Cyber Security: Machines, Mankind, and Bored Apes

Trends and Innovation in Cybersecurity

Aug 28, 2022

Want the pulse on posterity? You’ve found your groove: Welcome to Future Beat.

Hi everyone 🥁!

Common words are big markets: words that humans have said forever and wherever (i.e. through time and across geographies) are meaningful innovation/investment categories.

“Protect” is a common word— and massive market. Protecting bodies = health tech; protecting resources = climate tech; protecting states/nations = defense tech (and so on). The recent Twitter snafu, which Senator Dick Durbin labeled “dangerous data privacy and security risks,” underscores the top-of-mind “protect-tech” category: cybersecurity.

Here is the beat on cyber, as I see it. Drum roll please 🎶…

As always, scroll to bottom for amazing jobs at amazing startups.

Cyber’s critical ratio: Machines to Humans (“M:H” Ratio)

A brilliant professor of Political Economy once taught me “always take note of critical ratios.” Ratios reveal opportunity frontiers. For example, if a town of 50,000 people has only 1 dentist, then 50K:1 tells you it’s time for another dentist to open up shop.

Think about one very critical ratio: the number of Machines to Humans (M:H). Consider the number of “machines” you have — phone(s), computer(s), watch, washing machine, TV, dishwasher, car, etc. I count ~23 in my NYC apartment. Accel Partners estimates the number of machine identities to human identities is ~20:1 worldwide.

What I call the M-H ratio, or cyber’s critical ratio, reveals a seismic skewness of machines over mankind. The M-H ratio highlights a vulnerability that is the bad actor’s opportunity frontier.

Defend the Crown: Government Cyber Spending

The private sector has been “all over” cyber for some time now. According to Morgan Stanley’s 2021 CIO Survey, security software was the fastest-growing category of spending (above AI&ML, CRM, Data Analytics, etc). Further, Indeed.com shows that IT jobs are the #1 fastest growing industry, driving $298B in cybersecurity spending by 2027 (Statista).

Now government is spending big, too. There was the Executive Order last summer announcing “significant investments in order to defend the vital institutions that underpin the American way of life.”

If you need more data points, here’s one that might shock you. The U.S. government got into the gaming business just to convey cyber’s importance. The U.S. Department of Homeland Security subtly published a gaming app “Defend the Crown.” The goal? Teach citizens cybersecurity “101.”

“Cyber ninjas are trying to raid your castle and steal your valuable secrets! You must stop them at all costs when you play Defend the Crown.”

Win a level and you win lesson in cyber (use antivirus protection, make passwords strong, etc).

The department that published the game— the Cybersecurity and Infrastructure Security Agency (aka “CISA”)—had one of the biggest step ups in YoY budgetary spending. Last summer, the Appropriations Committee proposed a $2.42 billion operating budget for CISA in FY2022, a $397.4 million increase – or about 16% – from the enacted FY2021 budget.

This flow of enterprise and government dollars affirms the now obvious: cyber security is paramount to personal, communal, corporate, and national security.

The Root Cause of Breach: Humans (i.e. us)

If technology responds to shortcomings, what then is the root cause of cyber attacks? A surprising fact that you will hear from many cyber entrepreneurs is that the most common “cause” of a hacking is simple human error (or negligence, misplaced trust, etc). While Hollywood impressions us with maniacal, savant hackers breaking into mainframes with advanced coding skills, in fact most unauthorized access comes via straightforward but creative conning. The cyber criminal is not the criminal that breaks in middle-of-the night via skylight with blueprints, ropes, drills, and lasers in hands; in reality, the cyber criminal comes in like a Trojan Horse and knocks on your front door at noon as a “friendly neighbor,” their malevolence guised as benevolence.

With (1) a favorable M-H Ratio and (2) all kinds of incentives (wealth, power, fame), hackers have evolving playbooks for duping us all. TikToker and “Good Knight” hacker @malwaretech gives a glimpse into how cyber criminals pretended to be Apple’s Support Team and stole $650k in NFTs and crypto.

@malwaretech Oh no, my apes! They’re stolen! 😂

No one is safe. The NFT (Bored Ape #8398) that hackers stole from comedian Seth Green reminds us of cyber’s growing sophistication. We are all getting duped. There are now “darkweb” marketplaces selling logins for hacked PayPal accounts (chart via Comparitech).

Data Privacy is Like Kale: An Inflection Point

A founder (Rob Thelen of Rownd.io) said to me recently “Data privacy is like Kale” — we all know it’s good for us, we just don’t always want to buy it. That feels true to me. Securitizing our digital lives is like maintaining hygiene— brushing our teeth, hitting the gym, eating well. It’s categorically unlike innovation categories that enrich or optimize our lives (the way crypto tugs our financial heart-strings or digital media triggers social belonging). Humans tend to treat the nice-to-haves as need-to-haves, and the need-to-haves like nice-to-haves. This is very true in cyber security; the biggest change though is that it is now flipping from an option to a necessity.

Startup innovations: The 3 “I”s

In my (relatively green) view, most all cyber innovation happens in three areas: (1) Identity (2) Internet Environments, and (3) Intelligence. Specifically:

Identity: anything having to do with user logins, authentication, and access to internet environments (this is also commonly called “Identity & Access Management,” or IAM. Put another way: tech confirming you are who you say you are, and that you are where you should be.
Internet environments: anything protecting A) Internet destinations where users gather and B) the data users generate in those environments. Generally, “protecting” means monitoring, detecting, and preventing unauthorized access, misuse, and modification— not only of core content of internet environments, but also data generated within them. More specifically, these internet environments include, for example, Network Security, Website Security, Email Security, Cloud Security, Database Security, and Endpoint/BYOD security.
Intelligence: I see intelligence as an infrastructure layer mostly about A) Security Analytics, or insights informing threat prevention and mitigation. Occasionally, these innovations can take the form of a cybersecurity suite— a platform that provides security horizontally across the Identity-to-Environment value chain, as well as vertically among protocol layers. Additionally, Intelligence is about B) Training, or leveling up users to be smarter on cyber, as well as C) Compliance, and knowing that your systems meet regulatory requirements.

These “3 I’s” — far from a robust framework suitable for much-smarter cyber-specialist investors — help me make sense of a complicated space. This framework also helps make space for innovation happening in discrete sectors (e.g. there are startups specializing in securing healthcare data).

Before closing, I wanted to shed a light on just a few newcomers (i.e. companies founded in the last few years), who are innovating in the space. Props to these startups for building solutions in the M-H Ratio opportunity frontier.

Identity:

Persona - Identity: Customer Verification - Cloud-based identity verification solutions provider
Magic - Identity: Passwordless Authentication - Cloud-based solutions for passwordless authentication
Rownd - Identity: Contextual Authentication - Authentication elimination
Aceiss - Identity: Zero Trust - Offering zero trust remote access solutions

Internet Environments:

Fireblocks - Internet Environments: Blockchain Security - Financial solutions for cryptocurrencies
TRM - Internet Environments: Blockchain Security - Digital asset compliance and risk management solution for cryptocurrency
Bionic - Internet Environments: Cloud Security Platform - offering configuration management software
Tausight - Internet Environments: Data Security - AI and cloud-based platform for healthcare data protection
Nightfall - Internet Environments: Data Security - Artificial intelligence-based data security solution for the cloud
Abnormal Security - Internet Envrionments: Email - SecurityCloud-based email security solution

Intelligence:

StackHawk - Intelligence: Security Testing Platform - offering security testing software
Strike Graph - Intelligence: Compliance Detection - Provider of security compliance and audit services

This is an emerging framework— so I would love your input, especially from those who know a lot more than me on cyber.

That’s it for this week, as always— amazing companies hiring below!

Pete

****

Jobs! (sorted by “Word”)

Want to build the future or have a friend who does? Here’s your launchpad:

Build. Oliver Space (room design) job openings

Build: PixieBrix (low code/ no code) job openings

Play. Carry1st (mobile gaming) job openings.

Buy. Faire (marketplace) job openings.

Health. Miga Health (heart health) job openings.

Health. Ribbon Health (health data) job openings

Health. Oula (personalized pregnancy) job openings

Learn. Hellosaurus (education) job openings

Move. Lightship (electric vehicle) job openings

Protect. Kodama (forest management) job openings

Protect. StrikeGraph (cyber auditing) job openings

Pay. Topi (digital payments) job openings

Wear. Archive Resale (peer-to-peer resale) job openings

Work. Gloat (future of work) job openings

Work. One Schema (automation) job openings

Know someone hunting for a job? Share the job board and post

Don’t miss a beat—subscribe.

Rock on 🤘,

Pete

FUTURE BEAT

(views are Pete’s / only Pete’s)

Future Beat gives periodic insights on “common words” and how they’re changing:

Future Beat