Brian Vallelunga

And if both those answers are correct or yes, and you still feel like there's nothing in the market that does anything close, you have a product. The question is, is that product 10X better than whatever's in the market? Because if it isn't 10X better or 10X different, there won't be enough of a differentiator to create a buying event, I found. Right.

And if both those answers are correct or yes, and you still feel like there's nothing in the market that does anything close, you have a product. The question is, is that product 10X better than whatever's in the market? Because if it isn't 10X better or 10X different, there won't be enough of a differentiator to create a buying event, I found. Right.

Yeah, there's a couple that really come to mind. I mean, let's look at... He laughed like he's got some doozies of some stories. They're all public. I'll share one that isn't public, but I won't say the name of the company, and then I'll share a couple that are public. So Twitch, Toyota, and Twitter all kind of had the exact same breach happen. And they had secrets in code.

Yeah, there's a couple that really come to mind. I mean, let's look at... He laughed like he's got some doozies of some stories. They're all public. I'll share one that isn't public, but I won't say the name of the company, and then I'll share a couple that are public. So Twitch, Toyota, and Twitter all kind of had the exact same breach happen. And they had secrets in code.

The code got leaked somehow, either by them opening up the repos themselves, or by hackers being able to get access to the GitHub account from an employee that got compromised. So like someone... got called and said, hey, I'm your boss and give me access to GitHub. And then the hacker got access to GitHub. And then from GitHub, they saw the code and the code had the secrets in it.

The code got leaked somehow, either by them opening up the repos themselves, or by hackers being able to get access to the GitHub account from an employee that got compromised. So like someone... got called and said, hey, I'm your boss and give me access to GitHub. And then the hacker got access to GitHub. And then from GitHub, they saw the code and the code had the secrets in it.

And boom, now the hackers are really off to the races. And that's like that happened multiple times and keeps happening because there wasn't a system in place to make sure secrets never entered code. They should never be in code.

And boom, now the hackers are really off to the races. And that's like that happened multiple times and keeps happening because there wasn't a system in place to make sure secrets never entered code. They should never be in code.

Absolutely. I mean, that is like the number one thing most attackers are going after is like GitHub because they're assuming you're going to be making this exact mistake. And it's very easy to impersonate a boss, especially in the days of AI. So these attacks are going to get more and more sophisticated and feel more and more real.

Absolutely. I mean, that is like the number one thing most attackers are going after is like GitHub because they're assuming you're going to be making this exact mistake. And it's very easy to impersonate a boss, especially in the days of AI. So these attacks are going to get more and more sophisticated and feel more and more real.

Like you're actually talking with your boss and all of a sudden, boom, you have access or they have access. And then I'll tell a story. I can't say the name of the company. I can promise you this. You have absolutely heard of the name of the company. You probably have used their product at some point in time. And they're very big. And this is before they were customer of ours.

Like you're actually talking with your boss and all of a sudden, boom, you have access or they have access. And then I'll tell a story. I can't say the name of the company. I can promise you this. You have absolutely heard of the name of the company. You probably have used their product at some point in time. And they're very big. And this is before they were customer of ours.

They had a data breach where they hired a malicious actor in the company. So there was a rogue agent that they had hired. That rogue agent stole all their credentials or all their secrets, about 2000 of them. They detected a bit late in the game, obviously exited that employee. But then the security team was tasked with rotating these secrets.

They had a data breach where they hired a malicious actor in the company. So there was a rogue agent that they had hired. That rogue agent stole all their credentials or all their secrets, about 2000 of them. They detected a bit late in the game, obviously exited that employee. But then the security team was tasked with rotating these secrets.

So again, swapping out the locks, making sure that all those secrets they stole aren't valid keys to the locks anymore. And it took their security team six months across three engineers to rotate all of these credentials. So six months.

So again, swapping out the locks, making sure that all those secrets they stole aren't valid keys to the locks anymore. And it took their security team six months across three engineers to rotate all of these credentials. So six months.

That's not just like six months of only doing this and not doing any other projects and a major distraction, but also six months that the attackers got to steal data. Well, if data moves at gigabytes per second through AWS, They have an enormous amount of time to drain all the data, right? Like they had all the time in the world, basically.

That's not just like six months of only doing this and not doing any other projects and a major distraction, but also six months that the attackers got to steal data. Well, if data moves at gigabytes per second through AWS, They have an enormous amount of time to drain all the data, right? Like they had all the time in the world, basically.

Like when you're dealing in data breaches, you're dealing in seconds and minutes, not months. So months is an absolute insane amount of time that the attackers had to basically use all those stolen credentials to get anything they wanted out of the system or compromise the system in any way.

Like when you're dealing in data breaches, you're dealing in seconds and minutes, not months. So months is an absolute insane amount of time that the attackers had to basically use all those stolen credentials to get anything they wanted out of the system or compromise the system in any way.