Why do security startups fail? All startups are an inherently risky proposition, but what are the specific challenges for startups in our industry?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Mike Levin, deputy CISO, 3M.
Got feedback? Join the conversation on LinkedIn.
Huge thanks to our sponsor, Reveal Security
Full Transcript
Intro
0:00.000
[David Spark] Launching any type of technology startup is an inherently risky endeavor. But what’s unique about cybersecurity startups? What are their specific challenges? And why do security startups fail?
[Voiceover] You’re listening to Defense in Depth.
[David Spark] Welcome to Defense in Depth. My name is David Spark. I’m the producer of the CISO Series. And joining me for this wonderful episode of Defense in Depth, you’ve always enjoyed his beautiful tones on the microphone, it’s Geoff Belknap. He’s also the CISO over at LinkedIn.
Geoff, say hello to the audience.
[Geoff Belknap] Hello, audience. These are my dulcet tones that you have always enjoyed, which is news to me, but I appreciate you just the same.
[David Spark] They do enjoy it. We actually get lots and lots of compliments about the show. In fact, today, someone said CISO Series, and they were mentioning the whole, all our shows all together, “It’s my favorite podcast.”
[Geoff Belknap] Wow.
[David Spark] I love hearing that.
[Geoff Belknap] I love you too. Whoever wrote that, I love you personally and individually as the same as one of my children.
[David Spark] How [Laughter] do your children feel about that?
[Geoff Belknap] Just in case you thought the podcast couldn’t love you back. And I think my children are fine with it. They understand.
[David Spark] By the way, are you going to be paying their college tuition? Our fans who love you just as much as you love your children?
[Geoff Belknap] Oh, you’re breaking up. I think I’m going through a tunnel. Maybe I’ll call you back later.
[David Spark] [Laughter] By the way, for those of you not aware, we’re also available at CISOseries.com. You can just go there and find all our wonderful programming that you can also have as your favorite podcast ever. Our sponsor for today’s episode is RevealSecurity.
Detect and stop identity attacks in your enterprise applications. Yeah, someone has legitimate credentials, but they’re not legitimate. What the heck are they doing in your SaaS apps? That’s what RevealSecurity does. More about that later in the show.
But first, let us talk about today’s episode. Building features in search of a product, unreasonable expectations of customer adoption, and trying to be yet another single pane of glass are just 3 of the 12 reasons Ross Haleliuk of LimaCharlie outlined as to why cybersecurity startups fail.
Now, some of these are general startup failures, but others, like the yet another single pane of glass, are actually quite unique to the cyberspace. So, in this post that Ross wrote, he asked the community if they could think of more reasons for cyber startup failures beyond his list of 12, and, well, the cyber community did respond with a greater list.
So, we’ll be going through many of them. But Geoff, I want to know from your viewpoint, what do you think is the most common reason you’ve seen a cyber startup not succeed?
[Geoff Belknap] Well, I feel like if you could ask any group of people for a list of failures, cybersecurity people know how things fail very well. I think in this case, the most common thing I see that causes a cybersecurity startup to fail is just running it like it’s a cybersecurity program and not like it’s a business, and I think we have a lot of advice that came in through this article where we’re going to get into this specifically.
[David Spark] And let me qualify, and actually, I don’t know if our guest has actually done one, but I know that I’ve never started a cybersecurity startup. You’ve worked at startups, yes, Geoff?
[Geoff Belknap] I have. My very first startup was a cybersecurity startup.
[David Spark] Okay, so we do have some experience in being in the startup world, but the person who’s going to join us has great wisdom on this topic and he’s very eager to talk about this, and I’m very excited about it as well because I loved Ross’s article.
I mean, it was great, and the feedback was phenomenal. So, please welcome – our audience – please welcome the deputy CISO for 3M, Mike Levin. Mike, thank you so much for joining us.
[Mike Levin] Thank you for having me. I’m very excited to be here, very eager to talk about this. I have previous experience as well with startups, but it’s 25-plus years ago and they were not in cybersecurity, but I have opinions on this as well.
[David Spark] That’s all we need.
[Geoff Belknap] All we want is opinions.
[David Spark] Is opinions.
[Mike Levin] Opinions, all you need is just opinions, opinions. Yes, I have plenty of opinions.
[Geoff Belknap] Facts just get in the way, I find.
What are they doing wrong?
4:01.554
[David Spark] John J. Masserini of SentiCon Security said, “Too many times the ‘cool tech’ is an operational disaster. Your solution better make my team’s daily life easier, not harder.” Oh, we’ve seen that. In fact, I had a friend who had a podcast all about “Is technology making my life easier or harder?” So, I love this topic in general.
Neal Hartsell of Gradient Cyber said, “Not understanding the concept of a pain point. There is often so much focus early on in ‘getting the product/technology to work’ that a rigorous analysis of the actual customer pain is pushed out far too late.” And Steve Zalewski, who you know also co-hosts this show, said, “Too many founders are married to the technology they are building when they should be married to solving a business problem.
The days of building cool technology and having the customer figure out the business value proposition are over.” So, pretty much all these comments are, they’re in love with the tech, not paying attention to the customer or the real business deed or pain point.
This is a classic problem. Yes, Geoff?
[Geoff Belknap] Classic problem. And I think important to point out before we get started, if you are a founder of a cybersecurity startup or especially a sponsor of this show, nothing that David, Mike, or I are about to say is about you. This is about everyone else.
[David Spark] Yes. [Laughter]
[Geoff Belknap] But I think the most important thing that we’ve dug into here is…
[David Spark] We, by the way, we vet all our sponsors to be geniuses and all our vendors who are listeners to be very smart and not making mistakes. Continue, Geoff.
[Geoff Belknap] I’ll just preface this by saying my appearance here reflects no endorsement one way or another of any of the vendors here, but I’m sure they are all wonderful and perfect. That being said, I think one of the easiest traps to fall into, especially if you are starting in the cybersecurity domain, is finding a really cool solution to a problem that you have, whether it be in the government or in a large business or just something that you built, and that thing being wildly successful in the organization that you built it for and thinking that that immediately translates to commercial success.
If you take that thing into the market or if you take some open-source project that you made into the market, that you are now going to be a bazillionaire. And I think the reality is you can be a very, very talented security engineer or architect or innovator, and that does not always translate to commercial success because that solution might not be general purpose enough.
It might not be something you can market.
[David Spark] But though, Geoff, I will argue what you just described is how many startups begin. I was at a company; I saw this problem. We dealt with it there. I left the company to start it as a business. I mean, I’ve heard that startup story many, many times, and they turned out to be successful, many of them.
[Geoff Belknap] Well, I want to be clear. This is not a guaranteed failure. The important thing that I want to tease out here is because something worked well, and you built something really good does not automatically mean it’s going to be a commercial success.
There is a lot of work that you as a security professional have probably never done before to make that a successful business versus a successful solution. I bet our guest has something to say about that as well.
[Mike Levin] I do. So, yes, I’m sure there’s the challenges of starting and rolling a new business from a security professional, which is generally something that they don’t understand. They understand how to navigate their organization, they understand technical problems.
They don’t have the business acumen or the sales capabilities. But from my perspective, what I’ve seen on the buying side, many of these solutions and many of the startups, 5,000-plus startups that NightDragon has on that wonderful graph of all the new InfoSec startups, they’re usually really, really clever solutions to problems that people aren’t having.
They’re a niche problem that exists in only a couple organizations and it doesn’t translate out. They don’t actually find proper product market fit. They never actually extrapolate it out to become bigger than it is. And they never get past that initial A-seed round of funding and then basically they’ll either get…they’ll collapse, or they’ll get bought by somebody else.
A lot of the times, these startups are features and not actual full platforms. And you’re seeing this in the large consolidation that’s happening in information security. That’s why like Palo and Microsoft and Cisco are getting so large just because all these things are basically being rolled up under these giant behemoth organizations more and more and more.
So, if their long-term strategy is to exit and get purchased by one of them – mazel tov, good for them – but generally, as a rule, if they think that they’re going to be the next CrowdStrike or the next something new that’s going to become instrumental for most organizations’ operations, that’s very, very unlikely because the timing has to be amazingly perfect, and the solution has to be amazingly obvious, and they have to know who they’re actually targeting – the buying executives – and a lot of times they don’t focus on that.
They focus on just the technical problem and then they’re beautiful, elegant technical solutions that nobody wants.
Where does this effort fall flat?
9:09.582
[David Spark] Dan Didier of GreyCastle Security said, “Not understanding their market, how to talk and listen to the market, and what has changed in the market since they started or last looked. An annual strategy planning session just won’t cut it. You need to be nimble, flexible, and plugged in where the market is today and where it’s going.” Jason Keirstead of Cyware said, “Not understanding what their actual differentiating value is – assuming there even is one, which sometimes there isn’t.
It is surprising how many companies do not understand what value they are bringing. They think they are selling X when what their customers are actually buying is Y.” And I will say, yeah, both of these so ring true, Mike. I have seen both of these, sorry, this just not being clued into the market and really just good old-fashioned interviewing.
Asking questions can often get you the answers here.
[Mike Levin] What I have seen in the space is a lot of these startups come from tip of the sphere, mature organizations, West Coast, internet-native, San Francisco-based companies. That is not most industry and that is not most information security shops.
There is absolutely a poverty line beneath which most organizations live. So, if you’re a 10-year-old company and you’re cloud native, great, fantastic. These solutions will be great for you, you can fix your problems, but everybody else is still operating with the CIS 18 basic items and they’re not even through that basic list of 18.
Those solutions are still not fixed. So, not focusing on that, not listening to your customers, not solving the problems that the majority have, instead of focusing on that 1% above the poverty line, that’s the part that’s harder.
[David Spark] Yeah, there’s a couple things. The classic line if the automobile wouldn’t have been, people said they wanted to go faster, they said, “Oh, I just want faster horses.” Rather, they want the automobile, that classic line. Sometimes just you can ask people questions and they don’t know, they don’t have that vision to know what it is they want.
So, how do you sort of play that game, Geoff, of you got to ask questions, but also realize that the customer isn’t always right?
[Geoff Belknap] The customer is not always right, but the customer really will help you understand what you’re making and what the value is to them. I learned this, I remember this to this day, learned this from of all people, B.J. Novak of The Office fame.
I’m sure he’s famous for something else too.
[David Spark] He’s actually written some children’s books, one called The Book With No Pictures, which my kids loved.
[Geoff Belknap] But one of the things he does is he’s got some startups on the side, production companies I think also count here, but I heard him speak once and he was talking about his experience building an app or something like that. But what he said that I think is really important that I’ve passed on to a lot of startups that I advise, which is as a comedian, you learn the audience decides what’s funny about the joke, or the audience decides what you’re really doing and how you should think about it.
You don’t get to choose.
And I think he applied it to a startup and to a business as well. You can have these great ideas. You can have this great solution that you’ve built that worked wonderfully, or maybe it killed when you talked to engineers or in the writer’s room, whatever it was.
But when you bring it to market, the market will tell you what it is and what they need and what they value of that. And if you don’t listen, you are going to fail. If you say, “The market is wrong, this is how people should think about it.” You are Beta to VHS.
You might have a much-improved product, you might have a better product on the merits, but if the market doesn’t want it, if it doesn’t fit into what the market wants, and you ignore that, you are going to fail. And I think this is where truly successful companies get built, whether they be about cybersecurity or just in general, is they listen to the market and they adapt.
[David Spark] Yeah, I’m going to take advantage of your stand-up comedy analogy, being that I did stand-up for quite some time. And I’ll tell you, just throwing it back in the other direction, and I want to get your quick take on this, Mike, is comedians talk about audiences the way audiences talk about comedians.
I like, I don’t like that comedian. Comedians go, I like, I didn’t like that audience. Now, there can be a variety of reasons, though. The audience could have been wonderful, you just stunk as a performer. Or believe it or not, audiences can stink. They can.
And sometimes your market doesn’t know what it wants, can’t appreciate what they’re getting, and you really have to sell it. Now, that’s where it comes. Certain comedians know, no matter what audience I get, “I normally perform for this kind of a crowd.
But now I have this crowd. I have to adjust and adapt for that crowd.” Are enough entrepreneurs adapting for their audiences, Mike?
[Mike Levin] No, many of them are early adopters. They don’t realize the zeitgeist. They focus on the things that are coming, once again, not realizing that those aren’t the problems that get funded. Those are tomorrow problems, and most organizations are focused on today problems, which in reality are actually yesterday problems that still haven’t been solved.
They don’t focus enough on reporting and showing value in a simplified manner where folks can, outside of cybersecurity, that fund these things can actually understand that I bought this and this risk went down X, Y, Z.
So, instead, they’ll be abstract concepts around like AD enumeration rights or concepts around access to specific files, things like that. The CFO will not understand that, the CEO is not going to be interested enough in that, the CISO has to translate that.
But a lot of the times, unless they can actually show that material benefit, it doesn’t matter how great this wonderful, new, cutting-edge solution is. That’s not a problem that’s materialized in this organization. The problem that they see is things that’s in the news, the things that basically disrupt services, and things that basically impact them and worry them.
And they’re just not focusing enough on this. They’re not focusing enough on their actual customers’ needs. And if better was enough to sell, Betamax would have won the war, we’d all be on iPhones, there’d be no Android, Windows would have been long gone.
But it doesn’t work that way. It’s all the market basically responding to what was needed at the time. The world is full of inelegant solutions that aren’t as good that win market share, and cybersecurity is no different.
Sponsor – RevealSecurity
15:38.637
[David Spark] Before I go on any further, I do want to tell you about our absolutely awesome sponsor. That’s RevealSecurity. RevealSecurity detects identity threats in and across your SaaS applications and cloud services. So, in the case where an attacker leverages stolen credentials, bypasses your preventative identity controls like MFA or PAM, and it enters your SaaS apps or cloud services environment, would you be able to detect and stop them?
It ain’t easy. We all know that. Do you know what your employees or admins are doing inside your SaaS apps and cloud services after the point of login? Because not all of them are the employees and admins you hired, sadly. So, chances are you don’t, and therein lies the risk.
So, RevealSecurity uses a patented, unsupervised machine learning algorithm to continuously monitor and validate the behavior of human and machine identities to quickly and accurately alert on suspicious activity. That’s what they do. You want to check them out.
So, just go to their website. It’s Reveal.Security. Check them out.
Does it play nicely with others?
16:55.075
[David Spark] Jared Ballou of DirectDefense said, “Thinking your solution is the end-all, be-all, single source of truth and forgetting that organizations have invested millions in other products that are necessary for the success of other lines of business at said company.
Working together and cohesively with other solutions that allows customers to send, digest, and receive data from your product is vital to the success of a product vendor’s future. The product security ecosystem is massive, and helping your customers continue to produce value in other solutions they already have invested in isn’t just a good idea, it’s necessary.” That one, I would say, is the one most of them miss, Geoff, and I think the perfect example is that when they sell the single pane of glass, they go, “Oh, forget everything else you have.
Here’s all you need to look at.” How often have you seen this, Geoff?
[Geoff Belknap] More often than I’d like. And look, if you truly can build a single product that will replace one or more than one products in my ecosystem, hands down, it’s just a no-brainer, by all means. Go bring that product to market. We are all waiting for it.
But here’s the reality. You are not building a product that is going to replace one or especially more than one product that I already have. You are building a product or a solution that is going to fit in and coexist with all of those other products.
And if you come at me from a perspective of your product is an N of 1 product and it does not talk to, integrate with, or look or feel like any of the other products that I have in my environment, your product’s not going to go into my environment. It is really valuable for me that all of my products work together, that they all fit seamlessly into my workflows, my people can understand them, how they all drive an outcome is very similar.
That is really important. And unless you have a completely paradigm-shifting product, it is going to be a problem for your success if you miss this important point.
[David Spark] Mike, I’m sure you’ve run into this many times and I’ve seen this like, “Oh, this is great. I can’t export from this. I can’t use it.”
[Mike Levin] Yeah, I refer to this as a silver bullet solution, like this one thing will solve all your problems. And the only thing silver bullets solve is werewolves, which generally aren’t that much of a problem in cybersecurity. To Geoff’s point, generally, you have to basically integrate your technology into your larger portfolio.
It has to play nice. It has to work with everything. Because if it doesn’t, it then raises the question that then you have to basically answer, “Wait, we invested in ABC in the past. Are you telling me that was a mistake, and now I need this new shiny thing?
Why didn’t we invest in this previously? Why wasn’t this problem not previously brought up?” Which creates a whole bunch of uncomfortable discussions with leadership that you generally don’t want to have.
So, you have to continue with previous strategy directions and your new tooling has to complement them and make them operate better, not supplant or replace them. It has to fit into the existing ecosystem. It can’t [Inaudible 00:20:11] an invasive species that destroys the ecosystem.
That’s just not a viable product. You can’t sell that. You can’t come in and basically take over all my other tooling. Maybe over time as the portfolio grows, but you’re not going to end up with best of breed. You’re going to end up with this piecemeal solution, and it’s going to make your analysts and your security folks very, very unhappy.
And then you end up with a whole bunch of stitched-together workarounds and that lowers your efficiency as well, which then increases other costs later. So, to answer your question, yes, somebody will always sell you this wonderful new pane of glass that’ll fix everything, but it’s not, unless you’re starting from scratch, unless you’re a brand-new company.
And if you’re a brand-new company, cybersecurity might not be your highest priority.
Who’s losing out there?
20:53.648
[David Spark] Luigi Lenguito of BforeAI said, “One of the more complex challenges is the ‘not invented here’ syndrome. Some security teams love so much their homegrown scripts and automations it blinds them from the costs they incur in maintaining. So, they pass on a known cost startup product and continue drowning the organization in alert fatigue, hidden costs, and ultimate legacy security.” I am sure we’ve all been in love with our own products.
We think they’re the most wonderful thing in the world and not realize the other pains that it is creating. Have you seen this happen, Geoff?
[Geoff Belknap] I have absolutely seen it happen. I will say where I sit here in Silicon Valley, where we have a dearth of very talented engineers, there are just so many available here, frequently I get this from startups that I advise that it’s really hard to sell into Silicon Valley for this specific reason.
The large tech companies have access to gigantic pools of very talented engineers. We can build literally everything. But the other thing to keep in mind is we are not the entirety of the market of people buying cybersecurity products. In fact, we are one small percentage of it.
The same way you wouldn’t start by selling to the largest bank on Earth, you maybe shouldn’t start selling to the largest tech companies on Earth. You will run into this problem. But the reality is, yeah, your product might be really good. Or if you’re getting like, “We didn’t invent it here, we don’t want to get rid of our scripts,” what you might be hearing is that your product doesn’t solve enough of the problem that I have today, that it’s worth it to put this janky, duct-taped-together script down.
[David Spark] Can I qualify, though, just for a second? One of the stories we hear from CISOs all the time is we love working with startups because we know they’ll bend over backwards for us because they want an early win, and they will adapt their product for us.
So, that’s an option, isn’t it, Geoff?
[Geoff Belknap] It is, but that terrifies me. That feels like, I’ll grant though I’m sure there are real organizations where they just want to be a design partner, but if you are doing a deal with a startup because you are hoping they will completely change their product to adapt to your workflow, what you are really saying is I’m going to get free development hours out of that startup.
And I’m not a big fan of manipulating some very new organization into building something just the way that I work. I would rather see me investing in something that’s going to broadly solve a problem across the industry.
[David Spark] I never saw it from that viewpoint, but I don’t know. But that’s interesting, getting free development time, actually.
[Mike Levin] Well, it also means the product doesn’t have a vision. And basically, if they’re going to do that for you, they’re going to do that for their other big customers, and you’re going to end up with this piecemeal, janky solution that’s like trying to solve 10 problems.
[David Spark] Yes and no. I think you might be taking this to an extreme also. But there’s this desire to work with the startup. Because if you work with a huge company, you won’t get that sort of care – can you add this one feature? Because if you added this one feature, it would make things a lot easier for us.
I don’t think they’re asking to completely overhaul the product. It’s usually just tweaking the design to make things work. And also, they’re in a build-out phase. It’s a startup. There’s going to be multiple versions of this product. Mike?
[Mike Levin] I previously worked at a Fortune 5, and this happened all the time where the startups would bend over backwards and try and basically deliver a feature specifically for our requests. But they were just for us because they were unique to us, and that doesn’t really help the industry as a whole.
This, that solves my problem right now. But then it becomes a certain level of debt that you’re going to pick up. But instead of having the debt internally, now you have the debt within the startup. So, it’s a new problem.
[Geoff Belknap] It’s just transferring the risk.
[Mike Levin] Yeah, which yes, is a perfectly legitimate strategy from cybersecurity, but not for the startup. So, a lot of this comes back to sunk cost fallacy. That’s the role that’s basically happening here. Their operators are fighting to justify their previous time investments around basically the tooling that they built internally, the internal systems.
And basically, they don’t want to outsource the options. If the market has caught up to where they were like five years ago, not realizing that it’s not caught up to where they were, it’s actually surpassed them. So, if you get to the problem first, you have to come up with a solution first.
But your solution is not going to be the best solution because there’s a lot of other bright, clever people in the world that are looking at this problem holistically.
And this Fortune 5 that I previously worked at, this happened all the time. We would develop stuff in-house and it would work, and then the market would catch up and it would do something way better. But we were loath to let go because people were…they were so invested in this wonderful, elegant solution.
But the costs, the costs of maintaining it are just not worth it. And if you can shift those costs to a company that’s basically getting it from multiple locations, an external company, that’s a much better long-term strategy. Because then there’s faster updates, faster new features, faster capabilities.
You don’t have to maintain it yourself. It’s just a much better approach as a whole. You’re seeing this in the chasm space in particular. Like, that’s a space where everybody was piecemealing their asset inventories and asset intelligence together in the past, but now this entire new market basically is finally recognizing that you aggregate that data and maintain it for people better than they can.
[David Spark] Excellent.
Closing
26:13.198
[David Spark] And that’s a good point to end our conversation right here. Now, this brings us to my next question for you, Mike. And that is, which quote of all these wonderful quotes was your favorite and why? Let us know.
[Mike Levin] Jared Ballou’s insightful quote, “Thinking your solution is the end-all, be-all, single source of truth and forgetting that organizations have invested millions in other products that are necessary for their success.” That understanding that you’re part of an ecosystem, you are not your own separate ecosystem.
[David Spark] I would say, and I agree with you, I would say while all these quotes are great, that’s the one I think is missed the most. Geoff, your favorite quote and why?
[Geoff Belknap] Dan from GreyCastle Security probably had my best quote here, which is, “Not understanding their market or how to talk and especially listen to your market.” This is the really important point that I think a lot of people miss that fail.
If you are great at building something and then you take it to market and you don’t listen to what the market has to say about that, what they value, what else you could add to it, what maybe you think is really important that not everybody else values, you’re going to fail.
When you transition from building a solution for yourself to building solutions for other people, you have to listen to that feedback and incorporate it into what you’re building. Otherwise, you’re no longer building a company, you’re building a hobby.
And I think it’s okay to be an artist and certainly there’s a lot of great stuff out there, but you got to listen to your market.
[David Spark] Very good point. Well, that brings us to the very end of the show. I want to thank our sponsor for today’s episode, RevealSecurity. Remember – detect and stop identity attacks in your enterprise applications. That’s the SaaS stuff. When they have legitimate credentials, they get in, what the heck are they doing?
Find out with RevealSecurity. Check out their website, Reveal.Security. Mike, I’m going to let you have the very last word. Geoff, I know that you have a company called LinkedIn that if someone was looking for a job, they could go onto LinkedIn and there might be lists of jobs for which our listeners might be qualified and may be interested to apply for said job.
Am I right in that thinking?
[Geoff Belknap] There are jobs, there are products, there are services, there’s learning, there’s all kinds of great things you can do at a great website called LinkedIn.com.
[David Spark] Actually, one of our frequent guests, Mr. Jerich Beason has some LinkedIn learning on AI actually on LinkedIn. Mike, I believe that you are building out your cyber team and so you have positions available over at 3M. Is that true?
[Mike Levin] We do. Some of them are even posted on LinkedIn. So, I recommend you follow me, and I will connect you with the proper Workday URL and please apply. We are always looking for talented folks with a passion for cybersecurity. 3M is a huge global conglomerate with a lot of interesting challenges.
[David Spark] Yes, and you understand that there’s a marketplace out there and that you play along with others in the marketplace.
[Mike Levin] Yeah, we’re part of the larger organization, yes.
[Geoff Belknap] And remember, Mike is waiting for all of your pitches. Please email him directly. He buys, he’s in control of all the budget.
[Mike Levin] I get contacted by so many different startups looking for questions or like, “Hey, I’ve got this new, wonderful cyber potato. Will you please look at my cyber potato?”
[David Spark] Wait a second, hold up. I’ve never had a pitch of a cyber potato. That is a pitch I would like to hear.
[Geoff Belknap] I am interested, endorse. Yeah, please let me also know that.
[David Spark] I want to know how the cyber potato works. Do you like sit it on your windowsill and it starts sprouting? I don’t know.
[Mike Levin] Cyber potato is just my generic term for whatever, like their new solution to a problem that I don’t have is, and it’s like a hot potato. Basically, they’re trying to hand it off and they’re basically looking for feedback, to Geoff’s point, on why their product may or may not work.
But most times they don’t listen. They’re just trying to sell or get their foot in the door. And there’s a lot of interesting solutions to other people’s problems.
[David Spark] That are not in the potato.
[Geoff Belknap] Cyber potato, it slices, it dices, it Julienne fries.
[David Spark] No, no, the potato doesn’t do that. You would slice and dice.
[Geoff Belknap] Listen, if you listen to the marketplace, the potato would self-slice and self-dice.
[David Spark] [Laughter]
[Mike Levin] Self-slicing potato, the electric cyber potato.
[David Spark] It would be intelligent. It would be AI-enabled cyber potato.
[Geoff Belknap] That’s right.
[David Spark] All right. I think we’ve degenerated. We’ve given our audience lots of good ideas for new products. Why not go out and create one and credit us for it?
[Geoff Belknap] I don’t know about good ideas, but there were a lot of ideas.
[David Spark] [Laughter] Thank you, audience. We greatly appreciate your contributions. I loved Ross’s topic. This was a great discussion. We greatly appreciate your contributions and for listening to Defense in Depth.
[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cybersecurity. This show thrives on your contributions. Please write a review, leave a comment on LinkedIn or on our site CISOseries.com where you’ll also see plenty of ways to participate, including recording a question or a comment for the show.
If you’re interested in sponsoring the podcast, contact David Spark directly at [email protected]. Thank you for listening to Defense in Depth.