The Cyber Why: What We Read This Week...
... and why you should too! (1/6/2023)
Welcome to the new year! 2023 is here and in full swing. I had to do a bit of travel this week so I wasn’t able to get as much reading and research done as I would have liked. That’s the bad news.. however, here’s the good news! In the two days after the new year, The Cyber Why saw a 15% jump in subscribers. To all those that are new, welcome, and to those that helped grow The Cyber Why with referrals I am forever indebted.
In this week’s newsletter I want to specifically call out the articles by Frank Wang of Frankly Speaking, Mike P from Return on Security, and the piece by Tomasz Tunguz. These people are creating very valuable research with well backed thesis and ideas. If you read just a couple of pieces this week these are ones to check out. Now on to this week’s content!
(PS: I was in a super rush when writing this.. so sorry if there are typos this week!)
5 Cybersecurity Predictions for 2023 (Frankly Speaking)
I wasn’t going to cover predictions in The Cyber Why this year as I think they are largely inaccurate and nobody goes back to check how well we did at the end of the year making them a total waste of time. However, I read through this one by Frank Wang, author of Frankly Speaking and Staff Security Engineer at dbt Labs, and found it to be really on point. Frank predicts that 2023 will see the rise of the security engineer (which I also wrote about back in 2018), a growth in cyber security services, smaller security budgets yet more tools purchased, and significant consolidation via security M&A. I can’t wait to see how accurate he is come the end of the year!
Slack’s Private GitHub Code Repo Stolen Over Holidays (BleepingComputer)
In what appears to be a recurring theme, slack has been the victim of a hack resulting in the loss of at least some of their private source code. Source code is a highly prized target for hackers especially when the victim is a vendor of a product that is used in nearly every enterprise world wide. Grab the code, find some zero day, profit.. seems easy these days.
Forecast: Cybersecurity Likely To See Valuation Cuts, But Demand Still Strong (Crunchbase News)
This article is a mish-mosh of a bunch of different quotes and thoughts. Not very well written but still interesting to take the data points and consider them analytically one at a time. Again it’s a bit “predictive” in nature for 2023, but the people quoted are very smart people who have good insight into what’s going on in the funding of cyber security companies. Worth the read (even if you don’t read it straight through).
The State of Cybersecurity in 2022 and Trends and Predictions for 2023 (Return on Security)
I’m officially a hypocrite. I said I wouldn’t write about predictions and trend reports, but this one is amazing. Mike P is a wicked smart guy who runs the “Return on Security” newsletter. He did a very in depth report from a non-vc, buyers eye view covering the future of the cyber security universe. He discusses API security, no-code, managed services, information warfare, automation, threat detection and more. He leaves no stone unturned in this lengthy but excellent read!
Twitter Whistleblower Zatko Lands New Job at a Security Consulting Firm (Washington Post)
It looks like the artist formerly known as “Mudge” has landed a new gig. After a very public tiff last year with the Twitter executive staff and board, Mudge has found himself employed as “Executive in Residence” at Rapid7. He will be tasked with working with Rapid7 customers who are hungry to learn how to evaluate their investments in cyber security. I’ve heard through the grapevine that this is one of a few different gigs he’s going to hold at once as he comes back into the forefront of cyber.
Venture Firms’ Strategy of Holding Stocks for Longer Backfires During Market Rout (WSJ)
The great Warren Buffett once said that it is wise for investors to be “fearful when others are greedy, and greedy when others are fearful.” It looks like venture firms should have paid attention to Warren in the last 12 months as they have taken a sharp down turn due to a “HODL at all costs” post IPO strategy. As the market has been crushed so has the return to the venture LPs.
The Startup M&A Market Fell 94% YoY - But One Segment is Thriving (Tomasz Tunguz)
When I first looked at the graphs supplied by Tomasz in these posts I thought maybe he just didn’t include the last month of data. In reality it was that much of a decrease that it looks visually in the picture like M&A levels literally went to zero.
After the reading the piece I realized that it’s not quite THAT bad but it’s pretty damn close. US startup M&A market in Q4 2022 droped 94% year over year. The most since 2000! Read the rest of the post for a deeper analysis and some other crazy cool stats.
Turning Google Smart Speakers Into Wiretaps for $100k (Down Right Nifty)
So cool! This guy got $107,500 USD from Google by responsibly disclosing security issues in the Google Home smart speaker. He was able to get the system to install a backdoor account on the device which enabled him to send commands to it remotely over the internet. He could access the microphone feed, make arbitrary HTTP requests, and could even steal your grocery list (ok I made that last one up /shrug). Overall, a really cool idea and write up of an ingenious hack.
10x your productivity with ChatGPT (Data-Driven VC)
I haven’t been this excited for a new technology in a long time. I have been watching for a decade now as the AI/ML bullshit meter never got lower than 10/10. It wasn’t until the release of ChatGPT that I finally felt AI has a real chance of providing value to customers. Check out this awesome list of ways that you can use ChatGPT to increase your efficiency as an investor. With a very minor leap, the concepts here can also be applied to any real life workflow.
If you’ve made it this far you either found my musings at least semi-entertaining OR you enjoy pain and kept going regardless. No matter how you made it to this point, you should know that I appreciate you. Please do me a solid and share The Cyber Why with your friends. I would love to reach a bigger audience and referrals is how I’ll do it. Help me out and I’ll see you next week!