Founder Spotlight: David Read, Ossprey — Cyber Runway

Founder Spotlight: David Read, Ossprey — Cyber Runway

One of the best things about Cyber Runway has been hearing the stories behind the startups — not just what they do, but why they exist. Some founders see a market gap and jump in, while others are driven by frustration, a problem no one else is fixing, or a moment that forces them to act.

For David Read, that moment was UA-Parser-JS, an open-source package used in thousands of projects that was hijacked by an attacker. A malicious version was published, downloaded over 100,000 times, and embedded in everything from small scripts to large-scale enterprise applications before it was caught.

At the time, David was deep in cybersecurity, trying to solve exactly this type of problem, but there was no good answer. Open-source software was critical to modern development, yet there was no effective way to check if the code you were pulling in was malicious. Companies either trusted it blindly or had no idea they were at risk in the first place.

Frustrated by the lack of solutions, he realized that the only way to fix it was to build something himself. That’s how Ossprey was born.

The Hidden Risk in Open Source

Developers today rely on open-source software — it’s the backbone of modern applications. Python, JavaScript, Go, Rust — no matter what you’re building, chances are you’re using open-source libraries. But while these libraries are free, they come with a hidden cost: trust.

Every time an engineer installs a package, they’re implicitly trusting that it’s safe. But how often do they actually check what’s inside?

“Most security tools today can’t tell you if a package is malicious or not,” David explained. “You either accept the risk or don’t even realize you’re at risk.”

That’s exactly the problem Ossprey is solving.

Ossprey is designed to analyze open-source code in real-time at scale, detecting malware hidden inside software dependencies before it ever makes it into production.

The goal? To enable developers and businesses to use open source with confidence — without worrying about hidden threats.

From Government Security to Startup Founder

David’s journey into cybersecurity wasn’t accidental.

“I’ve been obsessed with cybersecurity since I was 16,” he told me. Originally, he went to university thinking he’d build video games, but by the end of his first year, cybersecurity had completely taken over his focus.

From there, he built a career that spanned government security, private sector security engineering, and deep technical problem-solving. He spent three years in the U.S., considering whether to make the leap into the San Francisco startup world before ultimately deciding to bring his experience back to the UK.

But Ossprey wasn’t born overnight.

“I always knew I wanted to start a company, but I wasn’t sure when or how,” David said. “I spent time building my network, getting real-world experience, and waiting for the right moment.”

“After nearly five years in security within finance, I realized that while I had a stable job and a clear career path ahead, the timing was right to take the leap into a startup. I had built up savings, accumulated a backlog of ideas, and found a co-founder I wanted to work with. I was already considering a job change, and at that point, it made more sense to bet on myself and build something from the ground up rather than move into another role.”

That was the push he needed to go all in on Ossprey.

Security That Enables, Not Blocks

One of the most interesting things about Ossprey is its philosophy on security. Many security tools act as roadblocks, slowing down development or forcing engineers to jump through hoops.

David wants Ossprey to be an enabler, not an obstacle.

“We don’t want to build security that just puts up walls and slows down engineers,” he explained. “Security should work in the background, allowing teams to move fast without having to constantly worry.”

Instead of forcing companies to lock down open-source use, Ossprey is designed to make open source safer by default — detecting risks before they become breaches.

The approach is different from some competitors who try to build firewalls around open-source usage, restricting what developers can and can’t install.

“We don’t want to make security another friction point,” David said. “We want engineers to use open source freely — without having to worry about security risks.”

Building in Cybersecurity — The Reality of Startup Life

Starting any company is hard. Starting a cybersecurity company? Even harder.

David and his co-founder, Nate, have had to navigate the risks and realities of building a security startup in the UK.

One of the biggest lessons? The sheer amount of uncertainty.

“For the first few months, it felt like every week there was a new existential threat that could derail the business,” he said. “You just have to be resilient and accept that things will go wrong, but you keep pushing forward.”

Ossprey is currently bootstrapped, relying on a lean, frugal approach to growth. Instead of rushing to raise money early, they’ve focused on building a strong foundation, refining the technology, and ensuring there’s clear product-market fit before taking outside investment.

David’s approach to funding is different from many UK founders, leaning more toward the fast, customer-driven iteration mindset often seen in the U.S.

“You can’t just build a product, wait, and hope customers come,” he said. “You have to get in front of people early, test aggressively, and refine as you go.”

Cyber Runway’s Role in the Journey

For Ossprey, Cyber Runway was a key part of getting the company off the ground.

“If it wasn’t for Cyber Runway, we probably wouldn’t be here right now,” David admitted.

After meeting Mary from Cyber Runway at InfoSec Europe, he and Nate were invited to join Cyber Runway Launch, a three-day intensive startup program. I’d like to give a personal shoutout to Mary as well who helped keep the whole cohort on track.

They entered with two ideas and left with one clear winner — Ossprey.

From there, they joined Cyber Runway Grow, where they connected with other founders, refined their business model, and built relationships with investors and industry leaders.

“The biggest value of the program was the network and advice from other startups,” David said. “Talking to founders who had already navigated similar challenges gave us a huge advantage.”

His efforts didn’t go unnoticed — David won the ‘Most Supportive Founder’ award at Cyber Runway for his willingness to help others in the program.

Would he recommend Cyber Runway to other founders?

“Absolutely,” he said. “If you’re an early-stage founder, especially if you don’t come from a business background, these programs help massively.”

What’s Next for Ossprey?

The next phase for Ossprey is bringing its technology to market.

• They have a working product that can detect malware in open-source code.

• They’re launching a closed beta to onboard early customers and fine-tune the system.

• They’re expanding their detection capabilities, ensuring Ossprey can identify even AI-generated malware.

Their milestone for the year? Secure 10 high-quality enterprise design partners.

“It’s all about getting real-world validation now,” David said. “We know the problem is huge — now we need to prove we’re the best at solving it.”

Open-source software has transformed how the world builds technology, but it’s also introduced new risks that companies struggle to manage.

Ossprey isn’t just about detecting malicious code — it’s about making open-source security seamless, scalable, and automatic.

With a clear vision, a lean but capable team, and strong market validation, David and Ossprey are on the path to becoming a key player in the security ecosystem.

📍 Follow Ossprey’s journey: Website