real and people are remote and workforces are everywhere, that one-time snapshot of your risk and an annual penetration test isn’t good enough anymore,” McKenzie said. “We feel you have to do that continuously, you have to be relentless in your uncovering of your risk.”

McKenzie said the company is in growth mode and plans to continuously onboard new hires throughout the year, though he couldn’t say exactly how many. UV Cyber is also looking to expand into a new office in Northern Virginia, where it will build out its US global delivery center, sometime in 2023.

Even without this office, the combined company is already working to develop internal talent to fill these roles. The company hosts apprenticeship and internship cohorts for people changing into a cyber career without a traditional collegiate background. The first few cohorts were 10 to 15 people apiece, McKenzie said; he hopes to grow it into a larger program following the launch.

“We’ve created a program in which we’re working to onboard and train cohorts at least twice a year to be able to find the talent that’s out there that may not be coming from traditional universities or colleges — and to be able to find that talent, get them skilled or upskilled and get them into the workforce,” McKenzie said.