Vulnerability management, Careers, Leadership

Twitterpocalypse 2022, Wiz, Awesome Free Tools, & News Catch Up – ESW #286

In the Enterprise Security News: We discuss Twitterpocalypse 2022! The Biggest Winner? Security startup Wiz reaches $100M ARR in 18 months??? Tons of funding we probably won’t get to, sorry in advance, we’ve got 2 weeks of news to catch up on! Awesome free tools, free training and DIY tips! Third party attacks and supply chain attacks continue to ramp up, John Deere’s security deficiencies get exposed again, Cyber insurers reduce coverage… again, ESPN8 the Ocho, explained, and more, on this episode of Enterprise Security Weekly!

Full episode and show notes

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
  1. 1. UNICORNING: Cloud security startup Wiz reaches $100M ARR in 18 months – TechCrunch - Unicorns gone wild - do we really think Wiz has hit $100M in 18 months??? Let's dive in. The Timeline: the company was founded in Jan 2020, so it wasn't zero lines of code to 100M in 18 months - they've existed for 32 months now, so it's likely the first line of code was written LONG before they started generating revenue (which is where the clock begins for the 18 month figure) Their Past: These same founders built, grew and sold Adallom to Microsoft for $320M in ~3 years on $49.5M of funding. That was long before funding rounds and valuations went crazy. Public indicators: They're private, so they could say anything, but I've generally found the amount of funding and employee count on LinkedIn to be decent indicators of growth and size. I can't recall a case where I saw these factors off by an order of magnitude or anything like that in the ~10 years I've been using them to estimate size and growth. They raised $600M in 22 months. That's bonkers and would certainly enable them to pull off some crazy growth (as much as money alone can, I guess?!?) They've got ~500 employees on LinkedIn and nearly doubled their employees in the last 6 months. I don't even know how you do that, but when you do the revenue per employee math, it comes out a bit low, if anything, based on what I'm used to seeing for security startups ($200k per employee) In conclusion, I wouldn't be surprised to hear that this $100M took some creative work and squinting to produce, but hell - they've got experience building and growing fast and the rest of the numbers are equally crazy but back up the claim, so maybe they really are at $100M? ¯_(ツ)_/¯ If we knew net new ARR and burn, we could REALLY form an opinion though. Is this a PR stunt? Absolutely - why else share private revenue numbers? There are some interesting startup growth metrics out there, and one we can calculate with the info they've given us is Dave Kellogg's Hype Factor Capital Raised / ARR = Hype Factor $600M / $100M = 6 Kellogg suggests the following scale: A hype factor of 1-2 is target A hype factor of 2-3 is good, particularly well before an IPO A hype factor of 3-5 is not good, too much hype and too little ARR A hype factor of 5+ suggests there is very little “there there” at all. Dave’s take is that some hype can be good, as it creates a halo effect that can help increase ARR (e.g. ”they’ve raised a ton of capital, must be worth checking out!”) But too much (5+) might be a negative indicator
  2. 2. FUNDING: ICS Cybersecurity Leader TXOne Networks Raises $70 Million in Series B Funding
  3. 3. FUNDING: ThreatX Raises $30 Million in Series B Funding to Accelerate Growth in Global API Protection Market
  4. 4. FUNDING: ThreatX Raises $30M to Build Out API Capabilities, Hire
  5. 5. FUNDING: Wire grabs $24M for secure messaging that’s big with the G7 – TechCrunch
  6. 6. FUNDING: Spin Technology raises $16M to protect SaaS apps against attacks – TechCrunch
  7. 7. FUNDING: SynSaber Raises $13M in Series A Funding – FinSMEs
  8. 8. FUNDING: Safe-T Group Secures Up to $4 Million in Strategic, Non-Dilutive Funding to Boost Consumer Privacy Business
  9. 9. FUNDING: Defendify Raises $3.35 Million to Expand its Comprehensive Cybersecurity Solution and Accelerate Growth
  10. 10. FUNDING: EasyDMARC Closes $2.3 Million in Seed Round
  11. 11. FUNDING: Brookstreet Announces Its Investment in CyberOwl (Maritime Cybersecurity Specialist) — Brookstreet Equity Partners LLP
  12. 12. CRYPTO: US Treasury Sanctions Tornado Cash
  13. 13. FREE TRAINING: The Technical Building Blocks of Zero Trust - Hands on training that demystifies Zero Trust? Yes please!
  14. 14. FREE TOOLS: BlueHound: Community Driven Resilience. – Zero Networks - Free attack mapping tool, very cool!
  15. 15. FREE TOOLS: Introducing Threatest, A Go Framework For End-to-end Testing Of Threat Detection Rules
  16. 16. NEW TOOLS: Seraphic, another browser security startup - https://seraphicsecurity.com/seraphic-data-sheet/
  17. 17. NEW TOOLS: Nightfall AI - DLP 2.0
  18. 18. THIRD PARTY ATTACKS: Mailchimp compromise used to target crypto exchanges through DigitalOcean - Hard to attack your target directly? Go after their third parties!
  19. 19. THIRD PARTY ATTACKS: Twilio compromise allows attackers to go after Signal users - Hard to attack your target directly? Go after their third parties!
  20. 20. STUNT HACKING: Sick Codes’ John Deere research presented at DEF CON - From the desk of Cory Doctorow "This weekend, I watched a hacker jailbreak a John Deere tractor live on stage"
  21. 21. HOT TAKES: How a Former Sequoia Capital Partner Cornered the Israeli Security Startup Market - Reads a lot like a puff piece to me - one tiny exit does not translate into "cornering the market", even a niche one.
  22. 22. REGULATIONS: slightly unrealistic DOD spending bill - From Jerry Gamblin on Twitter: "The House passed a defense spending bill saying you can't sell software to the DoD that has *any* known CVEs in it."
  23. 23. LEGAL: SEC Charges Three Chicago-Area Residents with Insider Trading Around Equifax Data Breach Announcement
  24. 24. SUPPLY CHAIN: Snyk finds 12 malicious Python libraries in PyPi - Catalin Cimpanu on Twitter: "Snyk finds 12 Python libraries that steal Discord and Roblox credentials and payment info"
  25. 25. DIY TIPS: Introducing Google Workspace DLP: How Compass scales security data leak prevention automation - Roll your own DLP for GDrive/Google Workspace!
  26. 26. DIY TIPS: How to detect suspicious activity in your AWS account by using private decoy resources - DIY AWS honeypots and decoys!
  27. 27. TWITTERPOCALYPSE 2022: Former security chief claims Twitter buried ‘egregious deficiencies’
  28. 28. TWITTERPOCALYPSE 2022: Twitter whistleblower won hacker acclaim for exposing software flaws
  29. 29. TWITTERPOCALYPSE 2022: Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies
  30. 30. TWITTERPOCALYPSE 2022: Twitter engineer still has commit rights 18 months after being laid off - Al Sutton on Twitter: "If you are wondering if the stuff about Twitter security being lapse is just one person complaining, you might be interested to know that, 18 months after being let go from the company, I've not been removed from their employees GitHub commiters group."
  31. 31. TWITTERPOCALYPSE 2022: Endpoint Security: Intuition around the Mudge Disclosures
  32. 32. TRENDS: Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage - What about collateral damage from state-sponsored attacks, like NotPetya?
  33. 33. SQUIRREL: Anonymous poop gifting site hacked, customers exposed
  34. 34. SQUIRREL: Janet Jackson had the power to crash laptop computers
  35. 35. SQUIRREL: Excel esports on ESPN show world the pain of format errors
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Shields
Tyler Shields
CMO at JupiterOne
prestitial ad