Security experts Joel de la Garza, specializing in data breaches, and Naftali Harris, who validated a major breach involving nearly 3 billion records, delve into the alarming implications of the recent identity threat. They discuss how such a massive breach occurs and the urgent need for consumer awareness. The conversation highlights the critical steps individuals can take to protect themselves and the innovative methods needed for secure identity verification in the digital age. Their insights illuminate the evolving landscape of identity theft and digital fraud.

In this special “3x”-long episode of our (otherwise shortform) news analysis show 16 Minutes -- past such 2-3X explainer episodes have covered section 230, Tiktok, GPT-3, the opioid crisis, more -- we cover the SolarWinds hack, one of the largest (if not the largest!) publicly known hacks of all time... and the ripple effects are only now starting to be revealed. Just this week, the U.S. Cybersecurity and Infrastructure Security Agency shared (as reported in the Wall Street Journal) that approximately 30% of both private-sector and government victims linked to the hack had no direct connection to SolarWinds. So who was compromised, do they even know, can they even know?!Because this hack is a supply-chain compromise involving various third-party software and services all connected together in a "chain of chains", the knock-on effects of it will be revealed (or not!) for years to come. So what do companies -- whether large enterprise, mid-sized startup, or small business -- do? What actually happened, and when does the timeline really begin? While first publicly revealed in December 2020 -- we first covered the news in episode #49 here when it first broke, and there have been countless headlines since (about early known government agency victims, company investigations, other tool investigations, debates over who and how and so on) -- the hack actually began not just a few months but years earlier, involving early tests, legit domains, and a very long game.We help cut through the headline fatigue of it all, tease apart what's hype/ what's real, and do an "anatomy of a hack" step-by-step teardown -- the who, what, where, when, how; from the chess moves to technical details -- in an in-depth yet accessible way with Sonal Chokshi in conversation with a16z expert and former CSO Joel de la Garza and outside expert Steven Adair, founder and president of Volexity. The information security firm (which specializes in incident response, digital forensics/ memory analysis, network monitoring, and more) not only posted guidance for responding to such attacks, but also an analysis based on working three separate incidents involving the SolarWinds hackers. But how did they know it was the same group? And why was it not quite the perfect crime?image: Heliophysics Systems Observatory spacecraft characterize, in the highest cadence, the constant stream of particles exploding from the sun affect Earth, the planets, and beyond via NASA Goddard Space Flight Center / Flickr

The Chief Security Officer (CSO/CISO) used to manage on-premise servers, now the information they have to secure has migrated to the cloud. As the responsibility of CSOs has expanded, the role has moved from technical IT to the boardroom. How do the best CSOs prepare for and respond to a crisis, from redteaming to comms? What responsibility should cloud & SaaS vendors, not to mention the government, have in security and data breaches?  And how is the role going to evolve in the next five years? At our a16z Innovation Summit last year, we sat down with two security leaders whose career has evolved as the role has – Joe Sullivan, former CSO at Uber and Facebook, now at Cloudflare and Joel de la Garza, current security partner at a16z, formerly CISO at Box. 

We are in the midst of a rapid and unprecedented shift to remote work. What does it mean for security when the airgap between work and life is gone? How prepared are organizations? And what should security professionals as well as individual workers be doing to protect themselves and their companies?In this podcast, a16z security expert Joel de la Garza breaks down the current risks and how to defend against them. But beyond just immediate security needs, he explains what bigger transformations may be happening, most notably a shift from the traditional hub-and-spoke, point to point, security architectures to a more distributed approach to workloads as well as trust.

Join Joel de la Garza, CISO of Box, who shares his insights on grappling with cybersecurity challenges in a large enterprise. Stina Ehrensvärd, founder of Yubico, delves into the essential role of hardware security keys like YubiKey in enhancing online safety. Meanwhile, Niels Provos from Google highlights key security practices and the struggle to implement research effectively. The discussion reflects on the convergence of cyber and physical security, the balance between security and convenience, and a forward-looking view on evolving standards.