Scott McCrady is running SolCyber, a managed security services provider he launched out of stealth in July 2021 with $20 million in Series A funding led by ForgePoint Capital. The company's premise is small enough to fit on a business card and heretical enough to unsettle a good chunk of the industry: enterprise-grade managed security, delivered to the mid-market, at a price the mid-market can pay, with humans on the other end who can actually explain what they did.
SolCyber sits inside a McKinney Avenue office in Dallas with 29 employees, according to the company's most recent public headcount. That is a specific number in a specific city, and both matter. Dallas is not San Francisco. Twenty-nine is not five hundred. McCrady has run five hundred - he ran roughly that many at Symantec, across six security operations centers scattered across the globe - and he has decided, on purpose, that this time he would like to do something smaller and sharper.
The pitch, delivered in podcasts and press releases and the occasional Frontlines.io interview, is that MSSPs have historically been built for the Global 1000, and everyone else has been sold either shelfware or a portal login and told to figure it out. SolCyber's answer is a curated technology stack - endpoint with EDR, lateral movement detection, advanced email security, active directory hardening - wrapped in a service where the vendor answers the phone and the customer does not have to become a part-time security operations analyst to get value out of it.
McCrady describes it, memorably, as taking twenty years of MSSP lessons learned servicing very large companies and applying them to a "modern take" on the model. The word "modern" is doing a lot of work in that sentence, and McCrady seems to know it.
Bars are illustrative rather than exact; SolCyber's runway is still being written.
McCrady is an engineer by training - a small biographical fact that turns out to explain more than a page of resume bullets. In interviews he tells a version of the origin story where he came out of school setting up security systems, watched the systems generate torrents of data, and had the fairly reasonable engineer's reaction of asking what anyone was supposed to do with all of it. That question is, more or less, the question the entire MSSP industry has been trying to answer since.
His early career included installing Nokia security appliances, which is a sentence that dates a person as precisely as carbon-14. From there he moved to Symantec, where he spent roughly a decade. He started by building out the Asia-Pacific-Japan business from what he describes as "zero," running operations out of Sydney and Tokyo, and eventually ran what became one of the largest MSSPs in the world, with something like 450 to 500 employees and half a dozen SOCs distributed across time zones.
After Symantec came FireEye, pre-IPO, where he built out the Global MSSP and System Integrator business. He also spent time on the SonicWall spin-out from Dell into a private-equity-backed independent company - a transaction that, per interviews, he helped push into cash-flow positive territory.
Then he did the thing operators sometimes do after twenty years of watching how the sausage gets made. He decided to make his own. SolCyber emerged from stealth in July 2021, having been quietly incubated inside ForgePoint Capital, and the check size - $20 million - was calibrated as much to buy time as to buy growth.
The public description is a "modern MSSP for the mid-market." The clearer version - assembled from McCrady's interviews on Frontlines.io, Smashing Security, RecordPoint's FILED, and the July 2021 SecurityWeek writeup - runs like this: mid-market companies face threats that look a lot like enterprise threats, but they can't buy their way into an enterprise security posture. Vendors sell them tools they can't fully deploy. Consultants sell them projects they can't finish. Insurers sell them coverage against risks they can't fully quantify.
SolCyber sells an outcome. A curated stack - endpoint EDR, lateral movement detection, email security, active-directory-and-admin exploitation prevention - packaged with human operators. Foundational coverage, in the company's own vocabulary. Then a menu of add-ons that customers can layer as they mature: vulnerability management, mobile endpoint security, security awareness training, DNS filtering, incident response retainers, XDR++ (the "++" being one of those startup naming conventions that McCrady has thankfully declined to over-explain).
The strategic bet is that the mid-market will pay a predictable monthly fee for a package that resembles what a Fortune 500 CISO's org chart looks like from the outside, without having to actually build one. Whether that bet is right is the kind of question a Series A is designed to answer with a Series B.
A modern managed security service. Foundational coverage plus tunable add-ons.
Mid-market companies. Startups. SMEs. Anyone below the Global 2000 line.
Because enterprise-grade security has never been priced or packaged for them.
SolCyber is basically taking 20 years of MSSP lessons learned on what worked servicing the Global 1000 and applying those value-added benefits to sort of a modern take on MSSP. — Scott McCrady, on the FILED podcast
He is not a career salesperson. He is an engineer who has run sales orgs, which is a different animal. In interviews he tends to talk about routes to market the way someone else might talk about supply chain logistics - as a set of levers, tuned to a specific customer segment, that either work or don't. When he says "cut through the noise," he's not describing a marketing tactic. He's describing what happens when every vendor in a category claims to do the same thing and only some of them actually do.
He also has the specific mannerism of long-tenure operators who have watched companies go public, go private, get spun out, and get bought again: he is careful about the words "modern" and "next-generation." He uses them because the market uses them, and he seems slightly amused about it. In a Frontlines interview he framed SolCyber's edge as "delivering results and building your reputation," which is the least venture-y thing an early-stage founder can say.
The public Twitter account under his company handle is @SolCyberMSS. It is not a personality feed. That, too, tells you something.
McCrady told SecurityWeek at the Series A that SolCyber's plan was global: start in the U.S., expand to Europe, work outward from there. That is a fairly conventional venture-scale story, and it is worth noting only because McCrady has already done that story once - for a much larger company, on a much larger stage, at Symantec. He has watched a global MSSP get built and is now attempting to build a smaller, better-behaved one on top of the same intuitions.
The specific aspiration he keeps returning to in interviews is not scale but delivery. He wants SolCyber to be the MSSP that mid-market customers describe with the phrase "they actually did the work." That is not the kind of aspiration that fits well onto a pitch deck. It is the kind that shows up in retention numbers.