Security

Nitin Natarajan is the deputy director of CISA (Cybersecurity and Infrastructure Security Agency), and has extensive experience in the cybersecurity space, including overseeing critical infrastructure for the U.S. Nation...

A good deal of web3 security rests on blockchains' special ability to make commitments and to be resilient to human intervention. But the related feature of finality – where transactions are generally irreversible – make...

One way to view technological advancement is through the lens of hardware: as new needs and use-cases emerge, chip manufacturers design special-purpose GPUs, FPGAs, and ASICs optimized for specific functions and software...

The Ethereum blockchain is a public ledger that anyone can inspect.

As an NFT collector, you should care about on-chain provenance. The most authentic provenance for an NFT is when it is initially minted directly from a creator's wallet or a smart contract that the creator owns. However,...

There are people in the industry who seem to be everywhere you look. Zane Lackey has always been one of those people. He's perhaps most well known as the cofounder and CSO of Signal Sciences, which was acquired by Fastly...

Today’s episode is all about crypto security — that is, the new mindsets and the new strategies for storing crypto assets safely while also allowing holders control and access. (As a reminder, none of the following should be taken as investment advice, please see a16z.com/disclosures for more important information.) We’ve covered security trends more broadly a ton in our content, which you can find at a16z.com/security, as well as crypto-related trends including NFTs, and the creator and ownership economies. But as more people enter crypto lately — thanks to the boom in NFTs, decentralized finance, and much more — we share specific best practices and options for securing crypto as well as discussing how it all fits this next evolution of the internet: web3. Our expert today is a16z crypto data scientist Eddy Lazzarin, who joins host Zoran Basich. He covers practical approaches ranging from passwords to crypto wallets and what users can do; the evolution of crypto briefly; and the big picture mindset shifts involved here as well.

How ransomware works, from the anatomy of a hack to how the groups operate; the role of nation-states, insurers, and regulators; and what to do if your stuff is taken hostage...

In this special “3x”-long episode of our (otherwise shortform) news analysis show 16 Minutes, we cover the SolarWinds hack, one of the largest known hacks of all time... and the ripple effects are only now starting to be revealed, especially given latest news reports from the U.S. government. What actually happened, when does the timeline really begin? We help cut through the headline fatigue of it in this "anatomy of a hack" teardown -- the who, what, where, when, how -- from the chess moves to the step by step long game.

Security is countercyclical: the business tends to boom while broader macro conditions deteriorate. But amid this year’s pandemic — including remote work and economic uncertainty for many — specific security trends (data...

We're back to covering multiple items on our show 16 Minutes -- which covers the news, occasional explainers, and teases apart what's hype/ what's real -- as well as where we are on the long arc of innovation.

WHEN are we going to have a COVID-19 vaccine, and how the heck are we going from 12 years of vaccine development compressed into 12 months or so? What will and won’t be compromised here, and where do new technologies (like mRNA) come in? Where will vaccines likely be distributed first; who will and won't get them initially; how do we maintain not just safety and efficacy of vaccines but trust and transparency when it comes to mis/information? We may actually see the emergence of a "Neo Anti-Vaxxer"... but we may also be entering a renaissance for vaccinology after this pandemic.

Many don’t realize we even need to think about the possibility of security hacks when it comes to things like pacemakers, insulin pumps, and more. But when bits and bytes meet flesh and blood, security becomes literally a life or death concern. So what are the issues and risks we need to be aware of in exposing security vulnerabilities in connected biomedical devices?

In this week's episode of 16 Minutes on the News with Joel de la Garza, in conversation with Sonal Chokshi, we discuss the security and privacy concerns around Apple and Google’s approach, called "privacy-safe contact tracing". Yet technology is not the biggest part of this discussion; it’s also about rights, cultures, and values... and the bigger questions around what happens when people are "transformed into cellphone signals".

Going from rapid warning to early detection through social network sensors can make all the difference when it comes to contagion/ the spread of disease and pandemics. Can we get public health bio surveillance without sacrificing privacy and agency?

As the responsibility of CSOs has expanded, the role has moved from technical IT to the boardroom. How do the best CSOs prepare for and respond to a crisis, from redteaming to comms? What responsibility should cloud & SaaS vendors, not to mention the government, have in security and data breaches?

Zoom has not only experienced unprecedented, rapid growth (from 10M to 200M daily active users) due to the coronavirus pandemic and shelter-in-place -- but is also seeing a shift in use cases from primarily enterprise to more consumer as well. At the same time, there have been several security issues and concerns around Zoom, including "zoombombing" porn; home-grown encryption; and key-management systems, servers, and engineers in China. What's hype/what's real in the headlines here? In this episode of 16 Minutes, a16z general partner David Ulevitch (former SVP/GM at Cisco), and operating partner for security Joel de la Garza (former CSO of Box) break it all down in 16+ minutes with Sonal Chokshi. What does it all mean for related tech trends in bottom-up SaaS -- from user onboarding and the flip side of "earning the right to be complicated" to pricing & packaging -- as well as for open source; and cloud security, particularly when it comes to video?

We are in the midst of a rapid and unprecedented shift to remote work. What does it mean for security when the airgap between work and life is gone? How prepared are organizations? And what should security professionals...

From business email compromise to SIM ports, cyberattacks have shifted from networks to you. And it's been an incredibly profitable pivot, with cyberhackers like GandCrab claiming earnings of $2.5M per week. How can you...

The security systems that protect our banks, social media sites, and numerous online platforms are outdated — so much so that even the CEOs of popular sites can get hacked. As we move into the future, we need increasingl...

This episode of our news show teases apart what was just a concept, what's near from the annual Consumer Electronics Show (CES 2020). Board partner Steven Sinofsky (in conversation with Sonal Chokshi) takes us on a quick tour of the based on his annual field trip report from the floor.

News and trends covered this week include: * Star Wars trailer in Fortnite, gaming, and future of social -- with @tocelot * Congress warns tech companies to take action on encryption, or else "we will impose our will on you" -- with @martin_casado @joeldelagarza

What’s the new go-to-market for B2B? How will AI impact the enterprise? Is open source the future of software?

This is the 14th episode of 16 Minutes, our weekly-ish news show where we quickly cover the top headlines of the week, the a16z Podcast way: what’s real, what’s hype from our vantage point in tech. This week, we cover the following news -- with a16z experts general partner Julie Yoo and market dev partner Venkat Mocherla from the bio team, and former CSO/ a16z security operating partner Joel de la Garza.

This is the 13th episode of 16 Minutes, our weekly-ish news show where we quickly cover the top headlines of the week, the a16z Podcast way: what’s real, what’s hype from our vantage point in tech. This week, we cover the following news -- with a16z experts general partner Connie Chan and D'arcy Coolican from the consumer team, and former CSO/ a16z security operating partner Joel de la Garza.

a16z's newsletter for all things enterprise and B2B -- From AI to open source to software-as-a-service, enterprise software to company building, we share what we’re seeing, hearing, and talking about in our own hallways.

The internet led to all sorts of applications that have changed people’s lives, connecting people around the world in new ways and at new scale. But that only really happened once we figured out security within the netwo...

The government wants to get onto the cloud! But how do they assess the levels of risk in adopting specific cloud products, and which "cloud service providers" (aka "CSPs") to work with? That's where FedRAMP -- the Federa...

The recent Capital One data hack and breach that compromised sensitive information for 106 million people, including 140,000 Social Security numbers and 80,000 bank account numbers, was executed by a single hacker who ex...

This is episode #6 of our new show, 16 Minutes, where we quickly cover recent headlines of the week, the a16z way -- why they're in the news; why they matter from our vantage point in tech -- and share our experts' views on these trends as well.

After headlines and heated discussions around large consumer breaches, the “death of the password” may be the second most common information-security (“infosec”) story out there. And it’s an old story: Bill Gates predict...

Synthetic fraud—yes, it's a thing: a new evolution of consumer fraud that’s been emerging in financial services, to the tune of $1-$2B a year. In this episode of the a16z Podcast, Naftali Harris, co-founder and CEO of Se...

As everything that used to be just a "dumb object" now increasingly has coding in it -- from phones to fridges to door knobs -- what are the security challenges that are coming to the industry as a whole?

This is a written version of a presentation I gave live at the a16z Summit in November 2018. You can watch a video version on YouTube.

Recorded as part of our NYC roadtrip, this episode features Cornell Tech PhD student and software engineer Phil Daian, who researches applied cryptography and smart contracts -- and who also wrote about "On-chain Vote Buying and the Rise of Dark DAOs" in 2018 (with Tyler Kell, Ian Miers, and his advisor Ari Juels). Daian is joined by a16z crypto partner Ali Yahya (previously a software engineer and machine learning researcher at GoogleX and Google Brain), who also recently presented on crypto as the evolution -- and future -- of trust.

Editor’s Note: These notes -- as well as information posted from the FS-ISAC newsletter (permitted to be distributed without restriction) -- were shared by operating partner (and former Chief Security Officer at Box) Joe...

The idea of the cybercriminal as lone wolf or hobby hacker is no longer much of a reality. Instead, the business of cybercrime looks a lot more just like that -- a large, global technology business, with many of the asso...

Back in the early 2000s when I was at a national laboratory doing intelligence work, we were warned not to take our laptops when traveling to sensitive countries. I remember being warned that if our laptops were out of o...

“Never answer an anonymous letter”

Here's the hard thing about security: the more authentication factors you have, the more secure things are... but in practice, people won't use too many factors, because they want ease of use. There's clearly a tension b...

I’ve been directly or peripherally involved in the security community approaching two decades now: in the early 2000’s working with the intelligence community; as a PhD student researching networking security; subsequent...

We now live in a world where connecting the dots between intel and modeling threats has become infinitely more complex: not only is the surface area to protect larger than ever, but the entry points and issues are more d...

The International Consortium of Investigative Journalists is the organization responsible for the compilation and release of the first the Panama Papers, a series of 11.5 million documents that detailed the offshore deal...

Given concern around data breaches, the EU Parliament finally passed GDPR (General Data Protection Regulation) after four years of preparation and debate; it goes into enforcement on May 25, 2018. Though it originated in...

Given the heated discussions around security and the c-word (“cyber”), it’s hard to figure out what the actual state of the industry is. And clearly it's not just an academic exercise -- it is a matter of both business s...

watch time: 21 minutes

We've already talked quite a bit about the Algorithms, Machines, and People lab at U.C. Berkeley (AMPLab) -- all about making sense of big data -- so what happens when the entire world moves towards artificial intelligen...

"When a rising power threatens to displace a ruling power, shit happens." It's true of people, it's true of companies, and it's even more true of countries. It's also the fundamental insight captured by ancient Greek his...

"We're always fighting the last war" -- that's a phrase historians like to use because policymakers and others tend to be so focused on the threats they already know, and our mindsets and organizational structures are or...

When individuals gain the abilities that only nation states once had, how do we put cyber threats in perspective for policymakers -- without unduly "inflating" the threats? As it is, security is an intense and important...

Nearly every cybersecurity discussion/presentation follows this formula: We don't know what we're doing; the bad guys are getting smarter; our defenses are getting worse; everything's more connected than ever; we're head...

"Slow down, cowboys" -- that's what Senator Kamala Harris (D-California) said when prosecutors in her office wanted to bring a case against companies that let apps download someone's entire address book, because surely t...

Rules, guidelines, regulations, and "laws" are all sometimes used interchangeably -- but what's legal and what isn't is far more complex when it comes to policy, especially when politics (and technology) enters the pictu...

There's an interesting paradox when it comes to the U.S. government and tech: Either they're an inventor, early adopter, and buyer of emerging new tech ... or they're a very late adopter (as in the case of government off...

When it comes to spycraft -- or rather, "tradecraft," as they say in the biz -- what do the movies get right, and what do they get wrong? In this episode of the a16z Podcast, Michael Morell -- former Deputy Director and...

Moore's Law -- putting more and more transistors on a chip -- accelerated the computing industry by so many orders of magnitude, it has (and continues to) achieve seemingly impossible feats. However, we're now resorting...

The modern enterprise holds all sorts of applications, devices, and workflow needs. How should we be thinking about securing infrastructure -- and identity -- in this context, for entities like major news media outlets o...

watch time: 20 minutes

We live in very interesting times, to say the least -- whether it's a shift in how technology is built and adopted today compared to the past; a changing international landscape with leapfrogging players; or an increased...

How will the entire industry be affected as companies not only adopt, but essentially offer, microservices or narrow cloud APIs? How do the trends of microservices, containers, devops, cloud, as-a-service/ on-demand, serverless — all moves towards more and more ephemerality — change the future of computing and even work? Cockcroft (who is now a technology fellow at Battery Ventures) joins this episode of the a16z Podcast, in conversation with Frank Chen and Martin Casado (and Sonal Chokshi) to discuss these shifts and more.

"Anybody who is interested in China, who's developing things in China, who's doing business with China needs to be thinking about the instinct towards politics over pragmatism", argues New Yorker staff writer (and former...

The guests on this episode of the a16z Podcast — continuing our D.C. and tech/innovation/policy theme — share their thoughts on safety, privacy, paper airplanes, and what they think are some of the most exciting things now possible in airspace. Joining the conversation are Washington, D.C.-based Mercatus Center tech policy lead Eli Dourado, along with graduate research fellow Samuel Hammond; Airware founder and CEO Jonathan Downey; and SkySafe CEO and co-founder Grant Jordan.

It almost seems like gospel -- or at least a given -- today for startups to embrace the cloud. Services like AWS have powered an entire generation of startups that can now spin up new applications, new businesses, and ne...

Infrastructure. It powers everything from cities to computing, yet is sometimes considered "boring" because it is so invisible to so many of us. But as software continues to eat the world, infrastructure has come to the...

The thing about enterprise security, from the outside at least, is it reads like a Hollywood thriller. Nation states are after your company’s most valuable assets and they must be stopped at all costs. And yes, some nati...

There are two things now driving the security industry:

Managing enterprise networks with thousands of users and endpoints has been hard enough. Now that large enterprise networks routinely include hundreds of thousands of nodes it’s amazingly difficult and time-consuming (we...