Collaborating Together as a Global Team to Defeat Cybercrime


SecurityStarfish shifts the balance of power on the Internet, taking the advantage away from cybercriminals and placing it back into the hands of its enterprise customers. SecurityStarfish provides the world's leading enterprises with actionable cyberthreat intelligence that allows them to predict cybercriminals' next moves and reduce the risk of data breaches. Our clients have access to shared solutions and attack information, and we help them to define more-effective strategies to prevent successful attacks – now and in the future.

SecurityStarfish collects and analyzes cyberthreat intelligence submitted by its Fortune-ranked clients and then produces frequent reports that provide threat analysis, guidance on remediation and direction on how to reduce risk. Its clients include the world's largest financial institutions, manufacturers, retailers and energy providers.

Security industry veterans with more than 60 years of combined IT security experience founded the company. Founder Dave Cullinane, former CISO and vice president of eBay, serves as CEO. Founder Gordon Shevlin is the company's COO and executive vice president. He founded SiegeWorks, served as a executive vice president of FishNet Security and is currently CEO of Business Risk Intelligence provider Allgress. Sharon Cullinane brings more than a decade of IT security experience to her role as corporate secretary.


SecurityStarfish is dedicated to shifting the balance of power on the Internet. Its mission is to take away the advantage from cybercriminals and to place it back into the hands of its enterprise customers. Cybercriminals are well funded, organized and relentless in their pursuit of sensitive, high-value information. SecurityStarfish is helping its clients develop a united and well-organized defensive front that allows them to raise their security posture, defend against cyberattacks, and avoid costly breaches, fines and brand damage.


Anonymization Engine

SecurityStarfish, LLC, Announces Assured Anonymity for Threat Information Sharing

Anonymization Engine enables anonymous sharing without third-party middlemen

San Francisco, Calif. (February 24, 2014) —Today at the RSA Conference, SecurityStarfish, LLC, announced a solution to a long-standing obstacle to effective sharing of threat information. Security Starfish has developed patent-pending technology that allows each Security Starfish Member to thoroughly and quickly anonymize threat data, effectively placing those data beyond attribution to any specific company.

Overcoming Barriers to Information Sharing

U.S. Presidential Decision Directive 63 first called for effective cyber threat information sharing in 1998. But sixteen years later very little progress has been made – primarily due to companies' very real concerns about liability, regulatory, and privacy issues. The few efforts that have so far been attempted depend totally on a trusted third party's receipt, analysis, and reporting of threat data. Recent retail data breaches demonstrate the need for timely threat information sharing—cyber adversaries have operated inside their targets' decision loops for too long. Security Starfish addresses these challenges by dispensing with trusted third parties altogether, making swift, effective collaborative defense a reality.

SecurityStarfish's novel anonymization technology is fully compatible with its sophisticated analysis of threat data to deliver timely, tailored, and actionable alerts. This represents a major breakthrough, essential to effective sharing of cyber threat data and proactive security against today’s increasingly complex and sophisticated attacks.

Minimal Customer Impact

The Security Starfish Anonymization Engine is straightforward and easy to use. Each company submitting attack data can thoroughly anonymize and quickly review their data prior to submission. This makes reporting simple and easy, removing the need for incident response teams to constantly review and sanitize their data prior to submission. And in return Members receive up-to-the-minute information on new and emerging attacks. They are warned of indications they are being targeted, and they receive smooth access to collaboration capabilities that enable Members cooperatively to develop the fastest and most effective defenses. If Company A already has a solution, then it can share that solution quickly. If there are no current solutions, SecurityStarfish provides the means and sophisticated technical support to help Members define and implement effective solutions.

This includes all businesses and government organizations – any enterprise, large or small.

Anonymization Engine Availability

Access to the SecurityStarfish Anonymization Engine is as simple as becoming a Member of SecurityStarfish. Email or go to for details.

Founded in 2012, SecurityStarfish, LLC, is an alliance of industry security professionals designed to effectively address cybercrime through collaborative intelligence research and preventive actions.

SecurityStarfish, LLC, and Anonymization Engine are registered trademarks or trademarks of SecurityStarfish, LLC, in the United States and/or other countries.

For more information, press only:
Dave Cullinane, CEO
Paul Kurtz, Chief Strategy Officer
CyberPoint International, LLC


SecurityStarfish clients receive protection against regulatory backlash through anonymity. Clients share cyberthreat intelligence through a secure portal that protects their identity, but they have the assurance of knowing that all report information comes from actual SecurityStarfish clients. To join, email us at of call us at 925-579-0121 and one of our representatives will assist you.

Corporate Leadership

Dave Cullinane, Chief Executive Officer and Founder

Dave Cullinane is a globally recognized leader and visionary in the IT security industry. Prior to founding SecurityStarfish, he served for five years as a vice president and Chief Information Security Officer (CISO) for eBay, where he was responsible for global fraud, risk and security strategy, and for programs that provided security for eBay and its many global businesses, including StubHub, and GSI Commerce. Prior to joining eBay, Dave was the CISO for one of the largest banks in the United States. He has more than 30 years of IT security experience and is a Certified Information Systems Security Professional (CISSP) and a former Certified Business Continuity Professional (CBCP).

Dave is a founding member and chairman of the board of the Cloud Security Alliance (CSA). He is the past president and chairman of the IT-ISAC, an organization dedicated to sharing security-related information across companies in the IT industry. He served as a member of the IT Sector Coordinating Council and the National Council of ISACs. He is an ISSA Fellow, and was recently elected to the ISSA Hall of Fame. He serves on ASIS International's CSO Roundtable Committee and is on the Editorial Advisory Board of CSO Magazine and SC Magazine. He was awarded SC Magazine's Global Award as Chief Security Officer of the Year for 2005 and CSO Magazine's 2006 Compass Award as a “Visionary Leader of the Security Profession.” In 2012 he was awarded SecureWorld's first Lifetime Achievement Award for his outstanding contributions to the advancement of the information security community.

Gordon Shevlin, Founder, Executive Vice President, Chief Operating Officer

Gordon Shevlin brings more than 25 years of business leadership, technical development, sales, marketing and management experience to the company. He previously co-founded SiegeWorks. There, he grew the company from three to 120 employees, building a strong international presence and managing its successful acquisition by FishNet Security, the nation's leading provider of information security solutions that combine technology, services, support and training. At FishNet, he served as executive vice president.