Requests For Startups: Cybersecurity with Vincenzo Iozzo and Jamie Butler
Hey, everybody. It's Eric torbert co-founder partner Philips, global, eight network driven venture firm, and this is metro stories a podcast covering topics. G tech business with world leading experts. Guys. Could you please introduce yourself where you're currently working on? And if you were starting a company in cybersecurity where would you be most excited to start a company? Yeah. This is Jamie. Unseat Hewitt endgame in working on important security technologies. I think they kind of space that most interested right now is primarily around. What can we do to automate a lot? There's a huge skills gap in hiring in retention problem right now in cybersecurity. So how can we make basically the space a lot easier for getting new people into the space in maybe perhaps even less for skilled in may be less people in general. So that's some of the places I'm interested in cyber security is now kind of the front page of many stories in in our society. There's so much more. You know when I grew up. There wasn't a lotta tack on dominating kind of consumer market and so forth and so security plays a. Much bigger role in our everyday lives. So that is led to the need for more skilled people in the space that cannot help protect it out and so forth. That's obviously the amount of education and skill and and just generally trained people has dwarfed kind of the demand that we have in today's society. So I'm also working on endpoint security across strike might mean teases at the moment is that cyber risk or several scooting journal should become curious ties and somehow turn into a financial quantifiable risk. So if I were to start company now, I would try to do it in the cyber insurance space. I think a lot of will receive right now that's base is basically new wells new ways to do sales of referrence product. But I think what's interesting there is figuring out. Out just a very different kind of of products and capital structure to bring to bring to the market because cybersecurity some outfields one of the few remaining risks that enterprise companies really don't have for which like enterprise companies don't have a UC financial financial instrument to protect against an that seems counter intuitive. What are we wanted to or not everything to Jamie was saying everything both in consumer and enterprise will have computers involves means I security so just issuance in general will be changed dramatically because of because of sub security. So I think it's exciting area to ban. Till before before getting into some of the specific applications zoom out a little bit for the smart technologists out there who's looking to build a company in seven thirty or investors were looking to German opportunities. Why don't we zoom out? I in almost give a little market map like saboteurs, obviously being term, you enormous space had you sort of subdivide sort of the main sub sectors within cyber security. You know, I'm, you know, been focused on endpoint for twenty one years in. So it's a little bit. Can you describe what I think, you know, Vincenzo might have slightly different definition with his background. But the point for me is kind of the server desktop laptop. You know that help us do computing in a more of an enterprise environment. You know ventures has obviously a lot of background in the mobile space, who, you know, in in point is, well, you know, there's different degrees of focus their Yami. Now our define it is practically wearing. Your software or or basically code for me and point is anything that is a competing device where you can have your security product on. I guess network security tends to be something you add to the enterprise like perimeter. So I think. That's how would you know is I think the different categories security. There's a lot of efforts has been around network security. And then now we're seeing a big exposure on the kind of implants security, and there's a Danny management. There's you know deception technologies that can coming. There's you know, orchestration platforms that have played a big role more recently in cybersecurity. So those are some of the general categories, I think about when I'm looking at this base about Yuban tons of similar I think somebody wants that to to partially to go back today fronts topic. There was a lot about like risk and compliance the access management and security are also two relatively large areas. And then something that it's going maybe a bit out of fashion right now is threat intelligence or it's being like, it's is going through some some may. Major changes in your around threaten intelligence intelligence is that US company provide like private information about specific threats in my my target your your customers. And there is a a Voss space that it's up ligation security in that Kommersant anything from ability assessment to obligation fi wolves to anything that improves the state till the code base. So reduces bugs or enforcing some kind of Stewart secure development life cycle that the part of the market is interesting because it is part of security, but it's a very different audience and house, very different economics mechanics and the rest the rest of the space, and there is a beat the sort of consumer side for security, but it tends to be a tryst today. It tends to be enterprise companies then move down to consumers as opposed to. To a pure consumer play in the field. So we're seeing that we used to see I guess Symantec. Now, we're starting to see you and point security companies going trying to go more into the consumer area zoo in a post read talked about his insurance, you you you talking about addressing the market for women's problem. Seeing a little bit about what that is in where using the opportunity within insurances Rosh should focusing. Yeah. The problem you have with security products in generous that it's hard to prove their effectiveness, and what's happening a law. These days is that companies are trying to come up with like test environments where you can do provide us like tests and to show that actually what you claim is true. And you do actually I don't know prevent a specific type of breach or you do you do help with a given type of. But obviously, it's quite a hard problem the journal case because again here is that you're preventing something from from opening road runner to making something happen. I think for for the longest time because that had like we didn't have a lot of external forces in the market that would try. To enforce a more analytical perks through the the market of Philemon problem. Dan, a lot of security used to be survive. A enterprise sells exercise where would sail into our normalization. If you knew somebody then buying power that organization. I think you sure ans- and regulation to some extent are putting pressure on the sector to show that it does show that actually we have measurable ways to improve the state of security four for individual company based on but based on what they buy, and we'll kind of people they hire it's on sports. So I think you should definitely plays a role in making security products more accountable in terms of onto find their effectiveness. Have you found any products that are currently work on this reproach is that you're excited about? So there is a company that I haven't invested in. But I think is moving his going to war. Awards that which is called talking to the the idea is that they will try to create against environments in which they can can reliably measure the effectiveness of even product based on the claims and the product has. And so that's that's definitely an interesting an interesting company. I think there are a lot of companies that are trying to come up with risk models for for several security with again you deal making each year for insurance companies to underwrite policies, but I haven't found anything yet. That is a particularly exciting. 'cause I think a lot of people are focusing on the external like wall, can you comment when we got her from outside of the company and are not focusing enough on out of the actually structure disappearance product for something is ever changing, like a network of an enterprise company, you know, so I'll do you account for a lot of taxis today about. Out fishing credentials stealing. And so on sport you can back to the attack IQ model. I think it's interesting because I'm not investor. I no some of the investors there and some of the founders, but what I think is about their models there instead of evaluating necessarily the product from the vendor's perspective, they're trying to validate it from the buyer's perspective. So if you're large corporation, you weren't kinda evaluate your security stack you can use tack to help you do that. Which is kinda turn the problem. I think a little Bill head. I think also in cyber security another place that we haven't quite got it right yet is from evaluating the vendor itself. So kind of really independent third party validation is difficult to do because there's the products themselves are expensive to get you know, there's a lot of money involved in so kind of that independent third party validation difficult problem that I don't think it's completely been soft. Either. Wedding. You you've looked a lot about is intersection between cyber security in crypto watching. He talked about your interests there in where entrepreneurs and to colleges should be focused. Yeah. So I think there are a lot of areas that are interesting are intersectional, those two things or where you can like literally apply things with earning running to St. to the outer until a few a few or no particular order. I think the problem of custody in the credentials face is a problem is quite familiar with the cybersecurity industry, especially for people that used to work in like highly classified environments, and so there was definitely quite a lot that can be can be learned in the crypto currency space from from that world. I think vice verse a problem that we failed to solve in cyber. Security is we failed so probably in cybersecurity. And it's a since like in the crypto conscious paces is is doing much much better is how do you deal in algae? Butch drop distributed trust without having any kind of central central parties trusted parties. And I clear example that is our certificate authorities. As time goes by one of the things that the cyber security industry is now adopting more and more is this yada, even applications and like website since on sports, they all need to be signed and not models for our Mosul braking systems now rely on this to like PKI infrastructure, and as a result of that. Will we started to see if years ago, and is still in progress is a lot of the certificate? Odom orgies would compromise on those sorts of very nasty security. Security incidents. The crypto space has figured out really clever ways to deal to deal with situations. Like that I'm thinking something like n shake, and so I think that would definitely be an area where cybersecurity could learn from from crypto code quality is an area where bugs we've seen the Dowell or just in general is because solidity us up as a programming language is fundamentally flawed. If somebody from the cybersecurity a specific on the petition security while was involved in the design choices buying solidity a thing that would have prevented a lot of since we've seen in the past few years. So I think there are there are quite and lastly other thing that I find particularly exciting is that a lot of the I guess latest researching crypto in cryptography is happening because of cryptocurrencies and one. One area that that I find extremely fascinating is zero knowledge proofs, I think that we've now got into the point where Dow quite usable for a wide range of occasions, and I think that the cybersecurity industry as a lot of catching up to do with the cryptocurrency world in terms of like, how do we use zero knowledge poops for some of the problems that we have around information sharing? And so on sports stars. I I think that's another area that where a lot of cross pollination could happen between between the two between the two industries. I think those are an interesting spaces to think about in how the technology's maybe the the knowledge doesn't hasn't transferred yet between the two camps. But anew mentions very interested in that cutting in relation to that kind of those Trotha awardees, you know, kind of a spin off of that concept from the certificate managers as we. Today, we still in many ways, we have these kind of crunchy perimeters are solid perimeters kind of mushy interior, like once again indicated then you can have authentication throughout the entire domain of whatever that enterprises doing place that is you know, I think kind of maybe a little bit ahead of itself. Interesting concept is the authentication between micro services and these dynamic workloads. That's a company that I've been following a a friend of mine founded it it's called a site tail odd believes hype nounce it, but they're trying to authenticate microscopes to one another instead of having once you get off in a K in general than any Microsoft's can talk to any other microscopic thing unless there's a firewall row. So that's a, you know, an up and coming area that as we get more distributed computing as changed I was talking about that might be interesting area for investment. More entrepreneurial action there. I was just at like with Vincenzo and in corresponding with a more or less ac-. So at a very very large organization, he was kind of mentioning the cambric gentle Letica kinda problem that came up was in the news recently and his organization shoes a lot data and brings in a lot that and so and so forth. And he was you know, prominent he kinda raised to bunch of us that were sitting around the table was like how how do I make sure if I give you my data that you don't then, you know, share it or or share it in a way that's not approved in our original with another third party. And so, you know, I think there's some some things that we could potentially do if you keep the data in house, but like once it leaves your area. Is there something that we could do, you know today on think blockchain yet solves that problem of kind of the confidentiality? But could we do something that would you know, if you share? Share that. I would know about it as the originating hardy of that data influence interesting y'all I think. You were saying earlier, I think general we added really the identity management problem neater like Uman level being do you identify somebody line, but but also the computer level like how do you make sure to machines are like are supposed to communicate and come can provide some some amount of assurance about their their identity and their their integrity. And I think doing being that ill as proven owning place. So far, I think that's an area where like maybe some of the lessons from from cryptocurrencies are interesting and the other thing about cupboard camera generally that it's quite interesting is that we are. Finding ourselves into a situation where a lot of the war. What seems to be more valuable is that they rounded under code and fundamentally we we're used to a world where we tend to protect the code rather than data to a large extent. So I think the there was no question of well, what is the better way to up to deal with like our resolve coverage analogy our one one obvious way because hey, okay. We should we should have abstract for like model whereby if you want to touch any of the any of my data. I'm now going out and give to the you. I'm gonna do is I'm gonna run arbitrary computation on my network to deal to to do something today, which is very comforting to to to people that have done security for a long time. Because the we have this immediate connection our head that retiree competition somebody else machine is bad. And so I think the guilty with the problem all. Made the data truck or veto trucking. That is that does not involve flipping the equation between data and code. You know, nail where maybe a cryptocurrencies could play or lessons learned from cryptocurrencies could could play role. Although I think it's. What came he was saying? I don't think he's hot clear solution there yet. Yeah. Going back to what you James you're saying in your introduction about the designation problem because you also wrote a little about your incident entrepreneurs we're tackling the continuous education problem. Can you talk a little bit about where's the opportunity there were you want see innovation? So I actually investor in this company. There's a company called immersive lapse that tries to fix that problem. I think today insecurity will have a couple of issues. One is there's just a lot of demand and barely will supply or people have as background. And so what happens is if you are a company below like fortune five hundred your security, let your security staff is probably not particularly well trained, and then what happens is you have one of two auctions one of three options one either to spend ten dollars on talent. But in that probably does not make sense. Given given yourself or you outsource to a sort of security provider. The tend to be called managed security service providers on medically those are big organizations than due to who you kind of like outsource your at your cyber strategy war. Will you do is you hire people that don't necessarily have a security background. And then you you sort of like try to bring them up. I think the last the last group is the most promising one from from security imporant and also more journal. I think we find ourselves in our interesting as right now where a lot of the security that we're used to is changing significantly partially because of clouded option but partially because sort of sick software vendors start taking security team more seriously, which means that where we do security, and what we do to change will change dramatically. And so I think there is a there is a need for everyone. Even like veterans in the field to stay up today. The the ability to have a sort of a continuous learning platform is I think I at least for now is absolutely necessary. We'll this company's specifically is they do comfortable flag style. Contest to see to make sure that you're actually learning concept in a practical way. I I think I think that area where like you try to give people a measurable income. Crete set of skills is is particularly nudity in the industry right now and the touch on tenant that any security service model it's been around for a while. I would say there's you know, maybe we're seeing a little bit more appetite for of recent. There's a lot of those some of the larger players like a adult secure works or a semantic or something like that have been doing it for a number of years, but kind of looking around the market there's there's probably another twenty or so. Not all blur. That have begun over the last two or three years in the space. And, you know, be interesting to see what happens I think there's a certain appetite for it even in corporations that are, you know, have a lot of revenue where they want to have the best people that they can afford and at the same time, they wanna give them the most challenging interesting problems that are kind of pertinent to the organization, and so some of the outsourcing that we may see will be to automate and get rid of some of the more mundane tasks in cybersecurity in some of the things that crap should be a little bit easier to do and that way they can still challenge their existing staff and keep them excited about the job and not have to harm necessarily quite as many people if they can find good partner on the outside. We saw this. You know, at I worked at mandate for a number of years, and we saw that in some of the managed services that they provided where you know, if if he would look. If these corporations that were the customer in some of them were definitely able to afford and higher in have the very best talent possible because of their revenue and so forth, but they decided to specialize in what they did. Instead outsource some of their security task which you know, it's interesting it in kind of back to what Vincenzo is talking about with kind of your risk model and so forth that obviously changes the equation a little bit. Because in some of the scenarios, you are, you know, in talking about the the compute going to the data in this case a lot of these manage security providers, the the data actually goes to them. So you're maybe you're you have to have perhaps a little bit more risk tolerance. Or definitely make sure that you know, you're in compliance with things like DVR and so forth. I wanna ask you. If you ran a hundred and focus are running a fund focus on cybersecurity investment investing. I want to ask you what your thesis would be serve as a pre question to that. I'm curious because you've been union space for couple of decades. Plus, how do you sort of conceptualize the current era is like the golden age of cybersecurity startups? I mean, given sort of the surge of data security breaches last year equifax, Kim others, how do you conceptualize this current moment as it relates to the bathroom decades for for the opportunity first off, I think I'm the worst ask about in cyber because I've been to along pretty much commotion about it, all but. I'll tell you. So my thoughts about I think that you know, this kind of surge in breaches and so forth. I think it it does present a lot of opportunity for some new ideas to come into the space in in, you know, to have very successful companies build very successful companies. We shouldn't be surprised by this. You know as been in the space twenty one years and has things that progress. You know, we talked about earlier kinda like now our computing in jill's -ation of our data, and so forth is like prevalent in everything we do rather go to the doctor or, you know, have a easy pass for the roads and so forth. Like, there's just so much information out there in affects our lives every day, and, you know, both nation states, and you know, cybercriminals or have you have dented that as a great opportunity for them as well. Right. So they're, you know, making more more tries in order to monetize. Is that data and so forth in they've come up with some, you know, ingenious ways to do that. So I think it is. You know, maybe a maybe the golden are perhaps cyber-security. However, you know, nothing's new under the sun. Like, we used to call deception that were, you know, on the pods, you know, a decade ago, or whatever there isn't a whole lot of brand new ideas. There's definitely integrations on the ideas to make them better. And so I think one customary Taylor's like if you're entrepeneurship or really even investors is there's a lot of competition in the space. So, and it doesn't really matter like, you'll see, you know, I think maybe four years ago or so we saw like deception networks kind of pop up on the on the horizon. And now, I could probably name about ten that do it. Maybe there's there's probably a lot more that, you know, show up. Arce or somewhere next year? So it it is a crowded cybersecurity in general's crowded market, regardless of what you do you might think it's totally new but. Announce usually there's at least three competitors, and they are immediately. So that's what makes it interesting for both an entrepreneur an investor, but maybe that's just because of bowdoin in the space. We've go say, I think. To a large extent cybersecurity tends to be unexecuted game rather, Dan like a novelty game in you rarely see something on the market that it's mind blowing -ly novel. But you do see something that as a concept has existed for a long time. But then finally packaged up in a sort of like, very usable very usable way. I think on a on a pots are very good example. There was this of this company called canary that effectively has only balls, but they're packaged in very simple. Tony stole. I wrote device that you just drp perimeter and as driven adoption per month. So the the of us driven adoption massively. I would say so I went with companies to to invest, I think one of the misstep to a lot of in enterpreneurs. Making in the sector is they have an eye pulses us of wetter. What they do would actually solve a problem. But they and they they seem a lot of our building that. And then don't think enough about building a way to actually prove that Derry publicist true, which goes back to the pooper body problem, the Dury's that that said, I do think that we are, you know, golden, Nicole, Don age for security for some reason, I think we're we're finally reached the point where the vast majority of the population has spent significant amount of dirt time line, which means that all the problems, you used to have many, I don't know a hundred years where hundreds of years ago, you know, physical world are now popping up in the let's go the cyberworld or or internet, and so such as when both through many decades and centuries old figuring out how do we solve crime industry? And now, do we? To prevent I dunno pirates, and that sort of stuff all of that is coming up in a different shape in on the internet. And so from that standpoint do think that we are in golden age for for cyber, but it's extremely competitive world contain born into the what would be your thesis, if you're solely focused atmosphere fun in terms of you besides what we talked about. Where would you be most excited, or where thematically would you be cited where the medically would you say, I don't want to touch any companies that are doing this? They're in the space, or this is to universal problem or to overcrowded or too difficult. Yeah. So we're in touch the moment one is endpoint security, and the reason why we're in touch it. As one is because there's extremely crowded and Jude because the union combats are of the smart kind and so like like right now if you look at companies like M game or across trike down. Are. So like, the the new incumbent and just situation where like they're eating older companies lunch lake, I don't know Symantec McAfee and sons fourth but at the same time, they're stealing that. So like star up like stage where they can fend off competition. Really? Well, so I think getting into anything I'm point is is almost impossible at this point the outer area that would be really wary of is network security, especially traditional network security 'cause they think what Doktor and containers. Plus, the cloud is doing to networks will significantly change the shape of an enterprise premature. And now we are in this iber face where he doesn't happen yet. But it's definitely going to happen. So the product you will deploy likely the part of your will build today? For police on my cloud container. Containerized world is not going to sell well now. But if you build a product network security that sells well today, you won't you won't be able to survive. Tomorrow's I think I think that's that's a narrative that I'm I'd be concerned concerned about and then in terms of like as you mentioned earlier inventions. I think like Canada the threatened television space is is on the decline. You know, I think it makes a great addition to accompany, you know, to help they connect enrich the data that you already have oven and provide some insights, but strictly appear play like you're gonna sell you Mr. bad hashes, IP, addresses, domain names, isn't really it isn't really viable now. Because we've seen it commodities prices driven to the ground. Yup. I fully agree. I think on the on the positive and in the other thing, I would say about threat intelligence is that what wouldn't turn. South that most companies don't actually have much of a us. Like, it doesn't matter whether they know that like North Korea hack them or is about walk them for my FM because that's that's not actionable enough. So I think of the main problem that a lot of the second company have is that is very hard to make dairy inside actionable. And also to a large extent everyone ends up being in having the same inside swords. It's hard to differentiate yourself. I think I think on the on the positive side aside from what we talked about earlier. So the cyber shredder the education, and and I'm Blockchain's security. I think run run area day. I find promising is anything related to identity management and just -plication of psalmody infrastructure that we have as been around for for Rebecca it's now, I mean, we've talked talked. I don't I don't about sort of like a PK is in such contempt targeted spot in general. I think stuff like Cabral's or active directory our systems that every organization has and are extremely complicated to of to to manage the source of lot of data breaches. And so I think it's something that allows on enterprise to completely do away without them would be would be quite quite an interesting Harry to to look more into. But it's it's it's a really tough problem to crack. And I don't know if Jimmy you have an area that you think is particularly interesting. Yeah. Right now, I'm looking at kind of there's that manage space a little bit of the educational side, but a little bit probably more to manage is. Can we make that better? Because I think it's an execution game is. Inventions speaking to earlier where the large incumbents really haven't executed well, and so I think it's interesting, you know, it's a little bit more techie. But I think it's an interesting space. Whilst thing would died is the anti-fraud space. I think will soon become a very interesting because we are seeing a lot of improvements in a is lashing learning whereby it's gonna be quite easy to fake stuff like voice or be doing science fourth. And how we deal with those problems is a no question and also kind of related to this a lot of the Humber generality Cobb Hypo events show us that several securities partially moving away from problems about computers to problems about people's collagen. And and then as an industry where absolutely I'm prepared to deal to deal with that. So it feels like an area where there will be a lot of work in like interesting action. If you had to involve the past president of us to project out to the future a little bit. Whether it's five years out ten years out. Maybe even you maybe twenty years out. How do you sort of see the dispaced evolving over time and the opportunities evolve? Over time reject out a little bit paint a picture for ROY you expect to see her while we might to yell just a pickup can women change was saying, you know, if we if we play out come at scenario like where you can fake data, right? Like if I can get in video of you for five minutes or twenty minutes in the night can create any video one of using anything I want that has some really interesting locations for our society. You know, we we saw what can happen when can data's manipulated to create kind of the public opinion right with the Facebook's things and so forth during the the election. And so if you know as maybe too. The video and audio in kind of almost a real time manner that look seamless. And then, you know, how do we know this person really sit bad or and things like that is a whole new kind of I, you know, quote, unquote, identity type of problem. How do we know that this really happened? So whereas, you know, when we first when radio and things I came on the scene, you know, it was amazing because public figures could address, you know, their entire country perhaps the world and in galvanize can people around a common cause. But if we in now that the technical advancing if you add more is I don't know if it'd be five years, but that's kind of maybe a strange new world where security would have to challenge her conquer line new challenges. Yeah. I with that. I think so the other area that I think will be quite interesting to to watch witness is. I think we're getting much better hut securing individual components, but we're starting to get very close to like, basically, competing to'real explosion of stuff that is connected to each other. And so when you look when you start from the latest data breaches what you see is that tends to be a few years ago. You would normally see is oh there is exploit for browser exploits browser compromisers on machine. And then from that machine. Dishonor Blake do will in I guess in the industry in industry terms of skull lateral movement. Meaning they figured out what item machines nearby in the network. They can compromise. And since fourth I love what we're seeing these days specically, you compromise one of the weaker links in your supply chain or whatever else is still connected to you. And then you sort of like escalate from there. So I think we will see a lot more of these attacks. Where you attack very like your talk targets that have no till g to you by eating themselves, except their privilege access to the organization that you action care about that world will look very different from overuse to defend against today. That's definitely an area that since interesting and also back to what candy was saying. I think we'll we are unprepared to deal with is the concept that will we stand here is not true. And so anything that deals with that is going to be like dealing with that is going to be an ongoing concern in problem that we literally have noise y'all tackle on the on the ominous note that you guys been a it's been awesome plus zone where can people find you? Learn more about your work on line. You know, what's one thing you want? Entrepreneurs investors to take away from his podcast. Whether it's a summary of something we've discussed or something we haven't yet mentioned. Pretty easy to find online. Give me a Twitter account Lincoln's on so forth. I would say, you know, two maybe two entrepreneurs out there. You know? Maybe this wasn't the most catching a ta. But I think you know, is private said on gas before. But you know, I think being a practitioner like doing this every day, you know, even if you're kind of a beginner is a great place to start be the operator who's trying to solve security problems. And then I think as you get exposed to more and more of those issues, you know, that's what will prompt, you know, your unique idea or your, you know, how you can execute better than some of the incumbents by solving real problem. That's been been a pain point for yourself. So, you know, I'm a big believer in kinda, you know, on the job experience and so forth. And so I think of being that operator or security person like more from a management policy operations. Side of things is a great place to start before stat out to go build something for me Sumaira, I have a Twitter account but easy to find the line linked in. I think your terms of advised to interpreter asus. I keep going back to what was saying earlier. I think security's too much of a market Philemon. So I would focus on building something on building something that can be measured. And it would also focus a law on figuring out you the product also building poop in for for investors. I think the what is countering to give insecurities that what is needed today in yen Yantra price. It's likely gone non going to be needed five years down the line. And so I think the areas that are most promising are. I I guess a method that is good to define what's promising is to look at what is the current and played this state of the art as far as I guess research or a software development goes, and what is the state of enterprise security, and if you'll find an area where the current state of the art has not improved and an security has that problem today. That's probably a good place to invest for the next five ten years. I I create example is investing today in a company that stops software. Exploits is probably not a good idea because we've gone into a point when you look at motor windows or or US where writing an exploit is still visible. But it's it's economically unfeasible for the vast majority of actors, so a company that solves that like tail risk. Probably doesn't have and. Commerce to to Toronto Rubio business bought you wouldn't be able to tell that today. Just by looking at the state enterprise security and say in what we've seen in us about data breaches because it's all about like, exploit wannacry all. Guys. Thank you become an been great episode. Thanks a lot. Thank you. If you're an early stage entrepreneur, we'd love to hear from you. Please hit us up at village. Global dot BC slash at work catalyst.