POPULARITY
In this week's episode of The Future of Security Operations podcast, Thomas is joined by Matt Muller, Field CISO at Tines. With over a decade of experience at companies like Material Security, Coinbase, and Inflection, Matt's got a strong track record of scaling SecOps teams, building threat detection and mitigation programs, and driving trust and safety initiatives. His knowledge impressed Thomas and the Tines team so much that they invited him to become the company's first Field CISO. In this episode: [02:41] The origins of Matt's insatiable appetite for all things security [04:05] Matt's path from business degree to Director of Trust at Inflection [07:07] Scaling Coinbase's security team from 3 to 50 [08:41] Addressing security's long-standing communication problem [10:55] Why “failure wasn't an option” when managing risk at Coinbase [14:14] What led Matt to a product role on Material Security's phishing protection team [17:31] Building what customers ask for vs. actually solving their problems [21:14] How Matt stays up to date with industry developments [22:35] Matt's favorite use cases for security automation [25:25] Matt's go-to automation best practices [27:33] Cutting through AI hype to drive meaningful adoption [30:32] How Matt keeps himself honest as a Field CISO [32:21] Why the traditional SOC is broken - and what needs to change [35:30] The role of diverse hiring in building a resilient security strategy [39:00] What security teams will look like in 2030 [41:35] How CISOs are evolving to become chief risk advisors to the business [43:30] Connect with Matt Where to find Matt: LinkedIn Building SecOps newsletter Where to find Thomas Kinsella: LinkedIn Tines Resources mentioned: Blue Team Con Material Security's Ryan Noon on the Future of Security Operations podcast
➡ Secure what your business is made of with Martial Security: https://material.security/ In this episode, I speak with Patrick Duffy from Material Security about modern approaches to email and cloud workspace security—especially how to prevent and contain attacks across platforms like Google Workspace and Microsoft 365. We talk about: • Proactive Security for Email and Cloud PlatformsHow Material goes beyond traditional detection by locking down high-risk documents and inboxes preemptively—using signals like time, access patterns, content sensitivity, and anomalous user behavior. • Real-World Threats and Lateral MovementWhat the team is seeing in the wild—from phishing and brute-force attacks to internal data oversharing—and how attackers are increasingly moving laterally through cloud ecosystems using a single set of compromised credentials. • Customizable, Context-Aware Response WorkflowsHow Material helps teams right-size their responses based on risk appetite, enabling fine-grained actions like MFA prompts, access revocation, or full session shutdowns—triggered by dynamic, multi-signal rule sets. Subscribe to the newsletter at:https://danielmiessler.com/subscribe Join the UL community at:https://danielmiessler.com/upgrade Follow on X:https://x.com/danielmiessler Follow on LinkedIn:https://www.linkedin.com/in/danielmiessler Chapters: 00:00 - Welcome & High-Level Overview of Material Security02:04 - Common Threats: Phishing and Lateral Movement in Cloud Office05:30 - Access Control in Collaborative Workspaces (2FA, Just-in-Time, Aging Content)08:43 - Connecting Signals: From Login to Exfiltration via Rule Automation12:25 - Real-World Scenario: Suspicious Login and Automated Response15:08 - Rules, Templates, and Customer Customization at Onboarding18:46 - Accidental Risk: Sensitive Document Sharing and Exposure21:04 - Security Misconfigurations and Internal Abuse Cases23:43 - Full Control Points: IP, Behavior, Classification, Sharing Patterns27:50 - Integrations, Notifications, and Real-Time Security Team Coordination31:13 - Lateral Movement: How Attacks Spread Across the Workspace34:25 - Use Cases Involving Google Gemini and AI Exposure Risks36:36 - Upcoming Features: Deeper Remediation and Contextual Integration39:30 - Closing Thoughts and Where to Learn MoreBecome a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
Grifter is a longtime hacker, DEF CON organizer, and respected voice in the infosec community. From his early days exploring networks to helping shape one of the largest hacker conferences in the world, Grifter has built a reputation for blending deep technical insight with a sharp sense of humor.Learn more about Grifter by visiting grifter.org.SponsorsSupport for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com.Support for this show comes from ZipRecruiter. ZipRecruiter has solved the hiring problem. Employers prefer it the most for so many reasons. Let's start by telling you about their matching technology. They work hard to find the best candidates for your needs, and will instantly show you results once you post a job listing. ZipRecruiter will speed up your hiring process. See it for yourself at www.ziprecruiter.com/DARKNET.This show is sponsored by Material Security. Your cloud office (think Google Workspace or Microsoft 365) is the core of your business, but it's often protected by scattered tools and manual fixes. Material is a purpose-built detection and response platform that closes the gaps those point solutions leave behind. From email threats to misconfigurations and account takeovers, Material monitors everything and steps in with real-time fixes to keep your data flowing where it should. Learn more at https://material.security.
Find out about the critical role that the circular economy can play in the shift to renewable energy, pairing the EU's decarbonisation agenda with economic competitiveness and material security.In this episode, host Seb hears from Ke Wang from the World Resources Institute (WRI) about:Why the circular economy is important in the energy transitionHow this is fundamentally driven by economics and competitivenessExamples of what it looks like in practiceIf you enjoyed this episode, please leave us a review or a comment on Spotify or YouTube. Your support helps us to spread the word about the circular economy.Learn more:Read Ke's paper More Than Ore: The Pivotal Role Recycled Copper Can Play in the Energy TransitionWant to find out how this topic applies in regions outside of Europe? Read the Ellen MacArthur Foundation's recent publication on the circular economy as a triple play opportunity for China.
In this episode, we sit down with Rajan Kapoor, Field CISO of Material Security, to discuss the security risks and shortcomings of native cloud workspace security offerings and the role of modern platforms for email security, data governance, and posture management.Email and Cloud Collaboration Workspace Security continues to be one of the most pervasive and challenging security environments, and Rajan provided a TON of excellent insights. We covered:Why email and cloud workspaces are some of the most highly targeted environments by cyber criminals, what they can do once they do compromise the email environment, and the broad implications.The lack of security features and capabilities of native cloud workspaces such as M365 and Google Workspaces and the technical and resource constraints that drive teams to seek out innovative products such as Material Security.The tug of war between security and productivity and how Material Security helps address challenges of the native workspaces that often make it hard for people to do their work and lead to security being sidestepped.Particularly industries that are targeted and impacted the most, such as healthcare, where there is highly sensitive data, regulatory challenges, and more.Common patterns among threats, attacks, and vulnerabilities and how organizations can work to bolster the security of their cloud workspace environments.This is a fascinating area of security. We often hear “identity is the new perimeter” and see identity play a key role in trends such as zero trust. But, so often, that identity starts with your email, and it can lead to lateral movement, capturing MFA codes, accessing sensitive data, impacting business partners, phishing others in the organization, and more, all of which can have massive consequences for the organizations impacted.Raja brought his expertise as a Field CISO and longtime security practitioner to drop a ton of gems in this one, so be sure to check it out!
On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: CSRB to investigate China's telco-wiretapping hacks Euro law enforcement takes down the Redline infostealer Someone steals Fed crypto… and then tries to quietly sneak it back in Russia sentences REvil guys to … jail? Really? Apple private cloud compute gets a proper bug bounty program And much, much more. This week's episode is sponsored by Material Security, who help navigate the mess of cloud productivity data security. Daniel Ayala - Chief Security and Trust Officer at Dotmatics - is a Material customer, and joins Pat and Material Security's Rajan Kapoor to talk about how to wrangle securing data that ends up in corporate cloud email and file stores. This episode is also available on Youtube. Show notes Apple 10 day certificates Chinese hackers said to have collected audio of American calls U.S. Panel to Probe Cyber Failures in Massive Chinese Hack of Telecoms How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware Operation Magnus Hacker Returns $19.3 Million to Drained US Government Crypto Wallet Meet ZachXBT, the Masked Vigilante Tracking Down Billions in Crypto Scams and Thefts | WIRED Radar systems in Iran breached prior to Israel's Saturday counter-strike - report Delta sues CrowdStrike after widespread IT outage that caused thousands of cancellations Tens of thousands of taxpayer accounts hacked as CRA repeatedly paid out millions in bogus refunds Microsoft CEO asked board to cut pay in connection with security overhaul | Cybersecurity Dive Four REvil members sentenced to more than four years in prison Russia says it might build its own Linux community after removal of several kernel maintainers Nigerian court drops charges against detained Binance executive Tigran Gambaryan Apple will pay security researchers up to $1 million to hack its private AI cloud | TechCrunch SonicWall firewalls the common access point in spreading ransomware campaign | Cybersecurity Dive Fortinet zero-day attack spree hits at least 50 customers | Cybersecurity Dive Cisco warns actively exploited CVE can lead to DoS attacks against VPN services | Cybersecurity Dive Chinese influence operation targets US down-ballot races, Microsoft says | Reuters Exclusive: Accused Iranian hackers successfully peddle stolen Trump emails | Reuters Viral video of ripped-up Pennsylvania ballots is fake and Russian-made, intelligence agencies say Product Demo: Securing M365 and Google Workspace with Material Security
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Kush Sharma, Director Municipal Modernization & Partnerships, Municipal Information Systems Association, Ontario (MISA Ontario). In this episode: Your first security hire Moving beyond the basics with critical infrastructure Untangling the Gordian Knot of municipal cybersecurity Starting from square one Thanks to our podcast sponsor, Material Security! Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.
There's a whole new dating scam that could mean you end up out of pocket (or beaten up) after a first date with a glamorous admirer, and a woman in Los Alamos uses an Air Tag to entrap a thief.Plus - don't miss our featured interview with Maya Levine of Sysdig.All this, and a very bad Cockney accent, in the latest edition of the "Smashing Security" podcast by industry veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Mail Theft Suspect Apprehended Using AirTag - Santa Barbara County Sheriff's Office.Google and Apple deliver support for unwanted tracking alerts in Android and iOS - Google Security blog.Apple and Google deliver support for unwanted tracking alerts in iOS and Android - Apple.Barclays Scams Bulletin: Men more likely to fall victim to romance scams, while women lose more money - Barclays.3 men trapped by same woman: Journalist on modus operandi of dating app scams - India Today. Mumbai club under fire for 'dating scam' after man gets Rs 61,000 bill - India News.Romance scams in 2024 + online dating statistics - Norton.Tips for romance scams - Better Business Bureau.What to know about romance scams - Consumer Advice.The Godfather club dating app scam in Mumbai - YouTube.What accent does Butcher have in ‘The Boys'? - NME.Shokz bone conduction headphones - Shokz.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management - Secure every sign-in for every app on every device.Sysdig - Secure your cloud in real time. Detect, investigate, and respond to threats at cloud speed.Material Security – email security that covers the full threat landscape –
In this episode of Cloud and Clear, your host John Veltri sits down with Abhishek Agarwal, Co-Founder and CEO of Material Security. They dive into the intricacies of cloud security, focusing on Google Workspace, and discuss how Material Security addresses the evolving threats in this space. From email security to sensitive content management and the implications of generative AI, this conversation covers the strategic partnership and innovation driving the industry forward. Don't miss this insightful conversation on the cutting edge of cloud security and AI, and the strategic partnership driving innovation in the space. Join us for more content by liking, sharing, and subscribing!
In this Risky Business News sponsor interview, Catalin Cimpanu talks with Rajan Kapoor, VP of Customer Experience at Material Security, on how threat actors view email inboxes as the targets of their attacks, and not just an entry point into organizations. Show notes Material Security
All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our sponsored guest, Abhishek Agrawal, CEO and co-founder, Material Security. In this episode: What does defense in depth look like in the cloud? Collaborating on insider risk Email is a vector and a target Understand risk during an IPO Thanks to our podcast sponsor, Material Security! Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.
This episode of 'The Great Security Debate' delves into the complexities surrounding cyber insurance, discussing its impact on minimising business risks and ensuring compliance. Erik, Brian, and Dan talk about how connected systems and automation increase risks and integrates AI reliance concerns. Insurance policies, force majeure, and government regulations get some quality discussion and debate time, revealing fears and misconceptions about standardised security controls vs. adaptive security practices. And last up: the practicality and pitfalls of self-insurance, government intervention, and the need for standardised security terminology.Show Links:CISA Secure by Design Pledge | CISACISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) | CISAThe 118th Congress is the third oldest since 1789Book - The End of the World Is Just the BeginningSupreme Court's ‘Chevron' ruling means changes for writing laws - Roll CallInsurers Warn Standardizing Cyber Policies Could Limit Future CoverageCyberattacks Disrupt Car Sales by Dealers in U.S. and CanadaHelp support the podcast: https://ko-fi.com/distillingsecurityThanks for listening! We have got some exciting changes ahead including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening!Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.Thanks for listening!00:00 Introduction to the Great Security Debate00:30 The Role of Cyber Insurance01:49 Manual Processes and Business Continuity03:09 Manufacturing and Supply Chain Challenges06:11 Insurance Policies and Cybersecurity08:00 Standardization and Government Involvement19:14 The Complexity of Cyber Warfare22:35 Globalization and Cybersecurity30:33 Leadership vs. Boss Mentality33:53 The Role of Communication in Crisis36:51 The Cost of Compliance40:30 Global Cybersecurity Challenges44:22 The Complexity of Online Trust47:56 Insurance and Cybersecurity53:07 The Future of Cyber Insurance01:00:15 Conclusion and Final ThoughtsMentioned in this episode:Michigan BBQ Meet-Up July 18, 2024 on Cass LakeJoin Distilling Security on July 18th in Cass Lake, Michigan for a BBQ, food, colleagues, and fun. Thanks to event sponsors: Material Security, Orca Security, Legit Security, and Cyberhaven! Full details and registration forms are on the Distilling Security website...
This is a sponsored Soap Box edition of the Risky Business podcast. Abhishek Agrawal is the CEO and co-founder of Material Security, an email security company that locks down cloud email archives. Attackers have been raiding mailspools since hacking has existed, and with those mailspools now in the cloud with services like o365 and Google Workspace, guess where the attackers are going? Material built a product that helps you lock up your email data, to archive and redact sensitive information. The idea is to really just limit what an attacker can do with email data if they pop an account. Abhishek joined me to talk about a few things, like how non phishing resistant MFA is basically dead, how email content is very useful to security programs, and about how the gen AI won't really change much on the defensive control side.
There's a wee data breach with unhealthy implications in Scotland, privacy has gone off the rails in the UK, and a cheater blames Apple for his expensive divorce.All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter of the "Compromising Positions" podcast.Plus don't miss our featured interview with Abhishek Agrawal, CEO of Material Security.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Cyber attacks update - NHS Dumfries & Galloway.J Paul Getty - Wikipedia.Cyber expert urges against 'panic' over NHS data leak - BBC News.“Don't panic” - Corporal Jones from Dad's Army - YouTube.All households in Scottish region to get alert about hackers publishing stolen medical data - The Record.Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers - Wired.Man ludicrously blames Apple for his wife catching him communicating with prostitutes - Apple Insider.Businessman sues Apple after wife finds ‘deleted' iPhone messages to prostitute - LBC.‘Tech made me do it' is no excuse for adultery - The Times.Is it DNS?“My name is Barbra” - Amazon.”I'm Glad My Mom Died” by Jennette McCurdy - Simon & Schuster.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!Material Security – email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.SUPPORT...
In this conversation, I speak with Abhishek Agrawal, co-founder and CEO of Material Security. We talk about: - Material's Security innovative approach to email security by not just preventing unauthorized access but also containing damage from potential breaches. -Abhishek's background in data infrastructure at Dropbox and how product mangers can become successful CEOs due to their cross-functional expertise. - The need for customized security measures for different organizations, the role of AI in detecting email threats, the importance of single-tenant environments for sensitive customers and the potential risk of default settings in productivity suites like Google Workspace. Among other topics. Abhishek's Background and Material Security (00:00:00)Email Security and Productivity Suite (00:01:01)Geographical Connection and Coffee Meetup (00:02:06)Product Managers as CEOs and Co-founders (00:02:59)Empowering Product Managers (00:05:01)Product Management and Marketing Importance (00:08:04)Email as a Content Repository (00:09:39)Securing Email Content (00:11:03)Data Protection for Email (00:12:10)Redacting and Canaries (00:12:57)Email Security vs. Data Security (00:14:53)Abuse Cases and Control Layers (00:17:32)Mailbox Compromise and Lateral Movement (00:17:39)Threat Scenario Analysis (00:20:15)Language Models for Detection (00:22:19)Optimism in AI Tools for Defense (00:24:34)Customized Detection Categories (00:25:52)Security Controls Trend (00:26:20)Security Concerns for Law Firms (00:27:07)Email Copy Distribution (00:27:24)API-Based Integration (00:29:08)Monitoring LM Functionality (00:30:42)Threat Intelligence and Detection (00:32:54)Product Design Philosophy (00:35:56)Data Protection (00:38:01)Flexibility in Deployment (00:39:26)Main Products (00:40:33)Posture Management (00:44:01)Broadening Product Coverage (00:48:49)Google Workspace Threat Detection (00:50:05)Challenges with CSP (00:51:13)Contextual Intelligence (00:52:02)Balancing Depth and Breadth (00:53:15)Learning about Material (00:53:40)Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
Lets talk about the Evolution of Email Security. We have been speaking about Email Security for years but why has it not been solved? We spoke to Abhishek Agrawal, Co-founder of Material Security about the fact that despite of decades of advancements, email security remains a critical concern, with sophisticated attacks continually bypassing traditional controls. We explored the fascinating landscape of productivity suites like Microsoft 365 and Google Workspace, underscoring their importance beyond just communication tools. What are the critical aspects of threat management, posture management, and the necessity of a focused approach towards securing this often-overlooked segment of our digital infrastructure management. Guest Socials: Abhishek's Linkedin Abhishek's Twitter Podcast Twitter - @CloudSecPod If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels: - Cloud Security Podcast- Youtube - Cloud Security Newsletter - Cloud Security BootCamp Questions (00:00) Introduction (03:57) A bit about Abhishek (04:49) What is a Productivity Suite? (05:48) Why Email Security is still a focus in 2024? (11:43) Where to start with Productivity Suite Security? (15:03) The role of Cloud Native Tools in Productivity Suite Security (19:38) Where can security leaders start with Productivity Suite Security (24:39) Where can people learn more about Productivity Suite Security (26:44) Fun Questions
On this week's show Patrick and Adam discuss the week's security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia's powershell, solving living off the land, And much, much more This week's show is brought to you by Material Security. In this week's sponsor interview we speak with Material's Rajan Kapoor, VP of Customer Experience at Material. We're also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic's CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit's takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk's SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post
On this week's show Patrick and Adam discuss the week's security news, including: Turns out AI is still bad code review after all, Mintlify loses a bunch of Github tokens, Everything old is new again with the UDP loop DoS, Know-your-(recon satellite)-customer is hard, Microsoft takes away Russia's powershell, solving living off the land, And much, much more This week's show is brought to you by Material Security. In this week's sponsor interview we speak with Material's Rajan Kapoor, VP of Customer Experience at Material. We're also joined by Chaim Sanders, who heads Security and Privacy at Lyft. Show notes Anthropic's CISO drinks the AI kool aid - backpedals frantically on security analysis claim Incident report on March 13, 2024 - Mintlify Loop DoS: New Denial-of-Service attack targets application-layer protocols State of IP Spoofing Pharmaceutical development company investigating cyberattack after LockBit posting Exclusive: After LockBit's takedown, its purported leader vows to hack on Russian-Canadian hacker sentenced for global ransomware scheme to be extradited | CTV News A Suspicious Pattern Alarming the Ukrainian Military - The Atlantic Exclusive: Musk's SpaceX is building spy satellite network for US intelligence agency, sources say | Reuters Elon Musk's SpaceX Forges Closer Ties With U.S. Spy and Military Agencies - WSJ Russians will no longer be able to access Microsoft cloud services, business intelligence tools Rostelecom blocks the SIP protocol for clients of Russian hosters / Sudo Null IT News Researchers spot updated version of malware that hit Viasat | CyberScoop Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US) PRC State-Sponsored Cyber Activity: Actions for Critical Infrastructure Leaders | CISA US is still chasing down pieces of Chinese hacking operation, NSA official says 875 workers rescued in Tarlac POGO raid | Philippine News Agency Fujitsu says it found malware on its corporate network, warns of possible data breach | Ars Technica Mike Lindell must pay a Nevada man after election data dispute - The Washington Post
Startup Field Guide by Unusual Ventures: The Product Market Fit Podcast
Material Security is an email security company that protects an organization's users and data particularly across Microsoft 365 and Google Workspace. Last valued at $1.1B, Material has over 100 enterprise customers, including Doordash, Lyft, and Fox. In this episode, Sandhya Hegde and Wei Lien Dang chat with Abhishek Agrawal, CEO and co-founder of Material Security. Join us as we discuss: 00:00 Preview: Seeking validation for a B2B product 1:36 Founding Material Security 5:31 Identifying the Gap in Existing Solutions 10:00 Validating the Thesis 12:41 Product Vision and Initial MVP 19:56 Go-to-Market Strategy for the First Million in ARR 25:40 Product Vision and Impact of AI 31:50 Advice for Founders Starting Companies in 2024 Sandhya Hegde is a General Partner at Unusual Ventures, leading investments in modern SaaS companies with a focus on AI. Previously an early executive at Amplitude, Sandhya is a product-led growth (PLG) coach and mentor. She can be reached at sandhya@unusual.vc. Wei Lien Dang is a General Partner at Unusual Ventures and leads investments in infrastructure software, security, and developer tool. Wei was a co-founder of Stackrox, a cloud-native security company prior to its acquisition by Red Hat. He can be reached at wei@unusual.vc Abhishek Agrawal is the co-founder and CEO of Material Security Unusual Ventures is a seed-stage venture capital firm designed from the ground up to give a distinct advantage to founders building the next generation of software companies. Unusual has invested in category-defining companies like Webflow, Arctic Wolf Networks, Carta, Robinhood, and Harness. Learn more about us at https://www.unusual.vc/.
In this Risky Business News sponsor interview Tom Uren talks to Ivan Dwyer of Material Security about how it makes sense to view office productivity suites as an organisation's critical infrastructure.
In this Risky Business News sponsor interview Tom Uren talks to Ivan Dwyer of Material Security about how it makes sense to view office productivity suites as an organisation's critical infrastructure.
In this Soap Box podcast Patrick Gray talks to Material Security's CEO and co-founder Abhishek Agrawal about the security problems inherent to modern productivity suites. Does it make sense that threat actors can authenticate to o365 and Workspace accounts and clean them out entirely? Years of mail, years of files? Material Security has built a product that tackles this issue. It can lock up email archives behind MFA challenges, redact PII from inboxes, better control files share via Google Drive and OneDrive, and just generally limit the damage a threat actor can inflict when they compromise a cloud productivity account. Even if you're not interested in buying a product to tackle this, we think this one is a great listen.
In this Soap Box podcast Patrick Gray talks to Material Security's CEO and co-founder Abhishek Agrawal about the security problems inherent to modern productivity suites. Does it make sense that threat actors can authenticate to o365 and Workspace accounts and clean them out entirely? Years of mail, years of files? Material Security has built a product that tackles this issue. It can lock up email archives behind MFA challenges, redact PII from inboxes, better control files share via Google Drive and OneDrive, and just generally limit the damage a threat actor can inflict when they compromise a cloud productivity account. Even if you're not interested in buying a product to tackle this, we think this one is a great listen.
No Priors: Artificial Intelligence | Machine Learning | Technology | Startups
Cyber Security is going to change significantly in the era of AI, according to Ryan Noon, cofounder of Material Security, a security company that makes cloud-based Google and Microsoft email a safe place for sensitive data. Elad Gil and Ryan talk about how Material Security started to use LLMs, potential security threats from AI hacks, and the role of the government in securing the Internet. Ryan also shares his advice for founders. Ryan co-founded Material Security in 2017 after seeing high profile email hacks in the 2016 Presidential election. Previously, he led various engineering teams at Dropbox after it acquired his first company, Parastructure. Prior to Parastructure, he led engineering at a data analysis company spun out of Stanford by DARPA. He holds both an MS in Computer Networks and Security and a BS in Computer Science from Stanford. Show Links: Ryan Noon LinkedIn Material Security Website The Market for Silver Bullets by Ian Grigg Sign up for new podcasts every week. Email feedback to show@no-priors.com Follow us on Twitter: @NoPriorsPod | @Saranormous | @EladGil | @InternetMeme Show Notes: (00:00) - How 2016 Election Hacking Inspired Ryan to Start Material Security (05:00) - Generative AI Use Cases in Cyber Security & Fine Tuning (11:36) - Predictions on Effective Threat Levels from AI Hacks (14:45) - Democracy, the Department of Defence, DARPA and Cyber Security (20:14) - Is there room for startups in the Cyber Security industry? (26:40) - New Challenges On Horizon After 7 Years as Cofounder (32:30) - Advice to Founders
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Albanian authorities raid MEK over Iran hacks Microsoft admits “Anonymous Sudan” took down its services US Government puts $10m bounty on CL0P A deeper look at the Barracuda hack campaign Much, much more This week's show is brought to you by Material Security. We'll be hearing from one of Material's friends – Courtney Healey, senior manager of insider threat at Coinbase – in this week's sponsor interview. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Police raid Iranian opposition camp in Albania, seize computers | AP News Risky Biz News: Microsoft embarrassingly admits it got DDoSed into the ground by Anonymous Sudan Anonymous Sudan and Killnet strike again, target EIB Pro-Russian hackers remain active amid Ukraine counteroffensive | CyberScoop Hackers infect Russian-speaking gamers with fake WannaCry ransomware US puts $10M bounty on Clop as federal agencies confirm data compromises | Cybersecurity Dive (1) Catherine Herridge on Twitter: "Tonight, sources tell @cbsnews senior government officials are racing to limit impact - of what one cyber expert calls - potentially the largest theft + extortion event in recent history. USG official says no evidence to date US MIL or INTEL compromised. https://t.co/R4f6naFqFx" / Twitter U.S. government says several agencies hacked as part of broader cyberattack Clop names a dozen MOVEit victims, but holds back details | Cybersecurity Dive Another MOVEit vulnerability found, as state and federal agencies reveal breaches | Cybersecurity Dive Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant New DOJ unit will focus on prosecuting nation-state cybercrime EU states told to restrict Huawei and ZTE from 5G networks ‘without delay' The US Navy, NATO, and NASA Are Using a Shady Chinese Company's Encryption Chips | WIRED Widow of slain Saudi journalist Jamal Khashoggi files suit against Pegasus spyware maker Jamal Khashoggi's wife to sue NSO Group over Pegasus spyware | Jamal Khashoggi | The Guardian Bipartisan bill would protect Americans' data from export abroad District of Nebraska | Massachusetts Man Sentenced for Computer Intrusion | United States Department of Justice I Was Sentenced to 18 Months in Prison for Hacking Back - My Story | HackerNoon CID-FLYER-TEMPLATE New FCC privacy task force takes aim at data breaches, SIM-swaps | CyberScoop Bloodied Macbooks and Stacks of Cash: Inside the Increasingly Violent Discord Servers Where Kids Flaunt Their Crimes Russian National Arrested and Charged with Conspiring to Commit LockBit Ransomware Attacks Against U.S. and Foreign Businesses | OPA | Department of Justice BrianKrebs: "Haha love it when a data ranso…" - Infosec Exchange
Jupiter moved into Taurus on May 16th and will remain there until May 2024. Let's explore some of the defining aspects to outer planets and some horoscopes for the sign. --- Send in a voice message: https://podcasters.spotify.com/pod/show/youwomanyou/message
In this episode of Future of Security Operations, Thomas speaks with Ryan Noon, Founder and CEO of Material Security, a company that protects the email of high-risk VIPs and top global organizations. A serial entrepreneur and an expert on cloud security, Ryan previously ran infrastructure teams at Dropbox after it acquired his last company, Parastructure. Before that, he helped build a company spun out of Stanford by the Department of Defense. A graduate of Stanford, Ryan holds degrees in Computer Science and Computer Security. Topics include: Ryan's first startup experience and the decision to launch his first company, Parastructure Getting acquired by Dropbox and what he enjoyed most about working there Ryan's journey from a hobbyist to a thought leader and founder in cybersecurity, taking a critical eye towards every system, and why Ryan sees himself as “a builder, a creator, and an optimist than a true security engineer” How the Russian government's interference in the 2016 U.S. presidential election impacted his perspective on cybersecurity and helped him realize the power of APIs Why email is such an excellent target for cyber attackers and how Material Security secures data within inboxes What founders should focus on in the first year, the importance of product management, and how Material secured its early adopters, including customers like Stripe, Databricks, and Lift, so quickly How to help your product to stand out, and why he believes it's important to avoid FUD tactics in cybersecurity What Ryan has learned from working with the world's leading security teams and how the best teams bridge gaps to win Ryan's thoughts on the uncertain global economic climate, its impacts, and how Material's conservative approach has allowed them to maintain a relatively lean team The future of security operations and what trends Ryan believes will continue - doing more with less and leveraging better infrastructure and tools that enable you to go deeper with your existing tech stack Resources: LinkedIn
Welcome to Day 2110 of Wisdom-Trek, and thank you for joining me. This is Guthrie Chamberlain, Your Guide to Wisdom Sermon on the Mount 8 – A Christian's Ambition: Not Material Security, But God's Rule – Daily Wisdom Putnam Church Message – 07/04/2021 Sermon on the Mount – A Christian's Ambition: Biblical Priorities Result in Freedom From Worry Matthew 6:19-34 Today's Scripture is found on page 1505 of the pew Bible. Teaching about Money, Possessions, and Worry “Don't store up treasures here on earth, where moths eat them and rust destroys them, and where thieves break in and steal. Store your treasures in heaven, where moths and rust cannot destroy, and thieves do not break in and steal. Wherever your treasure is, there the desires of your heart will also be. “Your eye is like a lamp that provides light for your body. When your eye is healthy, your whole body is filled with light. But when your eye is unhealthy, your whole body is filled with darkness. And if the light you think you have is actually darkness, how deep that darkness is! “No one can serve two masters. For you will hate one and love the other; you will be devoted to one and despise the other. You cannot serve God and be enslaved to money. “That is why I tell you not to worry about everyday life—whether you have enough food and drink, or enough clothes to wear. Isn't life more than food, and your body more than clothing? Look at the birds. They don't plant or harvest or store food in barns, for your heavenly Father feeds them. And aren't you far more valuable to him than they are? Can all your worries add a single moment to your life? “And why worry about your clothing? Look at the lilies of the field and how they grow. They don't work or make their clothing, yet Solomon in all his glory was not dressed as beautifully as they are. And if God cares so wonderfully for wildflowers that are here today and thrown into the fire tomorrow, he will certainly care for you. Why do you have so little faith? “So don't worry about these things, saying, ‘What will we eat? What will we drink? What will we wear?' These things dominate the thoughts of unbelievers, but your heavenly Father already knows all your needs. Seek the Kingdom of God above all else, and live righteously, and he will give you everything you need. “So don't worry about tomorrow, for tomorrow will bring its own worries. Today's trouble is enough for today. In the first half of Matthew 6 (1–18), Jesus describes the Christian's private life ‘in the secret place' (giving, praying, fasting); in the second half (19–34), he is concerned with our public business in the world (questions of money, possessions, food, drink, clothing and ambition). The same contrast could be expressed regarding our ‘religious' and ‘secular' responsibilities. This distinction is false, because we cannot separate these into water-tight compartments. Indeed, the separation of the sacred from the secular in church history has been disastrous. If we are Christians, citizens of God's kingdom, then everything we do is holy because it is done in...
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Royal Mail attack was LockBit and GCHQ will probably “bust some heads” CircleCI's incident report and the problem with malwared endpoints in the Zero Trust age Cloudflare backs Mastodon Paul Nakasone: NSA did some great stuff! It was really good! Cisco won't patch SMB routers sold in 2020 Much, much more This week's show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake's head of cybersecurity strategy Omer Singer are this week's sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Royal Mail cyberattack linked to LockBit ransomware operation Ransomware Diaries: Volume 1 | Analyst1 Congressman calls on CISA to investigate air travel vulnerabilities after outage - The Record from Recorded Future News Ransomware attack on maritime software impacts 1,000 ships - The Record from Recorded Future News CircleCI incident report for January 4, 2023 security incident Researchers: Large language models will revolutionize digital propaganda campaigns Nick Cave - The Red Hand Files - Issue #218 GitHub - cloudflare/wildebeest: Wildebeest is an ActivityPub and Mastodon-compatible server Meta sues Voyager Labs over scraping user data Twitter says leaked data on 200 million users was likely publicly available info - The Record from Recorded Future News A Police App Exposed Secret Details About Raids and Suspects | WIRED ODIN Intelligence website is defaced as hackers claim breach | TechCrunch Nakasone: Foreign surveillance program helped fend off cyberattacks - The Record from Recorded Future News The Guardian confirms criminals accessed staff data in ransomware attack - The Record from Recorded Future News Millions of Aflac, Zurich insurance customers in Japan have data leaked after breach - The Record from Recorded Future News Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organizations The FBI Won't Say Whether It Hacked Dark Web ISIS Site Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks - The Record from Recorded Future News Cisco warns of two vulnerabilities affecting end-of-life routers - The Record from Recorded Future News Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica Vulnerability with 9.8 severity in Control Web Panel is under active exploit | Ars Technica CISA adds recently-announced Microsoft zero-day to exploited vulnerability catalog - The Record from Recorded Future News Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Royal Mail attack was LockBit and GCHQ will probably “bust some heads” CircleCI's incident report and the problem with malwared endpoints in the Zero Trust age Cloudflare backs Mastodon Paul Nakasone: NSA did some great stuff! It was really good! Cisco won't patch SMB routers sold in 2020 Much, much more This week's show is brought to you by Material Security. Material co-founder Ryan Noon and Snowflake's head of cybersecurity strategy Omer Singer are this week's sponsor guests. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Royal Mail cyberattack linked to LockBit ransomware operation Ransomware Diaries: Volume 1 | Analyst1 Congressman calls on CISA to investigate air travel vulnerabilities after outage - The Record from Recorded Future News Ransomware attack on maritime software impacts 1,000 ships - The Record from Recorded Future News CircleCI incident report for January 4, 2023 security incident Researchers: Large language models will revolutionize digital propaganda campaigns Nick Cave - The Red Hand Files - Issue #218 GitHub - cloudflare/wildebeest: Wildebeest is an ActivityPub and Mastodon-compatible server Meta sues Voyager Labs over scraping user data Twitter says leaked data on 200 million users was likely publicly available info - The Record from Recorded Future News A Police App Exposed Secret Details About Raids and Suspects | WIRED ODIN Intelligence website is defaced as hackers claim breach | TechCrunch Nakasone: Foreign surveillance program helped fend off cyberattacks - The Record from Recorded Future News The Guardian confirms criminals accessed staff data in ransomware attack - The Record from Recorded Future News Millions of Aflac, Zurich insurance customers in Japan have data leaked after breach - The Record from Recorded Future News Dark Pink, a newly discovered hacking campaign, threatens Southeast Asian military, government organizations The FBI Won't Say Whether It Hacked Dark Web ISIS Site Norton LifeLock says 925,000 accounts targeted by credential-stuffing attacks - The Record from Recorded Future News Cisco warns of two vulnerabilities affecting end-of-life routers - The Record from Recorded Future News Fortinet says hackers exploited critical vulnerability to infect VPN customers | Ars Technica Vulnerability with 9.8 severity in Control Web Panel is under active exploit | Ars Technica CISA adds recently-announced Microsoft zero-day to exploited vulnerability catalog - The Record from Recorded Future News Hundreds of SugarCRM servers infected with critical in-the-wild exploit | Ars Technica
Mabuting Balita l Disyembre 29, 2022 – Huwebes Ikalima na araw ng Pagdiriwang ng Pasko ng Pagsilang Ebanghelyo: Luke 2:22-40 -35 Nang dumating na ang araw ng paglilinis nila ayon sa Batas ni Moises, dinala ang sanggol sa Jerusalem upang iharap sa Panginoon--tulad ng nasusulat sa Batas ng Panginoon: Lahat ng panganay na lalaki ay ituturing na banal para sa Panginoon. Dapat din silang mag-alay ng sakripisyo tulad ng binabanggit sa Batas ng Panginoon: isang pares na batubato o dalawang inakay na kalapati. Ngayon sa Jerusalem ay may isang taong nagngangalang Simeon; totoong matuwid at maka-Diyos ang taong iyon. Hinihintay n'ya ang pagpapaginhawa ng Panginoon sa Israel at sumasakanya ang Espiritu Santo. Ipinaalam naman sa kanya ng Espiritu Santo na hindi s'ya mamamatay hangga't hindi n'ya nakikita ang Mesiyas ng Panginoon. Kaya pumunta siya ngayon sa Templo sa pagtutulak ng Espiritu, nang dalhin ng mga magulang ang batang si Hesus para tuparin ang kaugaliang naaayon sa Batas tungkol sa kanya. Kinalong siya ni Simeon sa kanyang braso at pinuri ang Diyos, at sinabi: “Mapayayaon mo na ang iyong utusan, Panginoon, nang may kapayapaan ayon na rin sa iyong wika; pagkat nakita na ng aking mga mata ang iyong pagliligtas na inihanda mo sa paningin ng lahat ng bansa, ang liwanag na ibubunyag mo sa mga bansang pagano at ang luwalhati ng iyong bayang Israel.” May isa ring babaeng propeta, si Ana na anak ni Panuel na mula sa tribu ng Aser. Matandang-matanda na siya. Pagkaalis ng bahay sa kanyang ama, pitong taon lamang silang nagsama ng kanyang asawa, at nagbuhay biyuda na siya at hindi na siya umaalis sa Templo. Araw-gabi siyang sumasamba sa Diyos sa pag-aayuno at pananalangin. Walumpu't-apat na taon na siya. Sa pag-akyat niya sa sandaling iyon, nagpuri rin siya sa Diyos at nagpahayag tungkol sa bata sa lahat ng naghihintay sa katubusan ng Jerusalem. Nang matupad na ang lahat ng ayon sa Batas ng Panginoon, umuwi sila sa kanilang bayan, sa Nazaret sa Galilea. Lumaki at lumakas ang bata; napuspus siya ng karunungan at sumasakanya ang kagandahang-loob ng Diyos Pagninilay: Taong 2021, nagsurvey ang Global Attitude Surveys na may katanungang: What makes life more meaningful? Young adults: Family, Friends, Career. Middle aged: Family, Career, Material security. Old aged: Family, Material Security, Health. Kung susumahin, mahalaga po sa lahat ng antas ng edad ang pamilya, relasyon. Sa Mabuting Balita ngayong ika-limang araw matapos ang pasko, tampok si Simeon. Sinabi sa atin na siya'y matanda na at naghihintay na ng kanyang pagyao. Ngunit, buong buhay tinatanong ni Simeon ang sarili—what makes my life meaningful? Hanggang isang araw, sa paggabay ng Espiritu ng Diyos, pumunta siya sa templo at doon natagpuan ang tunay na saysay at kahulugan ng kanyang pag-iral—si Hesus! Ang pinananabikang Mesiyas at manunubos ng lahat. Sana matularan natin ang buhay ni Simeon. Hinayaan niyang gabayan siya lagi ng Espiritu ng Diyos upang maganap ang kalooban ng Diyos sa kanyang buhay. Kaya naman, nakita niya ang Mesiyas ng Diyos—dahil dito'y naging ganap ang kanyang kagalakan at buhay. Who gives meaning and hope to our lives? Jesus—the new-born child in our hearts! – Cl. Vinz Aurellano, SSP | Society of St. Paul
The Twenty Minute VC: Venture Capital | Startup Funding | The Pitch
Martin Casado is a General Partner @ a16z where he focuses on enterprise investing. At a16z, Martin has led investments and serves on the board of dbt Labs, Fivetran, Material Security, Ambient AI and many more incredible companies. Before venture, Martin was previously the Co-Founder and CTO at Nicira, acquired by VMware for $1.26 billion in 2012. While at VMware, Martin served as Senior VP and General Manager of the Networking and Security Business Unit, which he scaled to a $600 million revenue run-rate business. In Today's Episode with Martin Casado We Discuss: 1. From $1.26BN Founder to Leading Enterprise Investing for a16z: How did Martin make his way into the world of VC and come to lead enterprise investing for a16z? What does Martin know now that he wishes he had known when he started investing? What have been some of his biggest investing lessons from Marc and Ben? 2. The VC Model is Broken and Why: Why does Martin believe that the current model for venture is broken? Why does Martin believe that VCs are not oracles and they were not gifted with picking ability? How will asset allocation more broadly fundamentally change over the next decade? Why will Silicon Valley take over and run Wall St? Why does Wall St not care about innovation and true technological development? Who will be the winners and who will be the losers in the next 10 years of venture? 3. Surviving a Crash - What Founders Need To Know: Layoffs: What is Martin's advice to founders on doing layoffs today? How much is the right amount to cut? Should it be done in one go? How should this be communicated to investors and the board? Scenario Planning: What three scenario plans should all founders be creating right now? How should they know which one is the right one to execute against? Comparisons: How should founders use and look to public company performance and market cap to determine which plan they should choose? Hiring Freeze: Why does Martin believe the biggest companies in the world make massive mistakes by freezing hiring? What should they do instead? 4. The Changing Guard at a16z: What have been the single best and worst changes a16z have made over the last 24 months? What are the first things to break when a firm scales as fast as a16z has done? Does Martin agree a16z returns will reduce with the scaling of their funds larger than ever? How does Martin look to train and educate his junior team? How does he advise them on surviving a downturn? What should they do? What should they not do? 5.) The Makings of a Great Board: What are the three types of board members? What is the best? What is the worst? What does Martin believe makes the truly great boards? What is the biggest advice Martin gives to young board members today? How has Martin changed as a board member over time? What does he need to improve? Items Mentioned in Today's Episode: Martin's Fave Book: The Weirdest People in the World: How the West Became Psychologically Peculiar and Particularly Prosperous
About MartinMartin Casado is a general partner at the venture capital firm Andreessen Horowitz where he focuses on enterprise investing. He was previously the cofounder and chief technology officer at Nicira, which was acquired by VMware for $1.26 billion in 2012. While at VMware, Martin was a fellow, and served as senior vice president and general manager of the Networking and Security Business Unit, which he scaled to a $600 million run-rate business by the time he left VMware in 2016.Martin started his career at Lawrence Livermore National Laboratory where he worked on large-scale simulations for the Department of Defense before moving over to work with the intelligence community on networking and cybersecurity. These experiences inspired his work at Stanford where he created the software-defined networking (SDN) movement, leading to a new paradigm of network virtualization. While at Stanford he also cofounded Illuminics Systems, an IP analytics company, which was acquired by Quova Inc. in 2006.For his work, Martin was awarded both the ACM Grace Murray Hopper award and the NEC C&C award, and he's an inductee of the Lawrence Livermore Lab's Entrepreneur's Hall of Fame. He holds both a PhD and Masters degree in Computer Science from Stanford University.Martin serves on the board of ActionIQ, Ambient.ai, Astranis, dbt Labs, Fivetran, Imply, Isovalent, Kong, Material Security, Netlify, Orbit, Pindrop Security, Preset, RapidAPI, Rasa, Tackle, Tecton, and Yubico.Links: Yet Another Infra Group Discord Server: https://discord.gg/f3xnJzwbeQ “The Cost of Cloud, a Trillion Dollar Paradox” - https://a16z.com/2021/05/27/cost-of-cloud-paradox-market-cap-cloud-lifecycle-scale-growth-repatriation-optimization/ TranscriptAnnouncer: Hello, and welcome to Screaming in the Cloud with your host, Chief Cloud Economist at The Duckbill Group, Corey Quinn. This weekly show features conversations with people doing interesting work in the world of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles for which Corey refuses to apologize. This is Screaming in the Cloud.Corey: This episode is sponsored in part by Honeycomb. When production is running slow, it's hard to know where problems originate. Is it your application code, users, or the underlying systems? I've got five bucks on DNS, personally. Why scroll through endless dashboards while dealing with alert floods, going from tool to tool to tool that you employ, guessing at which puzzle pieces matter? Context switching and tool sprawl are slowly killing both your team and your business. You should care more about one of those than the other; which one is up to you. Drop the separate pillars and enter a world of getting one unified understanding of the one thing driving your business: production. With Honeycomb, you guess less and know more. Try it for free at honeycomb.io/screaminginthecloud. Observability: it's more than just hipster monitoring.Corey: This episode is sponsored in part by our friends at Sysdig. Sysdig secures your cloud from source to run. They believe, as do I, that DevOps and security are inextricably linked. If you wanna learn more about how they view this, check out their blog, it's definitely worth the read. To learn more about how they are absolutely getting it right from where I sit, visit Sysdig.com and tell them that I sent you. That's S Y S D I G.com. And my thanks to them for their continued support of this ridiculous nonsense.Corey: Welcome to Screaming in the Cloud. I'm Corey Quinn. I'm joined today by someone who has taken a slightly different approach to being—well, we'll call it cloud skepticism here. Martin Casado is a general partner at Andreessen Horowitz and has been on my radar starting a while back, based upon a piece that he wrote focusing on the costs of cloud and how repatriation is going to grow. You wrote that in conjunction with your colleague, Sarah Wang. Martin, thank you so much for joining me. What got you onto that path?Martin: So, I want to be very clear, just to start with is, I think cloud is the biggest innovation that we've seen in infrastructure, probably ever. It's a core part of the industry. I think it's very important, I think every company's going to be using cloud, so I'm very pro-cloud. I just think the nature of how you use clouds is shifting. And that was the focus.Corey: When you first put out your article in conjunction with your colleague as well, like, I saw it and I have to say that this was the first time I'd really come across any of your work previously. And I have my own biases that I started from, so my opening position on reading it was this is just some jerk who's trying to say something controversial and edgy to get attention. That's my frickin job. Excuse me, sir. And who is this clown?So, I started digging, and what I found really changed my perspective because as mentioned at the start of the show, you are a general partner at Andreessen Horowitz, which means you are a VC. You are definitionally almost the archetype of a VC in that sense. And to me, being a venture capitalist means the most interesting thing about you is that you write a large check consisting of someone else's money. And that's never been particularly interesting.Martin: [laugh].Corey: You kind of cut against that grain and that narrative. You have a master's and a PhD in computer science from Stanford; you started your career at one of the national labs—Laurence Livermore, if memory serves—you wound up starting a business, Nicira, if I'm pronouncing that correctly—Martin: Yeah, yeah, yeah.Corey: That you then sold to VMware in 2012, back at a time when that was a noble outcome, rather than a state of failure because VMware is not exactly what it once was. You ran a $600 million a year business while you were there. Basically, the list of boards that you're on is lengthy enough and notable enough that it sounds almost like you're professionally bored, so I don't—Martin: [laugh].Corey: So, looking at this, it's okay, this is someone who actually knows what he is talking about, not just, “Well, I talked to three people in pitch meetings and I now think I know what is going on in this broader industry.” You pay attention, and you're connected, disturbingly well, to what's going on, to the point where if you see something, it is almost certainly rooted in something that is happening. And it's a big enough market that I don't think any one person can keep their finger on the pulse of everything. So, that's when I started really digging into it, paying attention, and more or less took a lot of what you wrote as there are some theses in here that I want to prove or disprove. And I spent a fair bit of time basically threatening, swindling, and bribing people with infinite cups of coffee in order to start figuring out what is going on.And I am begrudgingly left with no better conclusion than you have a series of points in here that are very challenging to disprove. So, where do you stand today, now that, I guess, the whole rise and fall of the hype around your article on cloud repatriation—which yes, yes, we'll put a link to it in the show notes if people want to go there—but you've talked about this in a lot of different contexts. Having had the conversations that you've had, and I'm sure some very salty arguments with people who have a certain vested interest in you being wrong, do you wind up continuing to stand by the baseline positions that you've laid out, or have they evolved into something more nuanced?Martin: So yeah, I definitely want to point out, so this was work done with Sarah Wang was also at Andreessen Horowitz; she's also a GP. She actually did the majority of the analysis and she's way smarter than I am. [laugh]. And so, I'm just very—feel very lucky to work with her on this. And I want to make sure she gets due credit on this.So, let's talk about the furor. So like, I actually thought that this was kind of interesting and it started a good discussion, but instead, like, [laugh] the amount of, like, response pieces and, like, angry emails I got, and [laugh] like, I mean it just—and I kind of thought to myself, like, “Why are people so upset?” I think there's three reasons. I'm going to go through them very quickly because they're interesting.So, the first one is, like, you're right, like, I'm a VC. I think people see a VC and they're like, oh, lack of credibility, lack of accountability, [laugh], you know, doesn't know what they're doing, broad pattern matcher. And, like, I will say, like, I did not necessarily write this as a VC; I wrote this as somebody that's, like, listen, my PhD is an infrastructure; my company was an infrastructure. It's all data center stuff. I had a $600 million a year data center business that sold infrastructure into data centers. I've worked with all of the above. Like, I've worked with Amazon, I've—Corey: So, you sold three Cisco switches?Martin: [laugh]. That's right.Corey: I remember those days. Those were awesome, but not inexpensive.Martin: [laugh]. That's right. Yeah, so like, you know, I had 15 years. It's kind of a culmination of that experience. So, that was one; I just think that people see VC and they have a reaction.The second one is, I think people still have the first cloud wars fresh in their memories and so they just don't know how to think outside of that. So, a lot of the rebuttals were first cloud war rebuttals. Like, “Well, but internal IT is slow and you can't have the expertise.” But like, they just don't apply to the new world, right? Like, listen, if you're Cloudflare, to say that you can't run, like, a large operation is just silly. If you went to Cloudflare and you're like, “Listen, you can't run your own infrastructure,” like, they'd take out your sucker and pat you on the head. [laugh].Corey: And not for nothing, if you try to run what they're doing on other cloud providers from a pure bandwidth perspective, you don't have a company anymore, regardless of how well funded you are. It's a never-full money pit that just sucks all of the money. And I've talked to a number of very early idea stage companies that aren't really founded yet about trying to do things like CDN-style work or streaming video, and a lot of those questions start off with well, we did some back-of-the-envelope math around AWS data transfer pricing, and if our numbers are right, when we scale, we'll be spending $65,000 on data transfer every minute. What did we get wrong?And it's like, “Oh, yeah, you realize that one thing is per hour not per minute, so slight difference there. But no, you're basically correct. Don't do it.” And yeah, no one pays retail price at that volume, but they're not going to give you a 99.999% discount on these things, so come up with a better plan. Cloudflare's business will not work on AWS, full stop.Martin: Yep, yep. So, I legitimately know, basically, household name public companies that are software companies that anybody listening to this knows the name of these companies, who have product lines who have 0% margins because they're [laugh] basically, like, for every dollar they make, they pay a dollar to Amazon. Like, this is a very real thing, right? And if you go to these companies, these are software infrastructure companies; they've got very talented teams, they know how to build, like, infrastructure. To tell them that like, “Well, you know, you can't build your own infrastructure,” or something is, I mean, it's like telling, like, an expert in the business, they can't do what they do; this is what they do. So, I just think that part of the furor, part of the uproar, was like, I just think people were stuck in this cloud war 1.0 mindset.I think the third thing is, listen, we've got an oligopoly, and they employ a bunch of people, and they've convinced a bunch of people they're right, and it's always hard to change that. And I also think there's just a knee-jerk reaction to these big macro shifts. And it was the same thing we did to software-defined networking. You know, like, my grad school work was trying to change networking to go from hardware to software. I remember giving a talk at Cisco, and I was, like, this kind of like a naive grad student, and they literally yelled at me out of the room. They're like, it'll never work.Corey: They tried to burn you as a witch, as I recall.Martin: [laugh]. And so, your specific question is, like, have our views evolved? But the first one is, I think that this macro downturn really kind of makes the problem more acute. And so, I think the problem is very, very real. And so, I think the question is, “Okay, so what happens?”So, let's say if you're building a new software company, and you have a choice of using, like, one of the Big Three public clouds, but it impacts your margins so much that it depresses your share price, what do you do? And I think that we thought a lot more about what the answers there are. And the ones that I think that we're seeing is, some actually are; companies are building their own infrastructure. Like, very famously MosaicML is building their own infrastructure. Fly.io, -building their own infrastructure.Mighty—you know, Suhail's company—building his own infrastructure. Cloudflare has their own infrastructure. So, I think if you're an infrastructure provider, a very reasonable thing to do is to build your own infrastructure. If you're not a core infrastructure provider, you're not; you can still use somebody's infrastructure that's built at a better cost point.So, for example, if I'm looking at a CDN tier, I'm going to use Fly.io, right? I mean, it's like, it's way cheaper, the multi-region is way better, and so, like, I do think that we're seeing, like, almost verticalized clouds getting built out that address this price point and, like, these new use cases. And I think this is going to start happening more and more now. And we're going to see basically almost the delamination of the cloud into these verticalized clouds.Corey: I think there's also a question of scale, where if you're starting out in the evening tonight, to—I want to build, I don't know Excel as a service or something. Great. You're pretty silly if you're not going to start off with a cloud provider, just because you can get instant access to resources, and if your product catches on, you scale out without having to ever go back and build it as quote-unquote “Enterprise grade,” as opposed to having building it on cheap servers or Raspberry Pis or something floating around. By the time that costs hit a certain point—and what that point is going to depend on your stage of company and lifecycle—you're remiss if you don't at least do an analysis on is this the path we want to continue on for the service that we're offering?And to be clear, the answer to this is almost entirely going to be bounded by the context of your business. I don't believe that companies as a general rule, make ill-reasoned decisions. I think that when we see a decision a company makes, by and large, there's context or constraints that we don't see that inform that. I know, it's fun to dunk on some of the large companies' seemingly inscrutable decisions, but I will say, having had the privilege to talk to an awful lot of execs in an awful lot of places—particularly on this show—I don't find myself encountering a whole lot of people in those roles who I come away with thinking that they're a few fries short of a Happy Meal. They generally are very well reasoned in why they do what they do. It's just a question of where we think the future is going on some level.Martin: Yep. So, I think that's absolutely right. So, to be a little bit more clear on what I think is happening with the cloud, which is I think every company that gets created in tech is going to use the cloud for something, right? They'll use it for development, the website, test, et cetera. And many will have everything in the cloud, right?So, the cloud is here to stay, it's going to continue to grow, it's a very important piece of the ecosystem, it's very important piece of IT. I'm very, very pro cloud; there's a lot of value. But the one area that's under pressure is if your product is SaaS if your product is selling Software as a Service, so then your product is basically infrastructure, now you've got a product cost model that includes the infrastructure itself, right? And if you reduce that, that's going to increase your margin. And so, every company that's doing that should ask the question, like, A, is the Big Three the right one for me?Maybe a verticalized cloud—like for example, whatever Fly or Mosaic or whatever is better because the cost is better. And I know how to, you know, write software and run these things, so I'll use that. They'll make that decision or maybe they'll build their own infrastructure. And I think we're going to see that decision happening more and more, exactly because now software is being offered as a service and they can do that. And I just want to make the point, just because I think it's so important, that the clouds did exactly this to the hardware providers. So, I just want to tell a quick story, just because for me, it's just so interesting. So—Corey: No, please, I was only really paying attention to this market from 2016 or so. There was a lot of the early days that I was using as a customer, but I wasn't paying attention to the overall industry trends. Please, storytime. This is how I learned things. I hang out with smart people and I come away a little bit smarter than when I started.Martin: [laugh]. This is, like, literally my fa—this is why this is one of my favorite topics is what I'm about to tell you, which is, so the clouds have always had this argument, right? The big clouds, three clouds, they're like, “Listen, why would you build your own cloud? Because, like, you don't have the expertise, and it's hard and you don't have economies of scale.” Right?And the answer is you wouldn't unless it impacts your share price, right? If it impacts your share price, then of course you would because it makes economic sense. So, the clouds had that exact same dilemma in 2005, right? So, in 2005, Google and Amazon and Microsoft, they looked at their COGS, they looked like, “Okay, I'm offering a cloud. If I look at the COGS, who am I paying?”And it turns out, there was a bunch of hardware providers that had 30% margins or 70% margins. They're like, “Why am I paying Cisco these big margins? Why am I paying Dell these big margins?” Right? So, they had the exact same dilemma.And all of the arguments that they use now applied then, right? So, the exact same arguments, for example, “AWS, you know nothing about hardware. Why would you build hardware? You don't have the expertise. These guys sell to everybody in the world, you don't have the economies of scale.”So, all of the same arguments applied to them. And yet… and yes because it was part of COGS] that it impacted the share price, they can make the economic argument to actually build hardware teams and build chips. And so, they verticalized, right? And so, it just turns out if the infrastructure becomes parts of COGS, it makes sense to optimize that infrastructure. And I would say, the Big Three's foray into OEMs and hardware is a much, much, much bigger leap than an infrastructure company foraying into building their own infrastructure.Corey: There's a certain startup cost inherent to all these things. And the small version of that we had in every company that we started in a pre-cloud era: renting virtual computers from vendors was a thing, but it was still fraught and challenging and things that we use, then, like, GoGrid no longer exist, for good reason. But the alternative was, “Great, I'm going to start building and seeing if this thing has any traction.” Well, you need to go lease a rack somewhere and buy servers from Dell, and they're going to do the fast expedited option, which means only six short weeks until they show up in the data center and then gets sent away because they weren't expecting to receive them. And you wind up with this entire universe of hell between cross-connects and all the rest.And that's before you can ever get anything in front of customers or users to see what happens. Now, it's a swipe of a credit card away and your evening's experiments round up to 25 cents. That was significant. Having to make these significant tens of thousands of dollars of investment just to launch is no longer true. And I feel like that was a great equalizer in some respects.Martin: Yeah, I think that—Corey: And that cost has been borne by the astonishing level of investment that the cloud providers themselves have made. And that basically means that we don't have to. But it does come at a cost.Martin: I think it's also worth pointing out that it's much easier to stand up your own infrastructure now than it has been in the past, too. And so, I think that there's a gradient here, right? So, if you're building a SaaS app, [laugh] you would be crazy not to use the cloud, you just be absolutely insane, right? Like, what do you know about core infrastructure? You know, what do you know about building a back-end? Like, what do you know about operating these things? Go focus on your SaaS app.Corey: The calluses I used to have from crimping my own Ethernet patch cables in data centers have faded by now. I don't want them to come back. Yeah, we used to know how to do these things. Now, most people in most companies do not have that baseline of experience, for excellent reasons. And I wouldn't wish that on the current generation of engineers, except for the ones I dislike.Martin: However, that is if you're building an application. Almost all of my investments are people that are building infrastructure. [laugh]. They're already doing these hardcore backend things; that's what they do: they sell infrastructure. Would you think, like, someone, like, at Databricks doesn't understand how to run infr—of course it does. I mean, like, or Snowflake or whatever, right?And so, this is a gradient. On the extreme app end, you shouldn't be thinking about infrastructure; just use the cloud. Somewhere in the middle, maybe you start on the cloud, maybe you don't. As you get closer to being a cloud service, of course you're going to build your own infrastructure.Like, for example—listen, I mean, I've been mentioning Fly; I just think it's a great example. I mean, Fly is a next-generation CDN, that you can run compute on, where they build their own infrastructure—it's a great developer experience—and they would just be silly. Like, they couldn't even make the cost model work if they did it on the cloud. So clearly, there's a gradient here, and I just think that you would be remiss and probably negligent if you're selling software not to have this conversation, or at least do the analysis.Corey: This episode is sponsored in part by our friend EnterpriseDB. EnterpriseDB has been powering enterprise applications with PostgreSQL for 15 years. And now EnterpriseDB has you covered wherever you deploy PostgreSQL on-premises, private cloud, and they just announced a fully-managed service on AWS and Azure called BigAnimal, all one word. Don't leave managing your database to your cloud vendor because they're too busy launching another half-dozen managed databases to focus on any one of them that they didn't build themselves. Instead, work with the experts over at EnterpriseDB. They can save you time and money, they can even help you migrate legacy applications—including Oracle—to the cloud. To learn more, try BigAnimal for free. Go to biganimal.com/snark, and tell them Corey sent you.Corey: I think there's also a philosophical shift, where a lot of the customers that I talk to about their AWS bills want to believe something that is often not true. And what they want to believe is that their AWS bill is a function of how many customers they have.Martin: Oh yeah.Corey: In practice, it is much more closely correlated with how many engineers they've hired. And it sounds like a joke, except that it's not. The challenge that you have when you choose to build in a data center is that you have bounds around your growth because there are capacity concerns. You are going to run out of power, cooling, and space to wind up having additional servers installed. In cloud, you have an unbounded growth problem.S3 is infinite storage, and the reason I'm comfortable saying that is that they can add hard drives faster than you can fill them. For all effective purposes, it is infinite amounts of storage. There is no forcing function that forces you to get rid of things. You spin up an instance, the natural state of it in a data center as a virtual machine or a virtual instance, is that it's going to stop working two to three years left on maintain when a raccoon hauls it off into the woods to make a nest or whatever the hell raccoons do. In cloud, you will retire before that instance does is it gets migrated to different underlying hosts, continuing to cost you however many cents per hour every hour until the earth crashes into the sun, or Amazon goes bankrupt.That is the trade-off you're making. There is no forcing function. And it's only money, which is a weird thing to say, but the failure mode of turning something off mistakenly that takes things down, well that's disastrous to your brand and your company. Just leaving it up, well, it's only money. It's never a top-of-mind priority, so it continues to build and continues to build and continues to build until you're really forced to reckon with a much larger problem.It is a form of technical debt, where you've kicked the can down the road until you can no longer kick that can. Then your options are either go ahead and fix it or go back and talk to you folks, and it's time for more money.Martin: Yeah. Or talk to you. [laugh].Corey: There is that.Martin: No seriously, I think everybody should, honestly. I think this is a board-level concern for every compa—I sit on a lot of boards; I see this. And this has organically become a board-level concern. I think it should become a conscious board-level concern of, you know, cloud costs, impact COGS. Any software company has it; it always becomes an issue, and so it should be treated as a first-class problem.And if you're not thinking through your options—and I think by the way, your company is a great option—but if you're not thinking to the options, then you're almost fiduciarily negligent. I think the vast, vast majority of people and vast majority of companies are going to stay on the cloud and just do some basic cost controls and some just basic hygiene and they're fine and, like, this doesn't touch them. But there are a set of companies, particularly those that sell infrastructure, where they may have to get more aggressive. And that ecosystem is now very vibrant, and there's a lot of shifts in it, and I think it's the most exciting place [laugh] in all of IT, like, personally in the industry.Corey: One question I have for you is where do you draw the line around infrastructure companies. I tend to have an evolving view of it myself, where things that are hard and difficult do not become harder with time. It used to require a deep-level engineer with a week to kill to wind up compiling and building a web server. Now, it is evolved and evolved and evolved; it is check a box on a webpage somewhere and you're serving a static website. Managed databases, I used to think, were something that were higher up the stack and not infrastructure. Today, I'd call them pretty clearly infrastructure.Things seem to be continually, I guess, a slipping beneath the waves to borrow an iceberg analogy. And it's only the stuff that you can see that is interesting and differentiated, on some level. I don't know where the industry is going at all, but I continue to think of infrastructure companies as being increasingly broad.Martin: Yeah, yeah, yeah. This is my favorite question. [laugh]. I'm so glad you asked. [laugh].Corey: This was not planned to be clear.Martin: No, no, no. Listen, I am such an infrastructure maximalist. And I've changed my opinion on this so much in the last three years. So, it used to be the case—and infrastructure has a long history of, like, calling the end of infrastructure. Like, every decade has been the end of infrastructure. It's like, you build the primitives and then everything else becomes an app problem, you know?Like, you build a cloud, and then we're done, you know? You build the PC and then we're done. And so, they are even very famous talks where people talk about the end of systems when we've be built everything right then. And I've totally changed my view. So, here's my current view.My current view is, infrastructure is the only, really, differentiation in systems, in all IT, in all software. It's just infrastructure. And the app layer is very important for the business, but the app layer always sits on infrastructure. And the differentiations in app is provided by the infrastructure. And so, the start of value is basically infrastructure.And the design space is so huge, so huge, right? I mean, we've moved from, like, PCs to cloud to data. Now, the cloud is decoupling and moving to the CDN tier. I mean, like, the front-end developers are building stuff in the browser. Like, there's just so much stuff to do that I think the value is always going to accrue to infrastructure.So, in my view, anybody that's improving the app accuracy or performance or correctness with technology is an infrastructure company, right? And the more of that you do, [laugh] the more infrastructure you are. And I think, you know, in 30 years, you and I are going to be old, and we're going to go back on this podcast. We're going to talk and there's going to be a whole bunch of infrastructure companies that are being created that have accrued a lot of value. I'm going to say one more thing, which is so—okay, this is a sneak preview for the people listening to this that nobody else has heard before.So Sarah, and I are back at it again, and—the brilliant Sarah, who did the first piece—and we're doing another study. And the study is if you look at public companies and you look at ones that are app companies versus infrastructure companies, where does the value accrue? And there's way, way more app companies; there's a ton of app companies, but it turns out that infrastructure companies have higher multiples and accrue more value. And that's actually a counter-narrative because people think that the business is the apps, but it just turns out that's where the differentiation is. So, I'm just an infra maximalist. I think you could be an infra person your entire career and it's the place to be. [laugh].Corey: And this is the real value that I see of looking at AWS bills. And our narrative is oh, we come in and we fix the horrifying AWS bill. And the naive pass is, “Oh, you cut the bill and make it lower?” Not always. Our primary focus has been on understanding it because you get a phone-number-looking bill from AWS. Great, you look at it, what's driving the cost? Storage.Okay, great. That doesn't mean anything to the company. They want to know what teams are doing this. What's it going to cost for them to add another thousand monthly active users? What is the increase in cost? How do they wind up identifying their bottlenecks? How do they track and assign portions of their COGS to different aspects of their service? How do they trace the flow of capital for their organization as they're serving their customers?And understanding the bill and knowing what to optimize and what not to becomes increasingly strategic business concern.Martin: Yeah.Corey: That's the fun part. That's the stuff I don't see that software has a good way of answering, just because there's no way to use an API to gain that kind of business context. When I started this place, I thought I was going to be building software. It turns out, there's so many conversations that have to happen as a part of this that cannot be replicated by software. I mean, honestly, my biggest competitor for all this stuff is Microsoft Excel because people want to try and do it themselves internally. And sometimes they do a great job, sometimes they don't, but it's understanding their drivers behind their cost. And I think that is what was often getting lost because the cloud obscures an awful lot of that.Martin: Yeah. I think even just summarize this whole thing pretty quickly, which is, like, I do think that organically, like, cloud cost has become a board-level issue. And I think that the shift that founders and execs should make is to just, like, treat it like a first-class problem upfront. So, what does that mean? Minimally, it means understanding how these things break down—A, to your point—B, there's a number of tools that actually help with onboarding of this stuff. Like, Vantage is one that I'm a fan of; it just provides some visibility.And then the third one is if you're selling Software as a Service, that's your core product or software, and particularly it's a infrastructure, if you don't actually do the analysis on, like, how this impacts your share price for different cloud costs, if you don't do that analysis, I would say your fiduciarily negligent, just because the impact would be so high, especially in this market. And so, I think, listen, these three things are pretty straightforward and I think anybody listening to this should consider them if you're running a company, or you're an executive company.Corey: Let's be clear, this is also the kind of problem that when you're sitting there trying to come up with an idea for a business that you can put on slide decks and then present to people like you, these sounds like the paradise of problems to have. Like, “Wow, we're successful and our business is so complex and scaled out that we don't know where exactly a lot of these cost drivers are coming from.” It's, “Yeah, that sounds amazing.” Like, I remember those early days, back when all I was able to do and spend time on and energy on was just down to the idea of, ohh, I'm getting business cards. That's awesome. That means I've made it as a business person.Spoiler: it did not. Having an aggressive Twitter presence, that's what made me as a business person. But then there's this next step and this next step and this next step and this next step, and eventually, you look around and realize just how overwrought everything you've built is and how untangling it just becomes a bit of a challenge and a hell of a mess. Now, the good part is at that point of success, you can bring people in, like, a CFO and a finance team who can do some deep-level analysis to help identify what COGS is—or in some cases, have some founders, explain what COGS is to you—and understand those structures and how you think about that. But it always feels like it's a trailing problem, not an early problem that people focus on.Martin: I'll tell you the reason. The reason is because this is a very new phenomenon that it's part of COGS. It's literally five years new. And so, we're just catching up. Even now, this discussion isn't what it was when we first wrote the post.Like, now people are pretty educated on, like, “Oh yeah, like, this is really an issue. Oh, yeah. It contributes to COGS. Oh, yeah. Like, our stock price gets hit.” Like, it's so funny to watch, like, the industry mature in real-time. And I think, like, going forward, it's just going to be obvious that this is a board-level issue; it's going to be obvious this is, like, a first-class consideration. But I agree with you. It's like, listen, like, the industry wasn't ready for it because we didn't have public companies. A lot of public companies, like, this is a real issue. I mean really we're talking about the last five, seven years.Corey: It really is neat, just in real time watching how you come up with something that sounds borderline heretical, and in a relatively short period of time, becomes accepted as a large-scale problem, and now it's now it is fallen off of the hype train into, “Yeah, this is something to be aware of.” And people's attention spans have already jumped to the next level and next generation of problem. It feels like this used to take way longer for these cycles, and now everything is so rapid that I almost worry that between the time we're recording this and the time that it publishes in a few weeks, what is going to have happened that makes this conversation irrelevant? I didn't used to have to think like that. Now, I do.Martin: Yeah, yeah, yeah, for sure. Well, just a couple of things. I want to talk about, like, one of the reasons that accelerated this, and then when I think is going forward. So, one of the reasons this was accelerated was just the macro downturn. Like, when we wrote the post, you could make the argument that nobody cares about margins because it's all about growth, right?And so, like—and even then, it still saved a bunch of money, but like, a lot of people were like, “Listen, the only thing that matters is growth.” Now, that's absolutely not the case if you look at public market valuations. I mean, people really care about free cash flow, they really care about profitability, and they really care about margins. And so, it's just really forced the issue. And it also, like, you know, made kind of what we were saying very, very clear.I would say, you know, as far as shifts that are going, I think one of the biggest shifts is for every back-end developer, there's, like, a hundred front-end developers. It's just crazy. And those front-end developers—Corey: A third of a DevOps engineer.Martin: [laugh]. True. I think those front-end developers are getting, like, better tools to build complete apps, right? Like, totally complete apps, right? Like they've got great JavaScript frameworks that coming out all the time.And so, you could argue that actually a secular technology change—which is that developers are now rebuilding apps as kind of front-end applications—is going to pull compute away from the clouds anyways, right? Like if instead of, like, the app being some back-end thing running in AWS, but instead is a front-end thing, you know, running in a browser at the CDN tier, while you're still using the Big Three clouds, it's being used in a very different way. And we may have to think about it again differently. Now, this, again, is a five-year going forward problem, but I do feel like there are big shifts that are even changing the way that we currently think about cloud now. And we'll see.Corey: And if those providers don't keep up and start matching those paradigms, there's going to be an intermediary shim layer of companies that wind up converting their resources and infrastructure into things that suit this new dynamic, and effectively, they're going to become the next version of, I don't know, Level 3, one of those big underlying infrastructure companies that most people have never heard of or have to think about because they're not doing anything that's perceived as interesting.Martin: Yeah, I agree. And I honestly think this is why Cloudflare and Cloudflare work is very interesting. This is why Fly is very interesting. It's a set of companies that are, like, “Hey, listen, like, workloads are moving to the front-end and, you know, you need compute closer to the user and multi-region is really important, et cetera.” So, even as we speak, we're seeing kind of shifts to the way the cloud is moving, which is just exciting. This is why it's, like, listen, infrastructure is everything. And, like, you and I like if we live to be 200, we can do [laugh] a great infrastructure work every year.Corey: I'm terrified, on some level, that I'll still be doing the exact same type of thing in 20 years.Martin: [laugh].Corey: I like solving different problems as we go. I really want to thank you for spending so much time talking to me today. If people want to learn more about what you're up to, slash beg you for other people's money or whatnot, where's the best place for them to find you?Martin: You know, we've got this amazing infrastructure Discord channel. [laugh].Corey: Really? I did not know that.Martin: I love it. It's, like, the best. Yeah, my favorite thing to do is drink coffee and talk about infrastructure. And like, I posted this on Twitter and we've got, like, 600 people. And it's just the best thing. So, that's honestly the best way to have these discussions. Maybe can you put, like, the link in, like, the show notes?Corey: Oh, absolutely. It is already there in the show notes. Check the show notes. Feel free to join the infrastructure Discord. I will be there waiting for you.Martin: Yeah, yeah, yeah. That'll be fantastic.Corey: Thank you so much for being so generous with your time. I appreciate it.Martin: This was great. Likewise, Corey. You're always a class act and I really appreciate that about you.Corey: I do my best. Martin Casado, general partner at Andreessen Horowitz. I'm Cloud Economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this podcast, please leave a five-star review on your podcast platform of choice, whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice along with an angry comment telling me that I got it completely wrong and what check you wrote makes you the most interesting.Announcer: The content here is for informational purposes only and should not be taken as legal, business, tax, or investment advice, or be used to evaluate any investment or security and is not directed at any investors or potential investors in any a16z fund. For more details, please see a16z.com/disclosures.Corey: If your AWS bill keeps rising and your blood pressure is doing the same, then you need The Duckbill Group. We help companies fix their AWS bill by making it smaller and less horrifying. The Duckbill Group works for you, not AWS. We tailor recommendations to your business and we get to the point. Visit duckbillgroup.com to get started.Announcer: This has been a HumblePod production. Stay humble.
Chris Long is a Staff Security Engineer at Material Security, and you might know him from some of his open-source work at Detection Lab. In the episode today, we talk about his work with Facebook and Uber using osquery, and his thoughts on the present and future state of cybersecurity. Topics discussed: Chris's story and how he got into cybersecurity The day-to-day of a Staff Security Engineer How Chris used osquery while he worked at Facebook The benefits and power of osquery How Chris went from an osquery skeptic to seeing the strengths Why Chris started DetectionLab and how it helps security professionals Top tips for device management and security strategy for organizations Biggest challenges organizations face related to security today Changes we can expect to see in cybersecurity over the coming years Where to Get in Touch Find Chris on LinkedIn Try Fleet Fleet makes it easy to get accurate, actionable data from all your endpoints. From full disk encryption to healthy antivirus software and any query in between. See for yourself. Sign up for Fleet Sandbox for free today: https://fleetdm.com/try-fleet/register.
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Attackers are now ransoming cloud access Chinese APTs using building control systems for persistence and stealth USA, UK and NZ govts issue PowerShell advice Much, much more This week's show is brought to you by Material Security. JJ Agha, CISO at Compass, joins the show to talk about how he's using it to make phishing triage and automation less traumatic. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Iranian steel facilities suffer apparent cyberattacks Automotive fabric supplier TB Kawashima announces cyberattack US arm of Japanese automotive hose maker Nichirin pauses production after ransomware attack - The Record by Recorded Future BRONZE STARLIGHT Ransomware Operations Use HUI Loader | Secureworks Ransomware groups targeting Mitel VoIP zero-day - The Record by Recorded Future Brett Callow on Twitter: "LockBit also seems to have set its demands to automatically decrease over time. The longer victims wait, the less they need to pay. 4/5" / Twitter Cisco Talos Intelligence Group - Comprehensive Threat Intelligence: De-anonymizing ransomware domains on the dark web Brazilian retail giant confirms cyberattack after extortion group takes over Twitter account - The Record by Recorded Future Akamai Blog | Bots Are Scalping Israeli Government Services Rise of LNK (Shortcut files) Malware | McAfee Blog Attacks on industrial control systems using ShadowPad | Kaspersky ICS CERT Google: Seven zero-days in 2021 developed commercially and sold to governments - The Record by Recorded Future The hacking industry faces the end of an era | MIT Technology Review Lawmakers want to restrict user data sales to nations like China, Russia US, UK, New Zealand argue against disabling PowerShell - The Record by Recorded Future CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF A pro-China online influence campaign is targeting the rare-earths industry | MIT Technology Review Internet Crime Complaint Center (IC3) | Deepfakes and Stolen PII Utilized to Apply for Remote Work Positions Statutory defense for ethical hacking under UK Computer Misuse Act tabled | The Daily Swig BSides Cleveland organizer steps down after controversial guest added as ‘surprise' speaker | The Daily Swig CISA experts propose ‘311' cybersecurity emergency call line for small businesses - The Record by Recorded Future CISA, US Coast Guard warn of Log4Shell attacks after 130GB data breach in May - The Record by Recorded Future CSAC Recommendations (06-16-2022) (1) - DocumentCloud Meet the Administrators of the RSOCKS Proxy Botnet – Krebs on Security Splunk patches critical vulnerability while users push for legacy updates | The Daily Swig Oracle patches ‘miracle exploit' impacting Middleware Fusion, cloud services | The Daily Swig Cyber Insurance: Action Needed to Assess Potential Federal Response to Catastrophic Attacks | U.S. GAO FBI investigating $100 million theft from blockchain company Harmony - The Record by Recorded Future Jerry Gamblin on Twitter: "Ahhh... the orignal NFTs." / Twitter PeckShield Inc. on Twitter: "1/ @XCarnival_Lab was exploited in a flurry of txs (one hack tx: https://t.co/LUcxSU9UQn), leading to the gain of 3,087 ETH (~$3.8M) for the hacker (The protocol loss may be larger). https://t.co/mmGw5PQfbt" / Twitter Patrick Gray on Twitter: "
In the Enterprise News for this week: Funding announcements from Material Security, Abnormal, Teleport, Tailscale, Smallsetp, Phylum and more. Acquisitions include HDiv Security, and Radiflow. New product announcements from Siren, Corelight, Artic Wolf, Onapsis and Aqua. And, in other news, all South Koreans are about to become one year younger, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw273
This week, in our first segment, we welcome Yasser Rasheed, Global Director of Enterprise Client Sales at Intel to talk about Protecting Your Environment with Intel vPro platform! Then, Omer Taran, Co-Founder and CTO of CybeReady, joins for an interview about Overcoming Challenges in Multinational Phishing Simulations! Lastly, in the Enterprise News for this week: Funding announcements from Material Security, Abnormal, Teleport, Tailscale, Smallset, Phylum and more. Acquisitions include HDiv Security, and Radiflow. New product announcements from Siren, Corelight, Artic Wolf, Onapsis and Aqua! In other news, all South Koreans are about to become one year younger! This segment is sponsored by Intel. Visit https://securityweekly.com/intel to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw273
This week, in our first segment, we welcome Yasser Rasheed, Global Director of Enterprise Client Sales at Intel to talk about Protecting Your Environment with Intel vPro platform! Then, Omer Taran, Co-Founder and CTO of CybeReady, joins for an interview about Overcoming Challenges in Multinational Phishing Simulations! Lastly, in the Enterprise News for this week: Funding announcements from Material Security, Abnormal, Teleport, Tailscale, Smallsetp, Phylum and more. Acquisitions include HDiv Security, and Radiflow. New product announcements from Siren, Corelight, Artic Wolf, Onapsis and Aqua! In other news, all South Koreans are about to become one year younger! This segment is sponsored by Intel. Visit https://securityweekly.com/intel to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw273
In the Enterprise News for this week: Funding announcements from Material Security, Abnormal, Teleport, Tailscale, Smallsetp, Phylum and more. Acquisitions include HDiv Security, and Radiflow. New product announcements from Siren, Corelight, Artic Wolf, Onapsis and Aqua. And, in other news, all South Koreans are about to become one year younger, & more! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw273
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: The amazing Yahoo! News story on the former CIA director's awesome brainwaves Hostage diplomacy pays off for Huawei CFO NSA releases great guidance on VPN security Microsoft has actually hired a cybersecurity executive Much, much more This week's show is brought to you by Material Security. Material's co-founder Ryan Noon will be along in this week's sponsor interview to talk about smarter ways to do email retention and destruction. They have a product that interfaces with your mail provider's API – whether you're on Google Workspace or O365 – to do things like archive and redact email, and they're finding their customers are using these features to actually implement retention email strategies. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Kidnapping, assassination and a London shoot-out: Inside the CIA's secret war plans against WikiLeaks The Yahoo Story about All the Things CIA Wasn't Allowed to Do Against WikiLeaks - emptywheel Controversial Maricopa "Audit" Concludes that Biden Won by More Votes Than Previously Reported - by Kim Zetter - Zero Day China played dirty to get Huawei's 'princess' back — too dirty even to tell its own people - ABC News Newly-formed international alliances vow to improve cybersecurity, in moves China sees as affront EU formally blames Russia for GhostWriter influence operation - The Record by Recorded Future Suspected Chinese state-linked threat actors infiltrated major Afghan telecom provider - The Record by Recorded Future US deports highly-prized hacker back to Russia - The Record by Recorded Future He Escaped the Dark Web's Biggest Bust. Now He's Back | WIRED NSA, CISA publish guide for securing VPN servers - The Record by Recorded Future The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous Biden administration officials push Congress to shape breach reporting mandates Ransomware Isn't Back. It Never Left | WIRED CISA, FBI, NSA warn of increased attacks involving Conti ransomware Major European call center provider goes down in ransomware attack - The Record by Recorded Future Exposed ransomware negotiations shed light on cybercrime, but complicate things for victims State-sponsored hacking group targets Port of Houston using Zoho zero-day - The Record by Recorded Future Russian missile fuel maker targeted with recent Office zero-day - The Record by Recorded Future Former AWS veteran Charlie Bell to head cybersecurity ops at Microsoft | Reuters Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials - The Record by Recorded Future New Azure Active Directory password brute-forcing flaw has no fix | Ars Technica Microsoft adds novel feature to Exchange servers to allow it to deploy emergency temporary fixes - The Record by Recorded Future Apple ‘Still Investigating' Unpatched and Public iPhone Vulnerabilities Disclosure of three 0-day iOS vulnerabilities and critique of Apple Security Bounty program / Habr Apple patches iOS and macOS zero-day exploited in the wild - The Record by Recorded Future New iCloud Private Relay service leaks users' true IP addresses, researcher claims | The Daily Swig Lithuanian government warns about secret censorship features in Xiaomi phones - The Record by Recorded Future VMware vCenter deployments under attack as enterprises urged to update systems | The Daily Swig Developers fix multitude of vulnerabilities in Apache HTTP Server | The Daily Swig Google finds adware strain abusing novel file signature evasion technique - The Record by Recorded Future Device ‘breakage' concerns persist days before Let's Encrypt root cert expiry | The Daily Swig Meet TruffleHog – a browser extension for finding secret keys in JavaScript code | The Daily Swig #RomHack2021 - Dirk-jan Mollema - Breaking Azure AD joined endpoints in zero-trust environments - YouTube
Continuing our series in 1 John, John's warning about the traps that the family of God can fall into that can make us ineffective for God's work and enslaved despite our freedom in Christ.
Ryan Noon is the CEO of Material Security. This interview was also recorded as a video podcast. Check out the video on the Software Daily YouTube channel. Sponsorship inquiries: sponsor@softwareengineeringdaily.com
Ryan Noon is the CEO of Material Security. This interview was also recorded as a video podcast. Check out the video on the Software Daily YouTube channel. Sponsorship inquiries: sponsor@softwareengineeringdaily.com The post Material Security with Ryan Noon appeared first on Software Engineering Daily.
Ryan Noon is the CEO of Material Security. This interview was also recorded as a video podcast. Check out the video on the Software Daily YouTube channel. Sponsorship inquiries: sponsor@softwareengineeringdaily.com The post Material Security with Ryan Noon appeared first on Software Engineering Daily.
Ryan Noon is the CEO of Material Security. This interview was also recorded as a video podcast. Check out the video on the Software Daily YouTube channel. Sponsorship inquiries: sponsor@softwareengineeringdaily.com The post Material Security with Ryan Noon appeared first on Software Engineering Daily.
On this week's show Patrick Gray and Adam Boileau discuss recent security news, including: Our take on the REvil attack against Kaseya customers Microsoft's print spooler bug is a real worry Reports the RNC breached by Russia's SVR NSA snaps GRU brute forcing efforts Much, much more This week's show is brought to you by Material Security, a very interesting startup that has a completely different take on what email security actually is. Material's co-founder Ryan Noon will be along in this week's sponsor interview to talk about the cool stuff they're doing on the analytics side. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Why the Kaseya ransomware attack has experts worried White House rebukes ransomware gang as number of apparent REvil victims remains uncertain - CyberScoop Patrick Gray on Twitter: "https://t.co/ppGlxTu4CL" / Twitter Hackers behind holiday crime spree demand $70 million, say they locked 1 million devices Kaseya zero-day involved in ransomware attack, patches coming - The Record by Recorded Future Supermarket chain Coop closes 800 stores following Kaseya ransomware attack - The Record by Recorded Future REvil ransomware gang executes supply chain attack via malicious Kaseya update - The Record by Recorded Future Researchers accidentally publish 'PrintNightmare' Stuxnet-style zero-day - Security - Software - iTnews Russia still using 'brute force' to break into computer systems Republican National Committee Hack: Russian Cozy Bear Group Breached Computers - Bloomberg Chinese cyberspies targeted the Afghan National Security Council - The Record by Recorded Future Mongolian certificate authority hacked eight times, compromised with malware - The Record by Recorded Future Israeli charged in global hacker-for-hire scheme wants plea deal -court filing | Reuters A new ‘digital violence' platform maps dozens of victims of NSO Group's spyware | TechCrunch Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress Dutch police takes down DoubleVPN, a service used by cybercrime groups - The Record by Recorded Future Gozi malware gang member arrested in Colombia - The Record by Recorded Future New charges filed against Capital One hacker, trial postponed to 2022 - The Record by Recorded Future Windows 11's Security Push Puts Microsoft on a Collision Course | WIRED Apps with 5.8 million Google Play downloads stole users' Facebook passwords | Ars Technica Microsoft Edge Translator contained uXSS flaw exploitable ‘on any web page' | The Daily Swig GETTR Is the Trump Team's Buggy, Leaky Twitter Clone Hackers Scrape 90,000 GETTR User Emails, Surprising No One Kaspersky Password Manager: All your passwords are belong to us | Donjon
Our special guest this week is Ryan Noon, CEO of Material Security. Material Security reduces the risks of email hacking. Email is an essential repository of sensitive content, the key to countless accounts, and the most ubiquitous business application. When attackers have multiple ways in, blocking messages is no longer enough. Material protects accounts even after they're compromised or harmful messages get through.Customers include Cloudera, Lyft, Sonos, PagerDuty, Databricks and others. The company is backed by Silicon Valley legends inside and outside the security community,and has raised venture capital from Andreessen Horowitz. Prior to Material Security, Ryan was the founder of Parastructure, which was acquired by Dropbox. Ryan is an angel investor, and holds a BS and Master's in Computer Science from Stanford.
Ryan Noon joins ESW team this week to chat through the significance of recent hacks (namely: SolarWinds and Hafnium), unpack growing enterprise demand for a “digital seatbelt,” and illuminate why Material takes a fresh approach to email security: building products with the assumption that bad actors will successfully hack inboxes. Segment Resources: https://material.security/blog/email-is-too-important-to-protect-like-a-tsa-checkpoint https://www.cnbc.com/2021/03/09/microsoft-exchange-hack-explained.html This segment is sponsored by Material Security. Visit https://securityweekly.com/materialsecurity to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw223
Houses represent life areas in your birth chart giving the particular importance how the sign and planets manifest itself. In this episode, we discuss what Houses are and touch first 3 Houses.P.S: still slightly sick, sorry for the Gremlin voice :)Podcast NotesGET YOUR BIRTH CHART FOR FREECostaAstrology https://www.costarastrology.com/natal-chart/Simply put the necessary details and you are ready to go.STYLISH BIRTH CHARTSIf you want something more fancy and beautiful CLICK HEREJOIN THE INSTAGRAM @_mysticbabe_ or just CLICK HERE.