"Securities" by Lux Capital: Corporate insecurities
Most hiring in business is functional, with roles tied to specific problems that executives identify. If a company has a marketing problem, executives hire a marketer. Launching a new product? Hire engineers, designers and product managers. A lot of the friction between new staff and their new companies stems from a lack of precision on exactly what problem is being solved for.
Then there’s risk and security. Risks are multiplying for all companies and in all domains, from financial risks and supply chain disruptions to climate catastrophes and pandemic-induced workforce debilitation. Ditto for security: the digital attacks on computer infrastructure, physical attacks on employees, and disinformation attacks on brands and reputation have combined to create an almost infinite ‘threat matrix’ of daily terrors.
These are all problems, but not ones that can be solely solved through functional expertise. Instead, they can and must be handled at all levels of an organization. You don’t hire for security, you create security cultures that are imbued in all decisions and strategies. You can’t throw bodies at risk, but must make resiliency and risk analysis a vital and constant concern.
Yet, companies still bring their functional, problem-solving approach and expect that with a human in place, their problems are solved. Companies hire a Chief Information Security Officer (CISO) and expect data breaches to stop, and they hire Chief Risk Officers (CRO) to stave off all those risky concerns. Problem identified; hire made. Those leaders hope to inculcate organizational cultures of course, but talk to any CISO or CRO and they will tell you horror stories about the difficulties of systematizing their thinking into the fabric of an organization.
All this was on my mind this week as I read more about Peiter Zatko (who goes by the online identity Mudge) and his whistleblowing complaint against Twitter, where he was formerly its head of security before being fired by the social network earlier this year. On Thursday, Cara Lombardoin the Wall Street Journal reported that Zatko received $7 million in compensation as part of a settlement with Twitter, that in part included a non-disclosure agreement. As a whistleblower to the SEC:
Mr. Zatko said in his complaint that he “uncovered extreme, egregious deficiencies by Twitter in every area of his mandate,” including privacy, digital and physical security, platform integrity and content moderation.
Lombardo writes that “Twitter’s team countered by describing Mr. Zatko as a disgruntled former employee with an ax to grind…” He will testify this coming Tuesday in front of the Senate Judiciary Committee.
There’s now been extensive reporting on Zatko’s firing, namely due to Twitter’s legal battle with Elon Musk to force him to buy the company, which is set for Delaware Chancery Court in October.
Twitter’s pattern of behavior is all too familiar to security and risk professionals. Twitter clearly identified that it had massive security gaps across its systems. For instance, just last month, a former Twitter employee was found guilty of conspiracy to commit wire fraud, falsifying records and money laundering while spying for Saudi Arabia in a case stemming back to 2014 and 2015. The company’s moderation of speech has been a perennial PR nightmare, and the company also disclosed a data breach in July affecting more than 5 million accounts.
Problem identified; hire made. Zatko was brought on as head of security, bringing his long-standing reputation and stature in security circles to bear on one of the most influential global social networks.
Yet, this wasn’t a hire made, it was an operating system downloaded. Fixing Twitter’s problems would require rebuilding the foundations of the entire company, from retraining engineers and prioritizing security reviews to evaluating internal threat risks and developing much more comprehensive trust and safety systems for content moderation. Security, at least for a time being, would have had to become the overriding priority of the company to rebalance a culture that by all appearances is woefully inadequate for the threats the company faces.
Unfortunately, Zatko’s work came at a time when Twitter’s business — and its products — needed extensive shoring up to meet the demands of Wall Street. It’s little wonder then that as he went about his work, he seemed to have an ax to grind.
Security and risk professionals face the daunting task of always making their work stand above daily business challenges. Profits must always be sought, new products launched, and it’s hard for security — even at the most enlightened companies — to not feel like a general tax on productivity. Something must always get the ax, and unsurprisingly, it’s often security and risk that takes the brunt of the blows.
Functional thinking simply isn’t enough anymore, particularly given the scaling up of threats against all institutions and systems the world over. Just this past week as students headed back to classrooms, the second largest school district in the United States had to shut down its entire computer system due to a ransomware cyberattack, leaving hundreds of thousands of students, teachers and parents in the lurch.
Security isn’t a job, it’s a culture. It’s not a person, it’s an organization. Security means overcoming the insecurities of leaders who would rather feign ignorance at the challenges their companies and institutions face rather than devote the resources and attention that the issue necessarily deserves.
“Securities” podcast: The geopolitics and digital future of agricultural commodities
Agricultural commodities is a bit like accounting: you only hear news stories about it when things go wrong. And unfortunately for the world in 2022, a lot is going wrong in agriculture. Vladimir Putin’s war on Ukraine has devastated one of the world’s great breadbaskets, and global climate disruptions are wrecking havoc on food productivity. That’s led to soaring inflation and increasingly contentious politics, particularly in the developing world.
Sadly, that’s not the only problem the industry faces. Commodities are still traded predominantly on antiquated systems, with the United Nationsestimating that more than 275 million emails are exchanged annually to ship about 11,000 vessels of grain across the oceans. That’s one reason why Lux led the $7 million seed round for Vosbor earlier this summer to build the first digital agricultural commodities exchange (which we discussed in “Intel’s Malaise” and in an article).
I wanted to understand more of this extraordinarily complex industry, and so I asked two former CEOs of the largest agriculture commodities companies in the world to weigh in for a new podcast episode of “Securities”. Joining me were Chris Mahoney, former CEO of Glencore Agriculture and now known as Viterra, as well as Soren Schroder, former CEO of Bunge.
We talk about the cyclicality of agricultural markets, the cost disease of infrastructure upgrades, the geopolitical strategies of ag firms, the increasing focus on logistics capabilities, and what the future of digitalization and technology have in store for this critical industry.
- With Queen Elizabeth’s sorrowful passing this week, I’ll make the obvious but sincere recommendation to watch The Crown on Netflix. No, it doesn’t have the gore and layers of intrigue of House of the Dragon or the Middle-earth fantasy of The Rings of Power, but what it offers instead is a solemn portrait of a singular person wading their way through the buffeting waves of history. Enrapturing, and deeply relevant.
- Our scientist-in-residence Sam Arbesman recommends Hannah Ritchie’s thoughts on the paradoxes of being an effective environmentalist in the Works in Progress newsletter. “Microwaves are the most efficient way to cook. Local food is often no better than food shipped from continents away. Organic food often has a higher carbon footprint. And packaging is a tiny fraction of a food’s environmental footprint, and often lengthens its shelf-life. Yet it still feels wrong.“
- China has been facing a brewing real estate crisis that has plunged shares of major property developers to historic lows and forced one to give up its headquarters. Nearly all data point to a very turbulent period ahead for the world’s second largest economy. Ni Dandan, writing in Sixth Tone, draws our perspective to the last two decades of China’s economic history, asking “Can China Fix Its Broken Housing Market?”
- As California suffered from record heat this week, there is some potential optimism from those rays of sun: recognizing the strength of the solar supply chain. David Fickling, writing in Bloomberg, argues that far from being an impossibility, net zero emissions is already within reach given current and planned supply chains. “The solar boom of the past two decades has left the world with a cumulative 971GW of panels. The polysilicon sector is now betting on hitting something like that level of installations every year.”
- Finally, both a good sign and an omen of just how strange bedfellows are getting this year, U.S. intelligence sources now believe that Russia is increasingly securing its arms and ammunition from North Korea. Meanwhile, Kim Jong Un laid out his country’s nuclear doctrine, including the conditions in which the Democratic People’s Republic of Korea would strike first with nuclear weapons.
That’s it, folks. Have questions, comments, or ideas? This newsletter is sent from my email, so you can just click reply.