00:00hi everyone welcome to day 6 and Z
00:02podcast I'm sonal today we have one of
00:05our founder stories episodes you can
00:06find others on our website under a 6 + Z
00:08comm / founder maker stories and our
00:11guest today is Tina Aaron smart CEO and
00:14co-founder of security company yubico
00:16makers of the hardware Authenticator
00:19Yubikey in this conversation co-hosted
00:21by general partner martine casado we
00:24cover everything from the broader trends
00:25in security and authentication to the
00:28seemingly eternal tension between
00:29usability and security to the role of
00:32open standards and open source and Trust
00:34and adoption and finally we discuss the
00:37challenges and realities of the long
00:39hard slog startup space with some advice
00:41for entrepreneurs shared in between but
00:44first we talk about regional differences
00:46in innovation and how this company got
00:48started Jacob and I were working for a
00:51company of doing clinical trials and we
00:54asked them if we could develop a new
00:57intelligent pharmaceutical packaging
00:59that would remind the patient you know
01:02the compliance information directly on
01:04the package I think we did everything
01:05wrong there because we were trying to
01:08solve a super big problem over from a
01:10suitable packaging and a whole ecosystem
01:12but it actually led to what we do today
01:15because how do you then send the
01:17information between the pharmaceutical
01:18packaging to the computer in a secure
01:20way it sort of indirectly led to what we
01:22did isn't it funny all those things make
01:24sense in hindsight and retrospective
01:26that's good actually it's something I've
01:27always wanted to ask you is one of the
01:29biggest differences being a Swedish
01:30entrepreneur and in Silicon Valley
01:31sweets are in general and more frugal
01:34and more cautious there's this saying
01:36that a sweet thing that a million dollar
01:38is a lot of money but I like what Sweden
01:41offers in terms of sort of social
01:43welfare and you know we haven't had war
01:45for two hundred years but here there
01:48isn't any limit of how big a dream could
01:50be Sweden actually has proven to come up
01:53with a lot of great inventions so I'm
01:56not saying but the reaction I got when I
01:58came here oh that sounds cool
02:01how can I help so I don't think there is
02:03an idea or a vision that is too big for
02:06Silicon Valley the first time I
02:08connected with the internet I fell in
02:10love I just thought this is the
02:13most powerful thing mankind has ever
02:15invented I actually felt it was almost
02:17like a spiritual experience here's this
02:19place we're all connected where we all
02:22have this endless information that we
02:24can't tap into and then when I learned
02:26that it was vulnerable but the security
02:30wasn't great I don't know but there was
02:33this calling where I just felt I cannot
02:35let this fantastic invention fail it's
02:37just one of those things that someone
02:39need to be there to protect like the
02:42bear mother is protecting her kids
02:43that's what I felt then the first time I
02:49lied in I was registering to an online
02:51bank the bank told me that I would be
02:53safe with a username and my password and
02:55the software that I downloaded on my
02:56computer but I happen to know a former
03:00white hat hacker who told me it would
03:01take him a day to write the code who
03:03would empty my bank account so I called
03:06up the customer service at the vine and
03:07asked them what would they wouldn't do
03:09about this and they said can you please
03:10tell your friend to not do that what I
03:14didn't tell the bank was that the former
03:17white hat hacker who by the way never
03:18did anything criminal is also my husband
03:21and the father through my three children
03:23and I had needed to figure out something
03:27that he couldn't talk he knew that any
03:29software that's downloaded on a computer
03:31or on a phone can sooner or later be
03:33hacked and that's the reality we're
03:35seeing so secretly your plan was to see
03:37if you could beat him the only thing
03:38that was really secure and it's still
03:40fairly secure with smart cards but they
03:42just so difficult to deploy that doesn't
03:44work I mean Google realized that and we
03:46knew it Jacob my husband who is an
03:48electronic computer engineer who built
03:50his first computer when he's 15 we
03:52started dating when I went to college
03:54and studied product design and he built
03:56a working prototype for one of my
03:58designs and when we knew we wanted to
04:01develop a security solution that could
04:03scale and it was not hackable my first
04:06question was you know these smart cards
04:08but needs drivers why do I need a driver
04:11I can't just plug in my keyboard and I
04:14don't need a driver and then Jacob that
04:16simple question actually resulted in our
04:19first invention which was is a security
04:21key that generates one-time passcode
04:24through the keyboard interface it
04:27as he was a keyboard so when you touch
04:29it it generates a long encrypted code
04:31through the key but I don't have to
04:32retype in fact it's not unlike how you
04:34baqi works right now so just to quickly
04:36explain for people what you bickie the
04:38hardware token hardware Authenticator
04:39honest I'll give you my laypersons
04:41experience of it I have like a little
04:43USB stick looking thin black little
04:46device which has gold prongs and by the
04:48way because of that I've turned it into
04:49a bracelet charm because he's behind in
04:53my bag so I actually often wear it on my
04:56hands as a bracelet in order to login
04:57and we're before we still log in through
05:00octa which is like our unified you know
05:02browser login for the firm now instead
05:04of using a text password or like a
05:07little app on my phone I now insert my
05:10yubikey into my USB port just stick a
05:13little button and it just instantly logs
05:15me in it takes like less than not even a
05:17second so security is top of mine and
05:20it's been top of mind you know certainly
05:22since I've started computing but
05:23especially now I mean you hear it all
05:24the time with all the account takeovers
05:26it used to be like okay there's some
05:27hacker that's gonna kind of break into
05:29your computer remotely and more and more
05:32the type of threat really is something
05:34where I will become so I'll take over
05:36your Twitter for the purposes of I'm
05:38gonna postal eight things to taking over
05:40a bank account and like if I can
05:42impersonate you and be you I can have
05:44access to those dollars and we're seeing
05:46this more and more I think this is the
05:47primary threat and so if you're in the
05:50security industry two things come to
05:53mind the first one is we're trying to
05:55develop solutions for these and there's
05:56only one that's kind of been really
05:57proven to work and these are Harbor
05:59tokens and Harbor roots of trust when I
06:00think of authentication people talk
06:03about two-factor 3 factor and two-factor
06:05authentication is it something you have
06:07and something you know and oftentimes
06:09that's something you have is like your
06:11cell phone and something you know is
06:13like your password or something and also
06:16you can have like a fingerprint sensor
06:17you and you can authenticate that way
06:19and that's like bio metric or you can
06:22use your eyeballs or retinal scan and
06:23then I've also heard of things like 3
06:25factor and 4 factor how does this fit in
06:27that big picture so the more factors you
06:29have the more likely it is to be secure
06:32right it also add complexity to the user
06:34I believe that the pin or a password or
06:36biometrics is about the same level of
06:38security in addition to that
06:41anything that you have or actually you
06:43know with something that you are like a
06:45fingerprint or your eyes should ideally
06:48be combined with a hardware
06:51Authenticator that's in your pocket
06:53that's not connected to the Internet and
06:55has a very small attack vector and why
06:59is that because I would imagine that
07:00it's easier bluntly to steal the
07:03hardware Authenticator like a little
07:04object than it is to steal a password
07:07out of someone's head or their
07:09fingerprint what's the rationale we all
07:11have fingerprint is something you can
07:12copy the best hardware Authenticator
07:15they generate new pass codes every time
07:17they're used like old-school VPN keys
07:19and the best one actually use public key
07:22crypto that is the ultimate encryption
07:25method that is really really difficult
07:27to hack so every time is used it's new
07:29compared to you fingerprint which can be
07:31copied there's also privacy concerns
07:34with sending information about your
07:35fingerprint over the net right but just
07:37sending strong digital numbers over the
07:39net is a more secure way to do it here's
07:41kind of the way that I think about this
07:43which is there's many ways to try and do
07:45security right one of them is pure
07:46software but the problem with pure
07:48software is is kind of Turtles all the
07:50way down all the way down is like you've
07:53got software protecting software if
07:55there's nothing that I can physically do
07:57to protect that so remember when you
08:00connect to the internet every sociopath
08:02on the planet has access to your
08:03computer and if they have access to your
08:04software and you have no physical
08:06recourse whatsoever and that's what I
08:08mean but Turtles all the way down they
08:10can do anything they want because they
08:12own the software ingesting and that's
08:14why we've moved from software to
08:16hardware now a very common thing to do
08:19for two-factor authentication is go to
08:20cellphones but even those aren't
08:22something that you can really protect
08:24because somebody could walk into a
08:26t-mobile store in Idaho and they could
08:29show a fake ID from writing they could
08:30port my phone number to their phone and
08:32then they could use that to reset all of
08:33my passwords so a phone number is not
08:35something I can put in my pocket or
08:37putting a safe and protect but if
08:39someone steals my physical key what do I
08:41do I get another key what if someone
08:43steals a biometric you only have one
08:46body you can't like get surgery right so
08:48this is actually a really big deal
08:51by the way we're Tom Cruise right
08:55remember the breech for OPM Office of
08:57Personnel Management
08:58yeah the government reads right so that
08:59had a database of fingerprints and for
09:04those of us like myself I used to work
09:05for the government that had our
09:07credentials stolen we can't even do
09:08Global Entry anymore because biometric
09:11assembly of course because we can't use
09:12our fingerprints anymore and so the
09:14problem with biometrics is if that's
09:15what using for your credentials and
09:17someone steals it that's it you're done
09:19now a hardware token that's independent
09:21of that you can protect it and so I feel
09:23very strongly that the solution must be
09:25physical it must be independent of the
09:27physical body and something that you can
09:29put in a safe if you want to
09:30historically security and privacy has
09:32not been a good fit you know good
09:35security has always come with
09:36not-so-great privacy we started giving
09:39away some of our keys to dissidents and
09:41journalists around the globe the most
09:43touching of all was a journalist from a
09:46non democratic country who sent us an
09:48email with the email heading thank you
09:50for saving my life they needed a
09:52solution that was not tied to their real
09:54identity right that's something that was
09:57them they were the same person coming in
09:59again they were the owner of the account
10:02that they had set up but they didn't
10:03disclose any personal information I love
10:06that you mentioned that security and
10:08privacy aren't the same thing because I
10:09think a lot of lay people sometimes
10:11complete those two terms security is I'm
10:14safe privacy is I'm disclosing
10:18information about myself private
10:20information about where I live my phone
10:23number my age and it could include
10:25health care records things that really
10:27should not be public well security is
10:30basically a lock and it doesn't
10:32necessarily need to have anything about
10:34you it's just a good lock on the door
10:37the world is seeing an interesting war
10:40right now over the Internet
10:42historically we had cannons and tanks
10:45and machines to kill each other now we
10:47only have to hack into each other
10:49systems on the government level on a
10:51personal level to do damage that can be
10:55far bigger can also be physical my
10:58wrote a book on Stuxnet the idea that
11:02something digital can actually affect
11:03physical like a nuclear factories insane
11:06to me that just goes to show there's a
11:08larger attack surface with software well
11:10the thing with software is if someone
11:12gets in the software at all any piece of
11:14it then basically they control the laws
11:17of physics Google was struggling with
11:19phishing not the old-school fishing
11:22where you still this is username
11:24password but the more modern attacks
11:26that hijacks a session and tricks a user
11:30to do stupid things right and they were
11:32seeing quite a lot of problem with us it
11:36was growing and they realized there was
11:38no technologies out there that could
11:40solve this at scale and we approached
11:42Google with this idea of one single key
11:45to any number of services at the time
11:47smart cars were the only technology that
11:49would solve the problem but smart cars
11:51are complicated they were designed
11:53thirty years ago they were not designed
11:54for the web they need readers clients
11:56software drivers and and opted for the
11:59phone it doesn't work for the phone so
12:00we said what if we would combine the
12:03simplicity of the Yubikey this was
12:05initially just a one-time password
12:07device with public key crypto and NFC so
12:10it would work over mobile and then build
12:13in the client software and driver
12:15directly into the browser so it unites
12:17the public key with the NFC the
12:20near-field communication with
12:21essentially the hardware is all within
12:24the browser in a weird way because it's
12:26not requiring special hardware I would
12:28say the middleware the client software
12:30that the smart card had been struggling
12:32with we would just put it in the browser
12:34you turned it into software and if you
12:36put it into the browser it's much easier
12:40for the user you don't have to do
12:41anything and the risk of having to
12:43download something that may be
12:44compromised is mitigated and that became
12:47part of you 12 and since Google deployed
12:49this for all staff and contract there
12:51they have the zero phishing attempts so
12:53I think it's fair to say over the last
12:55few years phyto use become the standard
12:57for authentication which is really
12:58significant I would love to hear how
13:00this came into being so it started just
13:03named q2f which stands for universal
13:06second factor and then we contributed
13:09the code to fighter alliance fighter
13:12alliance is an open standards consortium
13:14including Microsoft and PayPal and bang
13:17of American visa I mean 200 companies
13:19are there there are now working
13:22developing this sort of idea concept and
13:26innovation that we contributed with not
13:28only for authentication
13:30but for payments I'm absolutely
13:32convinced that this will have a big
13:35impact on Internet security as SSL have
13:37had in the past before is all you didn't
13:40have secure identity so you didn't know
13:41who you were talking to and you didn't
13:43have encryption and so everything was in
13:44plain text and with SEO you got both of
13:46those so for example if you go to well
13:49as Fargo you know you're talking about
13:50Fargo because someone has they have a
13:52signed certificate that says Wells Fargo
13:54that came from a trusted authority like
13:56Verisign or whoever it is and so provide
13:58both security and privacy what's
14:01happening now that is all leading
14:03browsers and platforms are engaged in
14:05this open standards work so today I can
14:08use my key to login to Google the same
14:10key I can log into Facebook and Dropbox
14:12and github my end of this year I will be
14:15able to log in to several banks to use
14:19government services and none of these
14:22services share any information about how
14:25my key is used there isn't a centralized
14:27service provider who sits on the keys
14:29it's not owned and controlled by the
14:31government not by Google not my you be
14:33called by Microsoft and that's really
14:35what's the game changer is because now
14:37we can set up distributed trust models
14:40between individuals and companies and do
14:42things it's sort of in the same vision
14:45of blockchain you know how do you secure
14:47things that are distributed are not
14:49centralized the top Internet companies
14:51the best security people I know all are
14:53doing this but you have like a lot of
14:55legacy businesses that really haven't
14:56caught on how do you reconcile this
14:59discrepancies are they just behind
15:02standards work to take time and changing
15:05people's behavior also take time I mean
15:07we so used to using passwords we're
15:09starting to get used to this a mess to
15:11factor but to introduce something else
15:13it just takes time I am very optimistic
15:16that things are moving in the right
15:18Google published a report not long ago
15:21where they said that they were able to
15:22cut down support to 92% compared to a
15:26phone app after that the other Internet
15:28companies came on board so I feel like
15:31he's getting educated these big banks
15:33don't have to have special hardware and
15:35special things they have to do you don't
15:37have to worry about that layer so now
15:38the challenge to overcome is simply time
15:41of adoption cultural barriers behavior
15:43as you said but you've mentioned now a
15:45few times this sort of pension and I
15:46would argue even though they're
15:48complementary between usability and
15:49security because you make certain
15:51trade-offs they tell you you're not
15:52supposed to use the same password
15:53everywhere but people are lazy not even
15:56just lazy they're human so tell me about
15:57how you went through that balance
16:00between great security and great
16:01usability so we started with that sort
16:04of just one touch user experience that
16:07didn't have the ultimate protocol
16:08because we needed native support in the
16:10browser and then in order for this to
16:12work just everywhere we need old
16:14browsers so Google was the first was
16:17Eli's coming onboard Microsoft is coming
16:19onboard brave I just got to say it's
16:21totally my new favorite browser it's
16:23amazing so you had to go through the
16:24browsers first or did you make it really
16:26secure and really easy to use yeah
16:28another way someone need to download a
16:30software which add complexity and a
16:33security risk so I think that's the
16:34sauce and you know the reason why Google
16:37was able to cut down support was because
16:40they gave everyone two or three keys I
16:42mean if you have a login technology
16:44through your phone or through a token or
16:47through a card you will sooner or later
16:48lose it just like the car key the reason
16:51why we have an extra car key or an extra
16:53house keys it's good to have an extra
16:55this technology allows you to set up
16:57multiple keys square does this girl's as
16:59far as protecting more broadly computer
17:02systems the next evolution of the
17:04fighting protocol is to make it password
17:07less where you can combine the Yubikey
17:08with a fingerprint or biometrics or geo
17:12location of something else because you
17:14always want to have an extra factor just
17:16man like your ATM card you have that pin
17:18so that's the good evolution happening
17:21in parallel the same protocol is getting
17:23into payments payment in the browser's
17:25into IOT into encryption use her own
17:29identity okay so this is an area near
17:31and dear to my heart I mean we see
17:33drones that plant trees we see
17:34autonomous vehicles so how does our
17:37roots of trust play into that
17:38environment same authentication
17:40encryption protocol but not between a
17:43user and a server between
17:45devices between servers and servers
17:47between a phone and a service and there
17:50are what is it seventy-five million
17:52hundred million servers out there so
17:53it's not only users who need to be
17:55protected there are other systems and
17:58today's quite costly and cumbersome to
18:00protect them so if we just move out the
18:03really sensitive parts the login
18:06credentials and some of the things we
18:08really want to encrypt not everything we
18:10have minimized a pack vector and we have
18:14significantly up the security you know
18:17Google has made a public that they have
18:19a special-purpose piece of hardware on
18:20all of the surface called the Titan chip
18:22a trend to using Hardware on every
18:25server to protect them as well another
18:26thing that people talk about is like
18:27putting it in like a chip like an Intel
18:29chip which is great one thing about
18:31security that I've learned over the
18:32years is you have to secure at every
18:34layer like you need software security
18:35and in software security you need app
18:37security and OS security you need
18:39hypervisor security you need chip
18:42but again even if you're putting
18:44security controls within for example an
18:47Intel processor it's still on the same
18:48die as all of the other functionality
18:51and then we see bugs and we had recently
18:53like meltdown so the idea is to have a
18:55separate chip it's on a separate die it
18:58was a hundred percent functionality as
19:00for security and now you have something
19:02that you know what it is you can trust
19:04that much smaller attack surface that
19:06so you're basically arguing just I
19:08understand this correctly that there
19:09will be some kind of hyper
19:10specialization around security at a
19:12hardware level not only that I'm saying
19:14Google has announced that they're doing
19:15this with a special purpose chip and so
19:17to have something that's a few hundred
19:19bucks that you know as part of the same
19:21model I think is probably a disruption
19:23on the server side so on this whole
19:25discussion we have to accept that we are
19:28not going to have a secure internet we
19:30will not be able to trust our software
19:32will not be able to trust their networks
19:34our Wi-Fi our devices either computers
19:37or phones so instead of trying to fix it
19:40we can just say okay let's take out the
19:44really sensitive part and move it from
19:47the internet move it from the computers
19:49it's unfortunate realization you know in
19:52the perfect world we wouldn't have to
19:54but the way the internet was designed
19:56like going back to this beautiful you
19:59he was designed for sharing it was not
20:01designed for security instead of saying
20:02oh this is disaster we're gonna see
20:05companies and systems that will very
20:10much challenge the large centralized
20:12trust models we have today another one
20:15of those pretty remarkable things you've
20:16been able to accomplish is getting
20:18people to trust I mean they secure you
20:21so much about brand and Trust right the
20:24open standards I think is critical
20:25because then you're not hiding anything
20:27the future of security can have this big
20:30black box hidden security do you know
20:33what just trust us we are strong we know
20:35it we actually shared this is how it
20:38works take it or leave it I'm gonna ask
20:39the flip of that question then so what
20:41are the challenges to people getting on
20:44I mean besides some of the obvious
20:45things we talked about like they still
20:46use a smart card world or they you know
20:48they're still stuck on passwords are
20:50there like other big things that are
20:52difficult or things that you have to
20:53overcome to get people to more broadly I
20:55can answer part of that which is some
20:58companies are much more interested in
20:59their image than their customers
21:02security and as a result for them to
21:06adopt a solution that they didn't create
21:08as an acknowledgement that they can't
21:11provide the security solution themselves
21:13and I think like for me like the
21:14crowning example of this has been Apple
21:16any number of security vendors will tell
21:18you like when we try and you provide a
21:19solution on some of Apple they don't
21:20want to admit that they're insecure
21:22which is a shame because I mean there
21:24was a big announcement of zero day
21:26vulnerabilities in iOS so every company
21:28has insecurity I'm having a real
21:30security ecosystem around it makes a
21:33solution better what are the reasons
21:34that you because won the hearts and
21:35minds and has been this kind of organic
21:38you know Bottoms Up phenomenon is
21:42contributions of open source and so well
21:45that was a business plan that was set
21:57okay this was a year after we had
22:01started you become basically no investor
22:03had a Swedish angel investor I had no
22:05customers I had very little money on the
22:08it was another security company who
22:09invited me to a conference here in u.s.
22:11at their RSA Conference they wanted to
22:14license our technology they wanted to
22:16show our technology at this conference
22:18but they changed their mind just the day
22:21before we arrived and there I was you
22:24know I had a handful of UB keys with me
22:27I had a business card but I basically
22:29had no press release or no story to tell
22:32and it came to me but here I am at this
22:36big conference and there's probably a
22:37hundred journalists they're probably in
22:39the press room so I like where is the
22:41press room I walked up on an escalator
22:43and there I've spotted my first
22:45journalist his name was Steve Gibson and
22:47I was at here so you became I believe
22:49this is the key I can login to the cross
22:51the Internet I just started this company
22:53this is how it works and he took the kid
22:56took my business card
22:57and two weeks later this podcast went
23:00out where it said it was a really
23:02bizarre thing I was at this conference
23:04and the last day of the show I met this
23:07woman on the escalator and she kept me a
23:09and he was a coolest new product on the
23:11show crazy weird little black object to
23:18stick into vodka and he had hundred
23:22thousand listeners and then he added
23:25something that got me really confused
23:26and said and by the way it's all open
23:29source and I hadn't made it open source
23:32I had told him that we're working to
23:35figure it out to be very honest this was
23:37in the early days I didn't have any
23:38marketing department it was probably a
23:40flaky and not so well written so he made
23:42his own interpretation and I had to make
23:45a decision really quickly
23:46because on my email I now had hundred
23:49people who was listening to his podcast
23:51yeah sort of oh where can i download the
23:53open source software where can I build
23:55things and I talked to Jacob and the
23:58little group around I was you be clear
24:00time and said we have a decision we need
24:03to make we can make it open source or
24:05we'll have to go back and correct this
24:07podcast that has gone out 200,000 people
24:10I thought I put this for some time I
24:13said let you know what I actually think
24:15this is a really good business plan we
24:17started with a lot of internet security
24:20open source geeks around the world they
24:22were first they're the first adopters
24:24for all the good stuff yes and that's
24:32how we got it cool all startups will
24:34sooner or later face challenges well
24:37some of your challenges will turn out to
24:39be your biggest blessings if you're
24:41there to seize the opportunity I love
24:44that story so in addition to product
24:47you've clearly found founder market fit
24:48I am so passionate about this I really
24:53really love my work and then the other
24:55thing that is quite amazing I get help
24:58there is a saying that if you're bold
25:00and kind mighty forces will come to your
25:03help you know once I got the opportunity
25:05to meet President Obama I was invited to
25:07be here at the Securities conference at
25:09Stanford I was in a panel in the
25:12afternoon talking about this standards I
25:14got a message on my phone says the
25:16president wants to meet you I got three
25:18minutes to pitch and I was thinking what
25:20does he care so I went in and said we're
25:22working on new open identity standards
25:24that will help to protect 300 million
25:26Americans from being hacked and he
25:28smiled his beautiful big smile and he
25:32responded I know that's why you're here
25:34and then a few weeks later I was invited
25:37to the White House to meet with his
25:39security advisers and I completely
25:41bombed that you need to go through an ID
25:43verification process to get into the
25:45White House so two hours before the
25:47meeting I got a message saying you can't
25:49come in but by the way we can meet you
25:52outside at the local Starbucks when I
25:55was picturing myself in this Starbucks I
25:57like this is almost like a feel-good
25:59movie you know all these crazy fantastic
26:02unexpected things happen to be an
26:05entrepreneur you sort of need to have a
26:08extra battery of confidence because
26:11you're always challenged someone even
26:13argued delusion in a good way yes I do
26:15think I have a slightly warped
26:17self-confidence it came through my
26:19father I was born here in US by Swedish
26:23family moved back to Sweden and my
26:25father often presented me in front of
26:28friends of the family as here is my
26:31daughter's Tina she's the only one in
26:34the family who can be the president of
26:35United States it's actually been funnier
26:37because you actually met the present
26:38United States but being the president
26:40was one of my many options there was a
26:42little girl I come up in the highest
26:44tree possible and my parents were never
26:46afraid I would fall they said how is the
26:50view up there steena that gave me the
26:52self-confidence to take risks when I
26:55started the company it was not easy for
26:57me to raise money because this was not
26:58secured so I had to focus on getting
27:02customers and I had to focus on being
27:04profitable and I think this is a really
27:07good advice for any entrepreneur once
27:09you have really great customers and you
27:11have a profitable business the right
27:13investor will find you what Ben always
27:15says is this line that you control your
27:17own destiny you're in charge of deciding
27:19who belongs in your company and when you
27:21actually don't need investors that's
27:23when they will come to you but everyone
27:25said no to me but when I landed here
27:27because we were improving but I
27:29continued and eventually I got
27:30introduced to Ram sharam who sits in the
27:33more difficult goal and she had this
27:34Silicon Valley mindset after 40 minutes
27:36he said how can I help
27:37is there a cultural difference between
27:38working with the u.s. and Sweden do you
27:41have to like be Silicon Valley people or
27:43do you have to Silicon Valley your eyes
27:44people in Sweden you have an R&D team in
27:46Sweden stuff in Sweden there is more
27:49flat hierarchy every time I come to
27:51Sweden and meet the engineers we have 30
27:54engineers in Sweden right now they are
27:57very open and frank to me they always
28:01question me they talk to you like a
28:02teammate not another box there is a
28:04slightly hard hard key here yeah I think
28:07people often pretend like there is no
28:09hierarchy and I think that's actually
28:10very disingenuous there's clearly a
28:13let's just admit that so I don't think
28:16there is any country in the world that
28:17has the higher sort of if you go out and
28:21measure where you're allowed to question
28:23your boss as Sweden so you have to sort
28:26of build Authority and Trust from sort
28:30of going from the bottom you can't just
28:33go and like you do this because you have
28:35to build authority from the bottom that
28:37to earn it it's not bestowed you have to
28:39work for every scrap of your credibility
28:41with your team and the people you're
28:42working with yes and that's also why
28:45Swedes are some of the best software
28:48developers on the planet because they
28:50have the ability to work together but
28:52also question each other and they would
28:55not take a crappy direction from a boss
28:57and just go and do it they will actually
28:59said you know I don't think this is a
29:00good idea I think we should do this
29:02instead and so there is a interesting
29:05mix of Dearing to speak out and also
29:08collaboration it's this sort of social
29:10democratic country where we're all sort
29:12of trained to work to you by the way
29:13what you just described is not just
29:15Sweden but if you read any of the books
29:17and if experience like a place like the
29:19Bell Labs or any famous R&D centre
29:21that's the secret formula of how they
29:24interact this collaborative environment
29:26in the combination of very healthy
29:27disagreement it is a healthy
29:29disagreement what Silicon Valley brings
29:31is sort of this bold you know everything
29:34is possible let's go and do it and also
29:36being brave and strong about how to
29:40position yourself sweet sometimes little
29:42too cautious about sort of positioning
29:44so I think having part of the team in
29:47Sweden and part of the team in Silicon
29:48Valley I have the best of two worlds I
29:50have to ask though what about when it
29:52doesn't work and that's a big part of
29:53building a start-up or any company is
29:55you also have a lot of friction and
29:56things that don't work I've noticed that
29:59when it doesn't work is when there's a
30:01lack of communication in some way so all
30:04the mistakes I have done I think I can
30:07point them to me or someone else not
30:10communicating clearly there's a saying
30:13that the biggest mistake in
30:16communication is the assumption that it
30:17has happened it's so easy to believe
30:20that because you have figured it all out
30:22and you know it in your head that other
30:25people will understand it too what's
30:27obvious to you may not at all be obvious
30:29to others so as an entrepreneur to learn
30:33to communicate clearly especially when
30:35there is an issue to your team to your
30:38family to your investors to your
30:41partner's to your customers if you learn
30:44those skills and refine them it's going
30:46to be so much easier one last question
30:47for you we do not talk about
30:50I mean the realities if you look at it
30:52it's not a fantastic design but it's a
30:55lot of thinking how do you make it flat
30:57waterproof crush save you can fit in
31:00into an envelope so you don't have to
31:02ship it with anything more than a
31:04standard letter all right how can you
31:06produce this at the lowest cost possible
31:08with only robots if you want something
31:11that is really mass scale and small and
31:14affordable you have to it's a lot of it
31:18wasn't easy to come up with the design
31:19it looks super easy but there's a lot of
31:21thinking behind it I do want to make you
31:22point out how unusual this is security
31:24has typically been something that you
31:25sell to the enterprise right and maybe
31:27antivirus and PCs or something like that
31:29but certainly security Hardware they
31:32didn't really think about usability the
31:34way that they proliferated was through
31:35direct sales you'd have a sales team
31:36they'd sell it and now design is really
31:39important because you're attracting the
31:40users to these kind of great products
31:42it's actually very different security
31:43has always been this kind of like nerdy
31:45back office thing and they really turned
31:46this into this like very consumer design
31:48exercise I wanted these keys to work
31:51everywhere yeah to be everywhere and to
31:54solve a global universal problem the
31:57name origins from the word ubiquitous
31:59well you know the phrase ubiquitous in
32:02the context of ubiquitous computing came
32:04from Mark Weiser who wrote a seminal
32:05paper about it and I think it was a
32:07early 90s late 80s safer in his early
32:1090s and he had a lot of interesting
32:12ideas but some of them included this
32:14notion that computing should be so
32:17ubiquitous and everywhere that if you
32:19left a conference room and you left your
32:20pencil behind you don't feel like oh man
32:23I left my pencil behind now it's
32:25actually kind of interesting because the
32:26way it came about was through mobile
32:27phones where if we left it behind we're
32:29actually more attached to them but the
32:30concept of it being pervasive and
32:32everywhere was a very much a strong idea
32:35he actually said that the most powerful
32:37technologies are those that disappear
32:38yes so computing is now ubiquitous and
32:42security also have to be a big it is and
32:45sort of disappear too I'll tell what I
32:47want I want a harbor root of trust on
32:48any computing device that I have heck
32:50man I actually rely on my own like you
32:51know I said I rely on my driver's
32:53license I rely on my credit cards and
32:55etc so we will put Yubikey functionality
32:58into credit cards and it's basically
33:00because it's a small chip it's based
33:02because you're in this
33:03four on the trip it's not big you know
33:05that can be integrated into a lot of
33:06different things we will see it in the
33:08future it was more than ten years ago
33:10since we launched this first product and
33:12those are the cumference not long ago or
33:15in a guy came up to me said huh I'm
33:17reading about you because I just learned
33:20about your company and now I'm reading
33:22what an overnight success and I I smiled
33:26and thanked him and said yes after 10
33:29years we are an overnight success well
33:32thank you for joining 6nz podcast thank