No Priors Ep. 38 | With Material Security Co-Founder Ryan Noon

Key Takeaways

[Music] so this week I'm joined by Ryan noon he's the co-founder and chairman of material security the cyber security company making cloud-based email a safe place for sensitive data he previously started par structure which was acquired by Dropbox where he was an engineering manager prior to starting material security Ryan welcome to no priors hey it's it's great to be here man always lovely to talk to you oh yeah it's always fun to chat with you um so one of the reasons it's excited to be chatting with you today is I feel like you have such a great perspective on uh both the broader security industry various Tech topics Etc but also specifically how this all starts to tie into Ai and I know that in material you were um a very fast adopter actually of um AI related Technologies as the first sort of apis really came out and you started playing around with them quite early and doing interesting things with them do you want to first talk a little bit about how you started material and then maybe we can touch on how you start getting involved with the AI side of it yeah sure um so we started material I guess 2016 2017 or so I had left Dropbox and um you know was living in Europe and fell in love with u all the election hacking that happened year um you know that year it was pretty nasty like every random Gmail account kept getting like dumped on the internet so I I had an idea for like you know how to protect a Gmail account you know just an ordinary personal one in like a fairly novel way uh I coded it it shockingly worked the Gmail API let you do it I brought it back home and and showed it to some friends and uh we realized this is actually a special case of a broader way of thinking now 7 years later it's a you know whatever cybercity unicorn thing and we get to work with the coolest companies you know in the world by far and the the stuff that you get to do at this scale is just mind-blowing it's it's wild to think just where it started and and and where it's come and what what are the main products that material focuses on just for the the audience they have a better sense yeah so um the the broad thesis is basically we've all kind of got these Google and Microsoft accounts um you know email is sort of where we started but you know since then we've kind of uh just went deeper and deeper and deeper into sort of everything that you can use uh you know a Gmail account or a Microsoft account for uh the bread and butter of the business is selling you know to to companies you know midsize and up uh with these kind of these big Google workspace and Office 365 deployments uh the product has a bunch of different modules that are all kind of based around the the main things people worry about um the the kind of the first big product that you mentioned you know in the intro was people have years and years of sensitive information sitting in these accounts if somebody you know gets into your Google account they're just going to download all of your email uh and go through it later and your whole life is in there it's even worse you know in a corporate environment and so that product what it can do actually is uh finds you know sensitive stuff that's just sitting around kind of just sitting in your inbox in your archive whatever and then it can basically redact it and then replace it with with a clean copy so that if somebody gets in and downloads the whole thing they don't get anything good uh but then if you happen to need it like I I I like having all this information in my fingertips you can just press a button and do have an extra face ID or a touch ID or you know more advanced policies and and in work but just something that's easy for you but hard for the attacker so we started there and then we expanded into anti- fishing you know people can send you tricky emails and get you to do things and steal money from you uh we expand it into account takeover protection which is you know more of the things that people do uh after they compromise the account and you know I try to reset all your other accounts and steal your bank account and all of that just the the operative concept is defense in depth which is just you know like just assume that the bad guy got in like what do they want you know like they got over the wall there should be another wall and a machine gun you know it's like history has all these fairly basic lessons about resiliency that uh never really always get applied the right way when it comes to computers so yeah it's kind of like a I guess the part of the impetus was the 2016 election where you know there's all the things around the podesta emails and Hillary Clinton and everything else and the basic ideas um somebody's able to hack your account but it doesn't matter because your email is not accessible to them or the sensitive information that you designate yeah I mean it matters but we used to call the company like seat bels for email or whatever back in the days like it sucks to crash your car it really sucks to go through the windshield Google and Microsoft you know have a a total duopoly on all of this and kind of what little thing that they missed from a security perspective is you know World altering you got like I mean there's a headline every couple months like every cabinet secretary just got their email hacked because all of the eggs were in Microsoft's basket you know and and so we kind of just exist to fill the gaps in whatever doors they leave open that's you know it's it's very fragile having a duopolies are stable in the market but but very fragile when it comes to security yeah that makes you were one of the fastest adopters I feel in terms of Hands-On use of llms for security applications how did you start thinking about the use cases where generative Val would be useful the second you give a coder a repple uh you know we will we will start iterating basically right CHT of nothing was not the world's greatest reppel so I mean we just started playing with it and then we're like there's a lot of security domain knowledge like baked into this thing it turns out if you feed you know precisely one internet to precisely a million gpus it up a thing or two about cyber security and so you know it's it's the kind of thing that obviously like the bad guys are are are starting to figure out in Earnest uh and you know it's not like you can prevent this stuff from getting democratized but we just we just you know you could do simple things like you could feed it you know like a bunch of you know raw email headers anyone who's coded with these things it's it's like this weird wetwear grafted into the middle of a computer you know it's like it's uh it's it's squishy and and stochastic and parody you know but you have to integration test and and model around it I think the analogy I used at the time was like Shang Tsung from Mortal Kombat like it has it has eaten the souls you know of of thousands of of security engineers and so like you might as well use it because honestly like there's a lot of just raw operational work that happens in security of just like we need to you know rarify this signal filter out the noise and then honestly feed it through a human being who has some experience as to what the bad guys are trying to do uh and you know it turns out LMS are fantastic at that and so that was that was the first use case um that we really kind of productionize but you know beyond that it's it's kind of gone crazy so there's a lot of engineering you have to do though it's kind of amazing because if you look at modern llms they have this mixture to your point of sort of this deep knowledge base which is the internet and dear Point sort of The Souls of security Engineers on the internet and then you know it has a sort of Chain of Thought or sort of reasoning that is very useful to use in certain circumstances is there any data that you feel is really missing or a specialized Corpus you need to to provide or anything else that really helps from a security perspective that you you know you need to augment or fine tune or do something with honestly like you know I I've seen a lot of you know startups starting from scratch here and and whatever and you know as as an engineer like I know when I have Headroom and honestly even in like GPT 3 and a half there was plenty to work with I'm seeing a lot of shovel selling obviously right now in the AI Market uh and I'm seeing a lot of like you know I need to pretend that I have a moat so I need to you know fine tune all this stuff and whatever whatever but yeah no I mean so many things that were very very very hard for computers you know 18 months ago are very very easy for off-the-shelf models so like I I think you know maybe chew your food First Security industry yeah what do you think are the best application areas then for generative Ai and security is it pen testing is it fishing is it something new is it some form of like supply chain yeah I mean it's obviously the the offensive side is what you're not supposed to talk about too much uh but obviously the bad guys were talking about it and security you know it it does have this arms racy sort of aspect to it so like you know we need security LM companies uh because the bad guys exist honestly like the the ORD zero thing when I keep meeting with Founders you hear this there's all these like kind of classic cliches in the cyber security industry like the cyber security skills shortage like America needs you know to bring back the draft and make everyone get a security certificate or something okay like you know that you have like 90% of a human that you can use for like a penny and a half right okay start there you know uh and so like there's just basic things like that but it it gets it gets more interesting I think from there but like let's go to Disney World collectively after we do that and then we'll come back you know do you do you see any cesos actively using um llm tools today or is it still kind of early and it's like there's an adoption curve and or is it going to just be in the hands of the vendors well I I think the best thing about the security industry uh is that there's also the security cottage industry of like it's not the fancy security vendor who's you know buying the ciso steak and having them Drive Ferraris around Vegas every August it's like just a strong like security engineer who's just hacking something together and so some of the best companies that I've seen you know are just that uh and and so you're seeing all these like there are cool projects out there um you know I you know I don't want to name drop too many of my friends on this podcast but like you know just like the the stuff that socket's doing just like analyzing npm dependencies like you know even just like stack analysis like looking for like you know hey you you Dro sensitive information in the middle of your code based like that's like such a messy hard problem as any like computer science can you know person can tell you and like these things are pretty good at reading code you know so like all sorts of just basic stuff like that is is starting to to pull through so what do you think is the biggest um risk or cyber threat from this technology oh I mean like it can be a human and and I'm just I'm just talking about the text models right like so much of Cy security is just text uh and there's nasty hacks you know that are that are reported you know where someone's voice was faked very convincingly and they made a phone call and blah blah blah like humans you know trust through computers uh that was I think the key mistake we made you know yeah I guess there's a lot of apis now that do voice cloning like LMN or um 11 or some of these other folks right and so basically I guess the threat is that somebody voice clones and then they can use it to call you and pretend that they're your bank and ask for permission to do a wire or spoof you on the other side where it doesn't even have to be that hard like as in the standard like you know new employee joins company receives text message claiming to be CEO thing like it works at scale you know like uh so like and it's you the sheer amount of like you know you go you go see these attacks that that random bad guys are sending to people and like they're not even like using grammar properly like all they could do was like spell check the bad guys and that's all you were using like whatever offthe shelf you know open source llm for like even that would make a a difference materially on you know cyber security policy returns how bad do you think this get it on what time frame so say we're at you know it's three years from now and we're at GPT 6 or something do you have any predictions in terms of the the sort of effective Threat Level or the capabilities or what might happen then yeah I think we all kind of like wonder about this um I was talking to somebody from the White House who was like trying to figure out how to talk about security LMS a little bit like think the operative analogy that ended up helping was like Bronze Age versus Iron Age kind of thing and that like if you're you know if you're if you're a tribe or something and you have bronze weapons and Your Neighbor Next Door gets iron weapons uh then like you're you're going to have a bad time like you're going to need to go and get iron weapons and so all of this talk about like you know we need to you know air strike the data centers and and prevent it from being aligned or not aligned or whatever the current term is like that's like saying you know well this super high grade carbon steel from space you know needs to be restricted but honestly like if someone got iron weapons against your bronze armor like good night you know and so these all them things it's a step function like you know for however often you know we used to whine that we only had you know 140 characters and not like flying cars like technology does give you step functions every once in a while uh and like this is just that you know so it doesn't mean that like you know we're all doomed now uh and I think we getting a a like a sense of the scope of the threat is really hard in cyber security because you could be like you know hey you know we're a Fortune 500 and we left the front door open for a year and no one walked in it like hackers are fake cybercity industry is BS right or you can be some like little no-name company and just get run over and you're like the barbarians are at the gate and it's like really hard to know exactly what you're up against right uh but what's interesting is that like automation like it's like the you can be more human and you can like one human can now supervise a thousand humans you know you don't need a room full of like jerks trying to hack grandma or whatever uh when honestly like one jerk will now suffice you know with a for Loop yeah yeah to that point it feels like there's a few different types of actors in the cyber security world right to your point there's sort of individual players sometimes that's ransomware sort of financially driven folks and then there's state-based actors right and it seems like some of the attacks we had a year or two ago on parts of our more physical infrastructure and supply chain may have been through state-based actors how do you think about that in the context of these things is that you know we must continue to invest in llms at scale as a broader National Security side of things does it modulate your thinking at all yeah I mean fundamentally like you have to invest in cyber security like my my moral basis for cyber security existing is that is essentially like the the waste heat of all other innovation in in Computing and information which is like you know if a computer is doing something new for you that it wasn't doing last year then like the utility of that will Drive adoption and then like cleaning up after it for like whatever the side effects of that are uh is what you know essentially cyber security you know does right and so we are the the cleanup crew for all other Innovation uh which is you know it's it's a it's a living it's a you can it's an honest living so whenever Innovation happens like the entire world will adopt it before they realize like oops it messes up democracy or like oops whatever you know like utility drives adoption not safety like welcome to Earth you know and so uh so I I think like the on the the nation state side like it it's you know you don't have to even be hyperbolic with like you know it's the atom it's the whatever it's because like you know fundamentally like intelligence is now a commodity that we can arms race you know like weird you know it's it's not uh you know like Atomic power can arms race like no like intelligence itself can now go Red Queen yeah that was the original premise under open AI right the concern was that uh Google and a few other folks had uh you know real advancements in Ai and they were driving most of it and so open a I think originally was meant to be kind of a counterbalance to that so there wasn't a single player that would effectively dominate all of AI or if it was it'd be under this sort of um philanthropic uh guys right and so it's it's it's interesting that even in the early days of this stuff um a lot of the emphasis was on this let's avoid some over agregation of power uh within AI but if you have a lot of intelligence that is extremely online like you have a a ton of power and you know the West I think is especially vulnerable to this like open societies I think are extra vulnerable when it comes to infex stuff because like we we put it all out there we we adopt these systems we open them up we let the private sector totally handle them you know like we we we are early adopters of every digital technology and we are very happy to wave our soft underbelly on the internet as a society we don't we don't lock it down how how does that differ from totalitarian States from a cyber security perspective like you could literally you know if you're like North Korea you're going to say you're all going to use this Linux distribution but it doesn't support you know whatever I want I'm sorry we're an authoritarian State like oh oh well what you know like what if I get fished sorry like that's not how bank accounts work in our country you know like it's just like you can control information you know you can't this usually gets like viewed through the lens of like social media disinformation if you can you know regulate and lock down you know the entire social media discourse then like you know what election is going to get hacked and where would it get hacked you know uh but the same thing I think holds true for all of all of cyber security the other interesting you know like way of looking at this that's always kind of baffled me is that you know if if cyberspace is a space right like in in like US military terminology it is a command just like you know North Africa is a command like cyberspace is a command like William Gibson you know would be proud right but like in this space like you are kind of on your own as an American like you know it's like if I if I was in you know like like the military protects Americans and guards our borders what does that even mean you know with like cyers space like I hope you're harder to see so uh you know like is there anything specific you think the deity should be doing relative to these sorts of threats right now or if you were magically in charge of it like what what would you change or what would you do differently I mean they do a fantastic job in a lot of levels like I'm you know it's like obviously like we were all had to the valley had to deal with like Snowden and everything you know 10 years ago and whatever uh and I I'm not I don't need to take a side on that one but the point is like we have some pretty incredible people you know doing offensive stuff as well in cyber security and deterrence works pretty well a lot of the time as well you know so I when it comes to LM specifically I think everyone is still figuring out what the hell is even going on you know like it's it's going to take them a while I think you see DARPA doing really interesting stuff you know like there are interesting projects out there um but I think and this is maybe a motif that I see broadly with llms is like you know the unless you go super super deep on this stuff you kind of see everything through the lens of like the popular discourse of chat GPT like whatever you know the the the you know the New York Times or whatever has said about chat GPT or whatever experience you had the first time you used it 6 months ago when you were on the free version is how you see everything and so they'll be like we need to make sure it doesn't make stuff up we need to you know have it generate blah blah it's it's all kind of like order zero stuff I think people have yet to realize that like the computer can think in like a much more Salient way than like it ever could before and so I think people are still playing catchup yeah that makes sense yeah it feels very underappreciated yeah I feel like there in general people R viewing um AI this Continuum where it's like it's a CNN RNN and now we have Transformers and it's just a straight line and instead obviously it's a big discontinuity in terms of capabilities and I think most people still don't think about it that way or at least I should say many people particularly outside of tech and I actually think it's underhyped in all sorts of ways which may be a different conversation shovel selling is overhyped but I think the uh the the thoughtful you know discourse on what our society will be like in 10 years is probably underhyped yeah yeah good point so one of the big debates that people have in this area is what degree of things will go to Encompass versus startups and in security the incumbents are really strong right they are very good at buying things and bundling and cross- selling and sort of the traditional Enterprise Playbook which parts of tech have sort of Forgotten for a while and maybe are coming back to now that we don't have Zer anymore um how do you uh how do you think about the things that incumbents will do versus startups like is there any room for startups right now on the SEC on the AI security side I mean there's there's always room for startups the cynical take here or like the the the take I can give that is perhaps most formed and most cynical uh whether this is whatever uninformed informed pessimism versus inform whatever is uh is that basically you know in the Cyber secur industry there's some basic economics right there's if you care about this like there's a great paper that is actually required reading for everyone who's ever joined material which I've never enforced uh but it's called the market for silver bullets right like Ian Grigg wrote it I think I've sent it to you once and it's like fundamentally you know there's there's like markets for lemons and whatever but there's markets for silver bullets which is that like fundamentally there's there's the buyer there's the seller and there's the attacker you know and so like the buyer cannot really be sure of the effectiveness of what they're buying and whatever whatever and so you can't really like look at a solution and be sure that it will save you right like you know you could buy an insurance policy you know and and there's a you know like a truism that all cyber security products are just you know complex insurance policies or whatever right but the the the point is like that that mushiness exists and so what has resulted in in in the free market here is these incredible distribution machines right you have you know think like Cisco or Pal alter networks or even you know Microsoft and Google to an extent right where they just they have the Salesforce they have you know the the bundle they have you know the the big conference with all the glitzy stuff or whatever right but they don't really know like if you ask the product manager at that company or whatever like and they're being honest like they don't know what bad guys are going to be doing in five years any better than anybody else does right uh and they don't know what's going to be effective so why would they plant seeds from scratch when they could just go Harvest crops that are already growing and and Transplant them into their yard and water them with all these salespeople and all this bundling and all this Market power right uh and so these these like paved roads I think they're just a function of of the extra you know like technological and product uncertainty that is just compensated for that that risk must be compensated for with extra low Market risk you know and so that's what you see you know like Cisco just bought Splunk but Splunk buys things the whole Market just works this way I think I I read a blog post once where I called it the the cyber security industrial complex you know and it's like their PE firms you know dressed up as innovators blah blah blah I was angry I used to be very angry but uh but but fundamentally this this happens and so that means that we are kind of you know entrepreneurs you know at at at their worst like there can be new great cyber security companies there there's still creative destruction that happens you know some of the best cyber security companies you know didn't really exist 10 years ago and that's like you can still build big ones like VCS you know don't stop you know like VC's you know when it comes to cyber stuff will will like you know just go for base hits constantly the worst ones you know a lot of the best VCS like never you know make bets in cyber security because you know at best you're going to get a $200 million takeout to palto networks or whatever right that's the the typical outcome but you know you can still build these big companies uh and and you know people should still try uh but you know there's but that that that farm system is still active like no one really knows like The Innovation will happen and if the Market's big enough and you know you don't as a Founder you know you don't want to stop the game on second base or whatever uh and you want to keep going those opportunities are there uh and honestly like discontinuities breed new companies you know and there's entire classes of things that are necessary and obsolete now so much of security is uh is is emitting logs and alerts and then parsing those logs alerts again and aggregating them you know I I spent a lot of time doing you know data infrastructure analytics in my life you know before after my cyber security grad degree but before I started using that degree uh and and it's just like you know serializing and deserializing data and parsing some old firewall thing from 20 years ago or whatever and like an LM can just eat that you know like depending on volume and and all that stuff but there just like a lot of spend I think is up for grabs as long as you know people have their expectations in the right place I guess outside of material like um is there any larger scale security vendors that that you've uh you know publicly talked about rapidly adopting llms I know material's been very fast on it I mean obviously Microsoft had this you know top- down mandate and had a year on everybody and so they've been they've been making a lot of noise and and marketing it um but you know and that's theoretically cool but um I don't know how I haven't used it personally yet um but I I you kind of you probably saw this pattern which is that like uh you know kind of the the growthy companies with the nerdy Founders like immediately started integrating this into the product right uh and then the like youngish public companies that like totally still got it you know would do like a thinner feature a little bit later you know the big Fortune 500s are doing science projects God bless them you know uh and so I I think I'm seeing that and I I haven't I've seen plenty of first bucket things that are very impressive uh I've seen you know like the the the look you can type in the box and if you have typos the llm doesn't care you know I've seen that from from the public companies that totally still got it you know and then uh and then the science projects you know are uh just just really good for open a eyes Revenue I assume yeah yeah yeah that makes sense yeah and I guess there's also sort of the hybrid or overlap or partnership stuff like for example last year I know material did a partnership with slick to Support Office 365 in Google workspace and provided sort of enhanced security benefits to Joint users and so there's like there's also that sort of approach where you you partner with the large incumbents to to bring these new things to Market in some sense yeah yeah I mean c security Partnerships are super super super important because like people people hate to have to buy like individual things in their cyber security stack but they also hate when they buy a big bundle that sucks you know so like the the right answer for the customer is to like just for for the vendors to be grown-ups and to work better together where possible yeah I guess um more generally you know it's been about seven years since you co- found a material what do you think are the biggest uh changes or Evolutions in security since then oh that's a good question um honestly like I don't know how much has changed like it's like you know people still send emails people still reply to text messages I think uh you know the there's always like the put slack is going to have all those problems too or whatever whatever and I think at the end of the day like if something's a wall Garden uh like it will be involved in attacks you know someone will go in and like own you because they compromise slack after they compromise this and and escalated that whatever but like entirely new attack surfaces of like you know ways to get to users from across the internet broadly speaking uh like I think have have a somewhat somewhat stable what's the sad thing I I spent a lot of time thinking about like mobile stuff and it's it's sort of this like tragic thing where like locked these things down like hardcore now right it's actually like super limited what like vendors can do and and the average employee I think understands that their company probably owns their work email account or whatever uh and has has cart launch to protect that and protect the company but you know like do you have your phone is it my phone I brought it I signed it in do I have MDM on it all this stuff and so that ends up being the situation where uh you know even Apple who's like so good at locking it down to the extent that you know Zuck is super sad or whatever like we'll we'll lock down the device and prevent you know the most you know obvious forms of cybercity software being made but like uh like then we'll sit on the problem for years while like everyone gets over you know so it's people are are usually it's a sad thing in the tech industry that you probably see people are better at keeping people out of their territory than using their territory you know uh it's this very very nasty sad thing so uh so I I think some of these problems I think have just gotten worse you know um I think there's always the the you know infrastructure story of like you know the multi- deade mega trend of people getting rid of their data centers and allowing only a small handful of companies to buy all the semiconductors and then renting them from people that centralization uh you know it's it's not like the most interesting thing for a lot of us you know but it's you go to security conferences and it's you know I I had to buy these seven things when I had had a data center now I have to buy this one thing but it comes with Amazon but it sucks but I have to buy this other things so that that trend is not done and there have been some great companies that have been built in in that space uh in the last seven years that you know like I you'd think that like AWS and Google and Microsoft could like keep this secure that they're renting you but no you know like so that's that was that's been one of my biggest probably misses as a as a as an investor not even independent of security there's years of like well the AWS will bundle this one you know and then no they don't you know even like snow I did diligence on snowflakes B and told whoever asked me to pass CU I'm like red shift exists like AWS is not asleep at the wheel and then you know AWS subsequently told me when I talked to them about this they're like you know we get paid either way like we they don't own any CPUs like we can be lazy yeah yeah yeah yeah they're the platform so it works yeah there other areas um I know that a lot of Founders in both security but also in Enterprise come to you for advice as they first get started um in terms of starting their companies are there other areas of like Enterprise that you're most excited or interested in right now uh oh man I have this LoveHate Thing just with with security like if I if there's any Founders listening to this like security like like what's annoying is because it's very mushy no one necessarily knows what products are effective and whatever whatever you can kind of just like really put your head down and like grind and sell and like build a beach head with your company uh you know and and it might be a totally okay product like I was I was talking to a great founder yesterday and they're like thinking about what to build and whatever whatever and and it's like take a step back and just like try and build an incredibly useful thing that everyone should buy stop thinking about the Gartner categories and you know whatever casby uba Sim whatever DNR something something something like stop like trying to like look at at this like big like you see these like the some of the cyber security you know I bankers and stuff will put out these big quadrants of everything and how it all fits in the thing that consumer people make fun of us Enterprise people for are are extra make funable uh in cyber security you know and so uh so I'm always just like you know like go and go in there and like just like if it if it's a thing that connects to an API that everybody uses and saves them all a bunch of time and makes it way easier like just build that okay like stop worrying about your Garten category you got like five years uh to even like you know start paying Gartner you know like stop it well you know how many people I've like sent your blog post of like what is a good market like Market is not the same thing as marketing you know like that's a product that should exist everyone should just buy that and like then we have to x-ray it with like where distribution is going to come from and and like you know like is this going to be easy to sell on a reasonable time scale and whatever I think my my favorite companies I'm spending the most time with tend to be in security but uh if you if you want a a a grouchy yet somehow still optimistic guy on your cap table just you know give me a call but I'm to do less stuff in security is there any other advice that you tend to give um people starting companies for the first time oh man uh yeah I I mean there's just the basics like figure out your team you know like being a solo founder is actually totally okay it's way better than being like we had three coffees together and we just got married you know so like like just start with the team like everything is built on the team like it's the saddest thing in the world when you see like a beautiful company and then like just the foundation has a has a crack in it and you have to tear the whole thing down you know make sure you have the same like Risk appetites and stuff like that just those basic basic basic stuff like you know especially when you know we are irrationally exuberant again in Silicon Valley we had a solid six months of being depressed because the end of of free money I kind of wish it lasted a year a year longer or something I think it would have been very uh very healthy for everyone I know people step like all the Warren Buffett quotes came back I think like RP good times like seven or whatever you know and now it's gone again you know yeah it's it's back to zerp if you're an AI just honestly like just pick a good market like look for a lot of dollars and a lot of other shitty people that like you can take those dollars from the analogy that stuck for people was like the difficulty level of the game that is starting a company is essentially just like the size of the market like the inverse of that you know like the bigger the market like you can you can eat mistakes you know you can you can burn time you know like it's just play play the game on easy if you possibly can you know yeah it's kind of interesting that's kind of advice that I tend to give people who are working in AI right now because I feel like there's so much loow hanging fruit and you see these people doing these incredibly complicated things or incredibly hard things and you're like why are you doing something so hard when it's an early industry right in the in the latter part of an industry when things have matured and sort of saturated that's when you do the hard stuff but in the early days of a new market you just want to do the easy stuff because that's that's very tractable it's faster it's easier you know higher velocity right like I'm not the only one with this pet peeve but you like you need like really talented technologists on founding teams like I really think it's like we're in the technology industry like you know if you leave the NB alone they're going to do like Casper mattresses but for mattress pads this time but they come with razors on them and stuff like they're going to follow the same templates God bless them they need to exist but like the best companies have a technologist like you know maybe not in the CEO role but like someone there uh and and technologists like we love to to do what we know and so there's this like massive you know like overabundance of engineering recruiting companies and you know devops but this time totally different Dev tooling like infrastructure monitoring blah blah blah and it's like dude just like get out there and like learn a market that's not your own okay like it's just like like the world needs your Creative Energy to paraphrase one of our slogans from Dropbox back in the day but like you're going to have to like maybe leave your house sort of at least on Zoom you know and talk to people on find like find a find a market you know so and I think with AI you're seeing just the overabundance of shovel selling like the world needs Next Generation data dog for AI but not that one because there's already that guy this one's for testing but not that kind of test but mobile testing that one yeah right and it's like stop like combinatorics will never let you down there's always going to be a way to cross these things you know but like how big is that actual Market how big is it you know yeah yeah makes a lot of sense so Ryan thank you so much for joining us today on no priors yeah it was great a lot it was really fun find us on Twitter at no prior pod subscribe to our YouTube channel if you want to see our faces follow the show on Apple podcast Spotify or wherever you listen that way you get a new episode every week and sign up for emails or find transcripts for every episode at no- pri.com