Press Kit

Brand assets, company information, and media resources for journalists, bloggers, and partners.

Quick Navigation

About HailBytes

Company Overview

HailBytes provides enterprise-grade cybersecurity tools deployed on customer-controlled cloud infrastructure. Our products (HailBytes SAT and HailBytes ASM) democratize security testing capabilities previously available only to Fortune 500 companies, making professional phishing simulation and reconnaissance automation accessible at 90% lower cost.

Quick Facts

  • Legal name: HailBytes, LLC (Delaware-registered limited liability company)
  • Brand style: "HailBytes" (one word, capital H, capital B)
  • Headquarters: Denver, Colorado, USA (remote-first team)
  • Founded: 2024
  • Founders: David McHale (Founder), John Shedd (Co-Founder)
  • Employees: 5-50
  • Customers: 3,000+ active deployments worldwide
  • Funding: Bootstrapped, profitable
  • Products: HailBytes SAT (security awareness training), HailBytes ASM (attack surface management)
  • License: Elastic License 2.0 (ELv2), source-available, self-hostable
  • Distribution: AWS Marketplace, Azure Marketplace

Mission Statement

"We democratize enterprise-grade security tools by making them accessible, affordable, and cloud-native. Every organization (regardless of size or budget) deserves professional security testing capabilities."

Boilerplate (Short)

HailBytes provides cloud-deployed security testing tools for modern security teams. Headquartered in Denver, Colorado and trusted on 3,000+ deployments worldwide, HailBytes makes enterprise-grade phishing simulation and reconnaissance automation accessible to organizations of all sizes, entirely inside the customer's own AWS or Azure account.

Boilerplate (Long)

HailBytes, LLC is a Delaware-registered cloud security company headquartered in Denver, Colorado, specializing in self-hosted security testing tools. Founded by security professionals frustrated with expensive commercial solutions, HailBytes bridges the gap between enterprise features and accessible pricing. Flagship products HailBytes SAT (phishing simulation and security awareness training) and HailBytes ASM (continuous reconnaissance and attack surface management) are distributed under the Elastic License 2.0 and deploy on customer-controlled AWS and Azure infrastructure, ensuring data sovereignty and supporting SOC 2, ISO 27001, and PCI DSS compliance workflows. HailBytes serves security teams ranging from independent researchers to Fortune 500 enterprises, all benefiting from hourly cloud-marketplace pricing instead of per-seat or per-asset license fees.

Brand Assets

HailBytes Logo

Our primary logo in various formats for digital and print use. Available in full color, white, and black variations.

Light (on dark)

HailBytes logo light variant

Dark (on light)

HailBytes logo dark variant
Download Logo Pack (ZIP) →

Brand Colors

Official HailBytes color palette for digital and print materials.

Electric Blue (Primary)

#00d4ff

Neon Green (Secondary)

#00ff88

Dark Navy (Background)

#0a0e1a

HailBytes ASM Logo

Product logo for HailBytes Attack Surface Management Platform.

Light (on dark)

HailBytes ASM logo light variant

Dark (on light)

HailBytes ASM logo dark variant

HailBytes SAT Logo

Product logo for HailBytes Security Awareness Training Platform.

Light (on dark)

HailBytes SAT logo light variant

Dark (on light)

HailBytes SAT logo dark variant

Brand Guidelines

Please follow these guidelines when using HailBytes brand assets:

  • Do: Use official logos and colors provided in this press kit
  • Do: Maintain adequate clear space around logos
  • Do: Use high-contrast backgrounds for visibility
  • Don't: Modify, distort, or recolor logos
  • Don't: Use outdated or unofficial logos
  • Don't: Place logos on busy or low-contrast backgrounds

Product Information

HailBytes SAT

Tagline: "Phishing simulation and security awareness training inside your own cloud account."

Self-hosted phishing simulation and security awareness training platform with recurring campaigns, interactive landing-page quizzes, auto-generated branded certificates of completion, OIDC SSO, and audit-ready evidence for SOC 2, ISO 27001, and PCI DSS reviews. Deployed entirely inside the customer's own AWS or Azure account on a single hourly subscription, with unlimited campaigns for unlimited users and no per-seat fees.

Key features: Recurring campaigns, interactive quizzes, branded certificates, OIDC SSO (Microsoft Entra ID, Google), MFA/TOTP, structured audit logs, white-label branding, REST API and webhooks for SIEM/SOAR streaming.

Learn More About HailBytes SAT →

HailBytes ASM

Tagline: "Continuous, AI-powered attack surface management inside your own cloud account."

Self-hosted attack surface management platform with continuous subdomain and exposed-service discovery, AI-powered vulnerability triage (OpenAI API or self-hosted Ollama), change detection between scans, and exportable reports for SOC 2, ISO 27001, and PCI DSS workflows. Deployed entirely inside the customer's own AWS or Azure account on hourly pricing, with no per-asset, per-target, or per-seat fees.

Key features: Industry-standard recon stack (subfinder, nuclei, httpx, naabu), AI vulnerability analysis, scheduled continuous monitoring, change detection, automated reporting, Jira/Slack/SIEM integrations.

Learn More About HailBytes ASM →

Product Screenshots

High-resolution product screenshots for editorial use. All images available in 4K resolution.

Download Screenshot Pack (ZIP) → Request Live Demo →

Leadership & Spokespeople

David McHale, Founder

David founded HailBytes after a decade of penetration-testing and red-team engagements convinced him that the commercial security-tool market was structurally overpriced for small and mid-market security teams. He leads product strategy and serves as primary spokesperson and named media contact on both flagship products (HailBytes ASM and HailBytes SAT), and on the economics of self-hosted security tooling.

Available for commentary on:
• Attack surface management, continuous reconnaissance, and pen-test workflow continuity
• Phishing simulation, security awareness training, and audit-evidence collection
• AI-assisted vulnerability triage and the realistic limits of LLMs in security
• Why mid-market security teams are leaving SaaS vendors for self-hosted tools
• Cloud-marketplace economics for cybersecurity buyers
• SOC 2, ISO 27001, and PCI DSS evidence collection

John Shedd, Co-Founder

John leads go-to-market and customer engineering at HailBytes, working closely with mid-market and MSSP customers on deployment, integration, and program design. Press inquiries should be routed to David McHale at david@hailbytes.com; interviews with John on go-to-market and customer-engineering topics can be arranged through the same address.

Available (on request) for commentary on:
• MSSP deployment patterns and white-label resale
• Customer-engineering experience with HailBytes SAT and ASM
• Marketplace procurement and onboarding for AWS / Azure cybersecurity buyers

Booking Interviews & Quotes

For executive interviews, on-the-record quotes, embargoed briefings, or speaking opportunities, contact our media team. We can typically confirm a 30-minute briefing within 24 hours and provide written-quote responses for tight deadlines on the same day.

Media contact: David McHale, Founder
Email: david@hailbytes.com
Response time: Within 24 hours (faster for breaking news)
Review access: 30-day product trials available to qualified media on request

Recent News & Coverage

Press Release

HailBytes Launches AI-Powered Attack Surface Management Platform on AWS and Azure to Help Security Teams Find Exposed Assets Before Attackers Do

May 5, 2026 • Denver, Colo.

HailBytes ASM, a self-hosted continuous reconnaissance and vulnerability assessment platform with AI-powered analysis, is now available on the AWS Marketplace and Azure Marketplace. Hourly pricing, full data sovereignty, and a 30-day free trial.

Read Full Release →
Press Release

HailBytes Launches Phishing Simulation Platform on AWS and Azure to Help Companies Cut Human Error and Pass SOC 2 Audits

May 5, 2026 • Denver, Colo.

HailBytes SAT, a self-hosted enterprise phishing simulation and training platform with recurring campaigns, interactive quizzes, and auto-generated branded certificates of completion, is now available on the AWS Marketplace and Azure Marketplace with a 30-day free trial.

Read Full Release →
Customer Story

How a Regional Bank Replaced Its Phishing-Simulation SaaS and Cut Annual Spend by Six Figures

Customer story available on request

A US-based regional financial institution replaced a major commercial phishing-simulation SaaS with HailBytes SAT deployed inside its own AWS account, retaining full data sovereignty over employee click data and dramatically reducing annual program cost. Anonymized case study available to qualified press on request.

View Case Studies →

Story Angles for Journalists

Working an industry beat and need a fresh angle? Each of the framings below is supported by HailBytes data, customer references, and a named, on-the-record spokesperson. Email david@hailbytes.com and we will get you what you need to file.

Cybersecurity / Cloud

"The Self-Hosted Counter-Trend"

For a decade, the security-tools narrative has been "everything moves to SaaS." A growing cohort of regulated, mid-market, and government-adjacent buyers is reversing that, choosing self-hosted, marketplace-billed tools so reconnaissance and employee data never leave their cloud account. HailBytes has 3,000+ deployments to support the trend on the record.

AI / Security

"AI-Triaged Vulnerabilities, but Inside the Customer's VPC"

Most AI security tools assume your scan data is safe to ship to a vendor LLM. HailBytes ASM lets customers run vulnerability triage with OpenAI or self-hosted Ollama on their own GPU instance, a concrete angle on the broader story of regulated industries wanting LLM benefits without LLM data exfiltration.

Compliance / Audit

"What Auditors Actually Accept as Phishing-Training Evidence"

Security awareness vendors compete on click-rate dashboards, but SOC 2 / ISO 27001 / PCI DSS reviewers ask for documented per-employee training completion. HailBytes SAT auto-generates branded PDF certificates and structured audit logs precisely because those are what passes the audit. Strong angle for compliance and audit-trade outlets.

Cloud Marketplaces

"Hourly Pricing Is Eating Per-Seat Licensing"

HailBytes prices SAT and ASM at $0.24/vCPU/hour through AWS and Azure Marketplace, with a single subscription covering unlimited users / unlimited assets. That model directly challenges the per-seat (KnowBe4, Proofpoint) and per-asset (Tenable, Qualys) pricing of the incumbents. Useful angle for cloud-economics and procurement coverage.

MSSP / Channel

"How MSSPs Are Reselling Self-Hosted Security as a Recurring Service"

Managed-service partners are productizing HailBytes ASM as a between-pentest deliverable and HailBytes SAT as multi-tenant security awareness for downstream clients. Channel economics, margin structure, and sample multi-client architectures available on request.

Open Source / ELv2

"Source-Available Security: ELv2 in Practice"

HailBytes ships SAT and ASM under the Elastic License 2.0: source available, freely modifiable, freely self-hostable, with the standard ELv2 carve-outs for hosted competitors. A grounded, real-product angle for the broader OSS-licensing debate.

Style Guide for Editors

Naming & capitalization

  • Brand: HailBytes (one word, capital H, capital B). Not "Hail Bytes", "Hailbytes", or "HAILBYTES".
  • Legal name (use only when required): HailBytes, LLC.
  • Products: HailBytes SAT (security awareness training) and HailBytes ASM (attack surface management). On second reference, "SAT" and "ASM" are acceptable inside the same article.
  • Always pair an acronym with its expansion on first use: "HailBytes SAT (Security Awareness Training)" or "HailBytes ASM (Attack Surface Management)".
  • Founders: David McHale (Founder), John Shedd (Co-Founder).
  • Headquarters: Denver, Colorado, USA. Use "Denver, Colo." in datelines.

Sourcing and statistics

  • "258 days to identify and contain" / "$4.88M average breach cost" cite the 2024 IBM Cost of a Data Breach Report.
  • "68% of breaches involve a non-malicious human element" cites the 2024 Verizon Data Breach Investigations Report (DBIR).
  • "3,000+ deployments worldwide" and "150+ countries" are HailBytes-internal figures from cloud-marketplace fleet telemetry; please attribute to "HailBytes" rather than to a third party.
  • Pricing is "starting at $0.24 per vCPU per hour" billed via AWS Marketplace or Azure Marketplace, with no per-seat or per-asset fees.

License and positioning

  • HailBytes SAT and HailBytes ASM are source-available under the Elastic License 2.0 (ELv2). Please write "source-available", not "open source", to keep the license characterization accurate.
  • Both products are described as "self-hosted" because they deploy inside the customer's own AWS or Azure account; "SaaS" is incorrect.

Embargo & sourcing protocols

  • HailBytes will honor agreed-upon embargoes through the named media contact, David McHale (david@hailbytes.com). Any quote attributed to a HailBytes spokesperson should be confirmed with that contact before publication.
  • Customer references and anonymized case studies are available on request to qualified media. Please allow 24-48 hours for customer-side approval on identified references.
  • Logos and product screenshots are provided in this kit for editorial use without separate permission, subject to the Brand Guidelines in the Brand Assets section above.

Statistics & Metrics

3,000+
Active Deployments
150+
Countries
90%
Cost Savings vs. Commercial Tools
4.8/5
Average Customer Rating

Additional Metrics

  • Phishing simulations sent: 50+ million emails annually across HailBytes SAT deployments
  • Reconnaissance targets scanned: 1+ million domains across HailBytes ASM deployments
  • Average click-rate reduction: 45% after 6 months of recurring training
  • Reconnaissance time savings: 75% reduction vs. equivalent manual workflows
  • Marketplace deployment time: Approximately 5 minutes from AWS or Azure Marketplace to a running instance
  • Support response time: Under 1 hour for critical issues on priority support
  • Marketplace pricing: $0.24 / vCPU / hour, no per-seat or per-asset fees
  • Free trial: 30 days on both AWS Marketplace and Azure Marketplace

Industry Recognition

Cloud Partnerships

AWS Partner Network

Official AWS Marketplace partner with verified solutions

View AWS Listings →

Microsoft Azure Marketplace

Official Microsoft Azure partner with certified applications

View Azure Listings →

Security Frameworks & Compliance

SOC 2 Aligned

Following SOC 2 Type II framework practices

ISO 27001 Aligned

Information security management practices

GDPR Compliant

Data sovereignty and privacy controls

Footprint & License

3,000+ Deployments

Trusted by security teams in 150+ countries

4.8/5 Customer Rating

Average satisfaction across all products

Source-Available Under ELv2

HailBytes SAT and ASM ship under the Elastic License 2.0 so customers can inspect, modify, and self-host

Reporter FAQ

Where is HailBytes headquartered?

HailBytes, LLC is headquartered in Denver, Colorado, USA, and operates as a remote-first team. The company began operations in 2018; HailBytes, LLC was organized in 2025 as a Delaware-registered limited liability company continuing those operations.

Who are the HailBytes founders and spokespeople?

David McHale is Founder of HailBytes and the primary spokesperson and named media contact on both flagship products: HailBytes ASM (attack surface management, reconnaissance automation) and HailBytes SAT (phishing simulation, security awareness training, audit-evidence collection). Reach David at david@hailbytes.com. John Shedd is Co-Founder and leads go-to-market and customer engineering; interviews with John can be arranged through the same media contact.

What products does HailBytes make?

Two flagship products: HailBytes SAT, a self-hosted security awareness training and phishing simulation platform, and HailBytes ASM, a self-hosted attack surface management and continuous reconnaissance platform. Both deploy inside the customer's own AWS or Azure account on hourly cloud-marketplace pricing (see the competitive comparison for context against KnowBe4, Proofpoint, Tenable, and Qualys).

How should journalists style the company name?

The brand is HailBytes (one word, capital H, capital B). The legal name is HailBytes, LLC. Product names are HailBytes SAT and HailBytes ASM. See the full Style Guide for Editors above for sourcing notes and license characterization.

How can media request review access or interviews?

Email David McHale at david@hailbytes.com for press inquiries, embargoed briefings, executive interviews, or product review access. We typically confirm a 30-minute briefing within 24 hours and respond same-day on breaking-news deadlines. Qualified media may also request a complimentary 30-day product trial.

Does HailBytes have analyst or research relationships?

Yes. HailBytes works with industry analysts and security researchers covering attack surface management, security awareness training, and the cloud-marketplace cybersecurity category. To request a briefing, vendor profile, or research-program access, email david@hailbytes.com and mention "analyst briefing" in the subject line.

Media Inquiries

For interviews, embargoed briefings, product review access, or additional information, our media team typically responds within 24 hours and same-day on breaking-news deadlines.

Press contact: David McHale, Founder, HailBytes
Email: david@hailbytes.com
Press kit: hailbytes.com/press
Legal entity: HailBytes, LLC, Denver, Colorado, USA
Latest releases: HailBytes ASM · HailBytes SAT
Follow: @HailBytes on X · GitHub · Discord
RSS: hailbytes.com/index.xml (blog and announcement feed)

Email David (Media Contact) → General Contact →