The Cyber Why: What We Read This Week...
... and why you should too! (11/8/23)
Welcome back to another edition of The Cyber Why! There are tons of hacks to report this week, a dire prediction of Unicorn deaths on the horizon, SBF gets what he deserves, a light-hearted piece on cybersecurity caricatures, and Palo’s push toward cyber-nirvana! Read on, and please comment to let us know what you think. We would love to hear from you.
Side Note: I am heading to Washington, DC, next week for the Forrester Security and Risk Summit. If you will be in town, please let me know. I’d love to buy you a drink! You can get me on my Twitter (@txs) or leave a comment here, and we’ll link up!
Sponsor The Cyber Why, a thriving blog intersecting technology, business, and cybersecurity. Connect with 3000+ subscribers, including CISOs, founders, executives, and tech enthusiasts keen on market trends and investment insights through a cybersecurity lens. Secure your sponsorship slot in our weekly digest, aligning your brand with industry thought leaders.
Subscribe and meet me at the Forrester Security and Risk event in DC next week!
The Light At The End Of The Tunnel Is A TRAIN!
No Way Out: The Changing World of Cybersecurity Exits (Strategy of Security)
Late-Stage Startups May Be Forced to Shut Down Without VC Funding (Business Insider)
Using an analogy that takes you back to your childhood, author Cole Grolmus from Momentum Cyber demonstrates a deep understanding of what’s really happening in the cybersecurity exit market. He paints a grim picture of being the last kid left standing in a game of musical chairs, equating this to what is happening to cybersecurity companies this year. For many cyber companies, there really is “No Way Out.” According to his research, cybersecurity currently has 54 MORE companies valued at $1B or higher than its entire history of exits at this valuation! There are 82 cyber unicorns today. This is more than the industry’s history of IPOs and $1B strategic acquisitions combined. In other words, if you can’t get yourself profitable before you run out of money, you are a ZOMBIECORN!
VCs are going to continue to be stingy with their capital, leaving nearly 51,000 startups in search of cash and precious VC time in a Hunger Games-esque competition for the rest of the year, and potentially well into 2024. (Business Insider)
The path to a successful exit no longer exists at the expectations you once had, and if you don’t take the time to readjust your reality, you could be the kid left standing when all the chairs have been removed.
Orange is the New Black for SBF
(Rick Pick) Last week, after a very short deliberation, the creepy and weird Sam Bankman-Fried was found guilty on all seven criminal charges associated with his theft of $8 BILLION from FTX customers. He could be on the hook for a 115-year prison term. OH MY! We will have to wait for sentencing on March 11th to learn the length of his prison time. His conviction is a positive step, but what is needed is getting the recovered FTX funds back into the hands of FTX customers as soon as possible. I don’t think prison will be a delightful experience for this white-collar tech-bro criminal.
Let’s Not Take Our Roles Too Seriously
Caricatures of Security People (Phil Venables)
(Rick Pick) Phil Venables, who always puts out good content, wrote this fun piece on the "variety of roles and people" across the security industry. He identifies sixteen different roles and has a bit of fun with some common stereotypes. Being a former Industry Analyst (Forrester), this comment really hit home: "Isn't happy until they invent a product category name they can call their own, even if it makes little sense to anyone else and it's really just an amalgam of other product categories." Also, I've recently transitioned into a Field CISO role, so this is another one that spoke to me. "A former CISO who wants to keep the CISO title without feeling the need to be called at 3 a.m. ever again." Check out the link and see if the text around your title is accurate!
Tyler’s Note: The only thing more disturbing than seeing your title in here and having the text hit home is being me and realizing that you’ve been nearly half of these in your career, and they are all spot on!
A Week of Hacks - It’s Getting UGLY Out There
We used to try to cover one hack each week here on The Cyber Why. One that would be the most pertinent to our readers. Due to sheer volume, this week, we will try something different and give you the raw article list of hacks that we heard of. I’m sure we’ve missed a few, but with the list including Boeing, Sumo Logic, Ace Hardware, LinkedIn, and Atlassian, I imagine there is plenty of “oh shit” to go around. Hopefully, the volume drops off quickly, and we can feel a bit safer out there.. but until then, here’s the list!
Boeing (BA) Website Selling Parts, Software Hit With Cyberattack (Bloomberg)
Hackers, Scrapers & Fakers: What's Really Inside the Latest LinkedIn Dataset (Troy Hunt)
Ace Hardware hit in cyberattack, CEO confirms (The Register)
Atlassian hit by Chinese state-linked hackers (afr.com)
Sumo Logic discloses security breach and recommends customers rotate credentials (securityaffairs.com)
Cyberattack takes down one of the largest mortgage lenders in the US (Tech Radar)
Data + ML/AI + Automation = NIRVANA
While I hate that we have to endure yet another acronym (XSIAM) I am excited about this technology and what it could mean for cybersecurity efficacy in the future. Cybersecurity of the future can be broken down into three questions:
What platform gets access to the deepest and broadest set of data?
Who can create an automated system to find the specific things that need to be found in that data without the overhead of human resources? This is also known as who has the best AL/ML capabilities.
Who can create the most actionable intelligence and automate the remediation of issues in the most automated and effective way?
Palo Alto Networks claims they can do this and more with their XSIAM platform as they are rapidly displacing SIEM vendors in massive deals. The original goal at PANW was to get to $100M in bookings for the new solution in 12 months - they exceeded this goal and got to $200M in only three quarters! The battle between Cisco / Splunk and Palo Alto Networks is well underway, and if this data is representative of the future, I think we can predict a winner.
Quick Hits and Hidden Gems
Learn With Me (Chamath Palihapitiya) - This is pretty much the same approach to learning and documenting I use. I’ve been a bit lazy on the deep dive write-ups, but I hope to restart those soon. Also - my essays are 100% free!
Our Personal AI Assistants Will Soon be Our Interfaces to the World (Unsupervised Learning) - Daniel blows my mind again. Just think of the influence models we must create to build AI to AI-based marketing. God help us!
Announcing Grok (X) - Oh boy. A version of AI modeled after The Hitchhikers Guide To The Galaxy that is only available to verified X users and trained on the dumpster fire that is formerly known as Twitter. FAIL++ (Wired Linked Here)
Putting the emPHASis on the wrong sylLABle (Bryce Roberts) - I love the Indie.vc idea. Accurate predictions from Bryce in 2015 have come true.
WeWork files for bankruptcy (CNBC) - I’ve also heard rumors that it may be saved from the ashes by some high-profile investors. We shall see!
Cybersecurity talent shortage: not the lack of people, but the lack of the right people (Venture In Security) - Ross kills it again—no need to introduce this one.
Prioritising Security Vulnerabilities with EPSS (ITNEXT) - How to use The Exploit Prediction Scoring System (EPSS).
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!