00:05so this week I'm joined by Ryan noon
00:07he's the co-founder and chairman of
00:08material security the cyber security
00:11company making cloud-based email a safe
00:12place for sensitive data he previously
00:15started par structure which was acquired
00:16by Dropbox where he was an engineering
00:18manager prior to starting material
00:20security Ryan welcome to no priors hey
00:22it's it's great to be here man always
00:24lovely to talk to you oh yeah it's
00:25always fun to chat with you um so one of
00:27the reasons it's excited to be chatting
00:28with you today is I feel like you have
00:30such a great perspective on uh both the
00:32broader security industry various Tech
00:34topics Etc but also specifically how
00:36this all starts to tie into Ai and I
00:39know that in material you were um a very
00:41fast adopter actually of um AI related
00:44Technologies as the first sort of apis
00:46really came out and you started playing
00:48around with them quite early and doing
00:49interesting things with them do you want
00:50to first talk a little bit about how you
00:51started material and then maybe we can
00:52touch on how you start getting involved
00:54with the AI side of it yeah sure um so
00:56we started material I guess 2016 2017 or
01:00I had left Dropbox and um you know was
01:03living in Europe and fell in love with u
01:05all the election hacking that happened
01:06year um you know that year it was pretty
01:09nasty like every random Gmail account
01:13kept getting like dumped on the internet
01:14so I I had an idea for like you know how
01:17to protect a Gmail account you know just
01:19an ordinary personal one in like a
01:21fairly novel way uh I coded it it
01:24shockingly worked the Gmail API let you
01:27do it I brought it back home and and
01:28showed it to some friends and uh we
01:30realized this is actually a special case
01:32of a broader way of thinking now 7 years
01:35later it's a you know whatever cybercity
01:37unicorn thing and we get to work with
01:39the coolest companies you know in the
01:41world by far and the the stuff that you
01:43get to do at this scale is just
01:45mind-blowing it's it's wild to think
01:47just where it started and and and where
01:49it's come and what what are the main
01:51products that material focuses on just
01:52for the the audience they have a better
01:54sense yeah so um the the broad thesis is
01:58basically we've all kind of got these
02:00Google and Microsoft accounts um you
02:02know email is sort of where we started
02:04but you know since then we've kind of uh
02:06just went deeper and deeper and deeper
02:08into sort of everything that you can use
02:11uh you know a Gmail account or a
02:12Microsoft account for uh the bread and
02:14butter of the business is selling you
02:16know to to companies you know midsize
02:18and up uh with these kind of these big
02:20Google workspace and Office 365
02:23deployments uh the product has a bunch
02:25of different modules that are all kind
02:26of based around the the main things
02:28people worry about um the the kind of
02:30the first big product that you mentioned
02:31you know in the intro was people have
02:33years and years of sensitive information
02:35sitting in these accounts if somebody
02:37you know gets into your Google account
02:39they're just going to download all of
02:41your email uh and go through it later
02:43and your whole life is in there it's
02:44even worse you know in a corporate
02:46environment and so that product what it
02:48can do actually is uh finds you know
02:51sensitive stuff that's just sitting
02:52around kind of just sitting in your
02:54inbox in your archive whatever and then
02:56it can basically redact it and then
02:59replace it with with a clean copy so
03:01that if somebody gets in and downloads
03:02the whole thing they don't get anything
03:04good uh but then if you happen to need
03:06it like I I I like having all this
03:08information in my fingertips you can
03:09just press a button and do have an extra
03:11face ID or a touch ID or you know more
03:14advanced policies and and in work but
03:17just something that's easy for you but
03:18hard for the attacker so we started
03:20there and then we expanded into anti-
03:22fishing you know people can send you
03:24tricky emails and get you to do things
03:26and steal money from you uh we expand it
03:28into account takeover protection which
03:30is you know more of the things that
03:31people do uh after they compromise the
03:34account and you know I try to reset all
03:36your other accounts and steal your bank
03:37account and all of that just the the
03:39operative concept is defense in depth
03:41which is just you know like just assume
03:43that the bad guy got in like what do
03:46they want you know like they got over
03:47the wall there should be another wall
03:49and a machine gun you know it's like
03:51history has all these fairly basic
03:53lessons about resiliency that uh never
03:55really always get applied the right way
03:57when it comes to computers so yeah it's
03:59kind of like a I guess the part of the
04:00impetus was the 2016 election where you
04:03know there's all the things around the
04:05podesta emails and Hillary Clinton and
04:07everything else and the basic ideas um
04:09somebody's able to hack your account but
04:11it doesn't matter because your email is
04:12not accessible to them or the sensitive
04:14information that you designate yeah I
04:15mean it matters but we used to call the
04:17company like seat bels for email or
04:19whatever back in the days like it sucks
04:21to crash your car it really sucks to go
04:22through the windshield Google and
04:24Microsoft you know have a a total
04:26duopoly on all of this and kind of what
04:30little thing that they missed from a
04:31security perspective is you know World
04:34altering you got like I mean there's a
04:36headline every couple months like every
04:38cabinet secretary just got their email
04:40hacked because all of the eggs were in
04:42Microsoft's basket you know and and so
04:45we kind of just exist to fill the gaps
04:48in whatever doors they leave open that's
04:51you know it's it's very fragile having a
04:54duopolies are stable in the market but
04:56but very fragile when it comes to
04:58security yeah that makes you were one of
05:00the fastest adopters I feel in terms of
05:02Hands-On use of llms for security
05:04applications how did you start thinking
05:06about the use cases where generative Val
05:07would be useful the second you give a
05:10coder a repple uh you know we will we
05:13will start iterating basically right CHT
05:15of nothing was not the world's greatest
05:17reppel so I mean we just started playing
05:19with it and then we're like there's a
05:21lot of security domain knowledge like
05:23baked into this thing it turns out if
05:24you feed you know precisely one internet
05:26to precisely a million gpus it up a
05:29thing or two about cyber security and so
05:32you know it's it's the kind of thing
05:34that obviously like the bad guys are are
05:36are starting to figure out in Earnest uh
05:38and you know it's not like you can
05:40prevent this stuff from getting
05:41democratized but we just we just you
05:43know you could do simple things like you
05:45could feed it you know like a bunch of
05:48you know raw email headers anyone who's
05:50coded with these things it's it's like
05:52this weird wetwear grafted into the
05:54middle of a computer you know it's like
05:56it's uh it's it's squishy and and
05:58stochastic and parody you know but you
06:00have to integration test and and model
06:02around it I think the analogy I used at
06:04the time was like Shang Tsung from
06:05Mortal Kombat like it has it has eaten
06:07the souls you know of of thousands of of
06:10security engineers and so like you might
06:12as well use it because honestly like
06:14there's a lot of just raw operational
06:17work that happens in security of just
06:18like we need to you know rarify this
06:21signal filter out the noise and then
06:24honestly feed it through a human being
06:26who has some experience as to what the
06:28bad guys are trying to do
06:30uh and you know it turns out LMS are
06:31fantastic at that and so that was that
06:33was the first use case um that we really
06:35kind of productionize but you know
06:36beyond that it's it's kind of gone crazy
06:39so there's a lot of engineering you have
06:40to do though it's kind of amazing
06:42because if you look at modern llms they
06:43have this mixture to your point of sort
06:45of this deep knowledge base which is the
06:46internet and dear Point sort of The
06:47Souls of security Engineers on the
06:49internet and then you know it has a sort
06:51of Chain of Thought or sort of reasoning
06:53that is very useful to use in certain
06:54circumstances is there any data that you
06:56feel is really missing or a specialized
06:58Corpus you need to to provide or
06:59anything else that really helps from a
07:02security perspective that you you know
07:03you need to augment or fine tune or do
07:05something with honestly like you know I
07:08I've seen a lot of you know startups
07:11starting from scratch here and and
07:12whatever and you know as as an engineer
07:14like I know when I have Headroom and
07:16honestly even in like GPT 3 and a half
07:19there was plenty to work with I'm seeing
07:20a lot of shovel selling obviously right
07:22now in the AI Market uh and I'm seeing a
07:25lot of like you know I need to pretend
07:27that I have a moat so I need to you know
07:29fine tune all this stuff and whatever
07:31whatever but yeah no I mean so many
07:34things that were very very very hard for
07:37computers you know 18 months ago are
07:40very very easy for off-the-shelf models
07:43so like I I think you know maybe chew
07:45your food First Security industry yeah
07:48what do you think are the best
07:50application areas then for generative Ai
07:52and security is it pen testing is it
07:56fishing is it something new is it some
07:59form of like supply chain yeah I mean
08:01it's obviously the the offensive side is
08:02what you're not supposed to talk about
08:04too much uh but obviously the bad guys
08:06were talking about it and security you
08:08know it it does have this arms racy sort
08:11of aspect to it so like you know we need
08:13security LM companies uh because the bad
08:17guys exist honestly like the the ORD
08:19zero thing when I keep meeting with
08:21Founders you hear this there's all these
08:23like kind of classic cliches in the
08:25cyber security industry like the cyber
08:27security skills shortage like America
08:29needs you know to bring back the draft
08:32and make everyone get a security
08:33certificate or something okay like you
08:37know that you have like 90% of a human
08:40that you can use for like a penny and a
08:41half right okay start there you know uh
08:46and so like there's just basic things
08:48like that but it it gets it gets more
08:50interesting I think from there but like
08:52let's go to Disney World collectively
08:54after we do that and then we'll come
08:55back you know do you do you see any
08:57cesos actively using um llm tools today
09:02or is it still kind of early and it's
09:03like there's an adoption curve and or is
09:05it going to just be in the hands of the
09:06vendors well I I think the best thing
09:09about the security industry uh is that
09:11there's also the security cottage
09:13industry of like it's not the fancy
09:15security vendor who's you know buying
09:18the ciso steak and having them Drive
09:21Ferraris around Vegas every August it's
09:23like just a strong like security
09:25engineer who's just hacking something
09:27together and so some of the best
09:28companies that I've seen you know are
09:30just that uh and and so you're seeing
09:32all these like there are cool projects
09:34out there um you know I you know I don't
09:37want to name drop too many of my friends
09:38on this podcast but like you know just
09:41like the the stuff that socket's doing
09:43just like analyzing npm dependencies
09:46like you know even just like stack
09:48analysis like looking for like you know
09:50hey you you Dro sensitive information in
09:52the middle of your code based like
09:53that's like such a messy hard problem as
09:56any like computer science can you know
09:58person can tell you and like these
09:59things are pretty good at reading code
10:00you know so like all sorts of just basic
10:03stuff like that is is starting to to
10:05pull through so what do you think is the
10:07biggest um risk or cyber threat from
10:10this technology oh I mean like it can be
10:13a human and and I'm just I'm just
10:14talking about the text models right like
10:16so much of Cy security is just text uh
10:19and there's nasty hacks you know that
10:21are that are reported you know where
10:23someone's voice was faked very
10:24convincingly and they made a phone call
10:26and blah blah blah like humans you know
10:28trust through computers uh that was I
10:32think the key mistake we made you know
10:35yeah I guess there's a lot of apis now
10:36that do voice cloning like LMN or um 11
10:40or some of these other folks right and
10:42so basically I guess the threat is that
10:43somebody voice clones and then they can
10:45use it to call you and pretend that
10:47they're your bank and ask for permission
10:49to do a wire or spoof you on the other
10:51side where it doesn't even have to be
10:53that hard like as in the standard like
10:56you know new employee joins company
10:58receives text message claiming to be CEO
11:01thing like it works at scale you know
11:04like uh so like and it's you the sheer
11:08amount of like you know you go you go
11:09see these attacks that that random bad
11:11guys are sending to people and like
11:12they're not even like using grammar
11:14properly like all they could do was like
11:16spell check the bad guys and that's all
11:18you were using like whatever offthe
11:20shelf you know open source llm for like
11:23even that would make a a difference
11:25materially on you know cyber security
11:29how bad do you think this get it on what
11:30time frame so say we're at you know it's
11:32three years from now and we're at GPT 6
11:34or something do you have any predictions
11:37in terms of the the sort of effective
11:39Threat Level or the capabilities or what
11:42might happen then yeah I think we all
11:43kind of like wonder about this um I was
11:45talking to somebody from the White House
11:46who was like trying to figure out how to
11:49talk about security LMS a little bit
11:51like think the operative analogy that
11:52ended up helping was like Bronze Age
11:55versus Iron Age kind of thing and that
11:57like if you're you know if you're if
11:59you're a tribe or something and you have
12:01bronze weapons and Your Neighbor Next
12:04Door gets iron weapons uh then like
12:06you're you're going to have a bad time
12:08like you're going to need to go and get
12:09iron weapons and so all of this talk
12:11about like you know we need to you know
12:13air strike the data centers and and
12:16prevent it from being aligned or not
12:17aligned or whatever the current term is
12:20like that's like saying you know well
12:21this super high grade carbon steel from
12:25space you know needs to be restricted
12:27but honestly like if someone got iron
12:29weapons against your bronze armor like
12:31good night you know and so these all
12:34them things it's a step function like
12:36you know for however often you know we
12:38used to whine that we only had you know
12:40140 characters and not like flying cars
12:42like technology does give you step
12:44functions every once in a while uh and
12:46like this is just that you know so it
12:48doesn't mean that like you know we're
12:50all doomed now uh and I think we getting
12:53a a like a sense of the scope of the
12:55threat is really hard in cyber security
12:57because you could be like you know hey
12:59you know we're a Fortune 500 and we left
13:01the front door open for a year and no
13:02one walked in it like hackers are fake
13:04cybercity industry is BS right or you
13:06can be some like little no-name company
13:08and just get run over and you're like
13:10the barbarians are at the gate and it's
13:12like really hard to know exactly what
13:14you're up against right uh but what's
13:17interesting is that like automation like
13:19it's like the you can be more human and
13:23you can like one human can now supervise
13:26a thousand humans you know you don't
13:27need a room full of like jerks trying to
13:30hack grandma or whatever uh when
13:31honestly like one jerk will now suffice
13:34you know with a for Loop yeah yeah to
13:36that point it feels like there's a few
13:38different types of actors in the cyber
13:40security world right to your point
13:41there's sort of individual players
13:42sometimes that's ransomware sort of
13:44financially driven folks and then
13:45there's state-based actors right and it
13:48seems like some of the attacks we had a
13:50year or two ago on parts of our more
13:52physical infrastructure and supply chain
13:53may have been through state-based actors
13:55how do you think about that in the
13:56context of these things is that you know
13:58we must continue to invest in llms at
14:01scale as a broader National Security
14:04side of things does it modulate your
14:06thinking at all yeah I mean
14:08fundamentally like you have to invest in
14:10cyber security like my my moral basis
14:12for cyber security existing is that is
14:15essentially like the the waste heat of
14:18all other innovation in in Computing and
14:20information which is like you know if a
14:22computer is doing something new for you
14:24that it wasn't doing last year then like
14:27the utility of that will Drive adoption
14:30and then like cleaning up after it for
14:32like whatever the side effects of that
14:33are uh is what you know essentially
14:36cyber security you know does right and
14:38so we are the the cleanup crew for all
14:40other Innovation uh which is you know
14:42it's it's a it's a living it's a you can
14:44it's an honest living so whenever
14:47Innovation happens like the entire world
14:49will adopt it before they realize like
14:51oops it messes up democracy or like oops
14:53whatever you know like utility drives
14:56adoption not safety like welcome to
14:58Earth you know and so uh so I I think
15:02like the on the the nation state side
15:03like it it's you know you don't have to
15:06even be hyperbolic with like you know
15:08it's the atom it's the whatever it's
15:10because like you know fundamentally like
15:12intelligence is now a commodity that we
15:14can arms race you know like weird you
15:17know it's it's not uh you know like
15:20Atomic power can arms race like no like
15:22intelligence itself can now go Red Queen
15:25yeah that was the original premise under
15:26open AI right the concern was that
15:29uh Google and a few other folks had uh
15:31you know real advancements in Ai and
15:33they were driving most of it and so open
15:34a I think originally was meant to be
15:36kind of a counterbalance to that so
15:38there wasn't a single player that would
15:39effectively dominate all of AI or if it
15:41was it'd be under this sort of um
15:44philanthropic uh guys right and so it's
15:48it's it's interesting that even in the
15:50early days of this stuff um a lot of the
15:52emphasis was on this let's avoid some
15:54over agregation of power uh within AI
15:58but if you have a lot of intelligence
15:59that is extremely online like you have a
16:03a ton of power and you know the West I
16:06think is especially vulnerable to this
16:08like open societies I think are extra
16:10vulnerable when it comes to infex stuff
16:12because like we we put it all out there
16:15we we adopt these systems we open them
16:17up we let the private sector totally
16:19handle them you know like we we we are
16:21early adopters of every digital
16:23technology and we are very happy to wave
16:25our soft underbelly on the internet as a
16:28society we don't we don't lock it down
16:30how how does that differ from
16:31totalitarian States from a cyber
16:33security perspective like you could
16:35literally you know if you're like North
16:36Korea you're going to say you're all
16:37going to use this Linux distribution but
16:39it doesn't support you know whatever I
16:40want I'm sorry we're an authoritarian
16:42State like oh oh well what you know like
16:46what if I get fished sorry like that's
16:48not how bank accounts work in our
16:49country you know like it's just like you
16:51can control information you know you
16:53can't this usually gets like viewed
16:55through the lens of like social media
16:57disinformation if you can you know
16:59regulate and lock down you know the
17:00entire social media discourse then like
17:03you know what election is going to get
17:05hacked and where would it get hacked you
17:07know uh but the same thing I think holds
17:09true for all of all of cyber security
17:11the other interesting you know like way
17:13of looking at this that's always kind of
17:14baffled me is that you know if if
17:17cyberspace is a space right like in in
17:20like US military terminology it is a
17:23command just like you know North Africa
17:25is a command like cyberspace is a
17:27command like William Gibson you know
17:29would be proud right but like in this
17:32space like you are kind of on your own
17:35as an American like you know it's like
17:37if I if I was in you know like like the
17:40military protects Americans and guards
17:42our borders what does that even mean you
17:45know with like cyers space like I hope
17:47you're harder to see so uh you know like
17:51is there anything specific you think the
17:52deity should be doing relative to these
17:54sorts of threats right now or if you
17:56were magically in charge of it like what
17:58what would you change or what would you
17:59do differently I mean they do a
18:01fantastic job in a lot of levels like
18:03I'm you know it's like obviously like we
18:05were all had to the valley had to deal
18:07with like Snowden and everything you
18:09know 10 years ago and whatever uh and I
18:13I'm not I don't need to take a side on
18:14that one but the point is like we have
18:16some pretty incredible people you know
18:17doing offensive stuff as well in cyber
18:19security and deterrence works pretty
18:21well a lot of the time as well you know
18:24so I when it comes to LM specifically I
18:26think everyone is still figuring out
18:29what the hell is even going on you know
18:31like it's it's going to take them a
18:32while I think you see DARPA doing really
18:34interesting stuff you know like there
18:35are interesting projects out there um
18:38but I think and this is maybe a motif
18:40that I see broadly with llms is like you
18:43know the unless you go super super deep
18:47on this stuff you kind of see everything
18:48through the lens of like the popular
18:50discourse of chat GPT like whatever you
18:53know the the the you know the New York
18:55Times or whatever has said about chat
18:57GPT or whatever experience you had the
19:00first time you used it 6 months ago when
19:02you were on the free version is how you
19:03see everything and so they'll be like we
19:05need to make sure it doesn't make stuff
19:08up we need to you know have it generate
19:11blah blah it's it's all kind of like
19:12order zero stuff I think people have yet
19:14to realize that like the computer can
19:16think in like a much more Salient way
19:19than like it ever could before and so I
19:21think people are still playing catchup
19:23yeah that makes sense yeah it feels very
19:24underappreciated yeah I feel like there
19:25in general people R viewing um AI this
19:28Continuum where it's like it's a CNN RNN
19:30and now we have Transformers and it's
19:32just a straight line and instead
19:33obviously it's a big discontinuity in
19:34terms of capabilities and I think most
19:36people still don't think about it that
19:37way or at least I should say many people
19:39particularly outside of tech and I
19:40actually think it's underhyped in all
19:41sorts of ways which may be a different
19:43conversation shovel selling is overhyped
19:45but I think the uh the the thoughtful
19:47you know discourse on what our society
19:49will be like in 10 years is probably
19:50underhyped yeah yeah good point so one
19:53of the big debates that people have in
19:54this area is what degree of things will
19:56go to Encompass versus startups and in
19:58security the incumbents are really
20:00strong right they are very good at
20:01buying things and bundling and cross-
20:03selling and sort of the traditional
20:05Enterprise Playbook which parts of tech
20:07have sort of Forgotten for a while and
20:08maybe are coming back to now that we
20:09don't have Zer anymore um how do you uh
20:13how do you think about the things that
20:14incumbents will do versus startups like
20:16is there any room for startups right now
20:17on the SEC on the AI security side I
20:20mean there's there's always room for
20:21startups the cynical take here or like
20:24the the the take I can give that is
20:27perhaps most formed and most cynical uh
20:30whether this is whatever uninformed
20:32informed pessimism versus inform
20:35whatever is uh is that basically you
20:38know in the Cyber secur industry there's
20:39some basic economics right there's if
20:42you care about this like there's a great
20:43paper that is actually required reading
20:45for everyone who's ever joined material
20:46which I've never enforced uh but it's
20:49called the market for silver bullets
20:51right like Ian Grigg wrote it I think
20:52I've sent it to you once and it's like
20:54fundamentally you know there's there's
20:55like markets for lemons and whatever but
20:57there's markets for silver bullets which
20:59is that like fundamentally there's
21:00there's the buyer there's the seller and
21:02there's the attacker you know and so
21:03like the buyer cannot really be sure of
21:06the effectiveness of what they're buying
21:07and whatever whatever and so you can't
21:09really like look at a solution and be
21:12sure that it will save you right like
21:15you know you could buy an insurance
21:17policy you know and and there's a you
21:19know like a truism that all cyber
21:22security products are just you know
21:23complex insurance policies or whatever
21:25right but the the the point is like that
21:28that mushiness exists and so what has
21:31resulted in in in the free market here
21:34is these incredible distribution
21:35machines right you have you know think
21:38like Cisco or Pal alter networks or even
21:40you know Microsoft and Google to an
21:42extent right where they just they have
21:44the Salesforce they have you know the
21:46the bundle they have you know the the
21:49big conference with all the glitzy stuff
21:51or whatever right but they don't really
21:54know like if you ask the product manager
21:56at that company or whatever like and
21:57they're being honest like they don't
21:59know what bad guys are going to be doing
22:01in five years any better than anybody
22:03else does right uh and they don't know
22:05what's going to be effective so why
22:07would they plant seeds from scratch when
22:09they could just go Harvest crops that
22:11are already growing and and Transplant
22:14them into their yard and water them with
22:15all these salespeople and all this
22:17bundling and all this Market power right
22:19uh and so these these like paved roads I
22:21think they're just a function of of the
22:24extra you know like technological and
22:26product uncertainty that is just
22:28compensated for that that risk must be
22:30compensated for with extra low Market
22:32risk you know and so that's what you see
22:34you know like Cisco just bought Splunk
22:37but Splunk buys things the whole Market
22:38just works this way I think I I read a
22:40blog post once where I called it the the
22:42cyber security industrial complex you
22:44know and it's like their PE firms you
22:46know dressed up as innovators blah blah
22:48blah I was angry I used to be very angry
22:50but uh but but fundamentally this this
22:52happens and so that means that we are
22:54kind of you know entrepreneurs you know
22:57at at at their worst like there can be
22:59new great cyber security companies there
23:01there's still creative destruction that
23:03happens you know some of the best cyber
23:04security companies you know didn't
23:06really exist 10 years ago and that's
23:08like you can still build big ones like
23:09VCS you know don't stop you know like
23:11VC's you know when it comes to cyber
23:13stuff will will like you know just go
23:15for base hits constantly the worst ones
23:17you know a lot of the best VCS like
23:18never you know make bets in cyber
23:20security because you know at best you're
23:22going to get a $200 million takeout to
23:24palto networks or whatever right that's
23:26the the typical outcome but you know you
23:28can still build these big companies uh
23:30and and you know people should still try
23:33uh but you know there's but that that
23:35that farm system is still active like no
23:37one really knows like The Innovation
23:38will happen and if the Market's big
23:40enough and you know you don't as a
23:43Founder you know you don't want to stop
23:45the game on second base or whatever uh
23:47and you want to keep going those
23:48opportunities are there uh and honestly
23:51like discontinuities breed new companies
23:53you know and there's entire classes of
23:56things that are necessary and obsolete
23:59now so much of security is uh is is
24:02emitting logs and alerts and then
24:04parsing those logs alerts again and
24:06aggregating them you know I I spent a
24:08lot of time doing you know data
24:09infrastructure analytics in my life you
24:11know before after my cyber security grad
24:13degree but before I started using that
24:15degree uh and and it's just like you
24:18know serializing and deserializing data
24:21and parsing some old firewall thing from
24:2420 years ago or whatever and like an LM
24:26can just eat that you know like
24:28depending on volume and and all that
24:29stuff but there just like a lot of spend
24:33I think is up for grabs as long as you
24:35know people have their expectations in
24:37the right place I guess outside of
24:39material like um is there any larger
24:41scale security vendors that that you've
24:44uh you know publicly talked about
24:45rapidly adopting llms I know material's
24:48been very fast on it I mean obviously
24:50Microsoft had this you know top- down
24:52mandate and had a year on everybody and
24:54so they've been they've been making a
24:55lot of noise and and marketing it um but
24:59you know and that's theoretically cool
25:01but um I don't know how I haven't used
25:03it personally yet um but I I you kind of
25:08you probably saw this pattern which is
25:09that like uh you know kind of the the
25:12growthy companies with the nerdy
25:14Founders like immediately started
25:17integrating this into the product right
25:19uh and then the like youngish public
25:22companies that like totally still got it
25:25you know would do like a thinner feature
25:27a little bit later you know the big
25:29Fortune 500s are doing science projects
25:31God bless them you know uh and so I I
25:34think I'm seeing that and I I haven't
25:36I've seen plenty of first bucket things
25:37that are very impressive uh I've seen
25:40you know like the the the look you can
25:43type in the box and if you have typos
25:45the llm doesn't care you know I've seen
25:47that from from the public companies that
25:49totally still got it you know and then
25:52uh and then the science projects you
25:53know are uh just just really good for
25:55open a eyes Revenue I assume yeah yeah
25:57yeah that makes sense yeah and I guess
25:59there's also sort of the hybrid or
26:01overlap or partnership stuff like for
26:02example last year I know material did a
26:04partnership with slick to Support Office
26:06365 in Google workspace and provided
26:08sort of enhanced security benefits to
26:09Joint users and so there's like there's
26:11also that sort of approach where you you
26:13partner with the large incumbents to to
26:14bring these new things to Market in some
26:16sense yeah yeah I mean c security
26:18Partnerships are super super super
26:19important because like people people
26:21hate to have to buy like individual
26:23things in their cyber security stack but
26:25they also hate when they buy a big
26:27bundle that sucks you know so like the
26:29the right answer for the customer is to
26:31like just for for the vendors to be
26:33grown-ups and to work better together
26:36where possible yeah I guess um more
26:38generally you know it's been about seven
26:40years since you co- found a material
26:42what do you think are the biggest uh
26:43changes or Evolutions in security since
26:45then oh that's a good question
26:49um honestly like I don't know how much
26:52has changed like it's like you know
26:56people still send emails people still
26:58reply to text messages I think uh you
27:02know the there's always like the put
27:05slack is going to have all those
27:07problems too or whatever whatever and I
27:09think at the end of the day like if
27:11something's a wall Garden uh like it
27:14will be involved in attacks you know
27:16someone will go in and like own you
27:19because they compromise slack after they
27:21compromise this and and escalated that
27:23whatever but like entirely new attack
27:26surfaces of like you know ways to get to
27:28users from across the internet broadly
27:30speaking uh like I think have have a
27:34somewhat somewhat stable what's the sad
27:36thing I I spent a lot of time thinking
27:37about like mobile stuff and it's it's
27:40sort of this like tragic thing where
27:41like locked these things down like
27:43hardcore now right it's actually like
27:45super limited what like vendors can do
27:47and and the average employee I think
27:50understands that their company probably
27:52owns their work email account or
27:54whatever uh and has has cart launch to
27:56protect that and protect the company but
27:59you know like do you have your phone is
28:00it my phone I brought it I signed it in
28:02do I have MDM on it all this stuff and
28:04so that ends up being the situation
28:06where uh you know even Apple who's like
28:09so good at locking it down to the extent
28:11that you know Zuck is super sad or
28:13whatever like we'll we'll lock down the
28:15device and prevent you know the most you
28:18know obvious forms of cybercity software
28:20being made but like uh like then we'll
28:24sit on the problem for years while like
28:26everyone gets over you know so it's
28:28people are are usually it's a sad thing
28:30in the tech industry that you probably
28:31see people are better at keeping people
28:34out of their territory than using their
28:36territory you know uh it's this very
28:39very nasty sad thing so uh so I I think
28:42some of these problems I think have just
28:44gotten worse you know um I think there's
28:47always the the you know infrastructure
28:50story of like you know the multi- deade
28:54mega trend of people getting rid of
28:56their data centers and allowing only a
28:59small handful of companies to buy all
29:01the semiconductors and then renting them
29:02from people that centralization uh you
29:05know it's it's not like the most
29:06interesting thing for a lot of us you
29:08know but it's you go to security
29:10conferences and it's you know I I had to
29:13buy these seven things when I had had a
29:15data center now I have to buy this one
29:18thing but it comes with Amazon but it
29:20sucks but I have to buy this other
29:21things so that that trend is not done
29:23and there have been some great companies
29:25that have been built in in that space uh
29:27in the last seven years that you know
29:29like I you'd think that like AWS and
29:33Google and Microsoft could like keep
29:36this secure that they're renting
29:38you but no you know like so that's that
29:42was that's been one of my biggest
29:43probably misses as a as a as an investor
29:46not even independent of security there's
29:48years of like well the AWS will bundle
29:50this one you know and then no they don't
29:52you know even like snow I did diligence
29:54on snowflakes B and told whoever asked
29:56me to pass CU I'm like red shift exists
29:59like AWS is not asleep at the wheel and
30:01then you know AWS subsequently told me
30:03when I talked to them about this they're
30:05like you know we get paid either way
30:06like we they don't own any CPUs like we
30:08can be lazy yeah yeah yeah yeah they're
30:11the platform so it works yeah there
30:13other areas um I know that a lot of
30:15Founders in both security but also in
30:17Enterprise come to you for advice as
30:20they first get started um in terms of
30:21starting their companies are there other
30:23areas of like Enterprise that you're
30:24most excited or interested in right now
30:27uh oh man I have this LoveHate Thing
30:28just with with security like if I if
30:30there's any Founders listening to this
30:32like security like like what's annoying
30:35is because it's very mushy no one
30:37necessarily knows what products are
30:38effective and whatever whatever you can
30:40kind of just like really put your head
30:42down and like grind and sell and like
30:45build a beach head with your company uh
30:48you know and and it might be a totally
30:50okay product like I was I was talking to
30:51a great founder yesterday and they're
30:53like thinking about what to build and
30:54whatever whatever and and it's like take
30:56a step back and just like try and build
30:59an incredibly useful thing that everyone
31:01should buy stop thinking about the
31:03Gartner categories and you know whatever
31:07casby uba Sim whatever DNR something
31:11something something like stop like
31:13trying to like look at at this like big
31:15like you see these like the some of the
31:17cyber security you know I bankers and
31:18stuff will put out these big quadrants
31:20of everything and how it all fits in the
31:23thing that consumer people make fun of
31:25us Enterprise people for are are extra
31:28make funable uh in cyber security you
31:31know and so uh so I'm always just like
31:34you know like go and go in there and
31:36like just like if it if it's a thing
31:38that connects to an API that everybody
31:40uses and saves them all a bunch of time
31:43and makes it way easier like just build
31:45that okay like stop worrying about your
31:46Garten category you got like five years
31:49uh to even like you know start paying
31:51Gartner you know like stop it well you
31:53know how many people I've like sent your
31:54blog post of like what is a good market
31:57like Market is not the same thing as
32:01know like that's a product that should
32:04exist everyone should just buy that and
32:06like then we have to x-ray it with like
32:08where distribution is going to come from
32:09and and like you know like is this going
32:11to be easy to sell on a reasonable time
32:13scale and whatever I think my my
32:15favorite companies I'm spending the most
32:16time with tend to be in security but uh
32:19if you if you want a a a grouchy yet
32:22somehow still optimistic guy on your cap
32:24table just you know give me a call but
32:26I'm to do less stuff in security is
32:29there any other advice that you tend to
32:31give um people starting companies for
32:32the first time oh man
32:35uh yeah I I mean there's just the basics
32:39like figure out your team you know like
32:41being a solo founder is actually totally
32:42okay it's way better than being like we
32:44had three coffees together and we just
32:46got married you know so like like just
32:49start with the team like everything is
32:51built on the team like it's the saddest
32:52thing in the world when you see like a
32:54beautiful company and then like just the
32:56foundation has a has a crack in it and
32:58you have to tear the whole thing down
33:00you know make sure you have the same
33:02like Risk appetites and stuff like that
33:04just those basic basic basic stuff like
33:06you know especially when you know we are
33:08irrationally exuberant again in Silicon
33:10Valley we had a solid six months of
33:12being depressed because the end of of
33:14free money I kind of wish it lasted a
33:16year a year longer or something I think
33:18it would have been very uh very healthy
33:20for everyone I know people step like all
33:22the Warren Buffett quotes came back I
33:24think like RP good times like seven or
33:27whatever you know and now it's gone
33:28again you know yeah it's it's back to
33:32zerp if you're an AI just honestly like
33:33just pick a good market like look for a
33:36lot of dollars and a lot of other shitty
33:38people that like you can take those
33:40dollars from the analogy that stuck for
33:42people was like the difficulty level of
33:44the game that is starting a company is
33:46essentially just like the size of the
33:48market like the inverse of that you know
33:50like the bigger the market like you can
33:52you can eat mistakes you know you can
33:54you can burn time you know like it's
33:56just play play the game on easy if you
33:58possibly can you know yeah it's kind of
34:00interesting that's kind of advice that I
34:01tend to give people who are working in
34:03AI right now because I feel like there's
34:04so much loow hanging fruit and you see
34:06these people doing these incredibly
34:07complicated things or incredibly hard
34:09things and you're like why are you doing
34:10something so hard when it's an early
34:11industry right in the in the latter part
34:14of an industry when things have matured
34:15and sort of saturated that's when you do
34:16the hard stuff but in the early days of
34:18a new market you just want to do the
34:19easy stuff because that's that's very
34:21tractable it's faster it's easier you
34:22know higher velocity right like I'm not
34:25the only one with this pet peeve but you
34:27like you need like really talented
34:29technologists on founding teams like I
34:31really think it's like we're in the
34:32technology industry like you know if you
34:35leave the NB alone they're going to do
34:36like Casper mattresses but for mattress
34:38pads this time but they come with razors
34:40on them and stuff like they're going to
34:41follow the same templates God bless them
34:43they need to exist but like the best
34:46companies have a technologist like you
34:48know maybe not in the CEO role but like
34:50someone there uh and and technologists
34:52like we love to to do what we know and
34:55so there's this like massive you know
34:57like overabundance of engineering
34:59recruiting companies and you know devops
35:03but this time totally different Dev
35:04tooling like infrastructure monitoring
35:07blah blah blah and it's like dude just
35:08like get out there and like learn a
35:11market that's not your own okay like
35:13it's just like like the world needs your
35:16Creative Energy to paraphrase one of our
35:18slogans from Dropbox back in the day but
35:20like you're going to have to like maybe
35:22leave your house sort of at least on
35:24Zoom you know and talk to people on find
35:27like find a find a market you know so
35:29and I think with AI you're seeing just
35:31the overabundance of shovel selling like
35:34the world needs Next Generation data dog
35:38for AI but not that one because there's
35:40already that guy this one's for testing
35:41but not that kind of test but mobile
35:43testing that one yeah right and it's
35:45like stop like combinatorics will never
35:47let you down there's always going to be
35:49a way to cross these things you know but
35:51like how big is that actual Market how
35:54big is it you know yeah yeah makes a lot
35:57of sense so Ryan thank you so much for
35:58joining us today on no priors yeah it
36:00was great a lot it was really
36:02fun find us on Twitter at no prior pod
36:06subscribe to our YouTube channel if you
36:07want to see our faces follow the show on
36:09Apple podcast Spotify or wherever you
36:12listen that way you get a new episode
36:14every week and sign up for emails or
36:15find transcripts for every episode at