WEBVTT 1 00:00:00.210 --> 00:00:02.820 Anna Delaney: Hello, I'm Anna Delaney and welcome to the ISMG 2 00:00:02.820 --> 00:00:05.580 Editors' Panel, a weekly show, where I'm joined by three of my 3 00:00:05.580 --> 00:00:09.600 colleagues to discuss their take on the week's top stories. And 4 00:00:09.600 --> 00:00:12.240 with me this week are Tom Field, senior vice president of 5 00:00:12.240 --> 00:00:15.570 editorial; Marianne Kolbasuk McGee, executive editor of 6 00:00:15.600 --> 00:00:18.630 HealthcareInfoSecurity; and Michael Novinson, managing 7 00:00:18.630 --> 00:00:21.960 editor for ISMG business. Thank you very much for joining me. 8 00:00:22.530 --> 00:00:23.610 Tom Field: Thanks for having us back. 9 00:00:24.960 --> 00:00:30.360 Anna Delaney: So, Tom, beautiful skies again. Is that from Fourth 10 00:00:30.360 --> 00:00:30.960 of July? 11 00:00:32.730 --> 00:00:35.430 Tom Field: It's the fifth of July and it happened to be ... 12 00:00:35.760 --> 00:00:38.550 it would have been my grandfather's 111th birthday. 13 00:00:38.760 --> 00:00:42.420 And I was staying at the lake house that he built 60 years 14 00:00:42.420 --> 00:00:46.860 ago. And just thought it was a beautiful way to honor him. You 15 00:00:46.860 --> 00:00:49.920 know, I remember him, his name was Oliver C. And I remember 16 00:00:49.920 --> 00:00:53.520 him; he never went more than 50 miles away from where he lived 17 00:00:53.520 --> 00:00:57.210 his entire life, but had a huge influence on me. Anytime you 18 00:00:57.210 --> 00:01:00.210 hear me make a quick comment, that comes from him; anytime you 19 00:01:00.210 --> 00:01:02.460 hear me say something inappropriate, it comes from 20 00:01:02.460 --> 00:01:06.480 him. My mother always told me what she remembered about him 21 00:01:06.480 --> 00:01:10.770 was he said, "there is no such word as can't." But he never had 22 00:01:10.770 --> 00:01:11.730 an issue with won't. 23 00:01:13.680 --> 00:01:16.290 Anna Delaney: He sounds like a brilliant, brilliant man. I 24 00:01:16.290 --> 00:01:18.870 don't blame him for not traveling more than 50 miles 25 00:01:19.410 --> 00:01:23.640 outside. It's beautiful. Impressive. Marianne, another 26 00:01:23.640 --> 00:01:24.360 outdoor scene. 27 00:01:25.260 --> 00:01:28.320 Marianne McGee: Yeah, and this is within 50 miles of my house. 28 00:01:28.320 --> 00:01:31.740 It's like 15 miles from my house. Plymouth Harpers Park, it 29 00:01:31.740 --> 00:01:36.540 was on the Fourth of July. I showed you the Mayflower II last 30 00:01:36.540 --> 00:01:38.220 time. This time you see the park. 31 00:01:39.740 --> 00:01:43.190 Anna Delaney: Very nice, very civilized. Michael? 32 00:01:48.160 --> 00:01:52.270 Michael Novinson: This is Nori the Dragon, say hello. Nori sits 33 00:01:52.270 --> 00:01:54.790 atop the Providence Children's Museum in Providence, Rhode 34 00:01:54.790 --> 00:01:58.570 Island. He was actually a gift from the Boston Museum of Fine 35 00:01:58.570 --> 00:02:02.320 Arts that exhibit a China-focused exhibit in the 36 00:02:02.320 --> 00:02:05.500 late 90s that the exhibit ended. The Children's Museum was 37 00:02:05.500 --> 00:02:08.170 opening up and they needed a home for the dragon so they 38 00:02:08.170 --> 00:02:11.440 figured what better to add a whimsical touch to the 39 00:02:11.440 --> 00:02:14.440 Children's Museum than to have a dragon kind of wrapped around 40 00:02:14.950 --> 00:02:20.230 the former industrial building. On the particulars particular 41 00:02:20.230 --> 00:02:23.740 get up from today is it was for April Fool's with the Groucho 42 00:02:23.740 --> 00:02:28.120 Marx glasses and the moustache, but always. Yeah, it's always 43 00:02:28.120 --> 00:02:31.450 nice to see the dragon and my daughter loves going there. They 44 00:02:31.000 --> 00:02:34.660 Tom Field: And the words give you a gravitas. 45 00:02:31.450 --> 00:02:31.840 know her by name. 46 00:02:35.080 --> 00:02:36.760 Michael Novinson: Oh, thank you. So I was gone for. 47 00:02:38.520 --> 00:02:41.220 Anna Delaney: Well, I'm back in New York this week. And this is 48 00:02:41.220 --> 00:02:46.830 from the interior, the Met Art Museum. I think this room homes 49 00:02:46.830 --> 00:02:51.090 the Egyptian artifacts, so thought it was a stunning view. 50 00:02:51.120 --> 00:02:54.570 I promise you I'll share something else next week. No 51 00:02:54.570 --> 00:02:55.200 more New York. 52 00:02:55.000 --> 00:02:58.210 Tom Field: I might not. It's awfully nice up here in New 53 00:02:58.210 --> 00:02:59.710 England. It's a good time to stay at the lake. 54 00:02:59.890 --> 00:03:03.040 Anna Delaney: Yeah. So Tom, you've been hosting a few 55 00:03:03.040 --> 00:03:06.010 roundtables recently. Can you share some highlights? 56 00:03:06.420 --> 00:03:09.430 Tom Field: Yeah, absolutely. I think it's something we all 57 00:03:09.494 --> 00:03:12.889 participate in. We still have a full slate of virtual 58 00:03:12.953 --> 00:03:16.732 roundtables, as well as in person roundtables. I've got one 59 00:03:16.796 --> 00:03:19.870 later today that I'm doing that's going to be on 60 00:03:19.934 --> 00:03:23.777 automation. But there are a couple of topics that stand out. 61 00:03:23.841 --> 00:03:27.620 And I think one thing that we need to step back and let our 62 00:03:27.684 --> 00:03:31.015 audience know is we don't just host these roundtable 63 00:03:31.079 --> 00:03:34.986 discussions, we are editors, we all participate in these. And 64 00:03:35.050 --> 00:03:38.253 it's a way for us to get particularly close to our 65 00:03:38.317 --> 00:03:41.647 constituency, to the security leaders, to the vendor 66 00:03:41.711 --> 00:03:45.426 community, and to understand what's being talked about and 67 00:03:45.490 --> 00:03:49.077 what's being experienced. I think that gives us a unique 68 00:03:49.141 --> 00:03:53.304 edge. So a couple of topics I've been able to discuss recently, I 69 00:03:53.368 --> 00:03:57.404 think I mentioned them here in the past. One is software supply 70 00:03:57.468 --> 00:04:00.990 chain security. Been doing a series of discussions with 71 00:04:01.054 --> 00:04:04.769 Veracode, leading these with their CTO, Chris Wysopal, and 72 00:04:04.833 --> 00:04:08.805 co-founder of the company. And some of the takeaways have been 73 00:04:08.869 --> 00:04:12.712 interesting. We all know that software supply chain security 74 00:04:12.776 --> 00:04:16.491 is a huge vulnerability for organizations. Log4j made that 75 00:04:16.555 --> 00:04:20.526 terribly apparent for us last Christmas. As recently as just a 76 00:04:20.590 --> 00:04:24.625 couple of months ago, more than 40% of the Log4j downloads were 77 00:04:24.689 --> 00:04:28.212 for the original infected version. Organizations aren't 78 00:04:28.276 --> 00:04:32.119 learning lessons. And we have these discussions about supply 79 00:04:32.183 --> 00:04:36.282 chain security issues. And it's very clear that organizations of 80 00:04:36.346 --> 00:04:40.253 all sizes are challenged just to know what they have for code 81 00:04:40.317 --> 00:04:44.096 within their organizations. There is a huge asset inventory 82 00:04:44.160 --> 00:04:47.811 issue. And even though the executive order from last year 83 00:04:47.875 --> 00:04:51.654 talked about the software bill of materials, and everyone's 84 00:04:51.718 --> 00:04:55.433 conversant with the SBOM, the SBOM has kind of become like 85 00:04:55.497 --> 00:04:59.532 information sharing. Everybody wants the information, everybody 86 00:04:59.596 --> 00:05:03.375 wants the SBOM, people are reluctant to provide it. So this 87 00:05:03.440 --> 00:05:07.154 is becoming a significant challenge for organizations, and 88 00:05:07.218 --> 00:05:11.254 I'm enjoying these discussions, because I don't know that we're 89 00:05:11.318 --> 00:05:14.840 necessarily resolving the issues. Talking about them is 90 00:05:14.905 --> 00:05:18.299 important. And they're consistent no matter what type 91 00:05:18.363 --> 00:05:22.206 of sector you're talking about, or size of organization. So, 92 00:05:22.270 --> 00:05:26.049 that's one topic. Another I've really enjoyed has been with 93 00:05:26.113 --> 00:05:29.444 Chris Pierson, the CEO of BlackCloak, which provides 94 00:05:29.508 --> 00:05:33.159 executive digital protection. And the premise here is, as 95 00:05:33.223 --> 00:05:37.322 security leaders, you have been protecting executives and senior 96 00:05:37.386 --> 00:05:41.101 leaders and board members within the traditional corporate 97 00:05:41.165 --> 00:05:44.816 perimeter. What happens when they go home? How secure are 98 00:05:44.880 --> 00:05:48.979 those homes and the networks for those homes? How secure are the 99 00:05:49.043 --> 00:05:53.079 devices they're using? Who has access to these devices into the 100 00:05:53.143 --> 00:05:57.114 homes? And it's been a bit of a wake up call, particularly for 101 00:05:57.178 --> 00:06:00.957 the participants as they start to realize how vulnerable is 102 00:06:01.021 --> 00:06:04.415 executives' homes and devices are, how vulnerable the 103 00:06:04.480 --> 00:06:08.387 executives are, how they have become accidental insider risks 104 00:06:08.451 --> 00:06:12.422 because of these issues. And so as we talk about these, again, 105 00:06:12.486 --> 00:06:16.585 all over the country, in person, virtually, with executives from 106 00:06:16.649 --> 00:06:20.684 all sectors, we find that these are questions that aren't being 107 00:06:20.748 --> 00:06:24.463 asked. And a lot of the security leaders are saying I wish 108 00:06:24.527 --> 00:06:28.562 someone in our organization was asking what we're doing or what 109 00:06:28.626 --> 00:06:32.213 we should do. And there's an opportunity here for CISOs, 110 00:06:32.277 --> 00:06:36.313 particularly to step up and take control of this issue, because 111 00:06:36.377 --> 00:06:40.540 the hybrid workforce isn't going to go away. You know, what we do 112 00:06:40.604 --> 00:06:44.703 on these devices isn't going to change. We've got to extend this 113 00:06:44.767 --> 00:06:48.482 cloak of executive digital protection more broadly than we 114 00:06:48.546 --> 00:06:52.389 have. So these have been topics I have particularly enjoyed. 115 00:06:52.453 --> 00:06:55.656 They are ongoing and just demonstrate how in these 116 00:06:55.720 --> 00:06:59.499 roundtable discussions, whether in person or in Zoom, we're 117 00:06:59.563 --> 00:07:03.086 having important discussions with security leaders, and 118 00:07:03.150 --> 00:07:05.520 you'll experience it every day, Anna. 119 00:07:05.000 --> 00:07:08.540 Anna Delaney: These are important discussions. And 120 00:07:08.540 --> 00:07:10.730 thinking about the home, it's not just the executives 121 00:07:10.730 --> 00:07:13.580 presumably in their home. They've got children and loved 122 00:07:13.580 --> 00:07:17.120 ones and family members, and the criminal gets access to their 123 00:07:17.120 --> 00:07:20.990 devices and images on their devices, you think about the 124 00:07:20.990 --> 00:07:22.400 potential harm there. 125 00:07:23.920 --> 00:07:27.880 Tom Field: No question. And you know, any of us that have 126 00:07:28.000 --> 00:07:31.090 children understand the opportunities that are being 127 00:07:31.090 --> 00:07:34.180 opened up by social media, by shopping, by so many different 128 00:07:34.180 --> 00:07:37.780 things. And, you know, it's not often that executives have 129 00:07:37.780 --> 00:07:40.750 segregated networks or segregated devices, there's a 130 00:07:40.750 --> 00:07:44.350 lot of sharing going on. And one of the first things that 131 00:07:44.590 --> 00:07:47.650 organizations such as BlackCloak do is go in and do a little bit 132 00:07:47.650 --> 00:07:51.820 of penetration testing. And it's a good thing we're sitting down 133 00:07:51.820 --> 00:07:53.590 when we get the results of these pen tests. 134 00:07:54.850 --> 00:07:56.890 Anna Delaney: I was looking at some of the research that they 135 00:07:56.890 --> 00:08:00.310 released, I think they said that nine in 10 cell phones and 136 00:08:00.310 --> 00:08:08.770 tablets lack security software. Nearly 100%. But also going back 137 00:08:08.770 --> 00:08:15.040 to the SBOM, you said, on the editors panel, at the beginning 138 00:08:15.040 --> 00:08:19.030 of this year that this could be the year of SBOM. Is 2022 the 139 00:08:19.030 --> 00:08:19.750 year of SBOM? 140 00:08:20.110 --> 00:08:21.670 Tom Field: Well, it's the year people are talking about it. 141 00:08:22.090 --> 00:08:23.920 We've gotten halfway through it at least as part of the 142 00:08:23.920 --> 00:08:27.190 conversation. But you know, again, it's something that 143 00:08:27.220 --> 00:08:30.550 everybody wants to receive that from their suppliers. But are 144 00:08:30.550 --> 00:08:33.940 they prepared to offer that in return? I don't think we're 145 00:08:33.940 --> 00:08:37.030 there yet. And I don't know that we've come to a determination 146 00:08:37.030 --> 00:08:41.980 about what the proper SBOM format even is. That's still in 147 00:08:41.980 --> 00:08:45.760 discussion, but it's something that's going to have to mature 148 00:08:45.760 --> 00:08:46.450 pretty quickly. 149 00:08:47.530 --> 00:08:50.350 Anna Delaney: And how has the conversation changed, think back 150 00:08:50.350 --> 00:08:52.960 to last year, in may be tone or content? 151 00:08:53.980 --> 00:08:56.500 Tom Field: Well, a year ago, we thought SBOM was an expletive. I 152 00:08:56.500 --> 00:08:59.140 think it's changed in tone. And we understand what it is now. 153 00:08:59.380 --> 00:09:01.990 But we've got to get beyond understanding. And that comes 154 00:09:01.990 --> 00:09:04.750 back to the discussions we have with government folks all the 155 00:09:04.750 --> 00:09:06.970 time. We have an upcoming Government Summit in two weeks, 156 00:09:06.970 --> 00:09:10.060 let's promote that, where you know, we've got to get beyond 157 00:09:10.060 --> 00:09:12.970 interpreting and understanding the executive order and actually 158 00:09:12.970 --> 00:09:16.210 executing. Government doesn't work particularly fast. 159 00:09:16.420 --> 00:09:19.090 Adversaries do. We've got to quicken our pace. 160 00:09:20.740 --> 00:09:22.360 Anna Delaney: Highly informative. Thanks, Tom, and 161 00:09:22.570 --> 00:09:25.990 talking of upcoming summits, Marianne, I know you've been 162 00:09:25.990 --> 00:09:29.680 working hard on our upcoming Healthcare Summit in New York 163 00:09:29.680 --> 00:09:33.130 next week. Can you share some highlights or what we are going 164 00:09:33.130 --> 00:09:33.880 to expect? 165 00:09:34.140 --> 00:09:37.800 Marianne McGee: Sure. The live Healthcare Summit is taking 166 00:09:37.800 --> 00:09:40.350 place in New York. As you mentioned, it's taking place in 167 00:09:40.350 --> 00:09:45.810 person on July 12, and it is our first in person healthcare 168 00:09:45.810 --> 00:09:51.360 security summit since 2019. The summit is actually hybrid and 169 00:09:51.360 --> 00:09:56.250 that it will also be available virtually on July 12 with a 170 00:09:56.250 --> 00:10:01.770 replay on July 13. For registrants who cannot travel to 171 00:10:01.770 --> 00:10:05.580 New York City for the in-person conference, but we've got a 172 00:10:05.580 --> 00:10:09.030 great lineup of speakers and panelists from all corners of 173 00:10:09.030 --> 00:10:13.380 the healthcare sector, and a full agenda of sessions 174 00:10:13.440 --> 00:10:17.640 addressing important and timely cybersecurity and privacy 175 00:10:17.640 --> 00:10:22.770 issues. Speakers and panelists, speaking of government, includes 176 00:10:22.770 --> 00:10:25.170 some of the government healthcare sector type of 177 00:10:25.170 --> 00:10:29.880 leaders that includes Dr. Suzanne Schwartz, who heads up 178 00:10:29.880 --> 00:10:34.620 Medical Device Cybersecurity at the FDA, and Nicholas Heesters 179 00:10:34.620 --> 00:10:38.850 who is a cybersecurity advisor at the Department of Health and 180 00:10:38.850 --> 00:10:42.930 Human Services Office for Civil Rights, which enforces HIPAA. 181 00:10:43.380 --> 00:10:49.200 Also, we have Josh Corman, who just finished up a stint at DHS 182 00:10:49.200 --> 00:10:53.970 CISA as healthcare sector chief strategist during the height of 183 00:10:53.970 --> 00:10:58.410 COVID. And Josh will be providing a call to action 184 00:10:58.410 --> 00:11:01.770 overview of what the healthcare sector needs to be doing right 185 00:11:01.770 --> 00:11:10.110 now to strengthen its position in health care overall to fight 186 00:11:10.410 --> 00:11:14.490 the latest and most serious cyberthreats that we're seeing. 187 00:11:14.970 --> 00:11:18.660 Panelists and speakers also include Errol Weiss of the 188 00:11:18.660 --> 00:11:23.220 Health Information Sharing and Analysis Center, and Errol also 189 00:11:23.220 --> 00:11:27.600 has a very broad view of the healthcare sector and its latest 190 00:11:27.660 --> 00:11:31.530 cybersecurity trends and challenges. Other speakers 191 00:11:31.530 --> 00:11:46.590 include legal and cyber insurance experts, and highly 192 00:11:46.620 --> 00:11:48.480 regarded CISOs from healthcare provider organizations, medical 193 00:11:48.480 --> 00:11:51.480 device vendors and other critical supply chain companies, 194 00:11:51.480 --> 00:11:54.600 as well as experts from leading cybersecurity vendors. Topics 195 00:11:54.600 --> 00:11:57.090 that we'll be tackling include medical device cybersecurity, 196 00:11:57.090 --> 00:11:59.040 third-party risk, identity, cybercrime, fraud, cyber 197 00:11:59.040 --> 00:12:02.610 insurance, evidence-based approaches to security, 198 00:12:02.640 --> 00:12:07.320 ransomware and top cybersecurity lessons that are emerging from 199 00:12:07.320 --> 00:12:11.700 the pandemic. So I'm excited to have a chance to spend time 200 00:12:11.730 --> 00:12:15.000 discussing these and other important topics with our 201 00:12:15.000 --> 00:12:19.110 esteemed speakers and panelists next week and also to have an 202 00:12:19.110 --> 00:12:23.490 opportunity to chat with our summit attendees. Folks who are 203 00:12:23.490 --> 00:12:27.930 interested in attending the hybrid summit, either in person 204 00:12:27.930 --> 00:12:32.310 or virtually, can go on to any of ISMG's news sites, including 205 00:12:32.700 --> 00:12:37.590 healthcareinfosecurity.com, and click on Events to register. And 206 00:12:37.590 --> 00:12:40.290 then finally, I just want to thank our summit advisory 207 00:12:40.290 --> 00:12:44.130 committee members, including Michael McNeil of McKesson, 208 00:12:44.400 --> 00:12:49.500 Errol Weiss of H-ISAC, Christopher Frenz of Mount Sinai 209 00:12:49.500 --> 00:12:55.230 South Nassau, Anahi Santiago of Christiana Care, Mitch Parker of 210 00:12:55.260 --> 00:12:59.490 Indiana University Health and Thad Phillips of Baptist Health 211 00:12:59.490 --> 00:13:04.050 Care for their valuable input in planning for the event. 212 00:13:06.210 --> 00:13:08.880 Anna Delaney: It sounds absolutely brilliant. And, of 213 00:13:08.880 --> 00:13:10.140 course, you're going to meet Tom again. 214 00:13:10.690 --> 00:13:15.250 Tom Field: Yeah. I was thinking, Marianne and I have now worked 215 00:13:15.250 --> 00:13:17.770 together for a decade. Congratulations on your recent 216 00:13:17.770 --> 00:13:18.850 anniversary, Marianne. 217 00:13:18.900 --> 00:13:19.440 Marianne McGee: Thank you. 218 00:13:19.860 --> 00:13:21.810 Tom Field: And we've not seen one another for a fit of that. 219 00:13:22.110 --> 00:13:25.260 So I'm very much looking forward to seeing Marianne again next 220 00:13:25.260 --> 00:13:25.530 week. 221 00:13:26.280 --> 00:13:27.030 Marianne McGee: It'll be fun. 222 00:13:27.600 --> 00:13:30.540 Anna Delaney: Marianne, as you put together all the content, 223 00:13:30.540 --> 00:13:34.200 with the calls that you had put together these panels, was there 224 00:13:34.200 --> 00:13:38.790 one theme that links each one or each one of the presentations, 225 00:13:39.480 --> 00:13:42.960 you know, that's quite pertinent to 2022? 226 00:13:44.340 --> 00:13:46.230 Marianne McGee: I think, you know, one of the sort of the 227 00:13:46.230 --> 00:13:50.100 underlining things that kind of come through and, you know, it's 228 00:13:50.100 --> 00:13:53.130 probably going to come up again, at the summit, and hopefully no 229 00:13:53.130 --> 00:13:56.460 one gets COVID, supposed to be speaking at my conference next 230 00:13:56.460 --> 00:13:59.790 week, between now and then. But yeah, you know, the COVID, the 231 00:13:59.790 --> 00:14:03.600 pandemic, you know, it kind of changed a lot. You know, some 232 00:14:03.600 --> 00:14:06.180 things stay the same. And some of the challenges that the 233 00:14:06.180 --> 00:14:09.900 healthcare sector has, you know, always been the case in 234 00:14:09.900 --> 00:14:12.030 healthcare sort of being a laggard compared to some other 235 00:14:12.030 --> 00:14:16.590 sectors and many things cyber wise. But I think the pandemic 236 00:14:16.590 --> 00:14:20.160 sort of, kind of, you know, put the magnifying glass on health 237 00:14:20.160 --> 00:14:23.070 care, because, you know, the threats certainly didn't 238 00:14:23.070 --> 00:14:26.820 disappear. But the challenges just piled up for health care. 239 00:14:27.090 --> 00:14:30.360 So, you know, vulnerabilities just became, you know, that much 240 00:14:30.360 --> 00:14:33.930 more vulnerable and obvious for many of these entities. 241 00:14:34.620 --> 00:14:36.750 Anna Delaney: Well, good luck. I look forward to watching it 242 00:14:36.930 --> 00:14:41.730 virtually. Michael, cybersecurity vendors are 243 00:14:41.730 --> 00:14:44.430 creating their own venture funds, what can you share? 244 00:14:45.980 --> 00:14:49.580 Michael Novinson: Thank you. Anna, it's a trend we've been 245 00:14:49.580 --> 00:14:52.100 seeing over the past couple of years here. And if you look more 246 00:14:52.100 --> 00:14:56.210 broadly in the technology sector that we've had several of the 247 00:14:56.210 --> 00:14:58.670 big technology firms doing this for a while, most notably 248 00:14:59.180 --> 00:15:02.120 Alphabet's CapitalG for a number of years, Salesforce has 249 00:15:02.120 --> 00:15:04.850 Salesforce Ventures, Dot Technologies has Dot 250 00:15:04.850 --> 00:15:07.220 Technologies Ventures. We haven't seen that this much 251 00:15:07.220 --> 00:15:09.110 historically in the cybersecurity space, but that's 252 00:15:09.110 --> 00:15:12.860 been starting to change. Today, the most active fund by a 253 00:15:12.860 --> 00:15:15.380 considerable margin is the Falcon Fund. It's managed by 254 00:15:15.380 --> 00:15:18.200 CrowdStrike. It's been going for a couple years. I know, 255 00:15:18.200 --> 00:15:22.220 recently, they've raised some additional money to really try 256 00:15:22.220 --> 00:15:25.220 to shape that early and mid-stage startup environment in 257 00:15:25.220 --> 00:15:29.240 their image. A couple years ago, we've had a couple launched. 258 00:15:29.270 --> 00:15:31.580 Symantec launched their own venture fund in their 259 00:15:31.610 --> 00:15:34.790 pre-Broadcom days. And similarly, Palo Alto Networks 260 00:15:34.790 --> 00:15:38.300 have launched a venture fund back in 2017, the two of those 261 00:15:38.300 --> 00:15:41.090 don't seem to be as active anymore. But where we are seeing 262 00:15:41.090 --> 00:15:44.720 a lot of activity has been this identity security space. Okta's 263 00:15:44.720 --> 00:15:47.720 had a venture fund for the past couple of years. And perhaps not 264 00:15:47.720 --> 00:15:50.330 coincidentally, a couple of their biggest competitors have 265 00:15:50.330 --> 00:15:54.470 decided to step up to the plate as well. So starting in April, 266 00:15:54.470 --> 00:15:58.190 we saw CyberArk who's category leader in privileged access 267 00:15:58.190 --> 00:16:02.240 management. They viewed a $30 million venture fund, they're 268 00:16:02.240 --> 00:16:05.240 taking a bit of a broader approach to the industry so 269 00:16:05.240 --> 00:16:09.500 they're not necessarily looking to invest right in identity, 270 00:16:09.500 --> 00:16:11.120 that they're looking to get more into things like 271 00:16:11.120 --> 00:16:16.250 microsegmentation or cloud technologies or whatnot, things 272 00:16:16.250 --> 00:16:20.270 that they can essentially embed it or they can build 273 00:16:20.270 --> 00:16:24.350 integrations and APIs into their platform. So CyberArk was number 274 00:16:24.350 --> 00:16:27.920 one. And then a month later, we saw Ping Identity, which is 275 00:16:27.920 --> 00:16:31.670 really in identity and access management space, both the 276 00:16:31.670 --> 00:16:33.890 workforce and the customer, really a direct competitor of 277 00:16:33.890 --> 00:16:37.880 Okta. They drew a venture fund, which was a $50 million fund, 278 00:16:37.910 --> 00:16:41.870 they're looking to go a little bit work with slightly later 279 00:16:41.870 --> 00:16:44.210 stage companies that they're wanting to go up to Series B, 280 00:16:44.210 --> 00:16:48.170 while the CyberArk one is more focused on Seed and Series A and 281 00:16:48.170 --> 00:16:52.190 the Ping Fund is really looking to stay narrow, that they figure 282 00:16:52.190 --> 00:16:55.790 that they know identity the best and they really want to focus on 283 00:16:55.790 --> 00:16:59.210 startups that are taking on different areas within identity 284 00:16:59.210 --> 00:17:02.330 such as identity verification, identity governance, machine 285 00:17:02.330 --> 00:17:07.790 identity, etc., that they don't feel that they're the best 286 00:17:07.790 --> 00:17:12.590 qualified to evaluate kind of a field security technologies. So 287 00:17:12.980 --> 00:17:15.200 this is a little different in terms of the security funds, 288 00:17:15.200 --> 00:17:18.320 they're smaller. So they're not typically going to be a lead 289 00:17:18.320 --> 00:17:22.370 investor around nor do they necessarily have the expertise 290 00:17:22.370 --> 00:17:25.100 internally to do that. So they're really looking to be 291 00:17:25.280 --> 00:17:31.160 supporting investor and to provide really good market, 292 00:17:31.280 --> 00:17:34.970 since anybody they're investing in can tap into their customer 293 00:17:34.970 --> 00:17:38.810 base and their partner base, but also to provide leadership 294 00:17:38.810 --> 00:17:42.650 technology expertise and acumen and things like that. But 295 00:17:42.650 --> 00:17:46.460 they're not. Neither the CyberArk Ventures nor Ping 296 00:17:46.460 --> 00:17:49.910 Ventures are looking to really lead massive rounds the way that 297 00:17:49.910 --> 00:17:54.140 we've seen like CapitalG or Salesforce Ventures do, but it 298 00:17:54.140 --> 00:17:56.390 is a newer dynamic. And it's going to be interesting, because 299 00:17:56.390 --> 00:18:00.350 now with it, once one sale point is sold to Thoma Bravo, we'll 300 00:18:00.350 --> 00:18:04.340 have essentially, three pureplay identity security companies who 301 00:18:04.340 --> 00:18:07.070 are publicly traded after Ping and CyberArk, and all three of 302 00:18:07.070 --> 00:18:09.740 them will have these venture funds. So really interesting to 303 00:18:09.740 --> 00:18:11.570 see how active these are in the years ahead. 304 00:18:12.500 --> 00:18:14.390 Anna Delaney: And do you expect others to follow suit? 305 00:18:16.640 --> 00:18:18.140 Michael Novinson: I think we will see that. I mean, 306 00:18:18.140 --> 00:18:23.240 CrowdStrike has had a pretty stellar, pretty big impact on 307 00:18:23.240 --> 00:18:27.470 the industry. So I do think we'll see other ones, I do think 308 00:18:27.470 --> 00:18:31.400 it is really the domain of publicly traded companies in 309 00:18:31.400 --> 00:18:34.250 order to do this. And it would be kind of bizarre to have 310 00:18:34.250 --> 00:18:36.380 somebody who's still in kind of the startup world funding other 311 00:18:36.380 --> 00:18:42.470 startups. So I think this is really going to be more on the 312 00:18:42.470 --> 00:18:46.760 public side. But yeah, I think for the companies, that is just 313 00:18:46.760 --> 00:18:48.950 really, I mean, they get to know some of these early stage 314 00:18:48.950 --> 00:18:51.470 startups. And also they get, I mean, particularly in the case 315 00:18:51.470 --> 00:18:54.590 of Ping, but they get to make sure that these startups have 316 00:18:54.590 --> 00:18:57.980 APIs, and they have integration features that will allow them to 317 00:18:57.980 --> 00:19:01.010 be more interoperable with their technology. So it really does 318 00:19:01.520 --> 00:19:05.870 make sure that it really keeps kind of some of the more 319 00:19:05.870 --> 00:19:08.120 established vendors at the center of the startup 320 00:19:08.120 --> 00:19:09.530 conversation going forward. 321 00:19:10.610 --> 00:19:12.860 Anna Delaney: Okay, well, thank you for those updates, Michael. 322 00:19:13.160 --> 00:19:16.910 So finally, who do you rate on Twitter or LinkedIn as a good 323 00:19:16.910 --> 00:19:21.710 source of security knowledge and/or information? Who do you 324 00:19:21.710 --> 00:19:23.900 enjoy following? Who should we follow to? 325 00:19:26.270 --> 00:19:30.320 Tom Field: Guy with the bowtie. I am a big fan of Richard Bird. 326 00:19:30.380 --> 00:19:34.700 He is currently with SecZetta. We know him as someone who's 327 00:19:34.730 --> 00:19:38.720 certainly an identity proponent, is part of our zero trust, brand 328 00:19:38.720 --> 00:19:42.950 trust. And what I enjoy about Richard, is that when he speaks, 329 00:19:43.040 --> 00:19:46.340 he speaks about cybersecurity. He speaks passionately about 330 00:19:46.340 --> 00:19:50.180 identity, but he also speaks passionately about his personal 331 00:19:50.180 --> 00:19:54.530 life, about social issues, and you get the complete package. 332 00:19:55.280 --> 00:19:59.690 When Richard is in, he's all in. When he speaks, I listen. Very 333 00:19:59.690 --> 00:20:02.900 much enjoy him and recommend him. The man with the bowtie. 334 00:20:04.370 --> 00:20:07.220 Anna Delaney: Nicely introduced. Yes, I was enjoying some of his 335 00:20:07.610 --> 00:20:14.270 posts this week. He communicates very well. He argues his case 336 00:20:14.270 --> 00:20:17.660 very well. So yeah. Great one to follow. Michael? 337 00:20:17.000 --> 00:20:19.410 Michael Novinson: So probably maybe a touch less dynamic but 338 00:20:17.000 --> 00:20:26.270 Anna Delaney: Good. Marianne? 339 00:20:19.467 --> 00:20:23.197 what's been helpful for me in my day to day job is keeping an eye 340 00:20:23.255 --> 00:20:26.928 on momentum, cyber, particularly on the LinkedIn side, that when 341 00:20:26.985 --> 00:20:30.141 it comes to the business of cybersecurity, it is such a 342 00:20:30.199 --> 00:20:33.412 crowded vendor landscape and just having them do kind of 343 00:20:33.470 --> 00:20:37.200 weekly summaries and roundups of all the major funding rounds and 344 00:20:37.257 --> 00:20:40.529 all the major mergers and acquisitions, it's just helpful 345 00:20:40.586 --> 00:20:44.029 because there's just so much going on all the time that it's 346 00:20:44.087 --> 00:20:47.587 easy to miss things. So it's nice to have additional eyes and 347 00:20:47.645 --> 00:20:50.973 ears, particularly folks who are pretty connected with the 348 00:20:51.031 --> 00:20:54.187 funders and a lot of the key players. Keeping an eye on 349 00:20:54.244 --> 00:20:57.630 what's going on and for me it is somebody who wants to keep 350 00:20:57.688 --> 00:21:01.016 abreast with the industry making sure that I'm not missing 351 00:21:01.073 --> 00:21:01.820 anything big. 352 00:21:05.240 --> 00:21:08.480 Marianne McGee: I like keeping my eye on some of the healthcare 353 00:21:08.510 --> 00:21:13.370 privacy security experts. Kirk Nahra, attorney; another 354 00:21:13.370 --> 00:21:18.050 attorney David Holtzman, and then another attorney but she's 355 00:21:18.050 --> 00:21:20.900 not really health care, but she's privacy, Michelle Dennedy. 356 00:21:21.350 --> 00:21:24.230 I like reading Michelle's tweets, you know, she, like Tom 357 00:21:24.230 --> 00:21:27.500 was saying, sort of the mix of you know, business and family 358 00:21:27.500 --> 00:21:31.580 and personal and funny. I like following Michelle. 359 00:21:32.170 --> 00:21:33.190 Tom Field: Two of my favorite people. 360 00:21:35.170 --> 00:21:38.770 Anna Delaney: I was going to say Rob Lee, particularly as the 361 00:21:38.770 --> 00:21:42.100 situation in Ukraine and Russia has unfolded and the intel that 362 00:21:42.100 --> 00:21:46.600 he's providing and his experience as well. So I think 363 00:21:47.350 --> 00:21:50.830 he's definitely one to follow. Well, that's all we have time 364 00:21:50.830 --> 00:21:54.220 for unfortunately. Michael, I just still can't take you 365 00:21:54.220 --> 00:22:00.670 seriously. What you say is so serious and well. We must thank 366 00:22:00.670 --> 00:22:02.050 our extra companion today. 367 00:22:05.140 --> 00:22:06.970 Tom Field: The dragons invited back by the way. 368 00:22:07.020 --> 00:22:11.250 Anna Delaney: Yes. Thank you so much all of you. And thank you 369 00:22:11.250 --> 00:22:13.080 so much for watching. Until next time!