Rickard Carlsson – Co-founder & CEO at Detectify

Entrepreneurial tech nerd Rickard Carlsson has grown Detectify from a group of ethical hackers with an idea on how to make the internet safer, to an international industry challenger of 140+ people. Rickard has a background in tech and management consulting, and has lived and worked in Sweden, India and the US.

Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

Katie Teitler

Sr. Product Marketing Manager at Axonius

Tyler Shields

CMO at JupiterOne

Will Clark – Software Architect at Accela

Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

Katie Teitler

Sr. Product Marketing Manager at Axonius

Tyler Shields

CMO at JupiterOne

Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

1. FUNDING: Remote work and cloud adoption lands 1Password with $620M Series C, now valued at $6.8B – TechCrunch – This is a MASSIVE series C with a valuation to match. It makes me wonder what Dominik Reichl, the author of KeePass, might think about it. As both a B2C as well as B2B company, it seems more justified than some of the B2C-only unicorns we’ve seen. They intend to do some more acquisitions with this money. Any guesses? Do they get into Zero Trust? Deeper into MFA? API Security?
2. FUNDING: Devo Announces $250 Million Funding Round Led by TCV – Devo.com –
3. FUNDING: Germany’s SoSafe raises $73M Series B led by Highland to address human error in cyber – TechCrunch –
4. FUNDING: Banyan Security Raises $30M in Growth Financing to Support Increased Demand for Innovative Zero Trust Network Access Platform –
5. FUNDING: Continuous verification company Verica raises $12M to make systems more resilient –
6. FUNDING: Former FireEye Executives Emerge from Stealth with $10M Seed Round to Tackle Cloud Detection and Response – Permiso Security – I spy with my analyst eye… our very own Tyler Shields participating in this funding round! Sounds like anomaly detection for authorization-related events?
7. FUNDING: Tromzo Raises $3.1M From Innovation Endeavors and Over 25 Leading CISOs to Eliminate the Friction Between Developers and Security Teams –
8. ACQUISITION: Netrix Acquires BTB Security, a Provider of Cybersecurity and Digital Forensics Solutions – Netrix LLC –
9. SPINOUT: Symphony Technology Group Announces the Launch of Extended Detection and Response Provider, Trellix – In what sounds like the first of many spinouts, the first child of the McAfee FireEye union has surfaced! Trellix appears to be centered around the McAfee MVISION XDR product. It’s an interesting approach. Instead of simply smashing together the products and services of McAfee and FireEye under new branding, it looks like the most successful products will each spin out as separate subsidiaries under STG for now. SASE will be the next product to spin out as a separate company, comprised of McAfee’s Enterprise Secure Service Edge offering, which includes CASB, SWG, and ZTNA functionality.
10. WHATEVER, MONEY ISN’T REAL ANYWAY: Microsoft will buy Activision Blizzard, a bet on the next generation of the internet. – Obviously not security-related, but a market event too huge to not talk about. This is especially true when you consider Microsoft as one of the biggest cybersecurity companies and acquirers. The numbers seem insane until you start to dig into some context, like:
    – MSFT’s $2T+ market cap
    – MSFT is already a leader in gaming
    – Scandal discount?
    – 18% YoY growth
    – 7.5x ($9.053B revenue in 2021)
    – Still, this accounts for only 5% of the entire gaming industry
    – CoD alone makes $5M a DAY. That’s over $1.8B annually.
11. SUPPLY CHAIN: The customer has nuclear weapons. They do not do “bounty” – This Bugzilla thread is a stark reminder that:
    a) OSS projects still use Bugzilla (whaaaat)
    b) Fortran is still alive and well
    c) open source is thankless, fragile, underfunded, and not free as in ‘beer’, but free as in ‘piano’
12. LEARNING: 10 real-world stories of how we’ve compromised CI/CD pipelines – In an editorial I published on scmagazine.com at the end of 2021, I urged defenders in 2022 to focus on three things:
    1. Sharing data on how breaches occur
    2. Studying that data
    3. Using these scenarios as training exercises

    NCC has always been generous, sharing their tools and knowledge, and this is no exception. Incident responders, AppSec folks, and detection engineers should all take some time to read over these detailed accounts of how consultants were able to compromise CI/CD pipelines.

13. TRENDS: Forecasting in-the-wild 0days: 2022 – Ryan McGeehan uses the power of math and the data of Google’s Project Zero to determine the number of 0day exploits we’ll see in the wild in 2022. The answer is more than 28, but less than 75. Anything over 25 was almost unheard of until last year when we saw 57.

    You shouldn’t worry about the number though. Best to focus on fundamentals and practice, practice, practice! Most breaches happen because processes fail.

14. VULNS: 2 Critical Cloud Vulnerabilities to Convince You to Move to the Cloud – Orca Security –
15. REPORT: Wearing Many Hats: The Rise of the Professional Security Hacker – This paper tracks the history of the hacker. Though I haven’t read all of it, I doubt there will be too many revelations for those of us that have at least one shelf in our homes dedicated to books on hacking and its history. Still, it seems like a great primer for anyone jumping into the industry that wants the Cliff Notes on the hacker industry and culture.
16. LEGAL: Former Uber CSO Faces New Charge for Alleged Breach Cover-Up – Joe Sullivan is facing Theranos-level charges here, which seem a bit extreme. Perhaps the government wants to set a precedence in this case, to ensure bug bounty platforms don’t become the new ransomware payment gateways. I doubt this will have a chilling effect on CISOs being willing to take on the role, but I have noticed that it quickly became commonplace for CISOs to have their own independent insurance for situations where they could be personally liable for work-related actions.
17. SQUIRREL: kube-chaos –
18. SQUIRREL: Tom Brady’s buzzy celebrity NFT startup Autograph banks $170M from Silicon Valley’s top crypto investors – TechCrunch –
19. SQUIRREL: Tom Brady Ruby Signed Immortal Statue –
20. SQUIRREL: Former SpaceX engineer says his pizza-making robot, located across the road from Elon Musk’s HQ, sprayed cheese everywhere during testing –

Katie Teitler

Sr. Product Marketing Manager at Axonius

Tyler Shields

CMO at JupiterOne