Andy Cao and Hugh Thompson: Inside RSAC 2025’s biggest moments and boldest ideas

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Sid Trivedi (00:07):
Welcome to Inside the Network. I'm Sid Trivedi.

Ross Haleliuk (00:11):
I am Ross Haleliuk.

Mahendra Ramsinghani (00:12):
And I am Mahendra Ramsinghani. We have
spent decades building,investing, and researching
cybersecurity companies.

On this podcast, we invite you to join us inside the
network where we bring the bestfounders, operators, and
investors building the future ofcyber.

We will talk about the hard parts of the
founder journey, launchingcompanies, getting to product
market fit, raising capital, andscaling to an exit.

And, yes, we will also be talking about
epic failures.

But, Mahendra, we're here to make the founder
journey easier.

That is correct, Sid. But we cannot make
it too much easier becausestartups are hard, And, of
course, you already knew that.

Alright, you two. Enough. Let's get started with
this week's episode.

Welcome to this RSA special episode of
Inside the Network. Today, webring you two guests, Andy Kao
of Project Discovery, winner ofthe Innovation Sandbox Award,
the coveted award as the mostinnovative company of 2025, and
doctor Hugh Thompson, executivechairman of the RSA conference.
We will understand what setsProject Discovery apart and how

(01:31):
this most innovative company of2025 is tackling AI driven
challenges and what's next forthis rising star in
cybersecurity. Then the doctorHugh Thompson will understand
what it takes to lead theworld's largest security
conference and how RSA continuesto evolve in these times. Let's
get started.
Andy, congratulations. The RSAInnovation Sandbox winner for

(01:52):
2025. Nobody guessed in this dayand age of AI that Project
Discovery would end up beingthat winner. Not even
ChatGipity, not even Grok. Youknow, we we ran a little poll
with these different models, andProject Discovery was, like,
number three with all themodels.
Tell us more. How did you makeit?

Andy Cao (02:10):
Well, I think I think vulnerability management is
still a big problem. And and AIis absolutely a big problem. But
I think if you sit down withCISOs and you ask them, where
are they spending their dollars?Where is their team getting
bogged down? Vulnerabilitymanagement is still top two, top
three.
And so I think it was anopportunity to tell a story
about reinventing a decades oldindustry with an approach that

(02:31):
with community, I mean Doug wason here in the recent podcast
talking about how communityreally powered security industry
in the early days. And I thinkit's, you know, between solving
a really big problem, automatingit in a way that it's not magic
AI, it's you can see thesetemplates, you can touch them,
you can edit them, and then youhave this community backing
behind it. Think it reallycreates an inspiring story

(02:52):
around innovation that I thinkthe judges could really rally
behind. So we're we're reallythrilled that they they saw what
we were doing.

You know, we it's funny. In advance of this, Andy,
we actually went and we pingedone of our former speakers, one
of our guests, Ron Gula. Youmentioned Tenable and you
mentioned Vesis a couple oftimes in your presentation, your
three minute presentation. I Itexted Ron last night and I
said, hey Ron, like, we haveAndy on the show and we wanna,
you know, have ask him a fewquestions and just imagine as if

(03:17):
you were one of the judges, Ron,what would be the big question
you'd ask? And so he sent melike 10 of them and I'm gonna
focus on just one just to tostart.
He said, look, Project Discoveryis really focused on this open
source model. Right? Like that'swhat differentiates you in the
vulnerability management space.And that was something that he
was very much pushing in theearly days. He talks about this
on the show.
He said, Starbucks submits ascan template today on project

(03:39):
discovery, who owns a scan? Isit you? Is it Starbucks? The
customer? And the reason heflagged this was he said, well,
in the future, let's imagine aworld where project discovery
potentially gets acquired andthere's technically IP.
Who owns the IP? Is it yourcustomer? Is it the potential
acquirer? Where does that thatIP sit?

Andy Cao (03:55):
We're a open source and community first company. So
if you look at our Nucleitemplates repo, it's an MIT
license. It belongs to thecommunity. And we and this is
the only way you can get 10,000detection templates. It's it's
because people know that whenthey contribute a template, it
it can help everyone around theworld.
Now every contribution isreviewed by our internal team
because our enterprise customersneed to know that there's

(04:18):
quality behind that. Butultimately, the only way we can
build a sustaining ecosystem ofinnovation with our community is
to make sure that this stillbelongs to the community. So the
answer to that is if it's an MITlicense and it's still out
there. Now where we're goingwith this, and and I kinda
talked about it a little bit inthe talk is vulnerability
management is not just CVEs. Itcan be findings from a bug

(04:39):
bounty program, a pen testreport.
Your red team might findsomething. Nuclei templates, the
customizability of thesetemplates, plus the ability with
AI now, we can generate Nucleitemplates for any vulnerability.
And now you have vulnerabilitydetection as code, and our
customers own these customdetections. I'll give you an
example. One of our customers,Vercel, actually is using us to

(04:59):
create a regression automationprogram around these
vulnerabilities and detectionsthat they have, and this belongs
to them.
So I think the communitytemplates is a starting point,
but the the opportunities areendless in terms of what
companies can really do with thesyntax of these templates and
really making their own kind

of customized vulnerability management
program. Vulnerabilitymanagement has a large number of
incumbents. There is Tenable.There is Qualys. What was the
key challenge that enabled thecreation of your platform?

Andy Cao (05:25):
I mean, you think about it, these scanners were
built twenty years ago. I was inhigh school twenty years ago.
And the world is so differenttoday. And, you know, maybe
twenty years ago, looking atversions, outdated versions in
particular, were enough forvulnerability detection. But
today, with the ex I mean, youlook at how many CVEs are
released every year in 2025versus twenty two thousand and

(05:46):
five, it's just it's a differentlandscape.
And security teams need to knowwhat is actually exploitable.
And I think what excites me iswhat we're doing with the Nuclei
templates, it's not rocketscience, it's not a big complex
LLM behind a in a black box. Youcan see exactly the steps that
we're automating that anysecurity engineer, pen tester
would do otherwise. And we'rejust unlocking all this

(06:08):
automation that we feel likeshould have been automated years
ago. And I think that's thefoundation for us is starting
with accurate detections.
Because no matter whatprioritization engines you buy,
what vulnerability aggregatorsyou buy, if you're starting with
hundreds or thousands of falsepositives, you're just gonna end
up with a lot of manual work.

You're a star now. You know, we could see
the halo, the glitter around youafter having won this coveted
award. But every company goesthrough tough times. I mean, you
have seen some dark days atProject Discovery. Help us
appreciate the ups and downsthat you have been through
leading up to this day.

Andy Cao (06:40):
So in our talk, on the final team slide, if you
noticed, we used Studio Ghibliimages of our team. And we
wanted to go in that directionbecause we are not ex Palo Alto
Executives who built securitycompanies. And when I said we're
hackers, misfits, dreamers,that's really who we are. Our
CTO was top three in the worldon Hacker One. He's the hacker.

(07:01):
Wow. Our CEO is a dreamer. He'sgot the vision. And I'm the
misfit. Like, I dropped out ofVC.
I was unemployed four years agobuilding a camper van, and and
we're just figuring it out. AndI think what unites us is this
common drive, this grit, thisresilience to solve this problem
and to know that no one can comein and solve this ourselves. And

(07:21):
I think that was one of thethings that we learned is, like
last year we had one of ourearly POCs with a large global
financial institution. Teaminvites were not working, scans
were failing, and we weregetting messages that has like
10:11PM my time and you know,God knows what hour in India for
them. And it was there weredefinitely some pretty dark days
of, oh my god, can we buildthis?

(07:42):
But I think it's that journeythat founders need to go on to
learn that that gives you thatconfidence that yes, you can
disrupt a billion dollarindustry. You gotta just like
focus on the thing at hand,solve this problem for the
customer. Hey, if you didn't gowell, what did you learn from it
and do better next time. And youknow, this is this goes out to
all the early people whobelieved in us, who continue to
share bugs with us and, youknow, but I think it's that

(08:04):
focus on growth and learningthat has really allowed us to
get to where we are today.

On the topic of misfits, you talked a little bit
about, you know, your career andthe the the awesome thing for
our listeners is Andy and I haveknown each other for a decade
and, you know, he started off inVenture. It was pretty awesome.
You were at Trident Capital withone of our dear friends Will Lin
and then subsequently you joinedSunstone and then after that
Comcast and you took a littlebit of time off after you know
Venture and you described beingon in the camper van with your

(08:30):
partner and spending a year offaway from security, away from
software. What did you learnfrom that experience and what
did you bring back after thatsabbatical?

Andy Cao (08:37):
Yeah. I I love to tell you that there was one day that
I woke up during my sabbaticalwhere everything was just super
clear and and I tell you, stillremember the first few weeks
after I started, we'd like wejust bought this camper van
brand new. It's like this emptyshell of a thing. And I had just
gone to Home Depot and and thiswas when my wife had just
started going back to work. Itwas like in January.

(08:59):
And I was unemployed. The wholeworld was moving on from the
holidays and I was like, what amI doing with my life? And it it
didn't come overnight as Imentioned earlier, but just, you
know, I worked twelve hours aday on that van, seven days. I
worked harder on that thing thanI did in in Venture.

And Yeah. You DIY ed that van.

Andy Cao (09:17):
I DIY ed it. It has a huge shower. It it has a bro it
has a stove, a fridge. If you go

to Andy's LinkedIn page, you can actually see the
picture of the van in Quick Aidand see the, you know, all the
details.

Andy Cao (09:29):
You can see it. Yeah. And I think I came out of that
realizing that I'm a builder. Iand the venture is an incredible
industry and I have so muchrespect for what you do, Sid.
But I think after the many yearsof being in venture, came away
building that van saying, youknow, I wanna I wanna build
something.
And I think that was a really Irealized what made me tick. I'd
always been passionate aboutcyber security. So when I got

(09:50):
introduced to Rishi and Sandeep,I just I felt this kinda drive
that I just I hadn't felt everin my life professionally, and
the rest is history.

AI and automation is is the talk in town.
Everybody is is talking how AIis transforming transforming the
future of cybersecurity. What isworking in AI in your opinion?
And what is fluff? What is buzz?
And what are the overstatements?

Andy Cao (10:12):
Yeah. I think we have this vision of AI as empowering
the people, our users. And Ithink if we take any inspiration
from the dev and infracommunity, what has worked well
with AI there? Engineers getcode at the end of it that they
can modify, that they canimprove replacement. And I think
when we see AI in security, wewe wanna continue to provide

(10:34):
ways where the solutions can betransparent and customizable and
empowering.
So if you look at our AIsolutions, it's not a black box.
We are generating nucleitemplates that clearly outline
for a security engineer what wethink we need to do to test for
a vulnerability. And then we'reempowering them to say, okay, if
you wanna make any change, canmake you can update the
template, you can learn fromthis to write another one.

(10:55):
Right? I mean, that's how we areall learning from LLMs.
I think we should takeinspiration from what dev and
infra companies have done withAI to really empower security
teams, not provide more blackbox solutions, which I think
we've seen has has really beenfrustrating for many security
teams.

And as we in closing, you look at the
future, you look at the crystalball and say, what would the
next twelve, twenty four monthslook like? What are some things
that excite you? What are somethings that scare the bejesus
out of you as you look at the inthe near future?

Andy Cao (11:23):
I mean, we we're the Davids against the Goliaths
here. Right? And if you look atTenable, Qualys, and Raffet
seven combined generate over 2and a half billion in revenue a
year. They are massivebusinesses, but they're built on
foundations that I think manysecurity teams are excited to
move on from. And so we getexcited about the opportunity to
go against those those giants inthe industry and and provide an

(11:46):
opportunity for security teamsto build on something modern.

Well, Andy, that's the fun part. Tell
us what scares you.

Andy Cao (11:52):
The same thing. We've got we're a team of 35. We I had
my first call with Gartner aweek ago Oh, wow. Staring with
them our vision. And, you know,most people know us as an open
source tool.
And I think this opportunitywith RSA is is absolutely
incredibly helpful for us. But,I mean, you see, you can go on
the expo for this this thesecurity vendor landscape is

(12:12):
filled with lots of dollars,marketing buzz. We gotta find a
way to cut through the noise.And so thank you for this
opportunity to share the story alittle bit, but we've got a lot
of work to

do.

There are bunch of VCs that are hunting
for you with 50, hundred milliondollar term sheets. Just warning
you that they'll be thrustingthose on you anytime soon here
on the on the floor as you walkaround. We walk in Vegas in
Vegas or in in Times Square whenyou're walking around, there are
people that are shoving thesecards in their hands. There are
term sheets being shoved infounders' hands around here.

Andy Cao (12:40):
Well, we'll take the order forms from CSOs first, but
and then and then we'll get tothe term sheets.

One last question from my end. You've won the
Sandbox. If you were on the onthe on the panel of judges, who
would you be voting for?

Andy Cao (12:51):
Let me tell you, Ross. This was such a deep field. I
mean, I sat through all thosepresentations and I wow. What
all these teams are building,the opportunity ahead of them, I
think it's incredible what thisinnovation sandbox does. I think
if I had to choose one, I thinkit'd definitely be the
runner-up, Calypso.
They I had a chance to talk withthe team at the X Lounge last
night. They're up to some reallyreally great stuff and I'm a

(13:14):
huge fan of the team, themission there. And we've already
set up some time afterwards tocompare notes. I mean, is a
community effort. We gotta worktogether.
So huge fans of them along withthe other eight contestants.

Awesome.

Andy, thanks for joining us. Huge congratulations
again. We're very excited foryou and, you know, everything
you'll build as you continue togo on this journey. And as a as
a fellow former, you know, youwere a former VC, it's it's
great to see that you've kind ofhad this second career. It makes
it a little bit easier forMahendra and myself to know that
if we are terrible in our job,which we may be, we still have a

(13:44):
second job to be founders andhopefully win RSAC.
But Andy,

you know, you're probably the only VC
who's giving respect respect tothe industry by becoming a
founder.

Andy Cao (13:53):
You know, there's a question on there about what
comes over from VC, and I if Ihave time, I'd love to just
share one thing. Some of the VCsI know are the hardest working
people. I don't think VCs getenough credit.

Nobody's gonna believe you when you say
that,

but please, Thijs, continue. Continue. But
remember, he said only Sam.

Andy Cao (14:09):
But no, I think the the work ethic, the grind, the
willingness to sell to founders,the hustle, I mean, so much of
that carries over to being, youknow, a leader and a startup. So
I have so much respect for whatyou all do, and I think there's
a lot more that we share incommon than I think people
think.

Well, thank you. Thanks. Thank you. Kind words.
Yeah.
Thanks guys so much.

Andy Cao (14:28):
Thank you both. Thank you all of you.

Yeah. Now that was a fun conversation we
recorded with Andy Cow at theMoscone Halls amidst the buzz of
RSA. Let's shift gears to theheart of this conference itself.
Up next, we're joined by doctorHugh Thompson, executive
chairman of the RSA conference,the world's largest
cybersecurity gathering. Now RSAbegan thirty four years ago as a

(14:50):
user conference for thecustomers of the company RSA.
The first conference in 1991 hadjust one panel. And I would
guess it probably had no morethan forty, fifty attendees. And
this year, it has 400 panels andover 40,000 attendees. And this
year, another interesting posthas been added to the name. It

(15:11):
is RSAC, where c stands forcontent, connection, culture,
and conversation.
It gets beyond the wordconference. Let's dive in with
Hugh to take a look at thesefour c's of the RSA c.

Hugh, we're so excited to have you here on
Inside the Network during RSAconference. Like

Hugh Thompson (15:30):
I am happy to be here.

So, you know, let's start with kind of the early
story of Hugh and theinvolvement with RSA conference.

So Okay. How far back do you wanna go, man?

I'm gonna go I'm gonna try to go a little bit
back.
So Alright. Go And You
know, in 2022, you led the acquisition of a
significant interest in
Oh, say car. Back

to No. Elfhood.

I said No. No. No. No. We'll we'll go we may go
there, but we only got twentyminutes.

So we'll we'll

try to Oh, good.
Sorry. We'll try to be excited. Yeah. Yeah. Go
ahead.
So 2022, you led theacquisition, significant
interest of RSA Conference Yes.Through your private equity firm
Crosspoint. And you've been onthe program committee for RSA
Conference for sixteen years. Soit was Yeah. Yeah.
2022. Yeah. Yeah. I've been the chairman of it for
sixteen years, I could say.

(16:16):
Pretty crazy. But over the past three years,
you've really gotten involved. Ithink the new title is executive
chairman.

Oh, yeah. Wow. Yeah. That's how you

the special how they added the Yeah. I mean,
that was that was the cost. Thatwas the extra cost to buy RSA
conference.
You got ex executive in there.
What has kept you excited about this conference
and staying involved? And whydid you decide to go and, you
know, purchase a significantinterest in the conference?

It's a great question. Yeah. And and like you
said, I've been involved withthis conference. It feels like
my whole life actually, butdefinitely my whole professional
life. And when I was a professorat Columbia through, you know,
work for a vendor called BlueCoat, CTO there, CTO at
Symantec.
But during that whole period oftime, it was a passion for

(16:59):
cyber. Like a passion for how tohelp people defend and how to
connect people. And I felt thatevery year at RSA conference,
you know, when it was 5,000people, when it was 10, when it
was 15, when it was 20, and youknow, now it's 44,000 people.
That passion is exactly thesame. And why would we purchase
it?
Right? Which is a greatquestion. I see this as an

(17:20):
institution that must bepreserved. It serves a vital
function for this community. Itconnects people in ways that I
think are so important,especially in these times.
Text changing all the time, asyou know. And when folks are
thinking about new dilemmas,like what policies do I set on
my AI agents, for example, youdon't wanna go out on a limb.

(17:43):
You wanna find out what some ofthe other verticals and some of
the other players are doing inthe space, and you wanna
collaborate as a community. Thisis a place where people do that.
And so we wanna grow it, wewanna invest in it, and we wanna
make it bigger and better.
And this year, we launched acommunity platform with the goal
being to connect people not justfor one week, but try and get

(18:05):
them connected for the rest ofthe fifty one weeks of the year.
So passionate about the space.

So awesome. Yes. This is the twentieth
anniversary of the RSAInnovation

Thank you, man. Thank you for highlighting that.
It is.

And one of the major changes you did this year
is introducing a mandatory$5,000,000 investment for each
finalist. Take us like, couldyou talk through this history of
how this decision came to be,and what were the outcomes?

Yeah. No. Happy to. So, you know, one of the
things and, obviously, I've beenI've been running this
innovation sandbox for thatperiod of time. Right?
And you get to see a lot ofthings. You see how these
companies then play outafterwards, what happens to
them. One of the biggestchallenges that we've heard from
them isn't so much raisingcapital afterwards because

(18:54):
typically, this at least in thelast ten years, it's become a
platform platform that says,yeah. That's an important
company if you got into the top10. So will they be able to
raise capital?
Yes. They probably will. Willthey be heavily distracted
during that capital raise? Yes.What tends to happen is those
companies get in a a massiveamount of inbound interest right

(19:15):
after they appear on the stagefor ISB.
How do we help them capture thatinterest, and how do we give
them funding right away? So weworked on an instrument that we
thought was the most founderfriendly way to provide them
capital, an uncapped safe basedheavily off of Y Combinator. And
so the thought was, here's aninstrument. It's gonna be very

(19:36):
palatable to thoseentrepreneurs, but as important,
it's gonna be very palatable tothe venture capitalists that are
already invested and the onesthat might invest in the next
round. So we're not setting aprice, uncapped safe.
We don't set valuation. Well,we're making a bet because we're
not involved in the selection ofthose companies. It's selected

(19:59):
by an independent panel ofjudges just as it always has
been. So that was the thinking,how can we help these
entrepreneurs?

And just to clear up any rumors Okay. There were
no changes, there was nonegotiation after that.

We published a safe. We put it online. Yep.
This is the safe. This is theside letter.
And we did get some feedback. Wedid get some feedback from the
community.

Including myself. And from yes.

And to some unnamed people that may or may
not be on this couch, which isactually very valuable, which is
very And as you know, we made acouple of tweaks, which we
publish back out. And you knowwhat? We learned a lot. We
learned a lot during theprocess. This is something, and
I know, Sid, you and I havetalked about it.
This is not a twentiethanniversary, let's do a

(20:45):
$5,000,000 investment each. Thisis an ongoing program, and so
we're gonna learn a lot as wekinda reflect on this cohort of
top 10. But what I thought wasamazing is same process that's
been happening for twenty years.Judges adjudicate. They show up.
Here's 10 companies. We're like,okay. That's great. All 10

(21:05):
companies have accepted theSAFE, and the feedback that
we've gotten from thosecompanies has been great. And
I'd encourage you to talk tosome of those companies and talk
to the judges too.
See what their experience waslike.

You know, Hugh, when you look at the way
the 10 companies rise up to thetop amongst a pool of what?
About two, three hundredcompanies that applied this
year?

Yes. Over 200 this year. About a 40% increase.
40% increase.

And obviously, the $50,000,000 that
is being deployed into these 10companies, 5,000,000 each,
becomes a significant pool ofcapital. If I wear the venture
capitalist hat Yeah. The stepsthat a VC has to take to earn
the trust and respect of afounder, you know, they're as
follows. They'll wait till theannouncement is made. Once the
the winner is announced, theywalk up to the founder.

(21:51):
They share the history of, I'veinvested in 25 cybersecurity
companies. These are all theways I will add value. Will you
give me the privilege investingin your company? So that's the
dance a typical VC has to do toearn the trust of a winner.
You've kinda completely turnedthe game around in a way where
they get the money right out ofthe gate or even before they
step on the stage.
What would you say to, let'ssay, Ashim, if he was not on the

(22:13):
judging panel, to say, I'mtrying to put my money into this
company Yeah. And you arecompeting with me now?

Yeah. No. Great question. And Ashim, who's a
really good friend of mine. Yes.
Yes. And who I have talked to

Andy Cao (22:23):
about this?

Yeah. And I'm sure he counseled as the
process was being designedbecause he has to straddle both
sides

of this equation carefully. Right? You know,
everything we do here at RSAC iswith the community. Yep. So we
went out and we talked to somany of the previous ISB top 10
finalists as well as a ton offolks in the venture capital
community and asked, what is thekind of instrument in here that
would not impede your futureability to invest?

(22:50):
Yep. That was a core designprinciple for us. Yeah. And,
obviously, you're gonna see thisnow play out in real time.
Right?
You know, experiment year one,and let's see how that goes. I
think though when they apply,they know the institution at
least, which is RSAC. Yeah. Andwhat what I saw, which is
interesting behavior, all ofthose companies I can't say all.

(23:14):
There's just 200 of them, Ihaven't talked to, you know, the
200, but many of those companiesthen went out and they reached
out to former ISB top 10finalists, and they just asked
them.
It's like, look. I like thiscompetition. I know it's good,
but I want you to tell me, like,really what happened to your
company afterwards? Like, howtransformative was it? And, you

(23:35):
know, if you're a founder, oneof the big questions you ask is
what are you bringing to thetable as an investor?
I think one of the things thatcomes with this competition is
great exposure. Yeah. Right? Andyou get great exposure plus an
instrument that is not justfriendly to the founder, but
also friendly to the venturecapital ecosystem around it, I

(23:56):
think you got something great.We're gonna continue to get
feedback, but I can tell youthat the feedback that we've
gotten so far now that we'veactually done it from both the
companies to participate in andthe folks that are investors in
those companies has been verypositive.
And again, I would encourage youto talk to those folks. Talk to
the top 10. Talk to the judges.Talk to other folks who were

(24:17):
investors in it, and you'll hearright from the horse's mouth,
pick anyone. I'm not evensuggesting anyone for you to
talk to.
I want you to pick at random andsee what they say.

If you add up the all the winners across
the twenty years

Andy Cao (24:30):
Yes.

If you just do a blind pool, think of
it as a mutual fund. I'm surethe numbers look pretty solid as
an investor, I would imagine.

It does. It really does. You know? And you
can imagine, you know, we're notgoing into this thing completely
irresponsibly. Right?
So what we're what we're bettingon is a process, process, which
is truly a bet on the community.Yeah. So for every year, we
follow the same process. We havea set of judges. Those judges
view have a set of criteria thatthey look at, same criteria,

(24:57):
things that you would expect,you know, I'll list all five of
them, but what's the marketpotential?
Is it a new solution? You know,how are you gonna go to market?
Who are the founders? That typeof thing. And then they
adjudicate it, and it gets downto this top 10.
We then back tested. Well, whatwould it feel like to these
companies if we had invested inthis cohort and that cohort and

(25:18):
the cohort before it? And thenumbers were really compelling.
They were really compelling. Andwhy is that?
You never know for sure. Right?Like, example, is it that the
judges in the process are sogood that they pick the best
ones? Or is it semi causal inthe sense that these companies
now get a stamp of being aninnovation sandbox top 10? And

(25:39):
thus, if you're trying to get ameeting with somebody, like a
prospective buyer of theproduct, is it easier?
Yeah. Don't

know. I'll just share one side note about
the Please. Winner. Weinterviewed Andy Cow yesterday.
Okay.
Okay. And prior to that, we dida little bit of a fun
experiment. Oh, boy. We we ranthe top 10 into three separate
LLM models, Chad GPT.

Oh, boy. Okay. Okay. Tell Chad GPT. Knock in
perfect ideas.

And guess what, Hugh? Project Discovery
was in all three, but it wasranked as number three by each
of those.

Really? I guess there
is Interesting.

So I guess there is some human involvement
that elevated that number threeto number one.

Apparently. Yes. Maybe you don't need judges
anymore. Yeah. That's And that'sgonna be your three judges will
be the three foundation modelcompany.
Yeah. Three foundation models and just have

a say, we'll throw deep seek

in there. Hey, you just survive. Let's hear it
out. Yeah. This is a Chinese angle here.
Oh my gosh. Well Yeah. Let's talk a little bit
about,
you know, other topics. One of the taglines that
I remember from an old RSACconference was Oh. RSAC is where
the world talks security.

Yes. Thank Thank you. Like an amazing guy. I'm
really remembering that title.

But, you know, that 44,000 people who are here and
they're founders, they'reoperators, they're customers,
they're investors, you're at thecenter of it all. You're talking
to a whole bunch of these folks.What's the one or two key themes
you're hearing again and againfor this year? Everyone likes to
talk it on LinkedIn, like,what's the theme of RSAC? What
does Hugh think is the theme?

Look, I mean, of course, it's not gonna surprise
you. It's AI, AI, AI, AI, AI.Okay. But that's okay. It was
like that last year, but nowit's getting a lot more nuanced.
It's getting operational. It'slike AI has made it
operationally into our business.Like, it's in here. We've either
used it in a customer supportcase. We're using it in a code

(27:29):
generation augmentation case.
We're not letting it run wild,but we're helping it assist.
Having it assist our developers.So it's real. Like, it's it's
in. How do we govern it?
What about identity of, say, anAI agent that we deploy? How do
we have traceability on how thisthing is operating inside of the
business? So it's amazing. Yousaw the same kind of progression

(27:51):
with cloud, just not as quickly.Yeah.
It's, oh, cloud. Is that good orbad? And then it's like, oh,
cloud. We're up there. Now howshould we think about
configuration?
And, like, which problems goaway and which problems get
introduced? You're seeing us gothrough a maturity cycle of AI
in terms of cyber, and it'sinteresting to see that play

(28:11):
out. So that's a big topic.Obviously, there's speculation
about regulation. Whichregulations may be relaxed?
Will Europe, for example, takean increased role in regulation
during this next period of time?That's a big question that's
opened up. And then, you know,I'd say another one is that
people are getting morepractical and real about a

(28:31):
potential switch out of some ofthe older cryptographic
algorithms. Yeah. You know, itseemed like Yeah.
Twenty thirty something was aways away, right, you know, when
NSA put a stake in the ground.But I think practically now
people are thinking about whatwill happen? How do I do it, how
long is it gonna take to moveinto a post quantum environment.

(28:52):
And those are some of the bigthings that we're seeing.

Our SA conference has always been about learning.
Yes. What is one cybersecurityor maybe leadership book or
resource do you find yourselfrecommending to everyone and
also to founders?

Oh, that's a really, really good question.
Okay. So I've written manybooks, but I'm not going to
recommend any of those. So,

you know,

I I

I mean, there are two authors on this
panel here, Hugh, just to say.

Yeah. Oh,

these two. These two are that.

I'm also not gonna pander to the panel and
recommend How disappointing.Panelist books. Although
although that's a good strategyin general. But, you know, what
I would say is I think aboutsome of the books that sort of
really helped me through. At thebeginning, I was very focused on
secure coding.
Right? So my first book was onhow to break software security,

(29:40):
so security testing. But a bookthat was fundamental to me was
writing secure software, andthis was actually Michael Howard
who was at Microsoft at thetime, still at Microsoft. I get
it. It's on coding, so it's onlyone tiny piece.
But if you understand the kindsof errors that happen in code,
it helps explain a bunch ofother problems that happen

(30:02):
downstream. So I think that oneis very fascinating. I actually
think some of Bruce's books arereally interesting. Bruce
Schneier. Because he takes astep back view on how the
ecosystem really looks likearound cyber.
I found those incrediblypractical for somebody new
that's coming into this space.And, you know, the truth is

(30:23):
we're in a new world. Right?We've got agentic AI. We've got
these LLMs all over the phone.
It's amazing how much you canlearn to get up to speed with
some of these things. And infact, in the membership platform
that we have, one of the thingswe've tried to do is create a
rag model where people can learnat their own pace, but it's

(30:43):
grounded in talks that havealready happened at RSA
conference. So I think there'slots and lots of good resources
for folks to get up to speed incyber.

So, Hugh, when we walk around the floor,
there are several largecompanies that have very large
footprints. You know, you couldtake an example of Cisco. I
think they have two floors inthe closest hotel booked
completely to bring in theirguests and CSOs, etcetera. I'm
sure if you look at Zscaler, iflook at any of these large
companies, this becomes kind ofa central influx point for all
the customers, partners to come.But there is the elephant in the

(31:14):
room.
The big one that is missing hereis Palo Alto. And if you see,
let's say, Nikesh or Nir walkingby Yeah. What would you tell
them? If they're not here, whatwould you, as executive
chairman, tell them?

I would tell them, we welcome you back. We
welcome you back. No. I know. Isay that and I say that honestly
because they're an importantplayer in the cybersecurity
ecosystem.
No question about it. Right. Andthis, first and foremost, is a
community. Yeah. Right?
Security really is a community.

We learn from each other during this

We learn from each other during the week, and,
you know, there is not oneperson that you can't learn
something new from. I don't carewho you are. I don't care how
much you think you know. And Iwould invite all of the
participants that are the bigones in the space to participate
in this community. Because I canguarantee you many of the
vendors, even if they aren't onthe show floor, they are going

(32:04):
to be right around San Franciscoright at this time.
And it's a challenge for themand also for us. Right? Because
at RSAC, we are never satisfied.Like, if you tell ask me, hey.
How'd this conference go?
I mean, like, okay. Great. Like,it's the biggest one ever, which
it is. And, you know, reallyhappy with, the talks and the
caliber and the keynotes and allof

it.

But what I'm also gonna tell you is we're never
satisfied. And so we'reconstantly looking for feedback
from our sponsors as well. Howcan we better serve you? And
that will be an ongoing mission.So I welcome the discussion.

Maybe one last question to end it all. Tell me.
All four of us are Bay Areabased. Yeah. So

That's right.

Outside of this week, we're all here. We're
here. Here in the here, youknow, not just in the city, but
in the region. RSAC has beenhere in Mosc Moscone forever.
There've been rumors of move in,moving out.
Just give us the update.
Like, are
you gonna stay in SF, and we have a new mayor?
What's the what's the plan? Whatcan you share with us?

It's amazing. You know, so I'm gonna share a story
with you. So last year at adinner, right, at at at at RSAC,
there's a dinner, and somebodycomes up to me and they don't
ask me that question. Right? Butwhat they instead say is, oh,
RSAC is moving to Las Vegas inyear.
It to you. Right. Right. They'veannounced it to me that it's

(33:22):
moving in 2025 because this isin twenty four, twenty twenty
five. What was ironic is we werestanding right next to a poster
that has the dates of RSA twentytwenty five in In San Francisco.
Right. Okay. So so these rumorshave gone along for a long time.
Like, look. I think that thecity is making an earnest effort
to continue to improve.

(33:43):
I'm I'm very optimistic. We hada great relationship with mayor
Breed. We have a greatrelationship with Daniel. He was
here earlier this week, youknow, walking the show floor. He
understands the importance ofRSAC into this environment.
This event is massive. You can'tjust take an event and move the
thing. And also Silicon Valleyhas a special place in

(34:06):
technology. And so when we thinkabout those questions, RSAC is
here. Yeah.
In 2026, you're gonna find usright here. Actually, not right
here right now. I think it'slike, you know, five weeks
earlier, but you're gonna findus here. And we're gonna
continue to work with the cityto make things even better for
our attendees. Now, you know,one of the biggest challenges is

(34:29):
how big could or should theconference get.
And it's for that reason that wespend a lot of time thinking
about this platform. How do wehelp people that really
internally can't get travelbudget more than anything else
to come? Right? So we'recontinuing to find new ways to
serve folks.

Hugh, three of us here on this side of
this table are Champions forFounders. Our request to you is
to continue to find ways to makeRSA more and more relevant, more
and more attractive to thefounders that are just getting
started or going through theearly phases. You know,
Innovations Handbooks is a greatforum, but we hope that there'll
be more such programs that'll bebuilt into the the broad

(35:08):
spectrum of four or five daysthat we have here.

And and we can't wait to go on that journey. In
fact, we've got InnovationSandbox. We've also got
Launchpad, which is forcompanies that are sage earlier.
We formed something new thisyear, which is an off shoot of
Innovation Sandbox. It's calledthe founder circle.
Very exciting. Right? There'sonly one way to get in, which is

(35:30):
to be in the top 10. And it'sall the top 10, not just the one
from 2020, all the way goingback. It was so inspiring to see
those folks getting together,up.
We are 100% supportive in aninnovation. We have to have it
in cyber or we're gonna lose.Yeah. Right? So Not as a
conference, as a society.

(35:50):
So anything that we can do, anyideas that you guys have of
things we can do, we'recompletely open.

Thank you so much, Hugh. Thanks for joining us.
Okay. Thank you.

Thanks for having me. Thanks for having me.

Now that was a fun conversation with
Hugh. By the way, not many knowthat he has a PhD in
mathematics, hence, doctor HughThompson. And, oh, he's also
authored four technical booksand over 100 papers. But we just
see him on the stage as the hostof the Innovation Sandbox. As
the executive chair of thisentire conference, Hugh has done

(36:21):
a lot for our industry.
If you, as startup founders,feel like RSA should do
something more, somethingcreative, or different for
startups, please let us know,and we will do our best to share
it with Hugh, and rest of histeam. Now as we wrap up this
episode with some of our ownobservations, Sid, Ross, and I,
we walked the floors. We did our10,000 steps, many founders,

(36:42):
CSOs, and VCs, and here we sharesome observations. And the best
part, Ross saw the goat on theexhibition floor. Let's hear
about the goat.
Alright, gentlemen. Here we are.RSA twenty twenty five is over.
Two questions for both of you.What is one thing that you
observed, a major trend, atheme?
And what is one funny thing thatoccurred during these past few

(37:06):
days?

Well, it was it was a fantastic week. My it was so
good that I can't even speakanymore. My voice is completely
gone. So for all of our regularlisteners, if I sound weird,
it's because I've been talkingtoo much this week. And Mehedra,
before I answer that question, Ithink the most important thing,
given we have you on thisepisode, is it's no longer RSA.
It's RSA c. And I think,

(37:26):
you know, we wanna make sure we get that right.

So sorry. I see. I see. Now I see. RSAC
twenty twenty five.

Yes. RSAC twenty twenty five. Well, you know,
maybe I'll start with the funnything. I think that probably the
there were a lot of funny thingsthat happened over the week with
both of you as well. But in myopinion, the funniest was, you
know, I had my dear friend RobRob Gilduda bring his humanoid
to an event we hosted atFoundation Capital's offices on
Wednesday, and both of you werethere.

(37:53):
And it was just pretty crazy tosee this humanoid walking around
amongst CISOs, CIOs, founders,you know, kind of heads of m and
a, and it became the kind of thestar of the of the entire kind
of night. Everyone wanted totake a selfie and shake its
hand.

It almost wrote a check. It almost wrote a check.
Almost wrote

a check. I did the you know, Robert pasted a QR
code on it, and I was hopingthat, yeah, you know, people
were adding it on LinkedInbecause it was definitely you
know, it's one of those coolthings to see.

So so wait. Wait, Ross. Did founders
start to ask this humanoid formoney? Like, what are you
talking about? You wrote acheck.

Well, I don't know if they did. But, you know,
as it happens with VCs, youdon't have to ask them for money
in order for you to get thecheck. They come to you.

Yeah. The humanoid the humanoid was was
wandering around, and and Ithink a few founders might be
disappointed they didn't get aterm sheet from humanoid.

I think I did the funniest part was we had, you
know, a panel as part of thesession, and there were three
CSOs, Subrakumar, Swamy, the CSOof Visa, Ben Debont, the CISO of
ServiceNow, and Mike Elmore, theCISO of GSK, and myself. And the
humanoid was next to us, and wewere all laughing and saying,
you know, this is gonna be thefuture CISO and and investor on
the room. So, you

(39:05):
know, kinda like the the the past, the present,
and
the future all just, you know, sitting sitting
up on stage.

And then Maybe the

the funniest thing was right at the end, you know,
I helped Rob kind of with two ofmy founders. I helped him take
that humanoid back to his house,And, you know, he called the
Waymo. So we had a Waymo, and weare trying the four of us were
trying to put that, you know,that humanoid into the back, you
know, the the the boot, youknow, the the Waymo. And you
should have seen there was this,like, robotic, you know,

(39:33):
humanoid car, basically. You hada humanoid, and then you had the
four of us.
And we were trying to kinda putit in, and it was the the
funniest thing on the street. Imean, there are people taking
pictures of us as one of those,like, odds odd evenings. Just so
Silicon Valley. You don't see itanywhere else.

Yeah. Like, what are the human beings
doing here? The Weibo shouldautomagically talk to the
humanoid. The humanoid shouldautomagically go inside the
Weibo, and the two of themshould take care of themselves.

Like, come

on, guys. Get get on with the program.

Maybe in a year. Maybe by our SAC 2026, that will
be happening. And I hope notwill be happening. That that may
be the end of the three of usthree anything of of of of real
prominence. You know,interesting kind of learnings.
I mean, there are lots oflearnings. Clearly, agentic AI
was the talk of the town, andHugh talks about it in in our
show in this episode. But maybethe the other interesting thing

(40:24):
for me was I was pushing CSOsand CIOs on what they were
seeing in terms of, you know,spend and and how spend was
changing. And in the past fewyears, we've seen kind of the
security budget grow veryconsistently between kind of
high single digit percentage tolow double digit percentage, so
in the range of kind of five to15% growth per year. And several

(40:44):
CSOs and CIOs highlighted thatgiven the macro conditions,
given everything going on, wewere likely gonna see at least,
you know, a cut.
And the biggest question was,was that cut gonna be half of
what it was in the past? So ifyou're, you know, growing 8%
annually a year, was it lookingmore like 4%? I think that that
is a big conversation point. Andfor founders, you know, who

(41:06):
listen in on this show, I thinkit's a big factor for all of us
to consider because the flushbudget, the increase in budget
is typically the budget that anew startup goes after. Right?
That is the budget that's notbeen assigned, and that allows
you to go after, you know, a netnew budget item and and create a
net new spend. So I think inthat world, we are gonna have to
think about, all of us, how toadapt to this kind of new spend

(41:29):
changes. I think the biggestadvice I'd have for founders as
they're thinking about thatadoption and and and how that
may change is is really, youknow, factoring in that we have
a big demand supply imbalance interms of human talent in cyber.
And what AgenTik AI and LLMsallow you to do is, you know,
take some of the services spend,the human spend, and convert it

(41:49):
to software. And so, you know,as you think about building new
tooling, think about how can yougo and automate portions of the
security workflow, and thenthink about how can you go and
effectively market thatautomation to the customer so
they understand that, hey.
By using this software, I'mactually gonna save money, and
that will be a huge factor. Byusing the software, I won't need
to hire this additional talentbecause that budget, you know,

(42:12):
increase even if there's ashortfall, that's a total
shortfall. That's gonna be bothsoftware and services budget.
And there's an opportunity to goand take some of that services
budget and move it to software.Those were the the two
interesting facts.

Yeah. For me, I think the funny thing is just
how screwed up our perception ofrisk is. Think about it from
this perspective. Every singleattendee of the RSAC was
incredibly excited about Waymo.So every single one of us was
getting into those cars andentrusting the machines with our
lives.
At the same time, a good numberof people are still skeptical

(42:46):
about the future of AI withrespect to cybersecurity and
whether or not we should betrusting AI to automate some of
the tasks that humans humans aredoing. So to me, it's almost
like it's just fascinating thedegree to which we are willing
to risk our lives, but we arenot willing to trust this, you
know, robotic process automationwith a few triage tasks in the

(43:08):
SOC. Something that is in termsof learnings, think two two bits
for me. One is that in 2025, itis no longer possible to scare
scissors into buying a newproduct. You have to communicate
real ROI.
You have to explain how doesthis product make them more
efficient? How does this producthelp them save money? How did
this product help them do morewith less? And to your to your

(43:32):
previous point, using AI toautomate forecloses is most
certainly one way to do it, butthere are many there there are
plenty of other ways to do it aslong as the founders keep the
ROI equation in mind as they'rethinking about about building
something new. The other bit forme is the growing gap between
the discourse on social mediaand the real life.

(43:54):
For example, there have been aton of people on social media
leading up to the to the RSACweek talking about the
questionable value. Hey. Shouldwe go to the conference? Does it
make sense? Does it have a goodROI for founders?
Does it have a good ROI for forsecurity leaders? And then you
show up at the event and youtalk to the actual attendees and

(44:16):
you realize that the the oneswho are able to plan their time
well, know where to go, knowwhom to meet, they're getting a
tremendous value out of thatevent. Like security
practitioners, security leadersare able to meet their peers,
are able to understand, tobenchmark their security
programs against their colleaguesecurity programs. They're able

(44:37):
to meet new innovative startupfounders. They're able to
understand how the industry isshifting, how the trend
landscape is shifting, what theyshould be paying attention to, a
ton of value.
In the same way founders, ifthey are being proactive, if
they're scheduling conversationsahead of time, if they're
planning their calendar, ifthey're planning whom they're
going to meet, which eventsthey're going to attend to,

(44:59):
they're getting a tremendousamount of value from all of that
exposure to their customers, toprospective customers, to VCs,
their other founders andlearning from them and so on and
so forth. Now at the same time,some people can obviously
question the value of theconference because they want the
conference to happen to theminstead of being proactive about

(45:20):
their own time and trying to getvalue. The other bit is like,
the other way of in which I seethis growing gap between the
discourse on social media and inreal life is how people discuss
is is what people discuss.Right? If you

go you go you go on LinkedIn,

you read some articles, everyone is talking
about MCP, everyone is talkingabout agentic AI. Now you talk
to buyers and you realize thatthey're still talking about the
very same problems that they'vebeen talking about five years
ago. They're still talking aboutvulnerability management,
endpoint security, emailsecurity, cloud security,
network identity, and on and onand on and on. So the new

(45:58):
technologies where the where thenew technologies are more are
most impactful is where they'reapplied to the old well
understood problems, and andthat's where where the
difference is made.

Yeah. I think for for you put a really good point,
Ross, which is that I think theadvantage of a big conference,
certainly of RCC with whateveralmost 45,000 attendees, is that
it is truly where the worldtalks security. And there's this
huge opportunity to go and meetpeople who are not in your
network and get to know them,and as a result, get to go and

(46:29):
get insights that you may nothave been able to do one on one
as you go and reach

out to individuals, you know,

over email or LinkedIn or, you know, through
some other form. And I thinkthat as as our listeners are
thinking about whether to go toa big conference, particularly
RSAC or Black Hat. I'd put thosetwo as kind of very large
conferences in our industry. Andif you want to go and have those
chance encounters and increaseyour network, these are the
places to be. Mahindra?

Well, speaking of chance encounters,
Sid, I remember the first RSA Iattended was thirteen years ago,
And I was literally crossing thestreet coming into Moscone, and
somebody I could hear somebodyyelling out my name. And I
turned around, and I walked backactually halfway from the
street, and this personintroduces me to this founder.

(47:13):
Two seconds later, this personis gone. I have taken this
founder's contact details, andthen I'm gone. So that chance
encounter led to one of my earlyinvestments that gave me an 8x
outcome on a cash on cash basis.
Right? So I am a big believerthat these events, you know,
40,000 some people come. In oneweek, I had almost I don't know.

(47:33):
I met about a 50, two hundredpeople. I mean, granted, these
are not deep conversations.
But if I look at the rest of myyear, probably I'll have another
50 meetings, and then all ofthis is compressed in, like,
three and a half days. Right? Sothe density and value is so
immense. Now our world, youknow, said your and my world is
sort of intertwined betweenthese three legs of the startup

(47:55):
journey. On one side, you'refounders.
The second leg is, call it,investors, VC friends, if you
will. And then the third leg isacquirers or, say, investment
bankers. And so between thosethree, there were some pretty
interesting observations.Amongst founders, I found some
of these repetitive me to startup ideas. And my one request to

(48:16):
our audience of founders is thatdo some research.
There are tremendousopportunities out there, but
also try to stay away from theones that so many other
companies are doing. A slightvariant on agentic AI is not
gonna give you adifferentiation. It's not gonna
get the VCs excited. So you haveto think differently. I mean, to
use the Apple slogan, thinkdifferent.

(48:37):
So that's one advice tofounders. Now on the VC side, of
course, a lot of parties, fancydinners, a lot of, you know,
events where you're sort ofliterally trying to jam four,
you know, dinners in oneevening, they tended to be a lot
more interesting where youstarted to see how investors are
thinking. And the bigobservation is investors are

(48:59):
obviously, you know, beingconservative, being very picky.
In some situations, thevaluation dynamics are, of
course, playing to the investinvestor's advantage. And then
finally, on the acquirer side, Ihad, you know, conversations
with people around Cisco, PaloAlto.
I heard some people describe howCrowdStrike strategy is
evolving. And I think there is avery interesting world that is

(49:19):
starting to play out there. Andbeing aware of those with with
how the investment bankers arealso working with those buyers,
it's it's extremely importantfor our founders to know how the
big company are thinking, how dothey look at the geopolitical
impacts, the changes in stockmarket, and how their own
strategy is gonna evolve. Ofcourse, a big surprise or the
big sort of, you know, eventthat occurred re just prior to

(49:44):
RSA is the Google Wizacquisition. And I was hoping to
get hold of some people aroundthat acquisition, but I
miserably failed becauseeverybody was partying.
So a couple of other high levelobservations. You know, in in
AI, you know, there are thesethree areas. Right? One is how
can the models be protected? Andso we have, you know, companies
like ProtectAI that got acquiredby Palo Alto.

(50:05):
The second is how can the SOC orthe life of the analyst be
improved? So you saw so manydifferent opportunities coming
out there. And there, I feellike the risk of differentiation
still needs to be thoughtthrough. Finally, the third
piece was how can the enterpriseprotect themselves when a lot of
their employees are posingquestions to chat GPD or how
they are downloading models fromHugging Face, how they are going

(50:28):
about using AI in somewhat of aWild West manner. And so we saw
a start up that covered thosethree areas, and I feel like
it'll be interesting time to seehow those three zones of
opportunity play out for for ourfounders.

So is nobody going to talk about the goat on
the floor? Have you guys seenVan Vandergot? I

didn't see it, but I saw pictures of it. It was
pretty crazy.

That was kinda cool. That was kinda cool. I
hope I hope next year at on thefloor, we can have a small
petting zoo with goats and allthe other kinds of animals, and
people can just have fun withkids.

Well, you know, some of some of the the the the
feedback, though, was also that,like, that the one could argue
that there's some level ofanimal cruelty, and the and the
reasoning behind it is that theythey also had puppies, and, you
know, puppies are not supposedto actually be you know, they're
not supposed to just like smallbabies, they shouldn't be
spending a lot of time with alot of people because it
increases the risk of kind ofthem getting illnesses. So I

(51:24):
think, like, they're they'repositives, but they're all also
negatives to just having animalskind of kind of bear. It feels a
little bit gimmicky. So while itwas it was a cool angle, I also
worry a little bit about, youknow, the the animal cruelty
there.

Wait. I think we should all
unequivocally state for ouraudience that we do not support
animals, human beings, or anyother form of exploitation to
promote your shit.

Yes. That's true. That's a great point. I think
only you can promote it. Youshould be promoting your stuff.

And, I mean, to find an intelligent way
to diverse, you know,differentiate yourself, if you
think that you need an animal ora human being dressed in a
certain way or, you know,something that kind of
borderline is silly, then maybeyou should not be doing that
business at all because you'renot gonna get attention from the
intelligent buyers.

Agreed.

Agreed. Thank you for joining us Inside the
Network.

If you like this episode, please leave us a
review and share it with others.

If you really, really liked it and you
have some feedback for us, wrapit on a bottle of Yamazaki and
send it to me first.

No. Don't do that. Mahindra gets too many GIFs
already. Please reach out byemail or LinkedIn.

All Episodes

Episode Transcript

Popular Podcasts

Bookmarked by Reese's Book Club

On Purpose with Jay Shetty

Dateline NBC

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Andy Cao and Hugh Thompson: Inside RSAC 2025’s biggest moments and boldest ideas

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Bookmarked by Reese's Book Club

On Purpose with Jay Shetty

Dateline NBC

All Episodes

Andy Cao and Hugh Thompson: Inside RSAC 2025’s biggest moments and boldest ideas

Bookmarked by Reese's Book Club