The Cyber Why: What We Read This Week...
... and why you should too! (08/29/23)
Israeli founders building notable companies, my thoughts on the ARM IPO and what it will mean to late-stage cyber liquidity, profound research on AI prompt injection, a likely shitty cybersecurity documentary, and lessons from one of the top angel and early-stage investors in the world are all covered in this weeks newsletter. Thank you to our most recent TCW sponsor Next DLP, for coming on board to support our writing. If you are interested in sponsoring TCW, click here. Now, let’s get on with the content!
Featured Sponsor - Next DLP
Stop Data Exfiltration & Expose Risky Behavior
The Reveal Platform by Next DLP instantly identifies risk, including malicious insider behavior, so you can quickly implement policies to secure sensitive data. You'll balance blocking with point-of-risk user training, all while your business keeps humming. Born and built in the cloud, it's data loss prevention at the heart of a modern security ecosystem. nextdlp.com
Israel Keeps Pumping Out The WINNERS!
Why Israel may become the winner in the global cybersecurity market, and what can make it fail (Ross Haleliuk - Venture In Security)
Why Israeli VC firm Team8 is eyeing growth investing even as the downturn batters startups (Termsheet)
Israel is RED HOT when it comes to cybersecurity startup success. It has been the center of attention for over a decade (or two) based on a solid reinforcing loop that keeps the money flowing to very hard-working, ambitious, and intelligent technology entrepreneurs. Additionally, the expectation of success is that you will give back to the Israeli founder community with your time, money, and expertise. I could go on and on about the advantages that Israeli-based cyber startups have right now, but it’s better to read Ross Haleliuk’s article linked above. As always, he really nailed it. Go, team Israel - let’s make the world a safer place!
ARM IPO and Wiz/SentinleOne Marriage
Cybersecurity Firm SentinelOne Explores Sale (Reuters)
Cybersecurity startup Wiz considers potential bid for SentinelOne (Reuters)
The Bear and Bull Cases For ARM’s IPO (TechCrunch)
Chip company Arm files for Nasdaq listing in IPO anticipated to be this year’s biggest (TechCrunch)
Oh man, things are heating up. ARM has filed its S1 and wants to go public as early as Monday next week. This IPO will be the bellwether IPO determining how the rest of the private markets go forward with IPOs for the next six to twelve months. My gut tells me the IPO will be highly successful, releasing pent-up demand for liquidity in late-stage privately held companies as we move into Q4. Simultaneous to the major IPO news, it appears that SentinelOne may choose not to wait that long and instead find a suiter to get married to. This makes a lot of sense as they have been struggling to get to profitability for a while now, and connecting them with a sales engine such as Wiz could really take both companies to the next level. Again, my gut says this deal never gets completed, but I have been wrong before. Let the cyber drama commence!
Real-World AI Attacks Described (Research)
Announcing PIPE: The Prompt Injection Primer (rez0)
Smashing The Stack for Fun and Profit (Aleph1)
Malicious input attacks of all kinds have been around forever. Command injection, web parameter manipulation, environment variable manipulation… pretty much anywhere that a system takes data in as a method of controlling process, and data flow is a vector for attack. Even the old-school “buffer overflow attack” is simply an input manipulation attack resulting in the corruption of a buffer in memory to allow the attacker to control execution flow (see Smashing the Stack for Fun and Profit by Aleph1). What I love about this article is it details where input can come from beyond just general prompting, what system capabilities and data flow can be controlled via injected malicious input, and specifically what the results of this class of attack can be. I highly recommend consuming this research if you are at all interested in what real-world attacks against LLMs and AI will look like very soon.
If you would rather read the PDF, click here!
Billion Dollar Heist - A Streaming Waste of Time?
Billion Dollar Heist | Official Trailer (YouTube Universal Pictures All-Access)
’Billion Dollar Heist’: The Wild Story That Should Have Us All Petrified (The Daily Beast)
Billion Dollar Heist (IMDB)
Why do cybersecurity and hacking-related movies always include the “man in the hoodie with a white mask?” In what may be a fascinating cyber-themed documentary, the trailer to the movie “Billion Dollar Heist” comes off to those of us with deep cyber backgrounds as yet another shitty and unrealistic portrayal of what really happens when hackers decide to attack. I’m still going to watch the film (streaming on Netflix), as I am very interested in the story, but why can’t we have something a bit more meaningful to attract people to the content? The Daily Beast piece doesn’t help with its FUD-style writing - I hope the movie isn’t a pile of hot garbage! (Click here for the “Featured Review on IMDB.. Spoiler alert - It’s NOT GOOD!”)
Take Lessons From A Winner - @JML!
Why Some VC Investments Work Out, and Some Don’t. What I’ve Learned (Jason M Lemkin)
Jason Lemkin is the founder of SaaStr, a social community of 500K+ SaaS founders and executives with over 3M views a month dedicated to sharing learnings on scaling SaaS businesses. He is an angel investor and VC with a fantastic track record of picking monster winners. This article goes through a number of things that he has learned over the years of investing, including both what has and hasn’t worked. Lessons in the article touch on CEO B.S. artists, following the momentum like everyone else, a CTO that can’t really build, and an inability to control burn rates. Of importance on the positive side is a discussion on how every massive success that he has invested in has had at least one “really, really rough year.” This little nugget alone should provide some level of anxiety reduction to today’s investors and founders. Check out the piece, I found it very informative!
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!