The Cyber Why: What We Read This Week...
... and why you should too! (12/8/23)
TCW is only two days late this week! Not bad, considering I’ve been in SF, Boston, and Raleigh in the last four days. I’m happy to be home and ready for a relaxing weekend. So with that.. here’s the news that’s fit to print!
This week in The Cyber Why, we cover my thoughts on the new wave of transparent marketing (tl;dr it won’t work), former X cybersecurity exec sues the firm for putting him a real tough spot, some significant research on the cyber landscape, and the evaluation of “cybersecurity estates,” Google releases Gemini AI to the Pixel 8 PRO essentially telling ChatGPT to “Hold my BEER!”, and finally some exciting research on the potential cyber IPO landscape of 2024.
Now it’s time for a glass of Bourbon. I hope you enjoy the newsletter.
Are we using that SaaS app that was just breached?
This seems like a simple question to answer, but the decentralized, sprawling nature of SaaS adoption makes it a real challenge to really know who is using what, and to understand the possible implications when a popular SaaS app is breached. Until now.
Nudge Security discovers and categorizes every SaaS or cloud app ever created by anyone in your organization. Full stop.
The best part? A full inventory of your existing SaaS and cloud accounts is available within minutes of starting a free trial, and your inventory will be continuously updated as new accounts are created. Try it free
Cyber Marketing - Do the old AND the new!
Cybersecurity marketing: in need of fundamental change (Venture In Security)
How Modern Technology is Rewriting the Rules of Marketing (Entrepreneur)
For those who don’t know, I’ve had the luxury of being CMO at multiple cybersecurity startups. I’ve lived the problems that this thoughtful article articulates from both the buyer's and the seller's side of the issue. The article discusses why standard go-to-market methods in cyber security are failing the customers and what the authors think will fix the problem. While there is a bit of “grumpy CISO echo chamber” content in here, I think the ideas and concepts are very well articulated, and
and do an excellent job of helping you think critically about designing your go-to-market strategy.Buyers are slammed with too much direct marketing from a highly fragmented and crowded global cybersecurity market. Thousands of companies with tens of thousands of products all vying for your attention as a buyer is bound to irk some folks. However, when you read the article, please don’t take the output as a “stop doing this” and “start doing this” recommendation - if you do, you’ll likely kill your startup’s growth. Read the article, think critically about how you can improve, and apply both traditional go-to-market methodologies and the new ones preached in the piece. If you use your brain, measure your results, and iterate fast, you’ll find the best way to market and succeed.
Alternatively, call me, and I’ll throw a free one-hour marketing strategy session your way!
Fight Back or GTFO - A Tough Decision
Ex-Twitter exec claims X fired him for raising security concerns (Axios)
Almost 50% of organizations plan to reduce cybersecurity headcounts (CSO Online)
This article is interesting, not so much because X CEO Elon Musk made questionable decisions resulting in undue risk to the platform's cybersecurity, but instead how the people responsible for security were forced to react to the actions. In this case, Alan Rosa, former Global Head Of Security, Information Technology and Privacy at X was terminated and is now suing his former employer.
Rosa claims in the complaint, filed in New Jersey federal court, that he was directed to cut the physical security budget by 50% after it had already been cut 50% and then shut down software that "enables Twitter to share details with law enforcement globally regarding time-sensitive and important legal matters."
Given recent similar issues with other former CISOs, I’m surprised that the termination or resignation of security leaders in the face of decreasing spend and increased risk isn’t more frequent. In the era of technology companies being squeezed and executing massive layoffs, I would expect more of these issues to be commonplace.
The Big Four Buckets - Will There Be MORE?
The Endless Pursuit of the Ecosystem (Strategy of Security)
This article from Strategy of Security delves into the complexities of the cybersecurity ecosystem and the market definitions that plague sellers and buyers alike. The author embarked on a two-week project to update their cybersecurity ecosystem mapping, which hadn't been revised in over two years. This endeavor wasn't aimed at simplifying the industry but rather to develop a comprehensive and accurate taxonomy of cybersecurity markets.
The author identifies the emergence of "cybersecurity estates" – critical sectors within the cybersecurity ecosystem. Four major estates are highlighted: Application Security, Identity Security, Infrastructure Security, and Security Operations. These sectors not only host a significant portion of the public companies and invested capital in cybersecurity but are also central to strategic activities in the field. The author also notes the potential for other sectors, such as Governance, Risk, and Compliance, to become significant estates due to new regulations and evolving market dynamics. Finally, the piece touches on how some companies, including big tech conglomerates and pure cybersecurity firms, are transcending these estates by operating across multiple sectors and achieving substantial revenue, thereby shaping the future cybersecurity landscape.
This is a mandatory read for CMOs who have to spend time positioning products for a living.
Hey ChatGPT - HOLD MY BEER!
Gemini - Google's Mother of All AI Models (Tech and Nonsense)
As a die-hard member of the Google phone fan club, the arrival of Google's Gemini AI model on the Pixel 8 Pro isn't just a big deal – it's like Google looked at the AI world and said, "Hold my beer." Gemini, with its Ultra, Pro, and the show-stealer Nano, is the Avengers of AI models. And with Nano cozying up in the Pixel 8 Pro, it's like having a supercomputer in your pocket – minus the need for a Hulk-sized pair of pants.
The Pixel 8 Pro isn't just another smartphone; it's like the Swiss Army knife of the digital age. New features like Summarize in the Recorder app and Smart Reply in Gboard are just the opening salvo. Gemini Nano promises on-device data security and offline intelligence capabilities. And with “Assistant with Bard” on the horizon, I'm half expecting my phone to start giving me life advice soon. So yeah, this is a glimpse into a future where my phone knows me better than I know myself. Let’s F’in GO!
IPO Predictions for 2024 - Axonius, Armis, Wiz
Cybersecurity IPOS (Richard Stiennon)
I love Richard’s writing. He has so much research and intriguing hidden gems of content that I feel as if I could highlight his work every week. His most recent piece of content lists the top seven cybersecurity companies primed for IPO. You never know when the market conditions and company state will be suitable for IPO, making predictions difficult. However, given the growth rates and presumably the correction from growth to profitability in most of these companies, I bet we will see many take off in 2024. My crystal ball of random predictions says that Armis, Wiz, and possibly Axonius will be highly successful exits in next year’s cycle.
Quick Hits and Hidden Gems
Microsoft Hires New CISO in Major Security Shakeup (SecurityWeek) - Movers and shakers this week - CISO and Deputy CISO are out, and new CISO Igor Tsyganskiy is in!
An ex-FBI agent explains how to recognize the power dynamics in a room (Fast Company) - I love doing this. Understanding the power dynamic in a room can get massive improvements in output. Read this for some 101 basics!
VC Firm OpenView Collapsed Because Two Senior Leaders Quit, Sources Say (Forbes) - UH OH! What do you do when you are sick of investing? Apparently, you run away and fold up shop, leaving your LPs high and dry. EEEP!
2024's Marketing Strategy Is No Longer About Brand DNA (Adweek) - What’s your company’s brand genome? Cyber firms could use some thought and experience in building a brand.
From Unicorns to Zombies: Tech Start-Ups Run Out of Time and Money (NYT) - This great article describes what’s happening as the ZIRP era ends. Zombiecorns are dying left and right, and cybersecurity is no exception.
Clouded Judgment 12.8.23 (Jamin Ball) - A great roundup of cloud-related publicly traded company metrics. A must-read for those interested in cloud securities trading.
Let Sleeping Dogs Lie (Eric Torenberg) - “The most effective people are principled in their actions and in what they can control, but flexible in how they see other people & situations that are out of their control.”
Research: Setbacks Can Actually Boost Your Career (HBR) - Understand what makes you passionate, and you will win. Use setbacks to reevaluate what gets you out of bed every day!
2024 Future Predictions from Lane Bess (LinkedIn) - I really like the “let’s stop assuming breach” prediction. I love the thoughts, Lane!
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!
So I am a huge fan of the Pixel 8 Pro too. Big fan of the 6 Pro and the 7 Pro before this one. I believe Google has been the clear leader in AI on mobile for several years now. Google Assistant vs Siri has always been a rout for Google. Cortana was (is, does it still exist anywhere?) a sad joke. The Summarize in Recorder feature just showed up as an update to the app yesterday for me, and I am hoping Assistant with Bard will arrive in January and become the most powerful/useful bit of Google's AI on the 8 Pro.
I'm also a big fan of the little bits of AI that make the phone a pleasure to use. Hold for Me is such a great idea, and Now Playing History is a ton of fun.
I'm going to write soon on the AI tools I use the most, and I how I use them heavily for work purposes and far more often on my phone than on a desktop / web app.