All right, Mike, welcome to unsupervised Learning.

All right, Mike, welcome to unsupervised Learning.

Hey, thanks for having me, Daniel.

Hey, thanks for having me, Daniel.

Very cool. So I've been wanting to get you on the show for quite some time, and we've been talking about doing it. I really love what you're doing over there on Return on Security. I kind of see you as, like, the Nate Silver or the 538 of, uh, the security industry. Like, you just kind of seem to know what's going on, and, uh, just really impressed with what you're doing. Can you tell us, um, about what? All you have, uh, sort of in the hopper and going on in different projects you're doing.

Very cool. So I've been wanting to get you on the show for quite some time, and we've been talking about doing it. I really love what you're doing over there on Return on Security. I kind of see you as, like, the Nate Silver or the 538 of, uh, the security industry. Like, you just kind of seem to know what's going on, and, uh, just really impressed with what you're doing. Can you tell us, um, about what? All you have, uh, sort of in the hopper and going on in different projects you're doing.

Yeah. Awesome. Uh, well, thanks for that intro. And, uh, and the kind words, too. I love that, uh, the concept of, uh, the 538. Um, you know, I really am just trying to at return on security, capture the entire industry, uh, of cybersecurity. Um, and I've, you know, through the years of working and I've seen a bunch of different variations of people looking at the industry from either a product centric kind of view or from an investment banking kind of view. Uh, or for like a public equities, like, you know, the big public companies that get traded and talked about a lot. Uh, but I've never seen anybody kind of pull it all together, uh, in a way that you can understand if you're not an investment banker. Uh, and so that was kind of one of the things I was trying to do return on security was to kind of catalog all these things, but speak for the voice of the practitioner, uh, and the CSO. And that's, that's kind of what led me to this. And just, um, most of my experience, uh, through security has been on the engineering side. So I was always kind of front and center with buying tools, deploying tools, operationalizing tools. Um, and I had a lot of opinions because of that. Yeah. So it just started, uh, kind of writing them down and, uh, capturing this stuff. And I thought, uh, maybe I can help other people understand this space better, too.

Yeah. Awesome. Uh, well, thanks for that intro. And, uh, and the kind words, too. I love that, uh, the concept of, uh, the 538. Um, you know, I really am just trying to at return on security, capture the entire industry, uh, of cybersecurity. Um, and I've, you know, through the years of working and I've seen a bunch of different variations of people looking at the industry from either a product centric kind of view or from an investment banking kind of view. Uh, or for like a public equities, like, you know, the big public companies that get traded and talked about a lot. Uh, but I've never seen anybody kind of pull it all together, uh, in a way that you can understand if you're not an investment banker. Uh, and so that was kind of one of the things I was trying to do return on security was to kind of catalog all these things, but speak for the voice of the practitioner, uh, and the CSO. And that's, that's kind of what led me to this. And just, um, most of my experience, uh, through security has been on the engineering side. So I was always kind of front and center with buying tools, deploying tools, operationalizing tools. Um, and I had a lot of opinions because of that. Yeah. So it just started, uh, kind of writing them down and, uh, capturing this stuff. And I thought, uh, maybe I can help other people understand this space better, too.

Yeah, that's really cool. So who is the main audience like the ICP here? You mentioned CSOs. That definitely makes sense. So security leaders, but would you say also like senior practitioners as well like technical people or what do you find. Yeah.

Yeah, that's really cool. So who is the main audience like the ICP here? You mentioned CSOs. That definitely makes sense. So security leaders, but would you say also like senior practitioners as well like technical people or what do you find. Yeah.

I would definitely say that. Definitely security leaders. Uh, and then a lot of the senior practitioners who are often the ones informing or advising the leaders on what to buy, what to what kind of direction to go in, what kind of strategy to put together. Um, and that I kind of made this also for me as I was missing kind of these aspects of what, uh, you know, the weekly newsletter could kind of give like, what's the market even look like right now? And what should I be thinking about ahead of time? Um, so I'd say that that audience of security people makes up about 80% of the audience. Um, the other 20% is actually a healthy dose of cybersecurity founders. Uh, they use a lot of it. What I produce is like market intelligence for themselves against competitors or whatnot. Um, and then a lot of the rest of that is also, uh, VCs or private equity funds, uh, who are also doing similar kind of market intelligence and trying to keep track of startups where they are in their journey and, you know, when they might want to raise more money.

I would definitely say that. Definitely security leaders. Uh, and then a lot of the senior practitioners who are often the ones informing or advising the leaders on what to buy, what to what kind of direction to go in, what kind of strategy to put together. Um, and that I kind of made this also for me as I was missing kind of these aspects of what, uh, you know, the weekly newsletter could kind of give like, what's the market even look like right now? And what should I be thinking about ahead of time? Um, so I'd say that that audience of security people makes up about 80% of the audience. Um, the other 20% is actually a healthy dose of cybersecurity founders. Uh, they use a lot of it. What I produce is like market intelligence for themselves against competitors or whatnot. Um, and then a lot of the rest of that is also, uh, VCs or private equity funds, uh, who are also doing similar kind of market intelligence and trying to keep track of startups where they are in their journey and, you know, when they might want to raise more money.

Yeah. That's perfect. I mean, I don't know how much that was an accident, but you really did create the best resource for all those different groups.

Yeah. That's perfect. I mean, I don't know how much that was an accident, but you really did create the best resource for all those different groups.

Well, thank you. It was kind of an accident, but, uh, just kind of was born out of, uh, just like, just trying a bunch of different things and getting some kind of outside help, uh, from friends who were in finance. Um, so I kind of wanted to make it sure that they could digest it, too. So I asked some friends who do, uh, investment banking or, uh, M&A activities and say, like, how do you normally want to see financial data or money data, things like that, like what makes sense? And then I kind of try to apply that in security. And uh, it was honestly a lot of luck to, uh, putting it all together.

Well, thank you. It was kind of an accident, but, uh, just kind of was born out of, uh, just like, just trying a bunch of different things and getting some kind of outside help, uh, from friends who were in finance. Um, so I kind of wanted to make it sure that they could digest it, too. So I asked some friends who do, uh, investment banking or, uh, M&A activities and say, like, how do you normally want to see financial data or money data, things like that, like what makes sense? And then I kind of try to apply that in security. And uh, it was honestly a lot of luck to, uh, putting it all together.

Yeah, I feel like it's really congealed over, like the last year or so, like where you kind of found that voice and you found the audience and you know what they are looking for. Yeah, really, really strong. So I guess I've got a number of questions for you. Um, but they all kind of have the same theme, which is what the hell has been going on? Um, like, so for like the last, I don't know, I can't even remember how long it's been. Is it like three years? Maybe three years, maybe a year and a half where. So, like, the economy is like. Or in cybersecurity specifically. We had a boom. I can't remember when the boom kind of, I guess the boom was post-Covid. It was it was like a post-Covid, like hiring boom. And then there was like all this excitement and sort of froth. And then at some point, um, there was like, just like the crash that came after that. Right. So how would you describe this? Like, it seems like you've got to be like the, the, uh, the expert here and one of the top experts in the world on this, and I'm trying to find out, of course, it's multivariate, but, like, what was this? Was this all the result of anti-Covid or over hiring from Covid? Or was it maybe pushed back on? Um. Uh, policies inside of companies being a little bit too pro employee. And companies are like, look, we only I've got like this theory of like, uh, the Alaskan fishing boat thing where it's like, I need absolute killers on this boat. Only the best. And like, if you say your ankle hurts, you can't come on the boat, right? Right. If if your priority is your family, you can't come on the boat. You want work life balance. You're not coming on my crew. And so I felt that happening at the same time. And I just I'm not as close to the data as you are, so I'm wondering what you think. Cause the boom caused the crash. And where are we now? Yeah.

Yeah, I feel like it's really congealed over, like the last year or so, like where you kind of found that voice and you found the audience and you know what they are looking for. Yeah, really, really strong. So I guess I've got a number of questions for you. Um, but they all kind of have the same theme, which is what the hell has been going on? Um, like, so for like the last, I don't know, I can't even remember how long it's been. Is it like three years? Maybe three years, maybe a year and a half where. So, like, the economy is like. Or in cybersecurity specifically. We had a boom. I can't remember when the boom kind of, I guess the boom was post-Covid. It was it was like a post-Covid, like hiring boom. And then there was like all this excitement and sort of froth. And then at some point, um, there was like, just like the crash that came after that. Right. So how would you describe this? Like, it seems like you've got to be like the, the, uh, the expert here and one of the top experts in the world on this, and I'm trying to find out, of course, it's multivariate, but, like, what was this? Was this all the result of anti-Covid or over hiring from Covid? Or was it maybe pushed back on? Um. Uh, policies inside of companies being a little bit too pro employee. And companies are like, look, we only I've got like this theory of like, uh, the Alaskan fishing boat thing where it's like, I need absolute killers on this boat. Only the best. And like, if you say your ankle hurts, you can't come on the boat, right? Right. If if your priority is your family, you can't come on the boat. You want work life balance. You're not coming on my crew. And so I felt that happening at the same time. And I just I'm not as close to the data as you are, so I'm wondering what you think. Cause the boom caused the crash. And where are we now? Yeah.

That's a great question too. And I think honestly, the the crash was building long before Covid happened. Um, if basically if you look after the Great Recession in 2008, uh, in the US, when the housing market at the first crash, uh, and it effectively recovered around 2012, 2013, that was a time at which interest rates had become very, very low to stimulate kind of growth in the economy that stimulated investments, um, outside of traditional banks. And so money was a effectively very cheap to borrow, which, yeah, venture capital loves startup founders love and that uh, that the old habits from early days of Silicon Valley and like the pre com bust era continued on. So it was uh, it was very easy to grow a company quickly. It was very easy to raise a lot of money quickly. It was very easy to scale. Um, it wasn't impossible to, to raise a couple hundred million dollars and then go IPO in this time frame, which is, you know, kind of the ultimate goal of, uh, you know, companies to raise venture capital money. Um, so all of those things played out across the entire industry, like, uh, not just cyber, but the entire set of industries. Uh, it just so happened, though, at the same time, tech had a, you know, a total run. Uh, they did really, really well as a general sector. And then cybersecurity did even better within the side, that small sector of tech. And it almost seemed recession, uh, recession proof in some ways. Um, and any time there was news funding went up or investments went up, any time there was a breach, investments went up. Anytime there's global conflict, investments went up. And so like, it kind of just kept happening in cybersecurity. Uh, and so there was really a good ten year or so period in cybersecurity where things were just as good as they could be. It could only go up into the right. Uh, and so a lot of people flocked to that. A lot of investments flocked to that, uh, a lot of people that would have put their money elsewhere, dumped it all in cybersecurity. Uh, some became specialists, some became just tourist investors who'd, you know, invest occasionally. Um, and then as you go up to Covid area, Covid era policies had to kind of reverse all of this low interest rate phenomenon that happened across the world. Uh, and each country took a different approach, but the US took a pretty hard approach. Uh, the US Federal Reserve, that is, took a hard approach on ratcheting interest rates way up to kind of slow down the possibility of having another recession or even a depression in some ways. Um, and since most of the money in the world invested in tech and cyber comes out of the US or originates in the US, uh, that hit the tech sector super hard and hit cybersecurity sectors very hard. Um, so imagine where you've raised, you know, a couple hundred million dollars over the past 3 or 4 years prior to about 2022 is when, uh, early 2022, when this happened. And then you might be worth $1 billion. You might be worth, you know, a couple billion dollars. But then now, because you've spent all this money and time and effort into growing kind of at all cost, as opposed to like growing a product market fit and growing like products in a way that people actually want to consume, not just to compete or winner take all. People are now left with like, wait, sales don't match what my valuation says. Sales don't keep up with the money I raise. And so there was a super hard reckoning, um, from a lot of things like operational efficiency became the name of the game. Um, so it was no longer enough to raise money. You actually had to, like, make money as a company, which, uh, kind of cracked me up thinking about it, but.

That's a great question too. And I think honestly, the the crash was building long before Covid happened. Um, if basically if you look after the Great Recession in 2008, uh, in the US, when the housing market at the first crash, uh, and it effectively recovered around 2012, 2013, that was a time at which interest rates had become very, very low to stimulate kind of growth in the economy that stimulated investments, um, outside of traditional banks. And so money was a effectively very cheap to borrow, which, yeah, venture capital loves startup founders love and that uh, that the old habits from early days of Silicon Valley and like the pre com bust era continued on. So it was uh, it was very easy to grow a company quickly. It was very easy to raise a lot of money quickly. It was very easy to scale. Um, it wasn't impossible to, to raise a couple hundred million dollars and then go IPO in this time frame, which is, you know, kind of the ultimate goal of, uh, you know, companies to raise venture capital money. Um, so all of those things played out across the entire industry, like, uh, not just cyber, but the entire set of industries. Uh, it just so happened, though, at the same time, tech had a, you know, a total run. Uh, they did really, really well as a general sector. And then cybersecurity did even better within the side, that small sector of tech. And it almost seemed recession, uh, recession proof in some ways. Um, and any time there was news funding went up or investments went up, any time there was a breach, investments went up. Anytime there's global conflict, investments went up. And so like, it kind of just kept happening in cybersecurity. Uh, and so there was really a good ten year or so period in cybersecurity where things were just as good as they could be. It could only go up into the right. Uh, and so a lot of people flocked to that. A lot of investments flocked to that, uh, a lot of people that would have put their money elsewhere, dumped it all in cybersecurity. Uh, some became specialists, some became just tourist investors who'd, you know, invest occasionally. Um, and then as you go up to Covid area, Covid era policies had to kind of reverse all of this low interest rate phenomenon that happened across the world. Uh, and each country took a different approach, but the US took a pretty hard approach. Uh, the US Federal Reserve, that is, took a hard approach on ratcheting interest rates way up to kind of slow down the possibility of having another recession or even a depression in some ways. Um, and since most of the money in the world invested in tech and cyber comes out of the US or originates in the US, uh, that hit the tech sector super hard and hit cybersecurity sectors very hard. Um, so imagine where you've raised, you know, a couple hundred million dollars over the past 3 or 4 years prior to about 2022 is when, uh, early 2022, when this happened. And then you might be worth $1 billion. You might be worth, you know, a couple billion dollars. But then now, because you've spent all this money and time and effort into growing kind of at all cost, as opposed to like growing a product market fit and growing like products in a way that people actually want to consume, not just to compete or winner take all. People are now left with like, wait, sales don't match what my valuation says. Sales don't keep up with the money I raise. And so there was a super hard reckoning, um, from a lot of things like operational efficiency became the name of the game. Um, so it was no longer enough to raise money. You actually had to, like, make money as a company, which, uh, kind of cracked me up thinking about it, but.

Yeah, let me let me jump in there real quick. So, um. I've heard. Uh, do you listen to Scott Galloway?

Yeah, let me let me jump in there real quick. So, um. I've heard. Uh, do you listen to Scott Galloway?

I have.

I have.

Yeah. Yeah, yeah. So he talks about this a lot. How? Um, I'm not sure he says it like this, but there's essentially, like, two phases or two different vibes that a company can be in, which is like this. Kind of like a fantasy phase where you disconnect fully from the underlying financial fundamentals and you're just kind of operating on, like you said, growth at any cost or just like this state of belief and hype, kind of like a crypto surge or something. And it has its own gravity and it takes on its own form. And he said the same thing you just did, which is at some point there is a reckoning. Eventually you're going to get back to somebody. Maybe it's like the replacement management team. They come in and they're like, hey, let's, um, let's do something crazy. Let's figure out how much money we're making and how much money we're spending. Right. Um, so so this is really interesting. So you have an underlying economic thing, which is kind of the biggest. Yep. Then you have maybe related to that, you have this, um, transition of a lot of these companies going for that other style of company where it's not super tied to the product itself. And the I think Scott calls it like the fundamentals, market fundamentals. Mhm. And then um, then you have Covid in addition, which is another disruptor. And it sounds like all those sort of combine and. To form the build up, but also to form the crash. Yep.

Yeah. Yeah, yeah. So he talks about this a lot. How? Um, I'm not sure he says it like this, but there's essentially, like, two phases or two different vibes that a company can be in, which is like this. Kind of like a fantasy phase where you disconnect fully from the underlying financial fundamentals and you're just kind of operating on, like you said, growth at any cost or just like this state of belief and hype, kind of like a crypto surge or something. And it has its own gravity and it takes on its own form. And he said the same thing you just did, which is at some point there is a reckoning. Eventually you're going to get back to somebody. Maybe it's like the replacement management team. They come in and they're like, hey, let's, um, let's do something crazy. Let's figure out how much money we're making and how much money we're spending. Right. Um, so so this is really interesting. So you have an underlying economic thing, which is kind of the biggest. Yep. Then you have maybe related to that, you have this, um, transition of a lot of these companies going for that other style of company where it's not super tied to the product itself. And the I think Scott calls it like the fundamentals, market fundamentals. Mhm. And then um, then you have Covid in addition, which is another disruptor. And it sounds like all those sort of combine and. To form the build up, but also to form the crash. Yep.

I think that's a great way to think about it. And you know it. Also, you look at broader tech kind of, uh, plays that happened so largely, uh, tech sectors copy like people or companies in the tech sector copy each other. If, if a Facebook or a Google or, um, a Microsoft makes a move to reduce headcount, many of them follow suit. The other big companies and then companies start reevaluating. Maybe we should do that too. Uh, maybe the investors certainly come knocking and they say, hey, wait a second, shouldn't you be more profitable or more operationally efficient? Let's let's drive that cost burn down. Uh, and so that also added into the effect as well.

I think that's a great way to think about it. And you know it. Also, you look at broader tech kind of, uh, plays that happened so largely, uh, tech sectors copy like people or companies in the tech sector copy each other. If, if a Facebook or a Google or, um, a Microsoft makes a move to reduce headcount, many of them follow suit. The other big companies and then companies start reevaluating. Maybe we should do that too. Uh, maybe the investors certainly come knocking and they say, hey, wait a second, shouldn't you be more profitable or more operationally efficient? Let's let's drive that cost burn down. Uh, and so that also added into the effect as well.

Yeah. It, it feels like both of those are super contagious. The, the getting away from fundamentals is super contagious. In the hype, and then the returning of fundamentals is also equally contagious. Everyone's like, hey, what are we doing? Like, I'm talking to Chuck and Sally over here, and, uh, they're both saying we should get back to the books and we should absolutely do that. It's like fashion trends almost.

Yeah. It, it feels like both of those are super contagious. The, the getting away from fundamentals is super contagious. In the hype, and then the returning of fundamentals is also equally contagious. Everyone's like, hey, what are we doing? Like, I'm talking to Chuck and Sally over here, and, uh, they're both saying we should get back to the books and we should absolutely do that. It's like fashion trends almost.

Yeah, that's a good way to think about it, too. Like what's in vogue versus what's not. Um, and a lot of it, as much as people want to you believe that, like, you know, the market is is based on data and science and, um, hard proof. A lot of times, a lot of us just feeling like even investments are a lot of feeling, um, a lot of times, which is why, um, not all investments, most investments don't return any money. Uh, so, like, that's, you know, there's you can't predict some of these things. So you have to go with a bit of underlying feeling and gut. And so that is contagious as well.

Yeah, that's a good way to think about it, too. Like what's in vogue versus what's not. Um, and a lot of it, as much as people want to you believe that, like, you know, the market is is based on data and science and, um, hard proof. A lot of times, a lot of us just feeling like even investments are a lot of feeling, um, a lot of times, which is why, um, not all investments, most investments don't return any money. Uh, so, like, that's, you know, there's you can't predict some of these things. So you have to go with a bit of underlying feeling and gut. And so that is contagious as well.

Um, yeah. Interesting. So what are some of the other trends that you're seeing that you're sort of tracking that you find interesting?

Um, yeah. Interesting. So what are some of the other trends that you're seeing that you're sort of tracking that you find interesting?

So right now, I think we've had a little bit of a rebound effect because there is, uh, it's a kind of a macroeconomic phenomenon where people expect things to get better. And so if they expect it, it does get better. It's a strange, like, chicken and egg concept. But, uh, there was a bit of a rebound. Um, I've noticed that 2024, even in these first 12 weeks, is already, uh, almost as good as 2023. Um, and even though there's been less transactions, there's almost the same exact amount of money, so there's fewer transactions happening, but there are more, uh, profitable each time or more, more revenue is, uh, or more, uh, cash is exchanged hands each time. Um, and like the M&A has also kind of been one of those, uh, kind of second or third order effect knock ons that have come from the fallout of 2022. So companies who, uh, started in that time frame probably had a really tough time. They either sink or swim very quickly. Um, and I'm seeing companies who started early. Now they're getting acquired quicker, which is, you know, it might be, you know, a three, four year turnaround, uh, for an acquisition now as opposed to like 7 to 10 in some cases. So I think that is interesting. Uh, because, uh, the, the underlying premise there is like companies either need a lifeline because they can't survive and actually make sales themselves, and they need like to be absorbed or acquired into a larger company. Um, or they just have something that's so good that larger companies like can't iterate or can't innovate without it. So they buy it up real quick to try to get it off the market and try to stay relevant with the other large companies. Um, so I think that's that's pretty interesting. Um, another concept I would say is, uh, you know, obviously application security has exploded with AI. I think that's probably like one of the quickest and, uh, probably one of the better use cases to kind of help support that function. Um, and it feels a lot more tangible than, you know, an autonomous stock agent or like a, a replace your SoC. Analysts like levels one and two with a, you know, an all knowing agent. It may come their that way eventually, but uh, I think um, the, the first the shine has worn off of the first level of AI security or security for AI companies. Uh, and people are starting to see that there's like real tangible benefit and like the application security and the data security side.

So right now, I think we've had a little bit of a rebound effect because there is, uh, it's a kind of a macroeconomic phenomenon where people expect things to get better. And so if they expect it, it does get better. It's a strange, like, chicken and egg concept. But, uh, there was a bit of a rebound. Um, I've noticed that 2024, even in these first 12 weeks, is already, uh, almost as good as 2023. Um, and even though there's been less transactions, there's almost the same exact amount of money, so there's fewer transactions happening, but there are more, uh, profitable each time or more, more revenue is, uh, or more, uh, cash is exchanged hands each time. Um, and like the M&A has also kind of been one of those, uh, kind of second or third order effect knock ons that have come from the fallout of 2022. So companies who, uh, started in that time frame probably had a really tough time. They either sink or swim very quickly. Um, and I'm seeing companies who started early. Now they're getting acquired quicker, which is, you know, it might be, you know, a three, four year turnaround, uh, for an acquisition now as opposed to like 7 to 10 in some cases. So I think that is interesting. Uh, because, uh, the, the underlying premise there is like companies either need a lifeline because they can't survive and actually make sales themselves, and they need like to be absorbed or acquired into a larger company. Um, or they just have something that's so good that larger companies like can't iterate or can't innovate without it. So they buy it up real quick to try to get it off the market and try to stay relevant with the other large companies. Um, so I think that's that's pretty interesting. Um, another concept I would say is, uh, you know, obviously application security has exploded with AI. I think that's probably like one of the quickest and, uh, probably one of the better use cases to kind of help support that function. Um, and it feels a lot more tangible than, you know, an autonomous stock agent or like a, a replace your SoC. Analysts like levels one and two with a, you know, an all knowing agent. It may come their that way eventually, but uh, I think um, the, the first the shine has worn off of the first level of AI security or security for AI companies. Uh, and people are starting to see that there's like real tangible benefit and like the application security and the data security side.

When you say the first layer, you mean pre this new gen of AI, you mean like the old AI security companies who were like. Yeah, automate the sock. But that was before Gen I. You're saying that the Gen I stuff is like injecting some real, real, um, energy? I definitely agree with that. But how? We're using it manifest.

When you say the first layer, you mean pre this new gen of AI, you mean like the old AI security companies who were like. Yeah, automate the sock. But that was before Gen I. You're saying that the Gen I stuff is like injecting some real, real, um, energy? I definitely agree with that. But how? We're using it manifest.

Yeah, I'm seeing some energy. So I think there were some last year, uh, you know, after after OpenAI and everyone came out or like, it's 18 months ago. So now there's a lot of early, early companies that were trying to do something with security as like as new startups. Um, most of them were just like, uh, proxies or casbs or just like basically a firewall to kind of limit the exposure that a company would have. Um, those had a quick pop and then they've kind of like trailed off. And then you saw the next iteration even after like, uh, OpenAI came out and the others, uh, of like replace the sock, but like in a different way than how they used to say, replace the sock. Um, now more of like, just like a the co-pilots, if you will, like the the everyone, every product now has an AI copilot and an AI chatbot to go with it. Yeah. Uh, even that's starting to lose its its shine now, and they're trying to get a lot more around help me automate the fix. So I think that that's a pretty neat, uh, iteration of it. Now, it's no longer just purely kneejerk, uh, you know, cover my legal basis. It's let me actually make appsec or things like that, uh, faster and more, uh, more concrete for all the parties involved. Uh, so I think, uh, that one is really interesting. Um. And then kind of at the same, the same time, uh, a kind of a smaller space that people don't really think about as much that I find really interesting now is the explosion of trust and safety, because, like, it's so much more important now to even understand which videos, which content, which anything you're consuming is real or not. And it's it's more than just a social media problem. It's becoming a company problem as well. Like it's a brand. It's a reputational problem. Um, that extends beyond just somebody making a deepfake video. So I think that's there's a lot of going on that. And then you add on geopolitical contexts and like wars on top of that stuff. And it's it's very interesting, um, like how you, how you sort all that out. And I think this is a place where I can really help.

Yeah, I'm seeing some energy. So I think there were some last year, uh, you know, after after OpenAI and everyone came out or like, it's 18 months ago. So now there's a lot of early, early companies that were trying to do something with security as like as new startups. Um, most of them were just like, uh, proxies or casbs or just like basically a firewall to kind of limit the exposure that a company would have. Um, those had a quick pop and then they've kind of like trailed off. And then you saw the next iteration even after like, uh, OpenAI came out and the others, uh, of like replace the sock, but like in a different way than how they used to say, replace the sock. Um, now more of like, just like a the co-pilots, if you will, like the the everyone, every product now has an AI copilot and an AI chatbot to go with it. Yeah. Uh, even that's starting to lose its its shine now, and they're trying to get a lot more around help me automate the fix. So I think that that's a pretty neat, uh, iteration of it. Now, it's no longer just purely kneejerk, uh, you know, cover my legal basis. It's let me actually make appsec or things like that, uh, faster and more, uh, more concrete for all the parties involved. Uh, so I think, uh, that one is really interesting. Um. And then kind of at the same, the same time, uh, a kind of a smaller space that people don't really think about as much that I find really interesting now is the explosion of trust and safety, because, like, it's so much more important now to even understand which videos, which content, which anything you're consuming is real or not. And it's it's more than just a social media problem. It's becoming a company problem as well. Like it's a brand. It's a reputational problem. Um, that extends beyond just somebody making a deepfake video. So I think that's there's a lot of going on that. And then you add on geopolitical contexts and like wars on top of that stuff. And it's it's very interesting, um, like how you, how you sort all that out. And I think this is a place where I can really help.

Yeah. Interesting one section I think's going to absolutely blow up. And I don't think um, I don't think there are many people playing here yet, but actually there's a decent number like, um, validation. Of ground. Truth is a space that I think needs to, well, is just going to, uh, blow up. So, so I, I see this as. Um, me and you having some sort of, like device. It might be on our phones. It probably will be on our phones because it's expensive to carry an extra device. So basically, you and I have a pre-existing, like, uh, signal connection. Mhm. So we go to get on this, this call right here. And um, like I've seen you move your hand when you move your hand also with me, you see, see the green glitching. Yeah. The green screen. Same happens with you. Um, and when, um, we get ready to do a call. I think we're going to do something like. Okay. Initiate, uh, pre-shared key connection or something. And you put up actually on your, on your screen and show a code which is corresponds to the code I have, which is part of the Pre-shared. Uh, now it's part of the video. As well. And so now we've validated that this video feed. With a combination of live and a combination of pre-shared. We have an actual connection and you're not a deepfake. Um, that SpaceX is going to absolutely heat up. The other one is going to get crazy is, um, AI agents acting as humans? Um, and calling APIs and everything, and basically IAM type companies or identity type companies basically getting a handle on who's human versus who's emulating human. Mhm.

Yeah. Interesting one section I think's going to absolutely blow up. And I don't think um, I don't think there are many people playing here yet, but actually there's a decent number like, um, validation. Of ground. Truth is a space that I think needs to, well, is just going to, uh, blow up. So, so I, I see this as. Um, me and you having some sort of, like device. It might be on our phones. It probably will be on our phones because it's expensive to carry an extra device. So basically, you and I have a pre-existing, like, uh, signal connection. Mhm. So we go to get on this, this call right here. And um, like I've seen you move your hand when you move your hand also with me, you see, see the green glitching. Yeah. The green screen. Same happens with you. Um, and when, um, we get ready to do a call. I think we're going to do something like. Okay. Initiate, uh, pre-shared key connection or something. And you put up actually on your, on your screen and show a code which is corresponds to the code I have, which is part of the Pre-shared. Uh, now it's part of the video. As well. And so now we've validated that this video feed. With a combination of live and a combination of pre-shared. We have an actual connection and you're not a deepfake. Um, that SpaceX is going to absolutely heat up. The other one is going to get crazy is, um, AI agents acting as humans? Um, and calling APIs and everything, and basically IAM type companies or identity type companies basically getting a handle on who's human versus who's emulating human. Mhm.

Interesting. Yeah, I think that all makes a lot of sense too. And it kind of plays into one of the earlier posts you've written about that. I don't think a lot of people have, uh, really, uh, done too much with or like looked too far into. But it's really you've got AI security, you've got security of AI, you've got security for AI, but you don't have anybody really talking about security from AI other than deep fakes. But like, that's just like the tip of the iceberg where this could go and what, you know, could be launched against you or as a person or as a company. Um, so I think that space, obviously it'll include misinformation and disinformation kind of signals, but there's got to be more than that. Like what else is being undertaken against me from a personal like an OpSec standpoint, almost. Um, so I think that space is going to just going to as people get more, uh, attuned to this and they get more paranoid, I think that's going to become, uh, um, have a greater impact on the world of privacy than privacy or regulation ever will, if that makes sense.

Interesting. Yeah, I think that all makes a lot of sense too. And it kind of plays into one of the earlier posts you've written about that. I don't think a lot of people have, uh, really, uh, done too much with or like looked too far into. But it's really you've got AI security, you've got security of AI, you've got security for AI, but you don't have anybody really talking about security from AI other than deep fakes. But like, that's just like the tip of the iceberg where this could go and what, you know, could be launched against you or as a person or as a company. Um, so I think that space, obviously it'll include misinformation and disinformation kind of signals, but there's got to be more than that. Like what else is being undertaken against me from a personal like an OpSec standpoint, almost. Um, so I think that space is going to just going to as people get more, uh, attuned to this and they get more paranoid, I think that's going to become, uh, um, have a greater impact on the world of privacy than privacy or regulation ever will, if that makes sense.

Yeah. Yeah, I think that's right. Yeah. One way I like to think about that is like a, uh, and this is a little bit in the future according to like, this, this, uh, plan or idea that I have, but it's like a continuous, uh, defender. So you essentially have like a digital assistant, uh, which is what I call, like the permanent AI that you have with you. And it's a continuous filter for everything coming in to see you. Um, um, and it could actually detect when you're being, like, overly flattered for the purpose of manipulation because they're in sales. Yeah. Um, so one's like, oh, yeah. You know, that outfit looks really great on you. And by the way, I love that talk that you gave. I especially love slide number seven from your talk in Berlin. And, uh, and suddenly you're like, oh wow. I just feel really cool. And then they hit you with the sales pitch, right? Right. And so you could have something pop up in your glasses or whatever. It's like NLP detected manipulation, uh, expect inbound sales pitch or something like that, right? Or if, um, you're getting like, this really threatening language that's coming at you, it might actually just rewrite that for you. Um, so, uh, one example, I was talking with a friend named Joel the other night, and, um, an example of this would be like, say, someone's been traumatized by a partner and the partner is constantly emailing them or texting them or something. And the the texts are like they're life disrupting. It's like a paragraph of, like, nastiness and narcissism and like gaslighting and whatever, under the pretense that they're actually agreeing when to pick up the kid with shared custody, your AI just rewrites it. Pick up Jimmy at for. The whole paragraph is gone. It just leaves the content so it doesn't. It strips out all the triggers and everything. So I think that I filtering thing is really powerful. Yeah.

Yeah. Yeah, I think that's right. Yeah. One way I like to think about that is like a, uh, and this is a little bit in the future according to like, this, this, uh, plan or idea that I have, but it's like a continuous, uh, defender. So you essentially have like a digital assistant, uh, which is what I call, like the permanent AI that you have with you. And it's a continuous filter for everything coming in to see you. Um, um, and it could actually detect when you're being, like, overly flattered for the purpose of manipulation because they're in sales. Yeah. Um, so one's like, oh, yeah. You know, that outfit looks really great on you. And by the way, I love that talk that you gave. I especially love slide number seven from your talk in Berlin. And, uh, and suddenly you're like, oh wow. I just feel really cool. And then they hit you with the sales pitch, right? Right. And so you could have something pop up in your glasses or whatever. It's like NLP detected manipulation, uh, expect inbound sales pitch or something like that, right? Or if, um, you're getting like, this really threatening language that's coming at you, it might actually just rewrite that for you. Um, so, uh, one example, I was talking with a friend named Joel the other night, and, um, an example of this would be like, say, someone's been traumatized by a partner and the partner is constantly emailing them or texting them or something. And the the texts are like they're life disrupting. It's like a paragraph of, like, nastiness and narcissism and like gaslighting and whatever, under the pretense that they're actually agreeing when to pick up the kid with shared custody, your AI just rewrites it. Pick up Jimmy at for. The whole paragraph is gone. It just leaves the content so it doesn't. It strips out all the triggers and everything. So I think that I filtering thing is really powerful. Yeah.

Well that makes a lot of sense. And it kind of plays into the whole like, uh, personal digital sovereignty and like being able to control that aspect of you online and offline. Uh, that makes a lot of sense.

Well that makes a lot of sense. And it kind of plays into the whole like, uh, personal digital sovereignty and like being able to control that aspect of you online and offline. Uh, that makes a lot of sense.

Yeah. Yeah. And the other one that I think is really interesting is like, um. We're going to have to validate true content. This one I've not seen a space really heat up yet with either, and maybe because it's just so hard, but, um, essentially watermarking and validation like trusted feeds so that um, for, for example, I love UFC stuff. I'm all into fighting stuff. So when I watch fight videos now, I'm having this really weird experience where I'm having fight videos narrated by Joe Rogan. And I'm like watching the fight video and I'm enjoying it and I'm like three, four minutes in before I finally catch some weird word. And then I realized for the entire four minutes. Joe Rogan is a multi-millionaire. I am on a very small YouTube channel. Um, he didn't come to this channel and narrate this. Interesting. This person went and collected all the clips and he just got the voice. He wrote the script. Um, or maybe even I wrote the script, but it's all being set in Joe Rogan's voice. Um, which is fairly harmless. I mean, it makes the videos quite nice, uh, quite enjoyable, but, like, what happens when that's actually news instead, right? What happens when that's something really important? Um, or if it's like a Joe probably doesn't care. Maybe he does. I doubt he does. But a lot of, uh, Hollywood celebrities actually would, and definitely government officials really would. So, um, that thing should either either have a fake symbol or lack an authentic symbol. Right? Whereas the official symbol coming out of, uh, Rogan's feeds. Should have the have the symbol right or lack the fake symbol. That is an entire industry that's going to be a multi-billion dollar industry. Um, yeah. And I'm sort of just waiting for that to happen.

Yeah. Yeah. And the other one that I think is really interesting is like, um. We're going to have to validate true content. This one I've not seen a space really heat up yet with either, and maybe because it's just so hard, but, um, essentially watermarking and validation like trusted feeds so that um, for, for example, I love UFC stuff. I'm all into fighting stuff. So when I watch fight videos now, I'm having this really weird experience where I'm having fight videos narrated by Joe Rogan. And I'm like watching the fight video and I'm enjoying it and I'm like three, four minutes in before I finally catch some weird word. And then I realized for the entire four minutes. Joe Rogan is a multi-millionaire. I am on a very small YouTube channel. Um, he didn't come to this channel and narrate this. Interesting. This person went and collected all the clips and he just got the voice. He wrote the script. Um, or maybe even I wrote the script, but it's all being set in Joe Rogan's voice. Um, which is fairly harmless. I mean, it makes the videos quite nice, uh, quite enjoyable, but, like, what happens when that's actually news instead, right? What happens when that's something really important? Um, or if it's like a Joe probably doesn't care. Maybe he does. I doubt he does. But a lot of, uh, Hollywood celebrities actually would, and definitely government officials really would. So, um, that thing should either either have a fake symbol or lack an authentic symbol. Right? Whereas the official symbol coming out of, uh, Rogan's feeds. Should have the have the symbol right or lack the fake symbol. That is an entire industry that's going to be a multi-billion dollar industry. Um, yeah. And I'm sort of just waiting for that to happen.

I think that's a really good concept too. And I've, you know, I've talked to actually a few startups who are doing that. Exactly. But they're they're trying to basically create truth out of multiple sources for news reports. And the goal of this, you give it to corporate communications teams to let them decipher what's real and what's not. Like who actually said this thing. And it really comes down to using AI to go find, uh, the original sources or the original, and the original shares the original posts and then tie it back, kind of like to information actors on the back end to say, oh, this, this post that was widely shared by this person on Facebook originated from a Russian disinformation mill. This person is also associated with these 12 other things. It has a high degree of chance that this is all fake. And so then it gives you like kind of risk scores. Then you can say corporate cops can say, we know this is fake. Uh, next one, you know, so they can they can move on and they can then have their, you know, just kind of situational awareness per, per company around that. But then that could that could easily extend to like video contexts as well. Um, but it's it's fascinating a time to be in this space just because it's, I think the, the, uh, technology hype cycle and the curve has it occurred it occurred like every other, you know, platform we've seen with like, mobile and cloud, which might have taken ten years. But this a lot of this has happened in like 18 months. And it's gone through a couple iterations of that loop. Um, so it's just so hard to keep up with it all, uh, and know what you're actually looking at.

I think that's a really good concept too. And I've, you know, I've talked to actually a few startups who are doing that. Exactly. But they're they're trying to basically create truth out of multiple sources for news reports. And the goal of this, you give it to corporate communications teams to let them decipher what's real and what's not. Like who actually said this thing. And it really comes down to using AI to go find, uh, the original sources or the original, and the original shares the original posts and then tie it back, kind of like to information actors on the back end to say, oh, this, this post that was widely shared by this person on Facebook originated from a Russian disinformation mill. This person is also associated with these 12 other things. It has a high degree of chance that this is all fake. And so then it gives you like kind of risk scores. Then you can say corporate cops can say, we know this is fake. Uh, next one, you know, so they can they can move on and they can then have their, you know, just kind of situational awareness per, per company around that. But then that could that could easily extend to like video contexts as well. Um, but it's it's fascinating a time to be in this space just because it's, I think the, the, uh, technology hype cycle and the curve has it occurred it occurred like every other, you know, platform we've seen with like, mobile and cloud, which might have taken ten years. But this a lot of this has happened in like 18 months. And it's gone through a couple iterations of that loop. Um, so it's just so hard to keep up with it all, uh, and know what you're actually looking at.

Yeah. I don't think it's even close to where it's going. It's it's not even close. I mean, I'm very much I'm a self-described, uh, very pro AI, but I feel like I see this really clearly, and we're barely getting started. Um, so when I hear about AI hype and there, you know, there's some places where, uh. People got over their skis and they got overly excited about a very small thing, like a giant company that generates. I don't know. Uh, Midjourney images and sells them or something. That would be more crypto like, or more NFT like, where it's way over inflated for what it is, right? Right. Whereas most of I, especially the stuff we've just been talking about, hasn't even started yet. And it's not even possible without AI. The hype cycle is not even. It's not that it hasn't got to the top. It hasn't even started yet. And that's not counting for like the real, the real core stuff where all of your entire corporate data is inside of a data lake. That I can see. And now you could basically ask any question and take any action as a result of that, which is kind of the long term thing. And people haven't even really started doing that because of the limitations of context. Windows and Rag. It's like that's all still building up. There's there's a few hype phases that are kind of really small and inconsequential. But the ultimate S-curve of AI, I think, is just starting.

Yeah. I don't think it's even close to where it's going. It's it's not even close. I mean, I'm very much I'm a self-described, uh, very pro AI, but I feel like I see this really clearly, and we're barely getting started. Um, so when I hear about AI hype and there, you know, there's some places where, uh. People got over their skis and they got overly excited about a very small thing, like a giant company that generates. I don't know. Uh, Midjourney images and sells them or something. That would be more crypto like, or more NFT like, where it's way over inflated for what it is, right? Right. Whereas most of I, especially the stuff we've just been talking about, hasn't even started yet. And it's not even possible without AI. The hype cycle is not even. It's not that it hasn't got to the top. It hasn't even started yet. And that's not counting for like the real, the real core stuff where all of your entire corporate data is inside of a data lake. That I can see. And now you could basically ask any question and take any action as a result of that, which is kind of the long term thing. And people haven't even really started doing that because of the limitations of context. Windows and Rag. It's like that's all still building up. There's there's a few hype phases that are kind of really small and inconsequential. But the ultimate S-curve of AI, I think, is just starting.

Yeah. No, I totally agree. And I think, um, you know, we it's one of those things you can't even imagine it because we didn't even imagine generally available. I on your phone like 18 months ago, at least the average person didn't. Yeah. Um, and now the average tech person, like, uses it multiple times a week. Um, and even the average non tech person is starting to at least know what it is in general. Um, which is, which is pretty impressive. Um, but yeah, we're just kind of scratching the surface on what's, what's possible there, which I think it's going to take kind of like a step function to, to get that next level of AI security kind of realm. Um, you know, every investor I talked to has that as part of their core thesis. Now they they have to do AI, some variation of security because nobody knows where the rocket ships going, but they know it's a rocket ship. So they, they want to latch on in some way. Yeah. Um, and uh, it's, it is going to make some really cool stuff possible that otherwise wouldn't be. And I think, uh, I also would not be surprised in terms of trends to see like the, you know, the 1 to 2 person security unicorn company. Uh, yes. Like they oh, you can just build out your own complete attack surface management platform using AI and self-hosting it or, um, and as long as you can, uh, then learn the sales motions and get that going, you can get bootstrapped, you can get going, you can get funding, um, or may not even need funding. So I think like it's going to be, um, a pretty open world. Uh, which would be better, I think for like, you know, competition would be better for practitioners eventually. Um, because all that stuff is constantly expanding and collapsing in the market, like, because security is not a winner take all market at all. Like from a product standpoint, it's a many, many people can be winners in this space as well. Um, even if some of the players are trying to act in a zero sum way, like there's there's not a singular like dominant player across all fields. There's like pockets of dominance across multiple fields. Um, so I think it's just going to make that bubble even bigger and maybe, maybe more challenging for practitioners for a while. I hope I can help with that with security, like make a little more sense of that. But, um, it's going to be interesting.

Yeah. No, I totally agree. And I think, um, you know, we it's one of those things you can't even imagine it because we didn't even imagine generally available. I on your phone like 18 months ago, at least the average person didn't. Yeah. Um, and now the average tech person, like, uses it multiple times a week. Um, and even the average non tech person is starting to at least know what it is in general. Um, which is, which is pretty impressive. Um, but yeah, we're just kind of scratching the surface on what's, what's possible there, which I think it's going to take kind of like a step function to, to get that next level of AI security kind of realm. Um, you know, every investor I talked to has that as part of their core thesis. Now they they have to do AI, some variation of security because nobody knows where the rocket ships going, but they know it's a rocket ship. So they, they want to latch on in some way. Yeah. Um, and uh, it's, it is going to make some really cool stuff possible that otherwise wouldn't be. And I think, uh, I also would not be surprised in terms of trends to see like the, you know, the 1 to 2 person security unicorn company. Uh, yes. Like they oh, you can just build out your own complete attack surface management platform using AI and self-hosting it or, um, and as long as you can, uh, then learn the sales motions and get that going, you can get bootstrapped, you can get going, you can get funding, um, or may not even need funding. So I think like it's going to be, um, a pretty open world. Uh, which would be better, I think for like, you know, competition would be better for practitioners eventually. Um, because all that stuff is constantly expanding and collapsing in the market, like, because security is not a winner take all market at all. Like from a product standpoint, it's a many, many people can be winners in this space as well. Um, even if some of the players are trying to act in a zero sum way, like there's there's not a singular like dominant player across all fields. There's like pockets of dominance across multiple fields. Um, so I think it's just going to make that bubble even bigger and maybe, maybe more challenging for practitioners for a while. I hope I can help with that with security, like make a little more sense of that. But, um, it's going to be interesting.

Yeah, I think you're absolutely right.

Yeah, I think you're absolutely right.

There's the there's the big trend of, uh, you know, personal digital sovereignty, like that kind of concept of being security secure from AI and all the kind of attacks on you as well. Um, there's going to have to be some more iterations around, uh, improvements in AI security in general for it to be like the next iteration for like for to be beyond just like I think a lot of what we've seen right now is just been, uh, adding AI to existing capabilities as opposed to AI creating the new capability. Uh, so we're not quite there around that curve yet. And then once whoever makes that next step is going to, like, do really well. Um, but it's obviously there's, uh, there's a context and there's a data problem that has just got just expanded now with the, with AI. Um, because more, more AI means more cloud workloads, which means more tech service means more configuration mismanagement. All these things are just have have expanded. Um, like you said, I, uh, exaggerates the thing or highlights the thing. It isn't the thing. Yeah.

There's the there's the big trend of, uh, you know, personal digital sovereignty, like that kind of concept of being security secure from AI and all the kind of attacks on you as well. Um, there's going to have to be some more iterations around, uh, improvements in AI security in general for it to be like the next iteration for like for to be beyond just like I think a lot of what we've seen right now is just been, uh, adding AI to existing capabilities as opposed to AI creating the new capability. Uh, so we're not quite there around that curve yet. And then once whoever makes that next step is going to, like, do really well. Um, but it's obviously there's, uh, there's a context and there's a data problem that has just got just expanded now with the, with AI. Um, because more, more AI means more cloud workloads, which means more tech service means more configuration mismanagement. All these things are just have have expanded. Um, like you said, I, uh, exaggerates the thing or highlights the thing. It isn't the thing. Yeah.

Yeah, I like what you said about a single person company launching and getting really big because you mentioned like, oh, as long as they can learn the sales motion well, what if they don't have to because they just hire an AI company? Yeah, that's automated sales. Right. And then you hire a company that's automated support and then you've got automated like uh, EA's. So you've got like your personal assistants and basically all of your company infrastructure is kind of mostly outsourced. Service companies that are AI based. And then you basically have, like yourself, a co-founder and maybe 1 or 2 people. Yeah. And maybe it's just you. And like one person I would say is probably one of the smallest versions. I'm sure there will be actual single founders who make pretty big companies as well. Um, Altman's been talking about that as well as the first unicorn. One person. Yeah. So I think that's very possible. Um. What about the balance of private equity VC versus startups like. I feel like this last down period. Oh, by the way, what are the years for these? These periods? 21 was that the start of the down?

Yeah, I like what you said about a single person company launching and getting really big because you mentioned like, oh, as long as they can learn the sales motion well, what if they don't have to because they just hire an AI company? Yeah, that's automated sales. Right. And then you hire a company that's automated support and then you've got automated like uh, EA's. So you've got like your personal assistants and basically all of your company infrastructure is kind of mostly outsourced. Service companies that are AI based. And then you basically have, like yourself, a co-founder and maybe 1 or 2 people. Yeah. And maybe it's just you. And like one person I would say is probably one of the smallest versions. I'm sure there will be actual single founders who make pretty big companies as well. Um, Altman's been talking about that as well as the first unicorn. One person. Yeah. So I think that's very possible. Um. What about the balance of private equity VC versus startups like. I feel like this last down period. Oh, by the way, what are the years for these? These periods? 21 was that the start of the down?

So 22 was like the start of the down basically. Okay. Yeah.

So 22 was like the start of the down basically. Okay. Yeah.

22 we started the down 23 was down and 24 were starting to see the uptick.

22 we started the down 23 was down and 24 were starting to see the uptick.

But yeah a bit of a rebound. Um, and um, you know 2021 late 21 had a few signs of distress, but not like no one thought the fed would raise the rates so high. Yeah. Or keep on raising it. And like the so that it just kind of had like a an iterative effect there and just like kind of kept making things worse.

But yeah a bit of a rebound. Um, and um, you know 2021 late 21 had a few signs of distress, but not like no one thought the fed would raise the rates so high. Yeah. Or keep on raising it. And like the so that it just kind of had like a an iterative effect there and just like kind of kept making things worse.

Right. So 22 and 23, uh, private equity did really well because they're swooping in, grabbing things. Right?

Right. So 22 and 23, uh, private equity did really well because they're swooping in, grabbing things. Right?

Yep.

Yep.

And VCs did not do so well. Startups didn't do so well. And now there's a whole bunch of companies that are kind of sitting out there. They've been growing slowly and they're kind of large and bloated. Mhm. I'm sure you've seen a bunch of these and they're just kind of like stagnating. And every time they have to go to investors, investors are like tired of hearing from them. And they're like yep you got to do something like I've heard the same thing. You're not growing. It's not super exciting. Um, what does this look like as things start to boom now? And I think it's going to accelerate, but who knows. But as it starts to boom, who starts to benefit? Uh, I guess the private equity benefits, if the stuff they bought cheap starts to be worth more, that's pretty obvious. But I guess VC and startups are the main benefits if things start going up. Is that right?

And VCs did not do so well. Startups didn't do so well. And now there's a whole bunch of companies that are kind of sitting out there. They've been growing slowly and they're kind of large and bloated. Mhm. I'm sure you've seen a bunch of these and they're just kind of like stagnating. And every time they have to go to investors, investors are like tired of hearing from them. And they're like yep you got to do something like I've heard the same thing. You're not growing. It's not super exciting. Um, what does this look like as things start to boom now? And I think it's going to accelerate, but who knows. But as it starts to boom, who starts to benefit? Uh, I guess the private equity benefits, if the stuff they bought cheap starts to be worth more, that's pretty obvious. But I guess VC and startups are the main benefits if things start going up. Is that right?

Yeah. I mean that's that's exactly right. So like, if, you know, if the bets the P made at the acquisitions and like the takeovers they made and they and they and by the way, P has been very good at buying companies and making them super operationally efficient for a couple of years, getting a return on their investment and selling it. Uh, they just had a much better time doing that, you know, the past couple of years than they had before. Um, you know, VCs, a lot of when it comes to, uh, venture investing, you know, most investments don't make money at all. Uh, and typically, only a very small portion of what you invest in actually makes up 80 or 90% of the the value that you get back. Um, and so, uh, some did really well, uh, at the time and some and, but a lot of them did not. So like they, they struggled their companies shut down, uh, funds shut down. Uh, they didn't return any money to their investor base. Um, so that's all bad. And that makes it harder to raise more money next time, or get people to commit to give you money to go invest next time. Um, you know, there's a couple carry overs that will be constant. Um, we're we're too close to when operational efficiency was the king to go away from it now. So it's like, yeah, we might be bouncing back, but you got to be a lean bounce back. You cannot be overinflated. I agree you, you never hire at 200, you know, percent or like bro, you know 1,000%. Like the memory.

Yeah. I mean that's that's exactly right. So like, if, you know, if the bets the P made at the acquisitions and like the takeovers they made and they and they and by the way, P has been very good at buying companies and making them super operationally efficient for a couple of years, getting a return on their investment and selling it. Uh, they just had a much better time doing that, you know, the past couple of years than they had before. Um, you know, VCs, a lot of when it comes to, uh, venture investing, you know, most investments don't make money at all. Uh, and typically, only a very small portion of what you invest in actually makes up 80 or 90% of the the value that you get back. Um, and so, uh, some did really well, uh, at the time and some and, but a lot of them did not. So like they, they struggled their companies shut down, uh, funds shut down. Uh, they didn't return any money to their investor base. Um, so that's all bad. And that makes it harder to raise more money next time, or get people to commit to give you money to go invest next time. Um, you know, there's a couple carry overs that will be constant. Um, we're we're too close to when operational efficiency was the king to go away from it now. So it's like, yeah, we might be bouncing back, but you got to be a lean bounce back. You cannot be overinflated. I agree you, you never hire at 200, you know, percent or like bro, you know 1,000%. Like the memory.

Is too fresh.

Is too fresh.

Yeah, it's too fresh. Like, I think we have to have another 4 or 5 years of, like, a bull run for them to say, yeah, forget that. Let's just go big again and like, uh, but you also have to remember at the same time, the goal posts have been significantly moved on both ends of the spectrum. So now you have to have less people be operationally efficient and burn less cash. So that's bottom in the spectrum. At the same end, if you want to go public, it's a lot more of a higher barrier now. So it's not you can't just be a $1, a 1 billion uh, valuation. You need to be three, $4 billion valuation. You can't just be a $100 million in RR, which used to be the magic number to make companies go public, or at least start the roadshow. Now you need to be 200 or 300 million. And so like the pole or like the, the the narrowing of the pyramid is like gotten like even tighter now. So you have a lot more competition, which means sink or swim is like a lot more aggressive. Um, and so that's why everyone has kind of been decrying, oh, platform ization is finally happening in cybersecurity. Like we're finally going to have less vendors, which is will never, ever be true. Um, it'll just go through pockets of of consolidation. Always like to explain it as, uh, it's more of an accordion like parts of it are open and like expanding and parts of it are closed and contracting, but you're still like you're making music, but you just like but it's not going to look like, you know, one company, Palo Alto, is not going to rule them all, even if you want them to, um, tomorrow and like so this they will never be that one. True. Uh, so it's now become harder to, to do that. Um, and then all the while, like, private equity is still going to have a pretty good run for the next 3 or 4 years, because a lot of those companies who raise money in 2020 or 2019 or even 2021, some of them are still just limping on, and they may have another a few more years of runway before they need to go private. Like they may have raised too much money, like some of these companies raised close or more than $1 billion in funding may not have anywhere else to go. Uh, and less like a Cisco or like a, you know, a Microsoft buys them, uh, so either they'll die a slow death or they'll go take, you know, they'll private equity or go shape them up and, you know, possibly dismantle them, possibly resell them. Um, so there's a lot of more complexity now, I think, than there used to be, uh, in terms of, like, making a go of it.

Yeah, it's too fresh. Like, I think we have to have another 4 or 5 years of, like, a bull run for them to say, yeah, forget that. Let's just go big again and like, uh, but you also have to remember at the same time, the goal posts have been significantly moved on both ends of the spectrum. So now you have to have less people be operationally efficient and burn less cash. So that's bottom in the spectrum. At the same end, if you want to go public, it's a lot more of a higher barrier now. So it's not you can't just be a $1, a 1 billion uh, valuation. You need to be three, $4 billion valuation. You can't just be a $100 million in RR, which used to be the magic number to make companies go public, or at least start the roadshow. Now you need to be 200 or 300 million. And so like the pole or like the, the the narrowing of the pyramid is like gotten like even tighter now. So you have a lot more competition, which means sink or swim is like a lot more aggressive. Um, and so that's why everyone has kind of been decrying, oh, platform ization is finally happening in cybersecurity. Like we're finally going to have less vendors, which is will never, ever be true. Um, it'll just go through pockets of of consolidation. Always like to explain it as, uh, it's more of an accordion like parts of it are open and like expanding and parts of it are closed and contracting, but you're still like you're making music, but you just like but it's not going to look like, you know, one company, Palo Alto, is not going to rule them all, even if you want them to, um, tomorrow and like so this they will never be that one. True. Uh, so it's now become harder to, to do that. Um, and then all the while, like, private equity is still going to have a pretty good run for the next 3 or 4 years, because a lot of those companies who raise money in 2020 or 2019 or even 2021, some of them are still just limping on, and they may have another a few more years of runway before they need to go private. Like they may have raised too much money, like some of these companies raised close or more than $1 billion in funding may not have anywhere else to go. Uh, and less like a Cisco or like a, you know, a Microsoft buys them, uh, so either they'll die a slow death or they'll go take, you know, they'll private equity or go shape them up and, you know, possibly dismantle them, possibly resell them. Um, so there's a lot of more complexity now, I think, than there used to be, uh, in terms of, like, making a go of it.

Yeah. Interesting. I really like your accordion thing. I think that makes a lot of sense. I do think platform migration is absolutely a thing, I think. That's like the permanent home for anything that I used to have this thing where it was like, idea. Um, then, um, application, then, um, operating system. So it's like things move through that phase where it's like, uh, it's like a web app or a little utility or something, and then it gets brought into the OS and it's kind of absorbed the the knowledge is now so known and understood that it just becomes part of the furniture.

Yeah. Interesting. I really like your accordion thing. I think that makes a lot of sense. I do think platform migration is absolutely a thing, I think. That's like the permanent home for anything that I used to have this thing where it was like, idea. Um, then, um, application, then, um, operating system. So it's like things move through that phase where it's like, uh, it's like a web app or a little utility or something, and then it gets brought into the OS and it's kind of absorbed the the knowledge is now so known and understood that it just becomes part of the furniture.

Right?

Right?

Um, but especially with AI. So I think one of the biggest things happening with AI is the fact that it's so much easier to start a company and actually be effective, kind of going back to the whole, um, unicorn thing. But forget about the unicorns. Like I'm about to launch a SaaS myself and it's just me. And like a dev.

Um, but especially with AI. So I think one of the biggest things happening with AI is the fact that it's so much easier to start a company and actually be effective, kind of going back to the whole, um, unicorn thing. But forget about the unicorns. Like I'm about to launch a SaaS myself and it's just me. And like a dev.

Nice.

Nice.

And it's a full size, right? It's a full size. It's like end to end like it. And there's a million people like me who are doing this because of AI. So that is the accordion, but the bottom of the accordion or whatever. The new ideas, the new companies, the new sauces that are out there for the platforms to pick and choose which features they want via acqui hire.

And it's a full size, right? It's a full size. It's like end to end like it. And there's a million people like me who are doing this because of AI. So that is the accordion, but the bottom of the accordion or whatever. The new ideas, the new companies, the new sauces that are out there for the platforms to pick and choose which features they want via acqui hire.

Is.

Is.

Going to be much larger because I think the barrier to get in to be a startup person five years ago is way higher than it's going to be in two years from now.

Going to be much larger because I think the barrier to get in to be a startup person five years ago is way higher than it's going to be in two years from now.

Yeah, I think that's true. And I think, um, I agree with everything you said too. And I think, you know, the concept of bootstrapping or just doing it on your own, with your with your friends and family support, uh, is going to become a lot more realistic, um, than it used to be. Like, you see this in other industries, but you don't really see it much in cybersecurity. Like maybe like think of, like canaries, like kind of the only one I could think of that's, uh, truly like, kind of bootstrapped, but like most. Uh, you know, it's hard to get behind that model. Um, and I think, you know, a lot of things that I've been trying to also help people kind of realize the return on security is that, like, you know, understanding, like who the investments or investors are behind a given, you know, company you can kind of see, like repeatability and like track records of success or like playbooks they use often. And you kind of say like, okay, I know that it's going to, you know, backed by this company, their goal is to be acquired by a bigger company. That means if I invest in this now, it may not be here in four years, three years or whatever, whatever contract they're trying to get me to sign. So like, I kind of need to think about that, um, based on kind of where it's come from. Um. But it's. I agree that it'll be easier to get in a startup, it'll be easier to get a lot more traction and actually get paying customers, especially if you then go back to like using AI to enhance what you know or like, fill in the gaps of what you can't, you know, do where you couldn't have done before is easily like it's yeah, it's it's going to it's going to skyrocket.

Yeah, I think that's true. And I think, um, I agree with everything you said too. And I think, you know, the concept of bootstrapping or just doing it on your own, with your with your friends and family support, uh, is going to become a lot more realistic, um, than it used to be. Like, you see this in other industries, but you don't really see it much in cybersecurity. Like maybe like think of, like canaries, like kind of the only one I could think of that's, uh, truly like, kind of bootstrapped, but like most. Uh, you know, it's hard to get behind that model. Um, and I think, you know, a lot of things that I've been trying to also help people kind of realize the return on security is that, like, you know, understanding, like who the investments or investors are behind a given, you know, company you can kind of see, like repeatability and like track records of success or like playbooks they use often. And you kind of say like, okay, I know that it's going to, you know, backed by this company, their goal is to be acquired by a bigger company. That means if I invest in this now, it may not be here in four years, three years or whatever, whatever contract they're trying to get me to sign. So like, I kind of need to think about that, um, based on kind of where it's come from. Um. But it's. I agree that it'll be easier to get in a startup, it'll be easier to get a lot more traction and actually get paying customers, especially if you then go back to like using AI to enhance what you know or like, fill in the gaps of what you can't, you know, do where you couldn't have done before is easily like it's yeah, it's it's going to it's going to skyrocket.

Yeah, I'm really excited for it. Well, um, this has been fantastic. So tell us, um, in addition to your return on security, which is the newsletter and the overall brand, uh, what are what other stuff do you have brewing? Do you have like, uh, reports coming out, new research, like products, anything we should be aware of?